Если вам есть, что сказать сообществу профессионалов ИБ и ИТ – заведите здесь свой блог

Ссылки

Приложение к статье Андрея Прозорова "Стандарты, которые полезно знать специалистам по информационной безопасности".

Полные названия стандартов, упомянутых в статье:

ISO 19011

ISO 19011:2011 Guidelines for auditing management systems

ISO 20000

Серия стандартов по управлению IT- сервисами в составе:
  • ISO/IEC 20000-1:2011 Information technology. Service management.
    Part 1: Service management system requirements
  • ISO/IEC 20000-2:2012 Information technology. Service management.
    Part 2: Guidance on the application of service management systems
  • ISO/IEC 20000-3:2012 Information technology. Service management.
    Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1
  • ISO/IEC TR 20000-4:2010 Information technology. Service management.
    Part 4: Process reference model
  • ISO/IEC TR 20000-5:2010 Information technology. Service management.
    Part 5: Exemplar implementation plan for ISO/IEC 20000-1

COBIT5 Framework

COBIT 5 A Business Framework for the Governance and Management of Enterprise IT
Дополнительные книги:
  • COBIT 5 Enabling Processes
  • COBIT 5 Implementation
  • COBIT 5 for Information Security
  • COBIT 5 for Assurance
  • Process Assessment Model
  • Self-Assessment Guide
  • Assessor Guide

COBIT5 for IS

COBIT 5 for Information Security

ITIL

The Information Technology Infrastructure Library 2011 Editions (комплект книг):
  • ITIL Service Strategy
  • ITIL Service Design
  • ITIL Service Transition
  • ITIL Service Operation
  • ITIL Continual Service Improvement

ISO 27000

ISO/IEC 27000:2012 Information technology. Security techniques. Information security management systems. Overview and vocabulary

ISO 27001

ISO/IEC 27001:2005 Information technology. Security techniques. Information security management systems. Requirements

ISO 27002

ISO/IEC 27002:2005 Information technology. Security techniques. Code of practice for information security management

ISO 27003

ISO/IEC 27003:2010 Information technology. Security techniques. Information security management system implementation guidance

ISO 27004

ISO/IEC 27004:2009 Information technology. Security techniques. Information security management. Measurement

ISO 27005

ISO/IEC 27005:2011 Information technology. Security techniques. Information security risk management

ISO 27006

ISO/IEC 27006:2011 Information technology. Security techniques. Requirements for bodies providing audit and certification of information security management systems

ISO 27007

ISO/IEC 27007:2011 Information technology. Security techniques. Guidelines for information security management systems auditing

ISO 27031

ISO/IEC 27031:2011 Information technology. Security techniques. Guidelines for information and communication technology readiness for business continuity

ISO 27035

ISO/IEC 27035:2011 Information technology. Security techniques. Information security incident management

ISO 31000

ISO 31000:2009 Risk management. Principles and guidelines

ISO 31010

ISO/IEC 31010:2009 Risk management. Risk assessment techniques

NIST SP 800-30

NIST Special Publication 800-30 Rev. 1 Guide for Conducting Risk Assessments

NIST SP 800-34

NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems

NIST SP 800-37

NIST Special Publication 800-37 Rev. 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

NIST SP 800-39

NIST Special Publication 800-39 Managing Information Security Risk: Organization, Mission, and Information System View

NIST SP 800-40

NIST Special Publication 800-40 Version 2.0 Creating a Patch and Vulnerability Management Program

и

NIST Special Publication 800-40 Rev. 3 DRAFT Guide to Enterprise Patch Management Technologies

NIST SP 800-50

NIST Special Publication 800-50 Building an Information Technology Security Awareness and Training Program

NIST SP 800-53

NIST Special Publication 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)

NIST SP 800-53 A

NIST Special Publication 800-53 A Rev. 1 Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans

NIST SP 800-61

NIST Special Publication 800-61 Rev.2 Computer Security Incident Handling Guide

NIST SP 800-83

NIST Special Publication 800-83 Guide to Malware Incident Prevention and Handling
и
NIST Special Publication 800-83 Rev.1 DRAFT Guide to Malware Incident Prevention and Handling for Desktops and Laptops

NIST SP 800-84

NIST Special Publication 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

NIST SP 800-86

NIST Special Publication 800-86 Guide to Integrating Forensic Techniques into Incident Response

NIST SP 800-100

NIST Special Publication 800-100 Information Security Handbook: A Guide for Managers

NIST SP 800-111

NIST Special Publication 800-111 Guide to Storage Encryption Technologies for End User Devices

NIST SP 800-114

NIST Special Publication 800-114 User's Guide to Securing External Devices for Telework and Remote Access

NIST SP 800-115

NIST Special Publication 800-115 Technical Guide to Information Security Testing and Assessment

NIST SP 800-122

NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

NIST SP 800-128

NIST Special Publication 800-128 Guide for Security-Focused Configuration Management of Information Systems

PCI DSS

Payment Card Industry Data Security Standard

ГОСТ 17799:2005

ГОСТ Р ИСО/МЭК 17799-2005 Информационная технология. Практические правила управления информационной безопасностью.

ГОСТ 27001:2006

ГОСТ Р ИСО/МЭК 27001-2006 Информационная технология. Методы и средства обеспечения безопасности. Система менеджмента информационной безопасности. Требования

СТО БР ИББС

Стандарт Банка России по обеспечению информационной безопасности организаций банковской системы Российской Федерации (СТО БР ИББС) (комплект документов)

Ссылки:

Поделиться:
 
 
Комментарии в Facebook
 

Вы сообщаете об ошибке в следующем тексте:
Нажмите кнопку «Сообщить об ошибке», чтобы отправить сообщение. Вы также можете добавить комментарий.