ISO/IEC 27008
E515949
ISO/IEC 27008 is an international standard that provides guidance for auditors on reviewing and assessing information security controls within an organization’s information security management system.
All labels observed (1)
| Label | Occurrences |
|---|---|
| ISO/IEC 27008 canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T5362764 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: ISO/IEC 27008 Context triple: [ISO/IEC 27000 family, includesStandard, ISO/IEC 27008]
-
A.
ISO/IEC 27007
ISO/IEC 27007 is an international standard that provides guidelines for auditing information security management systems based on ISO/IEC 27001.
-
B.
ISO/IEC 27011
ISO/IEC 27011 is an international standard that provides guidelines for information security management specifically tailored to telecommunications organizations.
-
C.
ISO/IEC 27003
ISO/IEC 27003 is an international standard that provides guidance on implementing and managing an information security management system (ISMS) in accordance with ISO/IEC 27001.
-
D.
ISO/IEC 27006
ISO/IEC 27006 is an international standard that specifies requirements for bodies providing audit and certification of information security management systems.
-
E.
ISO/IEC 27005
ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: ISO/IEC 27008 Target entity description: ISO/IEC 27008 is an international standard that provides guidance for auditors on reviewing and assessing information security controls within an organization’s information security management system.
-
A.
ISO/IEC 27007
ISO/IEC 27007 is an international standard that provides guidelines for auditing information security management systems based on ISO/IEC 27001.
-
B.
ISO/IEC 27011
ISO/IEC 27011 is an international standard that provides guidelines for information security management specifically tailored to telecommunications organizations.
-
C.
ISO/IEC 27003
ISO/IEC 27003 is an international standard that provides guidance on implementing and managing an information security management system (ISMS) in accordance with ISO/IEC 27001.
-
D.
ISO/IEC 27006
ISO/IEC 27006 is an international standard that specifies requirements for bodies providing audit and certification of information security management systems.
-
E.
ISO/IEC 27005
ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.
- F. None of above. chosen
Statements (42)
| Predicate | Object |
|---|---|
| instanceOf |
ISO/IEC standard
ⓘ
information security standard ⓘ international standard ⓘ |
| appliesTo | organizations implementing an information security management system ⓘ |
| concerns |
control effectiveness evaluation
ⓘ
evidence collection for information security audits ⓘ information security risk treatment controls ⓘ |
| field |
information security
ⓘ
information security auditing ⓘ information security management ⓘ |
| focusesOn |
assessment of information security controls
ⓘ
information security management systems ⓘ review of information security controls ⓘ |
| governingBody |
ISO/IEC JTC 1/SC 27
NERFINISHED
ⓘ
ISO/IEC Joint Technical Committee 1 NERFINISHED ⓘ |
| hasType | guidance standard ⓘ |
| intendedUse |
support conformity assessments of information security controls
ⓘ
support information security audits ⓘ |
| objective |
enhance confidence in the operation of information security management systems
ⓘ
promote consistent assessment of information security controls ⓘ support reliable audit conclusions on information security controls ⓘ |
| partOfSeries | ISO/IEC 27000 family NERFINISHED ⓘ |
| providesGuidanceFor |
auditors
ⓘ
external auditors ⓘ internal auditors ⓘ |
| publishedBy |
International Electrotechnical Commission
NERFINISHED
ⓘ
International Organization for Standardization ⓘ |
| relatedToStandard |
ISO/IEC 27001
NERFINISHED
ⓘ
ISO/IEC 27002 NERFINISHED ⓘ |
| scope |
guidance on determining the appropriateness of selected information security controls
ⓘ
guidance on evaluating implementation and operation of information security controls ⓘ guidance on reviewing and assessing controls in an information security management system ⓘ |
| status | active standard ⓘ |
| subjectMatter |
criteria for reviewing information security controls
ⓘ
evaluation of information security controls ⓘ methods for assessing effectiveness of controls ⓘ |
| supportsAssessmentOf |
ISO/IEC 27001 controls
ⓘ
ISO/IEC 27002 controls ⓘ |
| supportsImplementationOf | ISO/IEC 27001 NERFINISHED ⓘ |
| targetAudience |
ISMS auditors
ⓘ
information security auditors ⓘ information security professionals ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: ISO/IEC 27008 Description of subject: ISO/IEC 27008 is an international standard that provides guidance for auditors on reviewing and assessing information security controls within an organization’s information security management system.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.