< Previous standard      ^ Up a level ^      Next standard >

ISO/IEC TR 27016:2014 — Information technology — Security techniques — Information security management — Organisational economics (first edition)

Abstract

“ISO/IEC TR 27016:2014 provides guidelines on how an organisation can  make decisions to protect information and understand the economic  consequences of these decisions in the context of competing requirements for resources. ISO/IEC TR 27016:2014 is applicable to all types and sizes of  organisations and provides information to enable economic decisions in  information security management by top management who have  responsibility for information security decisions.”

[Source: ISO/IEC TR 27016:2014]

Introduction

There are substantial economic/financial/resourcing aspects to the management of information risks and security controls.

Scope and purpose

The ISO catalogue page says this standard “provides guidelines on how an organisation can make decisions to protect information and understand the economic consequences of these decisions in the context of competing requirements for resources.”

Status of the standard

The first edition was published in 2014 as a Technical Report since this was deemed a developing field of study. Evidently the field has not developed ...

 Work on a second edition ground to a halt due to lack of inputs from committee members.

Personal comments

Some of the more generic parts of the text may be more appropriate in the ISO27k overview sections of ISO/IEC 27000.

< Previous standard      ^ Up a level ^      Next standard >