Visit complete Cyber Security roadmap

← Back to Topics List


The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations. It promotes worldwide proprietary, industrial, and commercial standards. In the domain of cyber security, there are several important ISO standards that help organizations to protect their sensitive data and to be resilient against cyber threats. In this guide, we will discuss some of the most notable standards related to cyber security:

ISO/IEC 27001 - Information Security Management

ISO/IEC 27001 is a globally recognized standard that sets out requirements for an Information Security Management System (ISMS). It provides a systematic approach to manage and secure sensitive data pertaining to an organization. By implementing this standard, organizations can demonstrate their commitment to maintaining the highest level of information security and reassure their customers, partners, and stakeholders.

Key aspects of ISO/IEC 27001 include:

  • Establishing an information security policy
  • Conducting a risk assessment and managing risk
  • Implementing appropriate information security controls
  • Monitoring and reviewing the effectiveness of the ISMS
  • Continuously improving the ISMS

ISO/IEC 27032 - Cyber Security

ISO/IEC 27032 is a guidance on cybersecurity that provides a framework for establishing and maintaining a secure cyberspace. This standard addresses various aspects such as information privacy, data integrity, and availability in the context of cyber risk. It covers guidelines for information sharing, incident management & coordination, and collaboration among stakeholders in cyberspace.

ISO/IEC 27035 - Incident Management

ISO/IEC 27035 is a standard for Information Security Incident Management. It assists organizations in preparing for, identifying, and handling information security incidents. This standard covers the entire lifecycle of an incident from preparedness to lessons learned. By effectively managing incidents, organizations can minimize the adverse impact of incidents and improve their overall security posture.

ISO/IEC 27701 - Privacy Information Management

ISO/IEC 27701 is an extension to ISO/IEC 27001 and ISO/IEC 27002 that provides a framework for managing the privacy of personal information. This standard helps organizations to comply with data protection laws and regulations, such as the General Data Protection Regulation (GDPR). Key elements include data minimization, data subject access, data breach notification, and third-party management.

In conclusion, the ISO has established several robust cyber security standards that organizations can adopt to protect their sensitive data and ensure business continuity. By implementing these standards, you can mitigate risks associated with cyber attacks and ensure the overall security and compliance in your organization.

Community is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

Roadmaps Best Practices Guides Videos Store YouTube by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© · FAQs · Terms · Privacy


The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.