Normas ISO orientadas a seguridad informática

A continuación adjunto una recopilación de las principales de las normas ISO orientadas a seguridad informática. Podéis encontrar éstas y más en la página oficial de ISO (IT security technices):

# ISO/IEC 15408: Evaluation criteria for IT security (esto es, el Common Criteria)
# ISO/IEC 27000: Information security management systems - Overview and vocabulary
# ISO/IEC 27001: Information security management systems - Requirements
# ISO/IEC 27002: Code of practice for information security management
# ISO/IEC 27004: Information security management measurements
# ISO/IEC 27005: Information security risk management (reemplaza a la ISO/IEC 13335)
# ISO/IEC 27006: International accreditation guidelines for the accreditation of bodies operating certification / Registration of information security management systems
# ISO/IEC 27007: Guidelines for information security management systems auditing
# ISO/IEC 27008: Guidance for auditors on ISMS controls
# ISO/IEC 27010: Information security management for inter-sector communications (for critical infrastructure)
# ISO/IEC 27011: Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
# ISO/IEC 27013: Guidelines for integration implementation of ISO/IEC 20000-1 & ISO/IEC 27001
# ISO/IEC 27014: Information security governance framework
# ISO/IEC 27031: ICT readiness for business continuity
# ISO/IEC 27032: Guidelines for CyberSecurity
# ISO/IEC 27033: Network security (reemplaza a ISO/IEC 18028)
# ISO/IEC 27034: Application security
# ISO/IEC 24760: A framework for identity management
# ISO/IEC 29100: A privacy framework
# ISO/IEC 29101: A privacy reference architecture
# ISO/IEC 29146: A framework for access management
# ISO/IEC 29147: Responsible vulnerability disclosure
# ISO/IEC 29149: Best practice on the provision of timestamping services

Fuente: http://www.iso.org

Comentarios