Information technology — Security techniques — Guidelines for the assessment of information security controls

This document provides guidance on reviewing and assessing the implementation and operation of information security controls, including the technical assessment of information system controls, in compliance with an organization's established information security requirements including technical compliance against assessment criteria based on the information security requirements established by the organization. This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC 27001. It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks.

Technologies de l'information — Techniques de sécurité — Lignes directrices pour les auditeurs des contrôles de sécurité de l'information

General Information

Status
Published
Publication Date
13-Jan-2019
Current Stage
9092 - International Standard to be revised
Completion Date
06-Jun-2024
Ref Project

Relations

Buy Standard

Technical specification
ISO/IEC TS 27008:2019 - Information technology -- Security techniques -- Guidelines for the assessment of information security controls
English language
91 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/IEC TS
SPECIFICATION 27008
First edition
2019-01
Information technology — Security
techniques — Guidelines for the
assessment of information security
controls
Technologies de l'information — Techniques de sécurité —
Lignes directrices pour les auditeurs des contrôles de sécurité de
l'information
Reference number
ISO/IEC TS 27008:2019(E)
©
ISO/IEC 2019

---------------------- Page: 1 ----------------------
ISO/IEC TS 27008:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TS 27008:2019(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Structure of this document . 1
5 Background . 2
6 Overview of information security control assessments . 3
6.1 Assessment process . 3
6.1.1 General. 3
6.1.2 Preliminary information . 3
6.1.3 Assessment checklists . 3
6.1.4 Review fieldwork . 4
6.1.5 The analysis process . 5
6.2 Resourcing and competence . 5
7 Review methods . 6
7.1 Overview . 6
7.2 Process analysis . 7
7.2.1 General.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.