BS ISO/IEC 13335-1:2004 - Information technology. Security techniques. Management of information and communications technology security. Concepts and models for information and communications technology security management – BSI British Standards
Please note that between 8:30 and 15:30 GMT on 17th of November you may not be able to purchase items on the BSI shop as we are updating our systems. Thank you for your patience. Please return to the site to make your purchases after 15:30 GMT on 17th of November 2018.

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BS ISO/IEC 13335-1:2004

Information technology. Security techniques. Management of information and communications technology security. Concepts and models for information and communications technology security management

Status : Withdrawn   Published : December 2004

WITHDRAWN TITLE
*To ask about withdrawn titles contact the BSI Knowledge Centre knowledgecentre@bsigroup.com,
+44 20 8996 7004


Summary

The main objectives of BS ISO/IEC 13335 are:

  • to define and describe the concepts associated with the management of IT security
  • to identify the relationships between the management of IT security and management of IT in
    general
  • to present several models which can be used to explain IT security
  • to provide general guidance on the management of IT security.

Contents

Foreword
Introduction
Scope
Definitions
Security concepts and relationships
Objectives, strategies and policies
Organizational aspects of ICT security
ICT security management functions

Government and commercial organizations rely heavily on the use of information to conduct their business activities. Compromise of confidentiality, integrity, availability, non-repudiation, accountability, authenticity and reliability of an organization as assets can have an adverse impact.
Consequently, there is a critical need to protect information and to manage the security of ICT systems within organizations. This requirement to protect information is particularly important in today’s environment because many organizations are internally and externally connected by networks of ICT systems not necessarily controlled by their organizations. As well, legislation in many countries requires that management take appropriate action to mitigate risk related to the business and the use of ICT systems. Such legislation may cover not only privacy/data protection but also healthcare and financial markets, among others.
 
BS ISO/IEC TR 13335 Part 1 provides a high-level management overview. This material is suitable for managers and those who have responsibility for ICT security, for an organization’s overall security program or an organization’s ICT systems. Part 1 focuses its attention on concepts and models for managing the planning, implementation and operations of ICT security.

This Part contains:

  • definitions applicable to all parts of this International Standard;
  • descriptions of the major security elements and their relationships that are involved in ICT security management;
  • corporate security objectives, strategies and policies needed for effective organizational ICT security;
  • organization for effective ICT security, models for accountability, explicit assignment and acknowledgement of security responsibilities; and
  • an overview of ICT security management functions.
  • This standard replaces BS ISO/IEC TR 13335-1:1996 and  BS ISO/IEC TR 13335-2:1997,  which are now withdrawn

 




Standard NumberBS ISO/IEC 13335-1:2004
TitleInformation technology. Security techniques. Management of information and communications technology security. Concepts and models for information and communications technology security management
StatusWithdrawn
Publication Date13 December 2004
Withdrawn Date30 March 2010
ReplacesBS ISO/IEC TR 13335-1:1996, BS ISO/IEC TR 13335-2:1997
International RelationshipsISO/IEC 13335-1:2004
Draft Superseded By03/652482 DC
DescriptorsInformation exchange, Data processing, Data storage protection, Data security, Planning, Management operations, Organization and methods, Policy formation, Assets, Accident prevention, Safety measures, Management
ICS35.030
Title in FrenchTechnologies de l'information. Techniques de securite. Gestion de la securite des technologies de l'information et des communications. Concepts et modeles pour la gestion de la securite des technologies de l'information et des communications
CommitteeIST/33
ISBN0 580 44899 1
PublisherBSI
FormatA4
DeliveryYes
Pages38
File Size1.087 MB
NotesThis standard has been withdrawn. A call for contributions was issued by the ISO/IEC JTC 1/SC 27 Secretariat to National Bodies to the periodic pre-review of ISO/IEC 13335-1:2004. It was unanimously agreed that the standard should be withdrawn as the material contained in ISO/IEC 27000:2009 and ISO/IEC 27005:2008 have made ISO/IEC 13335-1:2004 redundant.
Price£198.00


WITHDRAWN TITLE
*To ask about withdrawn titles contact the BSI Knowledge Centre knowledgecentre@bsigroup.com,
+44 20 8996 7004
 Your basket
Your basket is empty

Take the smart route to manage medical device compliance


Collaborate, Innovate, Accelerate.


Worldwide Standards
We can source any standard from anywhere in the world


BSOL

The faster, easier way to work with standards


Customers who bought this product also bought

  • BS ISO/IEC TR 13335-5:2001
    Information technology. Guidelines for the management of IT security Management guidance of network security
  • BS ISO/IEC TR 13335-3:1998
    Information technology. Guidelines for the management of IT security Techniques for the management of IT security
  • BS 7799-3:2006
    Information security management systems Guidelines for information security risk management