Norme e standard della Sicurezza ICT (SEC118)

Introduzione

• Le definizioni rilevanti
• Significato e valore delle norme
• Chi emette le norme e gli standard
• I lavori del sottocomitato 27 (ISO/IEC JTC1/SC27)
• La vita di una norma

Gli standard della sicurezza informatica

• ISO 20000 IT
  Service Management (ISO/IEC 20000:2005) e ITIL (Information technology Infrastructure Library)
• ISO 17799:1
  Information technology. Code of practice for information security management
• ISO/IEC TR 13335
  Information technology Guidelines for the management of IT Security
• GMP e PIC/S e metodologie per l’industria (Annex 11 sui sistemi informatici)
• ISO/IEC IS 15408
  Information technology (Security techniques and Evaluation criteria for IT security) noti come common criteria ITSEC
• ISO/TR 13569:2005
  Financial services -- Information security guidelines
• ISO/IEC TR 14516:2002
  Information technology -- Security techniques -- Guidelines for the use and management of Trusted Third Party services
• ISO/IEC TR 15443-1:2005
  Information technology -- Security techniques -- A framework for IT security assurance -- Part 1: Overview and framework
• ISO/IEC TR 15443-2:2005
  Information technology -- Security techniques -- A framework for IT security assurance -- Part 2: Assurance methods
• ISO/IEC TR 15947:2002
  Information technology -- Security techniques -- IT intrusion detection framework
• ISO/IEC 18028-3:2005
  Information technology -- Security techniques -- IT network security -- Part 3: Securing communications between networks using security gateways
• ISO/IEC 18028-4:2005
  Information technology -- Security techniques -- IT network security -- Part 4: Securing remote access
• ISO/IEC TR 18044:2004
  Information technology -- Security techniques -- Information security incident management
• ISO/IEC 27001:2005
  Information technology -- Security techniques -- Information security management systems -- Requirements
• ISO TR 17944
  Framework for Security in Financial Systems