Information Security Standards

ISO 27000:2016

Information Technology – Security Techniques – Information Security Management Systems – Overview and Vocabulary

ISO/ 27001:2013

Information technology — Security techniques – Information security management systems – Requirements

ISO 27002:2013

Information Technology – Security Techniques – Code of Practice for Information Security Controls

ISO 27003:2010

Information Technology — Security Techniques – Information Security Management Systems Implementation Guidance

ISO 27004:2016

Information technology – Security techniques – Information security management – Monitoring, measurement, analysis, and evaluation

ISO 27005:2011

Information technology – Security techniques – Information security risk management

ISO 27011:2016

Information technology – Security techniques – Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations

ISO 27013:2015

Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000

ISO 27014:2013

Information technology – Security techniques – Governance of information security

ISO 27017:2015

Information technology – Security techniques – Code of practice for information security controls based on ISO 27002 for cloud services.

ISO 27018:2014

Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO 27031:2011

Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity

ISO 27035:2016

Information technology – Security techniques – Information security incident management – Part 1: Principles of incident management

IT Service Management Standards

ISO 20000-1:2011

Information technology – Service management – Part 1: Service management system requirements

ISO 20000-2:2012

Information technology – Service management – Part 2: Guidance on the application of service management systems

ISO 20000-3:2012

Information technology – Service management – Part 3: Guidance on Scope definition and applicability ISO/IEC 20000-1

ISO 20000-4:2010

Information technology – Service management – Part 4: Process reference model

Network Security Standards

 ISO 27033-1:2015

Information technology – Security techniques – Network security – Part 1: Overview and concepts

ISO 27033-2:2012

Information technology – Security techniques – Network security – Part 2: Guidelines for the design and implementation of network security

ISO 27033-3:2010

Information security – Security techniques – Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues

ISO 27033-4:2014

Information technology – Security techniques – Network security – Part 4: Securing communications between networks using security gateways

ISO 27033-5:2013

Information technology – Security techniques – Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs).

ISO 27034-1:2011

Information technology – Security techniques – Application security – Part 1: Overview and concepts.

ISO 27034-2:2015

Information technology – Security techniques – Application security – Part 2: Organization normative framework for application security

Business Continuity Standards

ISO 22301:2019

First of a series of ISO standards and Technical Specifications on Business continuity management

ISO 22313:2020

Security and resilience – Business continuity management systems – Guidance on the use of ISO 22301

ISO 22317:2021

Security and resilience – Business continuity management systems – Guidelines for business impact analysis

ISO 22318:2021

Security and resilience – Business continuity management systems – Guidelines for supply chain continuity

ISO 22330:2018

Security and resilience – Business continuity management systems – Guidelines for people aspects on business continuity

ISO 22331:2018

Security and resilience – Business continuity management systems – Guidelines for business continuity strategy

ISO 22332:2021

Security and resilience – Business continuity management systems – Guidelines for developing business continuity plans and procedures

Risk Management Standards

ISO 31000:2009

Risk management – Principles and guidelines

BS 31100:2011

Risk management – Code of practice and guidance for the implementation of BS ISO 31000

Organizational Resilience & Crisis Management Standards

 BS 11200:2014

BS 65000:2014

(being updated for release 2022)

ISO 22361 & ISO 22336

(both under development)

 Other Relevant Standards

NIST SP 800-34 – 2021 (last verified and updated)

NIST Cybersecurity Framework 

ASIS SPC. 1:2009

AE/SCNS/NCEMA 7000:2021

34 ITIL4 practices

Grouped into three categories:  General management practices, Service management practices, Technical management practices

 

Recommend0 recommendationsPublished in Uncategorized