Information systems security management: A review and a classification of the ISO standards

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

Volumn 26 LNICST, Issue , 2010, Pages 220-235

  Tsohou, Aggeliki ^a   Kokolakis, Spyros ^a   Lambrinoudakis, Costas ^a   Gritzalis, Stefanos ^a  

^a UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

Information security management systems; Standardization

Indexed keywords

INFORMATION SECURITY MANAGEMENT SYSTEMS; INFORMATION SECURITY MANAGEMENTS; INFORMATION SYSTEMS SECURITY; INTERNATIONAL ELECTROTECHNICAL COMMISSION; INTERNATIONAL ORGANIZATION FOR STANDARDIZATIONS; INTERNATIONAL STANDARDS; ISO STANDARDS; ISO/IEC; NON-FUNCTIONAL REQUIREMENTS; SECURITY LEVEL; SECURITY MECHANISM; SECURITY PRACTITIONERS; SECURITY REQUIREMENTS; SECURITY STANDARDS; STATE-OF-THE-ART REVIEWS;

INDUSTRIAL MANAGEMENT; INFORMATION MANAGEMENT; INFORMATION SYSTEMS; INTERNATIONAL COOPERATION; INTEROPERABILITY; LAWS AND LEGISLATION; MANAGEMENT INFORMATION SYSTEMS; STANDARDIZATION; SYSTEMS ANALYSIS;

SECURITY OF DATA;

EID: 84864759284     PISSN: 18678211     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-11631-5_21     Document Type: Conference Paper

References (78)

1. Standardization definition, http://en.wikipedia.org/wiki/Standardization
2. Guijarro, L.: ICT standardisation and public procurement in the United States and in the European Union: Influence on egovernment deployment. Telecommunications Policy 33(5-6), 285-295 (2009)
3. International Organization for Standardization, http://www.iso.org/iso/ home.htm
4. ISO/IEC 27001:2005. Information technology - Security techniques - Information security management systems - Requirements (2005)
5. ISO/IEC 13335-1:2004. Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management (2004)
6. ISO/IEC TR 13335-2:1997. Information technology - Guidelines for the management of IT Security - Part 2: Managing and planning IT Security (1997)
7. ISO/IEC TR 13335-3:1998. Information technology - Guidelines for the management of IT Security - Part 3: Techniques for the management of IT Security (1998)
8. ISO/IEC TR 13335-4:2000. Information technology - Guidelines for the management of IT Security - Part 4: Selection of safeguards (2000)
9. ISO/IEC 27005:2008. Information technology - Security techniques - Information security risk management (2008)
10. ISO/IEC TR 13335-5:2001. Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security (2001)
11. ISO/IEC 18028-1:2006. Information technology - Security techniques - IT network security - Part 1: Network security management (2006)
12. ISO/IEC 27000:2009. Information technology - Security techniques - Information security management systems - Overview and vocabulary (2009)
13. ISO/IEC 27002:2005. Information technology - Security techniques - Code of practice for information security management (2005)
14. ISO/IEC 17799:2005. Information technology - Security techniques - Code of practice for information security management (2005)
15. ISO/IEC FCD 27003. Information technology - Security techniques - Information security management system implementation guidance
16. ISO/IEC 27011:2008. Information technology - Security techniques - Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 (2008)
17. ISO/IEC WD 27007. Information technology - Security techniques - Guidelines for information security management systems auditing
18. ISO/IEC 27006:2007. Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems (2007)
19. ISO/IEC 17021:2006. Conformity assessment - Requirements for bodies providing audit and certification of management systems (2006)
20. ISO/IEC FCD 27033-1. Information technology - Security techniques - IT network security - Part 1: Guidelines for network security
21. ISO/IEC 18028-2:2006. Information technology - Security techniques - IT network security - Part 2: Network security architecture (2006)
22. ISO/IEC WD 27033-2. Information technology - Security techniques - IT network security - Part 2: Guidelines for the design and implementation of network security
23. ISO/IEC 18028-3:2005. Information technology - Security techniques - IT network security - Part 3: Securing communications between networks using security gateways (2005)
24. ISO/IEC NP 27033-4. Information technology - Security techniques - IT network security - Part 4: Securing communications between networks using security gateways-Risks, design techniques and control issues
25. ISO/IEC 18028-4:2005. Information technology - Security techniques - IT network security - Part 4: Securing remote access (2005)
26. ISO/IEC NP 27033-5. Information technology - Security techniques - IT network security - Part 5: Securing Remote Access-Risks, design techniques and control issues
27. ISO/IEC 18028-5:2006. Information technology - Security techniques - IT network security - Part 5: Securing communications across networks using virtual private networks (2006)
28. ISO/IEC NP 27033-6. Information technology - Security techniques - IT network security - Part 6: Securing communications across networks using Virtual Private Networks (VPNs) - Risks, design techniques and control issues
29. ISO/IEC WD 27033-3. Information technology - Security techniques - IT network security - Part 3: Reference networking scenarios - Risks, design techniques and control issues
30. ISO/IEC 18043:2006. Information technology - Security techniques - Selection, deployment and operations of intrusion detection systems (2006)
31. ISO/IEC 18014-1:2008. Information technology - Security techniques - Time-stamping services - Part 1: Framework (2008)
32. ISO/IEC 18014-2:2002. Information technology - Security techniques - Time-stamping services - Part 2: Mechanisms producing independent tokens (2002)
33. ISO/IEC 18014-3:2004. Information technology - Security techniques - Time-stamping services - Part 3: Mechanisms producing linked tokens (2004)
34. ISO/IEC TR 14516:2002. Information technology - Security techniques - Guidelines for the use and management of Trusted Third Party services (2002)
35. ISO/IEC 15945:2002. Information technology - Security techniques - Specification of TTP services to support the application of digital signatures (2002)
36. ISO/IEC 14888-1:2008. Information technology - Security techniques - Digital signatures with appendix - Part 1: General (2008)
37. ISO/IEC 14888-2:2008. Information technology - Security techniques - Digital signatures with appendix - Part 2: Integer factorization based mechanisms (2008)
38. ISO/IEC 14888-3:2006. Information technology - Security techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanisms (2006)
39. ISO/IEC 9796-2:2002. Information technology - Security techniques - Digital signature schemes giving message recovery - Part 2: Integer factorization based mechanisms (2002)
40. ISO/IEC 9796-3:2006. Information technology - Security techniques - Digital signature schemes giving message recovery - Part 3: Discrete logarithm based mechanisms (2006)
41. ISO/IEC 9796-1:1991, Information technology-Security techniques-Digital signature scheme giving message recovery -Part 1: Mechanisms using redundancy (1991)
42. ISO/IEC 15816:2002. Information technology - Security techniques - Security information objects for access control (2002)
43. ISO/IEC 9798-1:1997. Information technology - Security techniques - Entity authentication - Part 1: General (1997)
44. ISO/IEC 9798-2:2008. Information technology - Security techniques - Entity authentication - Part 2: Mechanisms using symmetric encipherment algorithms (2008)
45. ISO/IEC 9798-3:1998. Information technology - Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques (1998)
46. ISO/IEC 9798-4:1999. Information technology - Security techniques - Entity authentication - Part 4: Mechanisms using a cryptographic check function (1999)
47. ISO/IEC 9798-5:2004. Information technology - Security techniques - Entity authentication - Part 5: Mechanisms using zero-knowledge techniques (2004)
48. ISO/IEC 9798-6:2005. Information technology - Security techniques - Entity authentication - Part 6: Mechanisms using manual data transfer (2005)
49. ISO/IEC 18033-1:2005. Information technology - Security techniques - Encryption algorithms - Part 1: General (2005)
50. ISO/IEC 18033-2:2006. Information technology - Security techniques - Encryption algorithms - Part 2: Asymmetric ciphers (2006)
51. ISO/IEC 18033-3:2005. Information technology - Security techniques - Encryption algorithms - Part 3: Block ciphers (2005)
52. ISO/IEC 18033-4:2005. Information technology - Security techniques - Encryption algorithms - Part 4: Stream ciphers (2005)
53. ISO/IEC 11770-1:1996. Information technology - Security techniques - Key management - Part 1: Framework (1996)
54. ISO/IEC CD 11770-1.Information technology - Security techniques - Key management - Part 1: Framework
55. ISO/IEC 11770-2:2008. Information technology - Security techniques - Key management - Part 2: Mechanisms using symmetric techniques (2008)
56. ISO/IEC 11770-3:2008. Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques (2008)
57. ISO/IEC 11770-4:2006. Information technology - Security techniques - Key management - Part 4: Mechanisms based on weak secrets (2006)
58. ISO/IEC 9797-1:1999. Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher (1999)
59. ISO/IEC 9797-2:2002. Information technology - Security techniques - Message Authentication Codes (MACs) - Part 2: Mechanisms using a dedicated hash-function (2002)
60. ISO/IEC 10118-1:2000. Information technology - Security techniques - Hash-functions - Part 1: General (2000)
61. ISO/IEC 10118-2:2000. Information technology - Security techniques - Hash-functions - Part 2: Hash-functions using an n-bit block cipher (2000)
62. ISO/IEC 10118-3:2004. Information technology - Security techniques - Hash-functions - Part 3: Dedicated hash-functions (2004)
63. ISO/IEC 10118-4:1998. Information technology - Security techniques - Hash-functions - Part 4: Hash-functions using modular arithmetic (1998)
64. ISO/IEC 21827:2008. Information technology - Security techniques - Systems Security Engineering - Capability Maturity Model® (SSE-CMM®) (2008)
65. ISO/IEC TR 18044:2004. Information technology - Security techniques - Information security incident management (2004)
66. ISO/IEC 24762:2008. Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services (2008)
67. ISO/IEC 13888-1:2004. IT security techniques - Non-repudiation - Part 1: General (2004)
68. ISO/IEC 13888-2:1998. Information technology - Security techniques - Non-repudiation - Part 2: Mechanisms using symmetric techniques (1998)
69. ISO/IEC 13888-3:1997. Information technology - Security techniques - Non-repudiation - Part 3: Mechanisms using asymmetric techniques (1997)
70. ISO/IEC 18045:2008. Information technology - Security techniques - Methodology for IT security evaluation (2008)
71. ISO/IEC FCD 15408-1.3. Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model
72. ISO/IEC 15408-1:2005. Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model (2005)
73. ISO/IEC 15408-2:2008. Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components (2008)
74. ISO/IEC 15408-3:2008. Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components (2008)
75. ISO/IEC TR 19791:2006. Information technology - Security techniques - Security assessment of operational systems (2006)
76. ISO/IEC TR 15443-1:2005. Information technology - Security techniques - A framework for IT security assurance - Part 1: Overview and framework (2005)
77. ISO/IEC TR 15443-2:2005. Information technology - Security techniques - A framework for IT security assurance - Part 2: Assurance methods (2005)
78. ISO/IEC TR 15443-3:2007. Information technology - Security techniques - A framework for IT security assurance - Part 3: Analysis of assurance methods (2007)