Сигурност на виртуализацията или виртуализация на сигурността ! Четиво за професионалисти в областта на информационната сигурност.

Виртуализация на сигурността или сигурност на виртуализацията и т.н.! 
Брилянтна презентация за професионалисти в областта на информационната сигурност.

http://www.rationalsurvivability.com/presentations/FourHorsemen.pdf

Фамилията стандарти (ISO 27000) за информационна сигурност

Актуален списък и състояние на стандартите за информационна сигурност от фамилията ISO 27000 - към м. ноември, 2013 год.

Standard	Published	Title	Notes
ISO/IEC 27000	2012	Information security management systems - Overview and vocabulary	Overview/introduction to the ISO27k standards as a whole plus the specialist vocabulary; FREE!
ISO/IEC 27001	2013	Information security management systems — Requirements	Formally specifies an ISMS against which thousands of organizations have been certified compliant
ISO/IEC 27002	2013	Code of practice for information security controls	A reasonably comprehensive suite of information security control objectives and generally-accepted good practice security controls
ISO/IEC 27003	2010	Information security management system implementation guidance	Basic advice on implementing ISO27k
ISO/IEC 27004	2009	Information security management ― Measurement	Basic (and frankly rather poor) advice on information security metrics
ISO/IEC 27005	2011	Information security risk management	Discusses risk management principles; does not specify particular methods for risk analysis etc.
ISO/IEC 27006	2011	Requirements for bodies providing audit and certification of information security management systems	Formal guidance for the certification bodies
ISO/IEC 27007	2011	Guidelines for information security management systems auditing	Auditing the management system elements of the ISMS
ISO/IEC TR 27008	2011	Guidelines for auditors on information security management systems controls	Auditing the information security elements of the ISMS
ISO/IEC 27009	DRAFT	Application of ISO/IEC 27001 - requirements	Sector- or service-specific certifications (possibly)
ISO/IEC 27010	2012	Information security management for inter-sector and inter-organisational communications	Sharing information on information security between industry sectors and/or nations, particularly those affecting “critical infrastructure”
ISO/IEC 27011	2008	Information security management guidelines for telecommunications organizations based on ISO/IEC 27002	Information security controls for the telecoms industry; also called “ITU-T Recommendation x.1051”
ISO/IEC 27013	2012	Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1	Combining ISO27k/ISMS with IT Service Management/ITIL
ISO/IEC 27014	DRAFT	Governance of information security	Governance in the context of information security; will also be called “ITU-T Recommendation X.1054”
ISO/IEC 27015	2012	Information security management guidelines for financial services	Applying ISO27k in the finance industry
ISO/IEC TR 27016	DRAFT	Information security management – Organizational economics	Economics applied to information security
ISO/IEC 27017	DRAFT	Code of practice for information security controls for cloud computing services based on ISO/IEC 27002	Information security controls for cloud computing
ISO/IEC 27018	DRAFT	Code of practice for controls to protect personally identifiable information processed in public cloud computing services	Privacy controls for cloud computing
ISO/IEC TR 27019	DRAFT	Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy industry	Information security for ICS/SCADA/embedded systems (not just used in the energy industry!)
ISO/IEC 27031	2011	Guidelines for information and communications technology readiness for business continuity	Continuity (i.e. resilience, incident management and disaster recovery) for ICT, supporting general business continuity
ISO/IEC 27032	2012	Guidelines for cybersecurity	Despite the curious title, it is actually about Internet security
ISO/IEC 27033	-1 2009	Network security overview and concepts	Various aspects of network security; gradually updating and replacing ISO/IEC 18028
	-2 2012	Guidelines for the design and implementation of network security
	-3 2010	Reference networking scenarios - threats, design techniques and control issues
	-4 DRAFT	Securing communications between networks using security gateways
	-5 DRAFT	Securing communications across networks using Virtual Private Networks (VPNs)
	-6 DRAFT	Securing IP network access using wireless
ISO/IEC 27034	-1 2011	Application security — Overview and concepts	Multi-part application security standard
	-2 DRAFT	Organization normative framework
	-3 DRAFT	Application security management process
	-4 DRAFT	Application security validation
	-5 DRAFT	Protocols and application security control data structure
	-6 DRAFT	Security guidance for specific applications
ISO/IEC 27035	2011	Information security incident management	Replaced ISO TR 18044; now being split into three parts
ISO/IEC 27036	-1 DRAFT	Information security for supplier relationships – Overview and concepts	Information security aspects of ICT outsourcing and services
	-2 DRAFT	Information security for supplier relationships – Common requirements
	-3 DRAFT	Information security for supplier relationships – Guidelines for ICT supply chain security
	-4 DRAFT	Information security for supplier relationships – Guidelines for security of cloud services
ISO/IEC 27037	2012	Guidelines for identification, collection, acquisition, and preservation of digital evidence	First of several IT forensics standards
ISO/IEC 27038	DRAFT	Specification for digital redaction	Redaction of digital documents
ISO/IEC 27039	DRAFT	Selection, deployment and operations of Intrusion Detection [and Prevention] Systems (IDPS)	IDS/IPS
ISO/IEC 27040	DRAFT	Storage security	IT security for stored data
ISO/IEC 27041	DRAFT	Guidelines for assurance for digital evidence investigation methods	Assurance is critically important for all forms of forensics: the courts demand it
ISO/IEC 27042	DRAFT	Guidelines for the analysis and interpretation of digital evidence	IT forensics analytical methods
ISO/IEC 27043	DRAFT	Digital evidence investigation principles and processes	The basic principles of IT forensics investigations
ISO/IEC 27044	DRAFT	Guidelines for security information and event management (SIEM)	SIEM
ISO 27799	2008	Health informatics — Information security management in health using ISO/IEC 27002	Developed by a different committee; tailored advice for the healthcare industry