BS ISO/IEC 27011 Information technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

Result Types

Subject

Industry Sector

Committee

ICS Category

BS ISO/IEC 27011:2008

Information technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

Status : Current   Published : May 2009

Format
PDF

Format
HARDCOPY

BS ISO/IEC 27011:2008 Information technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

BS ISO/IEC 27011 is the international standard that provides guidelines to support the implementation of information security management (ISM) in telecommunications organizations.

The standard is for telecommunications organizations and will enable them to meet baseline ISM requirements of confidentiality, integrity, availability and any other relevant security property of telecommunications.

BS ISO/IEC 27011 establishes guidelines and general principles for initiating, implementing, maintaining, and improving ISM in telecommunications organizations based on BS ISO/IEC 27002 Code of practice for information security management.

BS ISO/IEC 27011 now includes a Telecommunications Extended Control Set which provides new controls and implementation guidance for a telecommunications organization. This has been included in two new Annexes.

It provides an implementation baseline of ISM within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services.

Why should I implement BS ISO/IEC 27011?
Telecommunications organizations that implement BS ISO/IEC 27011 both within and between jurisdictions, will:

  • Be able to assure the confidentiality, integrity and availability of the global telecommunications facilities and services
  • Have adopted secure collaborative processes and controls ensuring the lowering of risks in the delivery of telecommunications services
  • Be able to redeploy resources to more productive activities
  • Have adopted a consistent holistic approach to information security
  • Be able to improve personal awareness and increase public trust.

What are the objectives of BS ISO/IEC 27011?

BS ISO/IEC 27011 provides practical guidance specially suited for telecommunications organizations on:

  • Commonly-accepted goals of information security management specifically suited for telecommunications organizations
  • Information security management practices to assist in the building of confidence for telecommunications activities.

Who should use BS ISO/IEC 27011?

BS ISO/IEC 27011 is for telecommunications organizations; anyone responsible for information security; together with security vendors, auditors, telecommunications terminal vendors and application content providers,

It provides them with a common set of general security control objectives based on ISO/IEC 27002, telecommunications sector specific controls, and information security management guidelines allowing for the selection and implementation of such controls.

Contents of BS ISO/IEC 27011 include:

  • Normative references
  • Definitions
  • Overview
  • Structure of this guideline
  • Information security management systems in Telecommunications business
  • Security Policy
  • Organization of information security
  • Internal organization
  • External parties
  • Asset management
  • Responsibility for assets
  • Information classification
  • Human resources security
  • Prior to employment
  • During employment
  • Termination or change of employment
  • Physical and environmental security
  • Secure areas
  • Equipment security
  • Communications and operations management
  • Operational procedures and responsibilities
  • Third party service delivery management
  • System planning and acceptance
  • Protection against malicious and mobile code
  • Back-up
  • Network security management
  • Media handling
  • Exchange of information
  • Electric Commerce Service
  • Monitoring
  • Access control
  • Business requirement for access control
  • User access management
  • User responsibilities
  • Network access control
  • Operating system access control
  • Application and information access control
  • Mobile computing and teleworking
  • Information systems acquisition, development and maintenance
  • Security requirements of information systems
  • Correct processing in applications
  • Cryptographic controls
  • Security of system files
  • Security in development and support processes
  • Technical Vulnerability Management
  • Information security incident management
  • Reporting information security events and weaknesses
  • Management of information security incidents and improvements
  • Business continuity management
  • Information security aspects of business continuity management
  • Compliance
  • Telecommunications Extended Control Set
  • Additional Implementation Guidance
  • Bibliography

Read the Introduction for more information




Standard NumberBS ISO/IEC 27011:2008
TitleInformation technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
StatusCurrent
Publication Date31 May 2009
Cross ReferencesISO/IEC 27001:2005, ISO/IEC 27002:2005, ITU-T Recommendation X.805 (2003), ISO/IEC 18028-1:2006, ISO/IEC 18028-2:2006, ISO/IEC 18028-3:2005, ISO/IEC 18028-4:2005, ISO/IEC 18028-5:2006, ISO/IEC 18043:2006, ISO/IEC TR 18044:2004, ISO/IEC 27005:2008
International RelationshipsISO/IEC 27011:2008,ITU-T Rec. X.1051:2008
Draft Superseded By07/30166242 DC
DescriptorsData security, Data storage protection, Data processing, Computers, Management, Telecommunication, Communication networks, Computer networks, Communication equipment, Computer hardware, Computer software, Data transmission, Information exchange, Access
ICS35.040
Title in FrenchTechnologies de l'information. Techniques de sécurité. Lignes directrices pour le management de la sécurité de l'information pour les organismes de télécommunications sur la base de l'ISO/CEI 27002
CommitteeIST/33
ISBN978 0 580 59010 8
PublisherBSI
FormatA4
DeliveryYes
Pages56
File Size1.128 MB
Price£204.00


 Your basket
Your basket is empty

BSI Membership

Up to 50% off standards and conferences


Newsletters

Monthly industry and standards news


BSOL

Standards direct to your desktop


Customers who bought this product also bought

  • BS ISO/IEC 27004:2009
    Information technology. Security techniques. Information security management. Measurement
  • BS ISO/IEC 27003:2010
    Information technology. Security techniques. Information security management system implementation guidance
  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS 10012:2009
    Data protection. Specification for a personal information management system