ГОСТ Р 56045-2021/ISO/IEC TS 27008:2019. Национальный стандарт Российской Федерации. Информационные технологии. Методы и средства обеспечения безопасности. Рекомендации по оценке мер обеспечения информационной безопасности
БИБЛИОГРАФИЯ
[1] | ISO Guide 73, Risk management - Vocabulary |
[2] | ISO 19011:2018, Guidelines for auditing management systems |
[3] | ISO/IEC 27001, Information technology - Security techniques - Information security management systems - Requirements |
[4] | ISO/IEC 27002, Information technology - Security techniques - Code of practice for information security controls |
[5] | ISO/IEC 27005, Information technology - Security techniques - Information security risk management |
[6] | ISO/IEC 27006, Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems |
[7] | ISO/IEC 27007, Information technology - Security techniques - Guidelines for information security management systems auditing |
[8] | ISO/IEC 27017, Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
[9] | NIST Special publication (SP) 800-53A, Guide for reviewing the controls in federal information systems, July 2008. Available from: https://csrc.nist.gov/publications/PubsSPs.html |
[10] | Institute For Security And Open Methodologies. Open-Source Security Testing Methodology Manual. Available from: http://www.isecom.org/research/osstmm.html |
[11] | Federal Office for Information Security (BSI). Germany, Standard 100-1, Information Security Management Systems (ISMS); 100-2, IT-Grundschutz Methodology; 100-3, Risk Analysis based on IT-Grundschutz and IT-Grundschutz Catalogues, 100-4, Business Continuity Management (available in German and English). Available from: https://www.bsi.bund .de/EN/Topics/ITGrundschutz/itgrundschutz.html |
[12] | Information Security Forum, The Standard of Good Practice for Information Security, 2007. Available from: https://www.securityforum.org/tool/the-isf-standard-good-practice-information-security-2018/ |
УДК 006.34:004.056:004.056.5:004.056.53:006.354 | ОКС 35.030 | IDT |
Ключевые слова: информационная безопасность, мера обеспечения информационной безопасности, оценка информационной безопасности, оценка технического соответствия, метод оценки, план оценки, процедура оценки, аудитор | ||
Подписаться на обновления