Menu
Home
Log in / Register
 
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Applicable Standards and Certifications

In order to ensure information security, various efforts have been made by the industry in the form of standards and certifications. Some of the popular ones are ISO/IEC 27001:20054 (revised in 2013) — Information Systems Security Management System — Requirements by the International Organization for Standardization (based on ISO/IEC 27002), Payment Card Industry Data Security Standard (PCI DSS) by PCI Security Standards Council, Payment Application Data Security Standard (PA-DSS) by the PCI Security Standards Council, Control Objectives for IT and related Technology (COBIT) by Information Systems Audit and Control Association, ISO 20000-1:20114

i.e. Information technology — Service Management — Part 1: Service management system requirements. These are the standards against which an organization or an application can get certified (as appropriate) to or adapted by an organization to improve itself and provide a base for the compliance check for others.

Some of the other related regulations/framework of importance are: Sarbanes-Oxley Act of 2002 also known as SOX, Committee Of Sponsoring Organization of the Treadway Commission (COSO) framework, the Health Insurance Portability And Accountability Act (HIPAA) of 1996, Federal Information Security Management Act (FISMA) of 2002, Federal Information Processing Standards (FIPS) released by the National Institute of Standards and Technology (NIST), just to name a few.

Some of the other standards of relevance are: ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model4; ISO/IEC 15408-2:2008 Information technology -Security techniques — Evaluation criteria for IT security — Part 2: Security functional components4; ISO/IEC 15408-3 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components4; ISO/IEC 18405:2008 Information technology — Security techniques — Methodology for IT security evaluation4. The International Organization for Standardization has also published many more guidelines for security professionals4. Furthermore, organizations like Information Systems Audit and Control Association in the U.S. have published many useful models and papers on information security.

We will elaborate on the above as it becomes relevant in subsequent chapters of this book.

 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel