The discipline traditionally called "Computer Security" has evolved at a dizzying speed in the brief but intense history of computers and Information Technology that has not been developing for more than 60 years.

The current priority is to protect the Information as a vital asset for any Organization and do it in different dimensions: Availability, Integrity, Confidentiality and Authenticity (AICA).

Consequently, it is necessary to evolve towards the ISMS (Information Security Management System) concept that addresses not only the problem (weaknesses, threats, incidents, etc.) of the technological component (ICT security) but also does so from a focus global approach, in addition, other aspects: normative, legal, organizational and even (and above all) cultural and whose approach is conceived from the vision of business problem.

The International Organization for Standardization (ISO) published, in 2005, the ISO 27001 standard followed by another set of guidelines that are collectively known as the ISO 2700x family.

This rule is applicable to all types of Organizations and sectors of activity, including Public Administrations.

The ISMS can be integrated with relative ease with other generic Management Systems: Quality Management System (ISO 9001) and the Environmental Management System (ISO 14001), Business Continuity (ISO 22301 and BS 25999), etc., specific IT: ISO 20000, ITIL, COBIT, etc., as well as other types of regulatory frameworks, in particular those related to Personal Data Protection in a Global Management System that uses common resources.

The adaptation of the Organizations to this type of regulations is an emerging activity that offers Telecommunications Engineers an interesting range of professional possibilities both specific to the ICT sector and multidisciplinary.

The ISO 27000 series includes a set of standards developed by ISO and IEC (International Electrotechnical Commission), which provide an information security management framework that can be used by any type of organization. The best known are.

ISO / IEC 27000. It provides an overview of the standards that make up the 27000 series, an introduction to the Information Security Management Systems, a brief description of the PlanDo-Check-Act process and terms and definitions that are used throughout the 27000 series.

ISO / IEC 27001. It is the main standard of the series and contains the requirements of the information security management system. It originates from BS 7799-2: 2002 and is the norm under which organizations' ISMSs are certified. In its Annex A it enumerates in summary form the objectives of control and controls that develops the ISO 27002: 2005, so that they are selected by the organizations in the development of their ISMS.

ISO / IEC 27002. (Former ISO 17799: 2005). It is a guide to good practices that describes the control objectives and recommended controls in terms of information security. It is not certifiable. It contains 39 control objectives and 133 controls, grouped into 11 domains.

ISO / IEC 27010. It is a standard, divided into two parts, for the management of information security in cross-sector communications.

ISO / IEC 27011. It is an interpretation guide for the implementation and management of information security in organizations in the telecommunications sector based on ISO / IEC 27002. It is also published as ITU-T X.1051.

ISO / IEC 27012. It is a set of requirements (complementary to ISO / IEC 27001) and guidelines (complementary to ISO / IEC 27002) for information security management in organizations that provide e-Administration services.

ISO / IEC 27015. SGSI Guide for organizations in the financial and insurance sector.

ISO 27799. It is a standard that provides guidelines to support the interpretation and application in the health sector of ISO / IEC 27002, regarding the security of information on patient health data. This rule, unlike the previous ones, is not developed by subcommittee JTC1 / SC27, but by technical committee TC 215.

The ISO 27001 standard is the main one in the series. It defines the concept of the Information Security Management System, establishes the reference framework and develops the standard itself, which, as already indicated, is certifiable. The standard is applicable to all types of organizations or parts of them and includes the organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources.