BS ISO/IEC TR 13335-3:1998 aims to describe and recommend techniques for the successful management of IT security. These techniques can be used to assess security requirements and risks, and help to establish and maintain the appropriate security safeguards, i.e. the correct IT security level. The results achieved in this way may need to be enhanced by additional safeguards dictated by the actual organization and environment.
BS ISO/IEC TR 13335-3:1998 is relevant to everybody within an organization who is responsible for the management and/or the implementation of IT security.
Contents:
- Foreword
- Introduction
- Scope
- References
- Structure
- Aim
- Techniques for the management of IT security
- IT security objectives, strategy and policies
- Corporate risk analysis strategy options
- Combined approach
- Implementation of the IT security plan
- Follow-up
- Summary
- Annex A - An example contents list for a corporate IT security policy
- Annex B - Valuation of assets
- Annex C - List of possible threat types
- Annex D - Examples of common vulnerabilities
- Annex E - Types of risk analysis method