Брилянтна презентация за професионалисти в областта на информационната сигурност.
http://www.rationalsurvivability.com/presentations/FourHorsemen.pdf
Consulting, training, design, implementation, maintenance and development of Cyber Security Management Systems and Independent or Integrated Systems for Quality Management (ISO 9001), Information Security Management (ISO 27001), IT Service Management (ISO 20000-1), Business Continuity Management (ISO 22301), EU Global Data Protection Regulaton (GDPR) Contacts: +359 886 655 315; infosecservicebg@gmail.com; http://infosecservicebg.wix.com/study-security
Standard
|
Published
|
Title
|
Notes
|
2012
|
Information security management systems - Overview and
vocabulary
|
Overview/introduction to
the ISO27k standards as a whole plus the specialist vocabulary; FREE!
|
|
2013
|
Information security management systems — Requirements
|
Formally specifies an
ISMS against which thousands of organizations have been certified compliant
|
|
2013
|
Code of practice for information security controls
|
A reasonably
comprehensive suite of information security control objectives and
generally-accepted good practice security controls
|
|
2010
|
Information security management system implementation guidance
|
Basic advice on implementing ISO27k
|
|
2009
|
Information security management ― Measurement
|
Basic (and frankly rather poor) advice on information security
metrics
|
|
2011
|
Information security risk management
|
Discusses risk management principles; does not specify
particular methods for risk analysis etc.
|
|
2011
|
Requirements for bodies providing audit and certification of
information security management systems
|
Formal guidance for the certification bodies
|
|
2011
|
Guidelines for information security management systems auditing
|
Auditing the management
system elements of the ISMS
|
|
2011
|
Guidelines for auditors on information security management
systems controls
|
Auditing the information
security elements of the ISMS
|
|
DRAFT
|
Application
of ISO/IEC 27001 - requirements
|
Sector- or service-specific certifications (possibly)
|
|
2012
|
Information security management for inter-sector and
inter-organisational communications
|
Sharing information on information security between industry
sectors and/or nations, particularly those affecting “critical
infrastructure”
|
|
2008
|
Information security management guidelines for
telecommunications organizations based on ISO/IEC 27002
|
Information security controls for the telecoms industry; also
called “ITU-T Recommendation x.1051”
|
|
2012
|
Guidance on the integrated implementation of ISO/IEC 27001 and
ISO/IEC 20000-1
|
Combining ISO27k/ISMS with IT Service Management/ITIL
|
|
DRAFT
|
Governance
of information security
|
Governance in the context of information security; will also be called
“ITU-T Recommendation X.1054”
|
|
2012
|
Information security management guidelines for financial
services
|
Applying ISO27k in the finance industry
|
|
DRAFT
|
Information
security management – Organizational economics
|
Economics applied to information security
|
|
DRAFT
|
Code
of practice for information security controls for cloud computing services
based on ISO/IEC 27002
|
Information security controls for cloud computing
|
|
DRAFT
|
Code
of practice for controls to protect personally identifiable information
processed in public cloud computing services
|
Privacy controls for cloud computing
|
|
DRAFT
|
Information
security management guidelines based on ISO/IEC 27002 for process control
systems specific to the energy industry
|
Information security for ICS/SCADA/embedded systems (not just
used in the energy industry!)
|
|
2011
|
Guidelines for information and communications technology
readiness for business continuity
|
Continuity (i.e. resilience,
incident management and disaster recovery) for ICT, supporting general
business continuity
|
|
2012
|
Guidelines for cybersecurity
|
Despite the curious title, it is actually about Internet
security
|
|
-1 2009
|
Network security overview and concepts
|
Various aspects of network security; gradually updating and
replacing ISO/IEC 18028
|
|
-2 2012
|
Guidelines for the design and implementation of network
security
|
||
-3 2010
|
Reference networking scenarios - threats, design techniques and
control issues
|
||
-4 DRAFT
|
Securing
communications between networks using security gateways
|
||
-5 DRAFT
|
Securing
communications across networks using Virtual Private Networks (VPNs)
|
||
-6 DRAFT
|
Securing
IP network access using wireless
|
||
-1 2011
|
Application security — Overview and concepts
|
Multi-part application security standard
|
|
-2 DRAFT
|
Organization
normative framework
|
||
-3 DRAFT
|
Application
security management process
|
||
-4 DRAFT
|
Application
security validation
|
||
-5 DRAFT
|
Protocols
and application security control data structure
|
||
-6 DRAFT
|
Security
guidance for specific applications
|
||
2011
|
Information security incident management
|
Replaced ISO TR 18044; now being split into three parts
|
|
-1 DRAFT
|
Information
security for supplier relationships – Overview and concepts
|
Information security aspects of ICT outsourcing and services
|
|
-2 DRAFT
|
Information
security for supplier relationships – Common requirements
|
||
-3 DRAFT
|
Information
security for supplier relationships – Guidelines for ICT supply chain
security
|
||
-4 DRAFT
|
Information
security for supplier relationships – Guidelines for security of cloud
services
|
||
2012
|
Guidelines for identification, collection, acquisition, and
preservation of digital evidence
|
First of several IT forensics standards
|
|
DRAFT
|
Specification
for digital redaction
|
Redaction of digital documents
|
|
DRAFT
|
Selection,
deployment and operations of Intrusion Detection [and Prevention] Systems
(IDPS)
|
IDS/IPS
|
|
DRAFT
|
Storage
security
|
IT security for stored data
|
|
DRAFT
|
Guidelines
for assurance for digital evidence investigation methods
|
Assurance is critically important for all forms of forensics:
the courts demand it
|
|
DRAFT
|
Guidelines
for the analysis and interpretation of digital evidence
|
IT forensics analytical methods
|
|
DRAFT
|
Digital
evidence investigation principles and processes
|
The basic principles of IT forensics investigations
|
|
DRAFT
|
Guidelines
for security information and event management (SIEM)
|
SIEM
|
|
2008
|
Health informatics — Information security management in health
using ISO/IEC 27002
|