Name: INCITS/ISO/IEC TR 13335-4 : 2000
Brand: ITI

INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 4: SELECTION OF SAFEGUARDS

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2007

Publisher

Information Technology Industry Council

FOREWORD
INTRODUCTION
1 SCOPE
2 REFERENCES
3 DEFINITIONS
4 AIM
5 OVERVIEW
6 INTRODUCTION TO SAFEGUARD SELECTION AND THE CONCEPT OF
   BASELINE SECURITY
7 BASIC ASSESSMENTS
   7.1 IDENTIFICATION OF THE TYPE OF IT SYSTEM
   7.2 IDENTIFICATION OF PHYSICAL/ENVIRONMENTAL CONDITIONS
   7.3 ASSESSMENT OF EXISTING/PLANNED SAFEGUARDS
8 SAFEGUARDS
   8.1 ORGANIZATIONAL AND PHYSICAL SAFEGUARDS
   8.2 IT SYSTEM SPECIFIC SAFEGUARDS
9 BASELINE APPROACH: SELECTION OF SAFEGUARDS ACCORDING TO
   THE TYPE OF IT SYSTEM
   9.1 GENERALLY APPLICABLE SAFEGUARDS
   9.2 IT SYSTEM SPECIFIC SAFEGUARDS
10 SELECTION OF SAFEGUARDS ACCORDING TO SECURITY CONCERNS AND
   THREATS
   10.1 ASSESSMENT OF SECURITY CONCERNS
   10.2 SAFEGUARDS FOR CONFIDENTIALITY
   10.3 SAFEGUARDS FOR INTEGRITY
   10.4 SAFEGUARDS FOR AVAILABILITY
   10.5 SAFEGUARDS FOR ACCOUNTABILITY, AUTHENTICITY AND
        RELIABILITY
11 SELECTION OF SAFEGUARDS ACCORDING TO DETAILED
   ASSESSMENTS
   11.1 RELATION BETWEEN PART 3 AND PART 4 OF THIS TECHNICAL
        REPORT
   11.2 PRINCIPLES OF SELECTION
12 DEVELOPMENT OF AN ORGANIZATION-WIDE BASELINE
13 SUMMARY
BIBLIOGRAPHY
ANNEX A CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
ANNEX B ETSI BASELINE SECURITY STANDARD FEATURES AND MECHANISMS
ANNEX C IT BASELINE PROTECTION MANUAL
ANNEX D NIST COMPUTER SECURITY HANDBOOK
ANNEX E MEDICAL INFORMATICS: SECURITY CATEGORISATION AND
         PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS
ANNEX F TC68 BANKING AND RELATED FINANCIAL SERVICES - INFORMATION
         SECURITY GUIDELINES
ANNEX G PROTECTION OF SENSITIVE INFORMATION NOT COVERED BY THE
         OFFICIAL SECRETS ACT - RECOMMENDATIONS FOR COMPUTER
         WORKSTATIONS
ANNEX H CANADIAN HANDBOOK ON INFORMATION TECHNOLOGY SECURITY

Presents guidance on the selection of safeguards, taking into account business needs and security concerns. It describes a process for the selection of safeguards according to security risks and concerns and the specific environment of an organization.

DocumentType	Standard
Pages	70
ProductNote	Reconfirmed 2000
PublisherName	Information Technology Industry Council
Status	Current

Standards	Relationship
ISO/IEC TR 13335-4:2000	Identical

ISO/IEC TR 13335-2:1997	Information technology Guidelines for the management of IT Security Part 2: Managing and planning IT Security
ISO/IEC TR 13335-3:1998	Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security
ISO/IEC 10181-2:1996	Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework
ISO/IEC 11770-1:2010	Information technology Security techniques Key management Part 1: Framework
ISO/IEC TR 13335-1:1996	Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security