ISO 27001 View¶
ISO 27001 defines requirements for an information security management system and includes a catalog of controls.
In the Cybersecurity Ontology, ISO 27001 primarily maps to Leadership, Safeguards, and Assurance.
Prototype mapping¶
| ISO concept | Ontology mapping |
|---|---|
| Organizational context | Leadership |
| Leadership commitment | Leadership |
| Planning | Leadership, Safeguards |
| Support and operation | Safeguards |
| Performance evaluation | Assurance |
| Improvement | Leadership, Assurance |
| Control catalog | Safeguards |
Interpretation¶
ISO 27001 is strong for governance and management system discipline. The ontology helps connect ISO requirements and controls to assets, risks, safeguards, and evidence.