BSI PD ISO/IEC TS 27008:2019

$215.11

Information technology. Security techniques. Guidelines for the assessment of information security controls

Published By	Publication Date	Number of Pages
BSI	2019	108

Guaranteed Safe Checkout

Categories: 03.100.70 - Management systems, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This document provides guidance on reviewing and assessing the implementation and operation of information security controls, including the technical assessment of information system controls, in compliance with an organization’s established information security requirements including technical compliance against assessment criteria based on the information security requirements established by the organization.

This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC 27001.

It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks.

PDF Catalog

PDF Pages	PDF Title
2	National foreword
7	Foreword
8	Introduction
9	1 Scope 2 Normative references 3 Terms and definitions 4 Structure of this document
10	5 Background
11	6 Overview of information security control assessments 6.1 Assessment process 6.1.1 General 6.1.2 Preliminary information 6.1.3 Assessment checklists
12	6.1.4 Review fieldwork
13	6.1.5 The analysis process 6.2 Resourcing and competence
14	7 Review methods 7.1 Overview
15	7.2 Process analysis 7.2.1 General 7.3 Examination techniques 7.3.1 General
16	7.3.2 Procedural controls 7.3.3 Technical controls 7.4 Testing an validation techniques 7.4.1 General
17	7.4.2 Blind testing 7.4.3 Double Blind Testing 7.4.4 Grey Box Testing
18	7.4.5 Double Grey Box Testing 7.4.6 Tandem Testing 7.4.7 Reversal 7.5 Sampling techniques 7.5.1 General 7.5.2 Representative sampling 7.5.3 Exhaustive sampling 8 Control assessment process 8.1 Preparations
20	8.2 Planning the assessment 8.2.1 Overview
21	8.2.2 Scoping the assessment 8.2.3 Review procedures
22	8.2.4 Object-related considerations 8.2.5 Previous findings
23	8.2.6 Work assignments 8.2.7 External systems
24	8.2.8 Information assets and organization 8.2.9 Extended review procedure 8.2.10 Optimization
25	8.2.11 Finalization 8.3 Conduction reviews
26	8.4 Analysis and reporting results
28	Annex A (Informative) Initial information gathering (other than IT)
32	Annex B (informative) Practice guide for technical security assessments
73	Annex C (informative) Technical assessment guide for cloud services (Infrastructure as a service)
106	Bibliography

Additional information

Status	Definitive
Pages	108
Publication Date	2019-01-24
ISBN	978 0 580 94767 4
Standard Number	PD ISO/IEC TS 27008:2019
Title	Information technology. Security techniques. Guidelines for the assessment of information security controls
Identical National Standard Of	ISO/IEC TS 27008:2019
Replaces	PD ISO/IEC TR 27008:2011
Descriptors	Inspection, Data processing, Management, Data security, Quality auditing, Computer hardware, Conformity, Computers, Computer networks, Anti-burglar measures, Data storage protection, Performance testing, Computer software, Information exchange
Publisher	BSI
Committee	IST/33/1
ICS Codes	03.100.70 - Management systems

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BSI PD ISO/IEC TS 27008:2019

PDF Catalog

Related products