PD ISO/IEC TR 27008:2011 Information technology. Security techniques. Guidelines for auditors on information security controls

PD ISO/IEC TR 27008:2011

Information technology. Security techniques. Guidelines for auditors on information security controls

Status : Superseded, Withdrawn   Published : October 2011 Replaced By : PD ISO/IEC TS 27008:2019

WITHDRAWN TITLE
*To ask about withdrawn titles contact the
BSI Customer Services
cservices@bsigroup.com, +44 345 086 9001


PD ISO/IEC TR 27008:2011
Information security management systems – Guidelines for auditors on information security controls

What is it?

PD ISO/IEC TR 27008:2011 is a Technical Report that provides guidance on reviewing an organization's information security controls. It supports the management processes required to implement and operate an Information Security Management System (ISMS). Although intended to be used in conjunction with BS ISO/IEC 27001 and BS ISO/IEC 27002, it is not specific to those standards and is applicable to any situation where information security controls need to be assessed.

PD ISO/IEC TR 27008:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. PD ISO/IEC TR 27008:2011 does not address management systems audits. ISMS auditing is covered in BS ISO/IEC 27007:2011.

How does it work?

PD ISO/IEC TR 27008:2011 describes generic processes, rather than techniques applicable to specific controls or types of controls. It introduces the concept of formal reviews, then describes different methods and types of reviews applicable to information security controls. Finally it describes the necessary activities for an effective review process. An annex contains detailed worked examples.

Although the detailed worked examples within PD ISO/IEC TR 27008:2011 are taken from BS ISO/IEC 27002:2005, the principles and guidance within PD ISO/IEC TR 27008:2011 are not specific to particular versions of either ISO/IEC 27001 or ISO/IEC 27002.

Who should buy it?

PD ISO/IEC TR 27008:2011 is targeted at auditors, either internal or external, tasked with examining information security controls forming part of an ISMS. However, it will be useful for anyone wanting to review or assess the controls of an ISMS, whether as part of a formal audit process or otherwise.

See the preview for contents




Standard NumberPD ISO/IEC TR 27008:2011
TitleInformation technology. Security techniques. Guidelines for auditors on information security controls
StatusSuperseded, Withdrawn
Publication Date31 October 2011
Withdrawn Date24 January 2019
Normative References(Required to achieve compliance to this standard)ISO/IEC 27000:2009
Informative References(Provided for Information)ISO/IEC 27001:2005, NIST SP 800-53A, ISO/IEC 27006:2007, ISO/IEC 27002:2005, ISO/IEC 27005:2011, ISO 19011:2002, ISO Guide 73:2009, ISO/IEC 27007:2011
Replaced ByPD ISO/IEC TS 27008:2019
International RelationshipsISO/IEC TR 27008:2011
DescriptorsComputer software, Computer networks, Data processing, Computers, Inspection, Management, Performance testing, Quality auditing, Data storage protection, Computer hardware, Anti-burglar measures, Information exchange, Conformity, Data security
ICS35.030
Title in FrenchTechnologies de l'information. Techniques de sécurité. Lignes directrices pour les auditeurs des contrôles de sécurité de l'information
CommitteeIST/33
ISBN978 0 580 68031 1
PublisherBSI
FormatA4
DeliveryYes
Pages46
File Size1.05 MB
Price£240.00


WITHDRAWN TITLE
*To ask about withdrawn titles contact the
BSI Customer Services
cservices@bsigroup.com, +44 345 086 9001
 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Worldwide Standards
We can source any standard from anywhere in the world


BSOL

The faster, easier way to work with standards


Collaborate, Innovate, Accelerate.


Customers who bought this product also bought

  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS ISO/IEC 27014:2013
    Information technology. Security techniques. Governance of information security
  • BS ISO/IEC 27004:2016
    Information technology. Security techniques. Information security management. Monitoring, measurement, analysis and evaluation
  • BS ISO/IEC 27033-5:2013
    Information technology. Security techniques. Network security Securing communications across networks using Virtual Private Networks (VPNs)