viernes, 26 de diciembre de 2008

Estado de situación de la serie ISO 27000 a diciembre 2008

A continuación voy a listar el conjunto de normas publicadas o en proceso de elaboración de la serie ISO 27000 a diciembre de 2008.
Estos resultados son fruto de una consulta a la Web de ISO.org en relación al área de trabajo del Subcomité 27 del JTC 1 - IT Security techniques.

El estado de las normas se codifica en base a unos acrónimos que ISO tiene identificados y que son:

  • 1.PWI = Preliminary Work Item - initial feasibility and scoping activities

  • 2.NP = New Proposal (or study period) - formal scoping phase

  • 3.WD = Working Draft (1st WD, 2nd WD etc.) - development phase

  • 4.CD = Committee Draft (1st CD, 2nd CD etc.)- quality control phase

  • 5.FCD = Final Committee Draft - ready for final approval.

  • 6.DIS = Draft International Standard - nearly there. Stage 40.

  • 7.FDIS = Final Draft or Distribution International Standard - just about ready to publish. Stage 50.

  • 8.IS = International Standard - published. Stage 60.

  • 9. Under revisión. Stage 90.


Como podréis comprobar en la siguiente relación de normas, hay bastantes ya en el Stage 40 y 50 lo que indica que pronto pueden ver la luz. La situación actual del marco internacional de normas ISO 27000 es:

  • ISO/IEC FCD 27000.
    Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary. Stage:40.99

  • ISO/IEC 27001:2005.
    Information technology -- Security techniques -- Information security management systems -- Requirements. Stage:60.60

  • ISO/IEC 27002:2005
    Information technology -- Security techniques -- Code of practice for information security management. Stage:90.92

  • ISO/IEC FCD 27003
    Information technology -- Information security management system implementation guidance. Stage:40.20

  • ISO/IEC FCD 27004.2
    Information technology -- Security techniques -- Information security management -- Measurement. Stage:40.20

  • ISO/IEC 27005:2008
    Information technology -- Security techniques -- Information security risk management. Stage:60.60

  • ISO/IEC 27006:2007
    Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems. Stage:60.60

  • ISO/IEC WD 27007
    Guidelines for Information security management systems auditing. Stage:20.60

  • ISO/IEC FDIS 27011
    Information technology -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002. Stage:50.60

  • ISO/IEC NP 27012
    Information technology - Security techniques -- ISM guidelines for e-government services. Stage:10.99

  • ISO/IEC NP 27032
    Guidelines for cybersecurity. Stage:10.99

  • ISO/IEC NP 27033
    Information technology -- IT Network security. Stage:10.99
    stá en modo borrador la nueva ISO 27033 que es la revisión de la ISO/IEC 18028-1:2006 destinada a la seguridad de redes de comunicaciones. ISO 27033 pretende ser un complemento exhaustivo para todos los aspectos relacionados con la seguridad en redes que vienen definidos en ISO 27002.

  • ISO/IEC CD 27033-1
    Information technology -- Security techniques -- IT network security -- Part 1: Guidelines for network security. (FCD)

  • ISO/IEC WD 27033-2
    Information technology -- Security techniques -- IT network security -- Part 2: Guidelines for the design and implementation of network security. (WD)

  • ISO/IEC WD 27033-3
    Information technology -- Security techniques -- IT network security -- Part 3: Reference networking scenarios -- Risks, design techniques and control issues. (WD)

  • ISO/IEC NP 27033-4
    Information technology -- Security techniques -- IT network security -- Part 4: Securing communications between networks using security gateways - Risks, design techniques and control issues. (NP)

  • ISO/IEC NP 27033-5
    Information technology -- Security techniques -- IT network security -- Part 5: Securing Remote Access - Risks, design techniques and control issues. (NP)

  • ISO/IEC NP 27033-6
    Information technology -- Security techniques -- IT network security -- Part 6: Securing communications across networks using Virtual Private Networks (VPNs) -- Risks, design techniques and control issues. (NP)

  • ISO/IEC NP 27033-7
    Information technology -- Security techniques -- IT network security -- Part 7: Guidelines for securing (specific networking technology topic heading(s) to be inserted3) -- Risks, design techniques and control issues. Stage:10.99

    Más información detallada de cada uno de estos documentos en ISO27001security.com

  • ISO/IEC NP 27034
    Guidelines for application security. Stage:10.99

  • ISO/IEC NP 27037
    Information technology - Security techniques -- on Information security management: Sector to sector interworking and communications for industry and government . Stage:10.99

El detalle de los diferentes escalones dentro de cada nivel o stage lo podéis consultar en Stages ISO.


Fuente: Sistemas de Gestión Seguridad de la Información



Publicado por el
Etiquetas: , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)