BS ISO/IEC TR 13335-4:2000 provides guidance on the selection of safeguards, taking into account business needs and security concerns. It describes a process for the selection of safeguards according to security risks and concerns and the specific environment of an organization. BS ISO/IEC TR 13335-4:2000 shows how to achieve appropriate protection, and how this can be supported by the application of baseline security.
Contents:
- Foreword
- Introduction
- Scope
- References
- Definitions
- Aim
- Overview
- Introduction to safeguard selection and the concept of baseline security
- Basic assessments
- Safeguards
- Baseline approach: selection of safeguards according to the type of IT system
- Selection of safeguards according to security concerns and threats
- Selection of safeguards according to detailed assessments
- Development of an organization-wide baseline
- Summary
- Bibliography
- Annes A - Code of practice for information security management
- Annex B - ETSI baseline security standard features and mechanisms
- Annex C - IT baseline protection manual
- Annex D - NIST computer security handbook
- Annex E - Medical informatics: security categorisation and protection for healthcare information systems
- Annex F - TC68 Banking and related financial services information security guidelines
- Annex G - Protection of sensitive information not covered by the official secrets act - recommendations for computer workstations
- Annex H - Canadian handbook on Information Technology security