Information technology. Security techniques. Management of information and communications technology security - Concepts and models for information and communications technology security management

Information technology. Security techniques. Management of information and communications technology security - Concepts and models for information and communications technology security management

£218.00
£218.00
£109.00
Sold out

Summary

The main objectives of BS ISO/IEC 13335 are:

  • to define and describe the concepts associated with the management of IT security
  • to identify the relationships between the management of IT security and management of IT in

    general

  • to present several models which can be used to explain IT security
  • to provide general guidance on the management of IT security.

Contents

Foreword

Introduction

Scope

Definitions

Security concepts and relationships

Objectives, strategies and policies

Organizational aspects of ICT security

ICT security management functions

Government and commercial organizations rely heavily on the use of information to conduct their business activities. Compromise of confidentiality, integrity, availability, non-repudiation, accountability, authenticity and reliability of an organization as assets can have an adverse impact.

Consequently, there is a critical need to protect information and to manage the security of ICT systems within organizations. This requirement to protect information is particularly important in today’s environment because many organizations are internally and externally connected by networks of ICT systems not necessarily controlled by their organizations. As well, legislation in many countries requires that management take appropriate action to mitigate risk related to the business and the use of ICT systems. Such legislation may cover not only privacy/data protection but also healthcare and financial markets, among others.

 

BS ISO/IEC TR 13335 Part 1 provides a high-level management overview. This material is suitable for managers and those who have responsibility for ICT security, for an organization’s overall security program or an organization’s ICT systems. Part 1 focuses its attention on concepts and models for managing the planning, implementation and operations of ICT security.

This Part contains:

  • definitions applicable to all parts of this International Standard;
  • descriptions of the major security elements and their relationships that are involved in ICT security management;
  • corporate security objectives, strategies and policies needed for effective organizational ICT security;
  • organization for effective ICT security, models for accountability, explicit assignment and acknowledgement of security responsibilities; and
  • an overview of ICT security management functions.
  • This standard replaces BS ISO/IEC TR 13335-1:1996 and  BS ISO/IEC TR 13335-2:1997,  which are now withdrawn