BS ISO/IEC TR 13335-4:2000

Superseded

View Superseded by

Information technology. Guidelines for the management of IT security Selection of safeguards

Available format(s)

Hardcopy , PDF

Superseded date

06-30-2008

Language(s)

English

Published date

03-01-2004

Publisher

British Standards Institution

FOREWORD
INTRODUCTION
1 SCOPE
2 REFERENCES
3 DEFINITIONS
4 AIM
5 OVERVIEW
6 INTRODUCTION TO SAFEGUARD SELECTION AND THE CONCEPT
    OF BASELINE SECURITY
7 BASIC ASSESSMENTS
    7.1 IDENTIFICATION OF THE TYPE OF IT SYSTEM
    7.2 IDENTIFICATION OF PHYSICAL/ENVIRONMENTAL
          CONDITIONS
    7.3 ASSESSMENT OF EXISTING/PLANNED SAFEGUARDS
8 SAFEGUARDS
    8.1 ORGANIZATIONAL AND PHYSICAL SAFEGUARDS
          8.1.1 IT Security Management and Policies
          8.1.2 Security Compliance Checking
          8.1.3 Incident Handling
          8.1.4 Personnel
          8.1.5 Operational Issues
          8.1.6 Business Continuity Planning
          8.1.7 Physical Security
    8.2 IT SYSTEM SPECIFIC SAFEGUARDS
          8.2.1 Identification and Authentication
                  (I&A)
          8.2.2 Logical Access Control and Audit
          8.2.3 Protection against Malicious Code
          8.2.4 Network Management
          8.2.5 Cryptography
9 BASELINE APPROACH: SELECTION OF SAFEGUARDS ACCORDING
    TO THE TYPE OF IT SYSTEM
    9.1 GENERALLY APPLICABLE SAFEGUARDS
    9.2 IT SYSTEM SPECIFIC SAFEGUARDS
10 SELECTION OF SAFEGUARDS ACCORDING TO SECURITY
    CONCERNS AND THREATS
    10.1 ASSESSMENT OF SECURITY CONCERNS
          10.1.1 Loss of confidentiality
          10.1.2 Loss of integrity
          10.1.3 Loss of availability
          10.1.4 Loss of accountability
          10.1.5 Loss of authenticity
          10.1.6 Loss of reliability
    10.2 SAFEGUARDS FOR CONFIDENTIALITY
          10.2.1 Eavesdropping
          10.2.2 Electromagnetic radiation
          10.2.3 Malicious code
          10.2.4 Masquerading of user identity
          10.2.5 Misrouting/re-routing of messages
          10.2.6 Software failure
          10.2.7 Theft
          10.2.8 Unauthorized access to computers, data,
                  services and applications
          10.2.9 Unauthorized access to storage media
    10.3 SAFEGUARDS FOR INTEGRITY
          10.3.1 Deterioration of storage media
          10.3.2 Maintenance error
          10.3.3 Malicious code
          10.3.4 Masquerading of user identity
          10.3.5 Misrouting/re-routing of messages
          10.3.6 Non-Repudiation
          10.3.7 Software failure
          10.3.8 Supply failure (power, air conditioning)
          10.3.9 Technical failure
          10.3.10 Transmission errors
          10.3.11 Unauthorized access to computers, data,
                  services and applications
          10.3.12 Use of unauthorized programmes and data
          10.3.13 Unauthorized access to storage media
          10.3.14 User error
    10.4 SAFEGUARDS FOR AVAILABILITY
          10.4.1 Destructive attack
          10.4.2 Deterioration of storage media
          10.4.3 Failure of communication equipment and
                  services
          10.4.4 Fire, water
          10.4.5 Maintenance error
          10.4.6 Malicious code
          10.4.7 Masquerading of user identity
          10.4.8 Misrouting/re-routing of messages
          10.4.9 Misuse of resources
          10.4.10 Natural disasters
          10.4.11 Software failures
          10.4.12 Supply failure (power, air
                  conditioning)
          10.4.13 Technical failures
          10.4.14 Theft
          10.4.15 Traffic overloading
          10.4.16 Transmission errors
          10.4.17 Unauthorized access to computers, data,
                  services and applications
          10.4.18 Use of unauthorized programmes and data
          10.4.19 Unauthorized access to storage media
          10.4.20 User error
    10.5 SAFEGUARDS FOR ACCOUNTABILITY, AUTHENTICITY AND
          RELIABILITY
          10.5.1 Accountability
          10.5.2 Authenticity
          10.5.3 Reliability
11 SELECTION OF SAFEGUARDS ACCORDING TO DETAILED
          ASSESSMENTS
    11.1 RELATION BETWEEN PART 3 AND PART 4 OF THIS
          TECHNICAL REPORT
    11.2 PRINCIPLES OF SELECTION
12 DEVELOPMENT OF AN ORGANIZATION-WIDE BASELINE
13 SUMMARY
BIBLIOGRAPHY
ANNEX A CODE OF PRACTICE FOR INFORMATION SECURITY
        MANAGEMENT
ANNEX B ETSI BASELINE SECURITY STANDARD FEATURES AND
        MECHANISMS
ANNEX C IT BASELINE PROTECTION MANUAL
ANNEX D NIST COMPUTER SECURITY HANDBOOK
ANNEX E MEDICAL INFORMATICS: SECURITY CATEGORISATION AND
        PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS
ANNEX F TC68 BANKING AND RELATED FINANCIAL SERVICES -
        INFORMATION SECURITY GUIDELINES
ANNEX G PROTECTION OF SENSITIVE INFORMATION NOT COVERED
        BY THE OFFICIAL SECRETS ACT - RECOMMENDATIONS FOR
        COMPUTER WORKSTATIONS
ANNEX H CANADIAN HANDBOOK ON INFORMATION TECHNOLOGY
        SECURITY

Provides guidance on the selection of safeguards, taking into account business needs and security concerns. It describes a process for the selection of safeguards according to security risks and concerns and the specific environment of an organization.

Committee	IST/33
DocumentType	Standard
Pages	72
PublisherName	British Standards Institution
Status	Superseded
SupersededBy	BS ISO/IEC 27005:2011 BS ISO/IEC 27005:2008

Standards	Relationship
ISO/IEC TR 13335-4:2000	Identical

BS 25999-2:2007	Business continuity management Specification
BIP 2150 : 2008	BS 25999-2 - BUSINESS CONTINUITY MANAGEMENT - SPECIFICATION - LAMINATED POCKETBOOK
PD 3002:2002	GUIDE TO BS 7799 RISK ASSESSMENT
BS 7799-2:2002	Information security management Specification with guidance for use
BS 7799-3:2006	Information security management systems Guidelines for information security risk management

ISO/IEC 10181-2:1996	Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework
ISO/IEC 13335-1:2004	Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for information and communications technology security management
ISO/IEC 11770-1:2010	Information technology Security techniques Key management Part 1: Framework

View more information

US$356.96

Excluding Tax where applicable

Product format

I agree to the DRM document license rules apply against the PDF selection made.

Please confirm that you agree to the document license rules for this document.

I agree to the document license rules .

Please confirm that you agree to the document license rules for this document.

Access your standards online with a subscription

Features

Simple online access to standards, technical information and regulations.
Critical updates of standards and customisable alerts and notifications.
Multi-user online standards collection: secure, flexible and cost effective.

Learn more on subscription solutions

Get in touch with us

Log into your Account

BS ISO/IEC TR 13335-4:2000

Superseded

Table of Contents

Abstract

General Product Information

International Equivalents

Standards Referenced By This Book

Standards Referencing This Book

Category

Subcategory

Access your standards online with a subscription