Information Security Standards

Authors

  • Dan Constantin Tofan Academy of Economic Studies Bucharest

Keywords:

Information Security Standards, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 17799, COBIT, NIST SP-800 series, Federal Office for Information Security (BSI), ISF – Standard of good practice for Information Security

Abstract

The use of standards is unanimously accepted and gives the possibility of comparing a personal security system with a given frame of reference adopted at an international level. A good example is the ISO 9000 set of standards regarding the quality management system, which is a common reference regardless of the industry in which a certain company activates. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security standards demonstrate in a methodical and certifiable manner that an organization conforms to industry best practices and procedures. This article offers a review of the world’s most used information security standards.

References

International Organization for Standardization - International Electrotechnical Commission Joint Technical Committee1, ISO/IEC 27002- Information technology -- Security techniques -- Information security management systems -- Requirements, 2007.

International Organization for Standardization-International Electrotechnical Commission Joint Technical Committee1, ISO/IEC 17799 Information technology — Security techniques — Code of practice for information security management, 2005.

National Institute for Standards and Technology, An introduction to Computer Security – The NIST Handbook – SP 800-12, NIST 1995, http://csrc.nist.gov.

Information Security Forum, The Standard of Good Practice for Information Security, ISF 2007, https://www.isfsecuritystandard.com/SOGP07/index.htm.

Erik Guldentops, Tony Betts, Gary Hodgkiss, Aligning COBIT, ITIL and ISO 17799 for Business Benefit, http://www.isaca.org 2007

Jimmy Heschl, Cobit Mapping: Overview Of International IT Guidance - 2nd edition, IT Governance Institute USA http://www.isaca.org 2007

Federal Office for Information Security (BSI), BSI Standard 100-1 Information Security Management System, http://www.bsi.de/english/publications/bsi_st andards/index.htm 2008

Federal Office for Information Security (BSI), BSI Standard 100-2 IT-Grundschutz Methodology, http://www.bsi.de/english/publications/bsi_st andards/index.htm 2008

Federal Office for Information Security (BSI), BSI Standard 100-3 Risk Analysis based on IT-Grundschutz, http://www.bsi.de/english/publications/bsi_st andards/index.htm 2008.

An Overview of Information Security Standards, The Government of the Hong Kong Special Administrative Region, 2008, www.infosec.gov.hk/english/technical/files/overview.pdf

http://en.wikipedia.org

Downloads

Published

2011-09-30

How to Cite

Tofan, D. C. (2011). Information Security Standards. Journal of Mobile, Embedded and Distributed Systems, 3(3), 128-135. Retrieved from http://jmeds.eu/index.php/jmeds/article/view/Information-Security-Standards