{"id":1578,"date":"2010-11-23T08:09:05","date_gmt":"2010-11-23T02:39:05","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=1578"},"modified":"2010-12-04T08:18:11","modified_gmt":"2010-12-04T02:48:11","slug":"information-security-standards-under-iso","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/information-security-standards-under-iso\/","title":{"rendered":"Information Security Standards under ISO"},"content":{"rendered":"<p style=\"text-align: justify\">When we discuss about Information Security Standards under ISO, the first thing that comes to mind is <strong>ISO 27001<\/strong> &#8211; which is \u00a0the specification for an Information Security Management System.<\/p>\n<p>&nbsp;<\/p>\n<p>However, apart from ISO 27001 (which is a standard under which certificate can be obtained), there are many other initiatives under ISO standards covering IT Security &#8211; some are published standards, while some are work in progress.<\/p>\n<p>&nbsp;<\/p>\n<p>Here is a brief listing of some such standards:<br \/>\n<!--more--><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27031 <\/strong>&#8211; Guidance on the concepts and principles behind the role of information and communications technology (ICT) in ensuring <strong><em>business continuity<\/em><\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 24762<\/strong> &#8211; Standard on ICT <strong><em>Disaster Recovery<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27002<\/strong> &#8211; <strong><em>Code of Practice<\/em><\/strong> for Information Security Management<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27003<\/strong> &#8211; Information security management system <strong><em>implementation guidance<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27004<\/strong> &#8211; Information security management measurements, generally known as <strong><em>security metrics<\/em><\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27005<\/strong> &#8211; Guidelines for information security <strong><em>risk management<\/em><\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27007 &amp; 27008<\/strong> &#8211; Guidelines for Information Security Management Systems <strong><em>auditing<\/em><\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27010<\/strong> &#8211; Information security management for <strong><em>inter-sector communications<\/em><\/strong>.  This will be a multi-part standard providing guidance in relation to sharing information on information security risks, controls, issues and\/or incidents that span the boundaries between industry sectors and\/or nations, particularly those affecting \u201ccritical infrastructure\u201d.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27011<\/strong> &#8211; Information security management guidelines for <strong><em>telecommunications organizations<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27014<\/strong> &#8211; Information security <strong><em>governance framework<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27015<\/strong> &#8211; Information security management systems guidelines for <strong><em>financial and insurance sectors<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27032<\/strong> &#8211; Guidelines for <strong><em>cybersecurity<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27033<\/strong> &#8211; <strong><em>Network security<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27034<\/strong> &#8211; <strong><em>Application security<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27035<\/strong> &#8211; <strong><em>Security incident management<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27036<\/strong> &#8211; Guidelines for security of <strong><em>outsourcing<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27037<\/strong> &#8211; Guidelines for identification, collection and\/or acquisition and preservation of <strong><em>digital evidence<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 27799<\/strong> &#8211; Information security management in <strong><em>health care industry<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 7498<\/strong> &#8211; Open Systems Interconnect (<strong><em>OSI<\/em><\/strong>) security model.  This multi-part standard defines the OSI reference model, describing an architecture to secure network communications through security services and security mechanisms.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 13335<\/strong> &#8211; IT security management guidelines focusing primarily on <strong><em>technical security control measures<\/em><\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>ISO 13569<\/strong> &#8211; Information security guidelines for <strong><em>financial services organizations<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When we discuss about Information Security Standards under ISO, the first thing that comes to mind is ISO 27001 &#8211; which is \u00a0the specification for an Information Security Management System. &nbsp; However, apart from ISO 27001 (which is a standard under which certificate can be obtained), there are many other initiatives under ISO standards covering &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/information-security-standards-under-iso\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Information Security Standards under ISO&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[52,24,12],"tags":[183,184],"class_list":["post-1578","post","type-post","status-publish","format-standard","hentry","category-bcpdr","category-grc","category-itsec","tag-iso-27001","tag-iso-standards-on-information-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-ps","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/1578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=1578"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/1578\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=1578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=1578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=1578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}