ISO, IEC Standards Address Cyber Crime
January 26, 2007 // Published as a news service by IHS
| |
| Electronics & Telecom Docs |
IHS sells a full selection of standards documents & collections from the industry's top organizations.
To learn more, and for a free quote, please complete the form below. |
|
Several standards from the Joint Technical Committee 1 (JTC 1) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) are combating cyber threats like botnets, which menace network infrastructure security and the integrity of corporate, financial and personal data.
ISO/IEC 13335-1:2004 - Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management.
This standard articulates concepts and models fundamental to information and communication technology (ICT) security. The standard details general management issues essential to the successful planning, implementation and operation of ICT security.
ISO/IEC TR 13335-3:1998 - Information technology - Guidelines for the management of IT security - Part 3: Techniques for the management of IT security.
This standard outlines techniques and procedures to assist in information technology (IT) security management and implementation.
ISO/IEC TR 13335-4:2000 - Information technology - Guidelines for the management of IT security - Part 4: Selection of safeguards.
This standard provides guidance on selecting safeguards that take into account organization-specific needs and concerns.
ISO/IEC TR 13335-5:2001 - Information technology - Guidelines for the management of IT security - Part 5: Management guidance on network security.
This standard helps identify and analyze communications-related factors when establishing network security requirements.
ISO/IEC 17799:2005 - Information technology - Security techniques - Code of practice for information security management.
This standard outlines guidelines and general principles for implementing improved security management policies which minimize the number and impact of cyber attacks. Contained in the document are best practices for controls in 11 key areas, including security policy, business continuity management, access control, physical and environmental security and information security incident management.
ISO/IEC 27001:2005 - Information technology - Security techniques - Information security management systems - Requirements.
This certification standard is intended to be used with ISO/IEC 17799. The document details requirements for the implementation of security controls within the context of an organization's overall business risks and is the first in what is to be the ISO/IEC 27000 series of standards on information security. ISO/IEC 17799:2005 is expected to be reissued as part of the 27000 family under the document number ISO/IEC 27002 later in 2007.
Source: American National Standards Institute (ANSI).