Topic-specific policies
ISO/IEC TR 27016


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC TR 27016:2014 — Information technology — Security techniques — Information security management — Organisational economics

 

Abstract

“ISO/IEC TR 27016:2014 provides guidelines on how an organisation can  make decisions to protect information and understand the economic  consequences of these decisions in the context of competing requirements for resources. ISO/IEC TR 27016:2014 is applicable to all types and sizes of  organisations and provides information to enable economic decisions in  information security management by top management who have  responsibility for information security decisions.”
[Source: ISO/IEC TR 27016:2014]
 

Introduction

There are substantial economic/financial/resourcing aspects to the management of information risks and security controls.

 

Scope and purpose

The ISO catalogue page says this standard “provides guidelines on how an organisation can make decisions to protect information and understand the economic consequences of these decisions in the context of competing requirements for resources.”

 

Status of the standard

The standard was published in 2014 as a Technical Report rather than a full International Standard, since this was deemed a developing field of study.

 

Personal comments

Some of the more generic parts of the text may be more appropriate in the ISO27k overview sections of 27000.

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2022 IsecT Ltd.