Also referred to as "ISO27k," ISO/IEC 27000 is an ongoing series of standards for managing and measuring information security and its support systems within an enterprise. First published in 2005, the standards provide requirements of certification (27001) and codes of best practice (27002) in one of the newer arenas that ISO has addressed. It is often the CCO and CSO within an organization who help to oversee the policies and procedures associated with information security management. See
ISO/IEC,
CCO,
CSO and
Sarbanes-Oxley Act.