Standards Aligned with Industry Best Practice

By |2022-08-16T20:10:27+00:00August 16th, 2022|0 Comments

Information Security Standards

ISO 27000:2016

Information Technology – Security Techniques – Information Security Management Systems – Overview and Vocabulary

ISO/ 27001:2013

Information technology — Security techniques – Information security management systems – Requirements

ISO 27002:2013

Information Technology – Security Techniques – Code of Practice for Information Security Controls

ISO 27003:2010

Information Technology — Security Techniques – Information Security Management Systems Implementation Guidance

ISO 27004:2016

Information technology – Security techniques – Information security management – Monitoring, measurement, analysis, and evaluation

ISO 27005:2011

Information technology – Security techniques – Information security risk management

ISO 27011:2016

Information technology – Security techniques – Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations

ISO 27013:2015

Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000

ISO 27014:2013

Information technology – Security techniques – Governance of information security

ISO 27017:2015

Information technology – Security techniques – Code of practice for information security controls based on ISO 27002 for cloud services.

ISO 27018:2014

Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO 27031:2011

Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity

ISO 27035:2016

Information technology – Security techniques – Information security incident management – Part 1: Principles of incident management

IT Service Management Standards

ISO 20000-1:2011

Information technology – Service management – Part 1: Service management system requirements

ISO 20000-2:2012

Information technology – Service management – Part 2: Guidance on the application of service management systems

ISO 20000-3:2012

Information technology – Service management – Part 3: Guidance on Scope definition and applicability ISO/IEC 20000-1

ISO 20000-4:2010

Information technology – Service management – Part 4: Process reference model

Network Security Standards

 ISO 27033-1:2015

Information technology – Security techniques – Network security – Part 1: Overview and concepts

ISO 27033-2:2012

Information technology – Security techniques – Network security – Part 2: Guidelines for the design and implementation of network security

ISO 27033-3:2010

Information security – Security techniques – Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues

ISO 27033-4:2014

Information technology – Security techniques – Network security – Part 4: Securing communications between networks using security gateways

ISO 27033-5:2013

Information technology – Security techniques – Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs).

ISO 27034-1:2011

Information technology – Security techniques – Application security – Part 1: Overview and concepts.

ISO 27034-2:2015

Information technology – Security techniques – Application security – Part 2: Organization normative framework for application security

Business Continuity Standards

ISO 22301:2019

First of a series of ISO standards and Technical Specifications on Business continuity management

ISO 22313:2020

Security and resilience – Business continuity management systems – Guidance on the use of ISO 22301

ISO 22317:2021

Security and resilience – Business continuity management systems – Guidelines for business impact analysis

ISO 22318:2021

Security and resilience – Business continuity management systems – Guidelines for supply chain continuity

ISO 22330:2018

Security and resilience – Business continuity management systems – Guidelines for people aspects on business continuity

ISO 22331:2018

Security and resilience – Business continuity management systems – Guidelines for business continuity strategy

ISO 22332:2021

Security and resilience – Business continuity management systems – Guidelines for developing business continuity plans and procedures

Risk Management Standards

ISO 31000:2009

Risk management – Principles and guidelines

BS 31100:2011

Risk management – Code of practice and guidance for the implementation of BS ISO 31000

Organizational Resilience & Crisis Management Standards

 BS 11200:2014

BS 65000:2014

(being updated for release 2022)

ISO 22361 & ISO 22336

(both under development)

 Other Relevant Standards

NIST SP 800-34 – 2021 (last verified and updated)

NIST Cybersecurity Framework 

ASIS SPC. 1:2009

AE/SCNS/NCEMA 7000:2021

34 ITIL4 practices

Grouped into three categories:  General management practices, Service management practices, Technical management practices

 

Recommend0 recommendationsPublished in Uncategorized

Share This Story, Choose Your Platform!

About the Author:

Steve Yates is a Founding Fellow of the Business Continuity Institute (FBCI), Certified as a Business Continuity and Cyber Resilience Professional by the Disaster Recovery Institute (DRI) International (CBCP and CCRP), and by the BSI as a Certified ISO 22301 Lead Auditor. He has also been Admitted to the Freedom of the Worshipful Company of Information Technologists (WCIT) for his work in Incident Management and Information Technology Disaster Recovery, qualified as a Telecommunications engineer, and is currently Chair of the Resilience Association. He can be contacted by email at: [email protected]ciation.org

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.