ISO/IEC 27000 Information technology - Security techniques - Information security management systems is a series of international standard specifying best practice on information security management systems (ISMS). It describes management of information risks through information security controls.

First part of the series (ISO/IEC 27000:2022 Information technology - Security techniques - Information security management systems - Overview and vocabulary) specifies the terminology and concepts for ISMS, in order to promote a common understanding of cybersecurity management concepts.

Vast majority of ISO/IEC 27000 vocabulary is consistent with the terminology used by Evolveum. Following table summarizes the correspondence of ISO/IEC 27000 and Evolveum terms.

ISO 27000 Term	Evolveum Term
access control	Access Control
attack	Cyberattack
audit	Audit
audit scope	Audit scope
authentication	Authentication
authenticity	Authenticity
competence	Competence
confidentiality	Confidentiality
conformity	Compliance
consequence	Consequence
continual improvement	Continual improvement
control	Control
control objective	Control objective
correction	Remediation
corrective action	Corrective action
documented information	Documented information
effectiveness	Effectiveness
event	Event
external context	External context
governance of information security	Cybersecurity governance
governing body	Governing body
information need	Information need
information processing facilities	Information processing facilities
information security	Cybersecurity
information security continuity	Cybersecurity resilience
information security event	Cybersecurity event
information security incident	Cybersecurity incident
information security incident management	Cybersecurity incident management
information security professional	Cybersecurity professional
information system	Information system
integrity	integrity
interested party	Interested party
internal context	Internal context
level of risk	Risk level
likelihood	Probability
management system	Management
monitoring	Monitoring
non-repudiation	Non-repudiation
nonconformity	Non-compliance
objective	Objective
organization	Organization
outsource	Outsourcing
performance	Performance
policy	Policy
process	Process
reliability	Reliability
requirement	Requirement
residual risk	Residual risk
review	Review
review object	Review object
review objective	Review objective
risk	Risk
risk acceptance	Risk acceptance
risk analysis	Risk analysis
risk assessment	Risk assessment
risk communication and consultation	Risk communication
risk criteria	Risk criteria
risk evaluation	Risk evaluation
risk identification	Risk identification
risk management	Risk management
risk management process	Risk management process
risk owner	Risk owner
risk treatment	Risk treatment
security implementation standard	Cybersecurity standard
threat	Threat
top management	Top management
vulnerability	Vulnerability