The International Organization for Standardization (ISO) is
an independent, non-governmental international organization
with an international membership of 163 national standards
bodies. The ISO/IEC
27000 family of standards
helps organizations keep their information assets secure.
“Information technology, cybersecurity and privacy
protection — Cybersecurity framework development
guidelines,” specifies that all cybersecurity
frameworks should have the following concepts: Identify,
Protect, Detect, Respond, Recover. It also outlines the
distinction between Information Security and Cybersecurity.
These guidelines align with the
NIST Cybersecurity Framework (CSF).
- Identify: The Identify concept addresses people,
policies, processes and technology when defining the scope
- Protect: The Protect concept can contain many
categories and activities related to the safeguarding of
assets against intentional or unintentional misuse.
- Detect: The Detect concept can include
traditional asset monitoring and attack detection.
- Respond: The Respond concept can include the
traditional incident response concepts as well as
policies, procedures and plans.
- Recover: The activities in the Recover concept
define the restoration and communication related
activities after a cybersecurity event.
Google's security risk management capabilities are audited
as part of ISO/IEC 27001/27002 (Information Security
Management), ISO/IEC 27017 (Cloud Security), FedRAMP,
and NIST 800-53, which align with the conceptual framework
and recommended guidance specified in ISO/IEC 27110
(Identify, Protect, Detect, Respond, Recover).