Français
4. Normative aspects
In the field of IT security, as is the case for all innovative industrial activities, dedicated standards have been developed in parallel with practical development, and have evolved in a mutually influential way: feedback from the field has influenced standards, but standardization has also facilitated the transition to practice. This evolution is still ongoing, as the field is not yet technically stabilized.
With regard to cybersecurity, the ISO 27001 standard, derived from BS 7799, was introduced in 2005, enabling certification of an "Information Security Management System" (ISMS). The ISO 2700x family was extended in June 2009 with ISO 27005, which provides a methodology for identifying and assessing risks to information assets, and in 2013 with ISO 27032, which provides guidelines for cybersecurity.
Common Criteria standards (ISO 15408,...
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Normative aspects
Conclusion
Bibliography
Bibliography
Websites
Federation of Professional Intrusive Testers (FPTI) http://www.fpti.pro/
French Information Systems Security Club (CLUSIF) http://www.clusif.asso.fr
Standards and norms
- Risk management – Vocabulary – Guidelines for use in standards - ISO 73 Guide ISO 73 - 12-09
- Information Technology – Safety technology – Information security management systems –Requirements - ISO CEI 27001 - 10-13
- Information Technology – Safety technology – Code of practice for information security management - ISO CEI 27002 - 09-13
- Information Technology – Safety technology – Guidelines for...
The Ultimate Scientific and Technical Reference
