ISO/IEC 27004:2016 provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1. It establishes: a) the monitoring and measurement of information security performance; b) the monitoring and measurement of the effectiveness of an information […]
ISO/IEC 15149:2011 specifies the physical layer and media access control layer protocols of a wireless network over a magnetic field in a low frequency band (~300 kHz), for wireless communication in harsh environments (i.e. around metal, underwater, underground, etc.). The physical layer protocol is designed for the following scope: low carrier frequency for large magnetic […]
What is ISO 27001 and why is it so important for organisations? Generally speaking, most organisations and businesses will have some form of controls in place to manage information security. These controls are necessary as information is one of the most valuable assets that a business owns. However, the effectiveness of such a policy is […]
ISO/IEC 27042:2015 provides guidance on the analysis and interpretation of digital evidence in a manner which addresses issues of continuity, validity, reproducibility, and repeatability. It encapsulates best practice for selection, design, and implementation of analytical processes and recording sufficient information to allow such processes to be subjected to independent scrutiny when required. It provides guidance […]
ISO/IEC 27036-2:2014 specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships. These requirements cover any procurement and supply of products and services, such as manufacturing or assembly, business process procurement, software and hardware components, knowledge process procurement, Build-Operate-Transfer and cloud computing services. These requirements are intended […]
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII […]
ISO/IEC 27033-1:2015 provides an overview of network security and related definitions. It defines and describes the concepts associated with, and provides management guidance on, network security. (Network security applies to the security of devices, security of management activities related to the devices, applications/services, and end-users, in addition to security of the information being transferred across […]
ISO/IEC TR 90006:2013 provides guidelines for the application of ISO 9001:2008 to service management for IT services. Examples provided in the guidelines are for service management of IT services. Additionally, ISO/IEC TR 90006:2013 provides guidelines for the alignment and integration of a QMS and SMS in organizations where services are being delivered to internal or […]
- 1
- 2