Skip to content
Please enter a keyword to search

  • ISO/IEC TR 27008:2011

    View superseded by
    Withdrawn A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
    View superseded by

    Information technology Security techniques Guidelines for auditors on information security controls

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Withdrawn date:  03-04-2019

    Language(s):  English

    Published date:  06-10-2011

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization's established information security standards.

    ISO/IEC TR 27008:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. It is not intended for management systems audits.

    General Product Information - (Show below) - (Hide below)

    Document Type Standard
    Publisher International Organization for Standardization
    Status Withdrawn
    Superseded By

    Standards Referenced By This Book - (Show below) - (Hide below)

    12/30236518 DC : 0 BS ISO/IEC 27000 - INFORMATION SECURITY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY
    15/30319488 DC : 0 BS ISO/IEC 27000 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY
    CSA ISO/IEC 27000 : 2018 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY
    BS ISO/IEC 27000 : 2016 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY
    CSA TELECOM ORGANIZATIONS PACKAGE : 2018 CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR
    ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    15/30299325 DC : 0 BS ISO/IEC 27013 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDANCE ON THE INTEGRATED IMPLEMENTATION OF ISO/IEC 27001 AND ISO/IEC 20000-1
    16/30286013 DC : 0 BS ISO/IEC 27003 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM - GUIDANCE
    CSA ISO/IEC 27002 : 2015 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS
    17/30349181 DC : 0 BS ISO/IEC 24760-1 AMENDMENT 1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - A FRAMEWORK FOR IDENTITY MANAGEMENT - PART 1: TERMINOLOGY AND CONCEPTS
    CAN/CSA-ISO/IEC 27013:16 Information technology - Security techniques - Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (Adopted ISO/IEC 27013:2015, second edition, 2015-12-01)
    TR 101 533-2 : 1.3.1 ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); DATA PRESERVATION SYSTEMS SECURITY; PART 2: GUIDELINES FOR ASSESSORS
    13/30284691 DC : 0 BS ISO/IEC 27000 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY
    BS ISO/IEC 24760-1:2011 Information technology. Security techniques. A framework for identity management Terminology and concepts
    UNE-ISO/IEC 27002:2015 Information technology -- Security techniques -- Code of practice for information security controls
    BS ISO/IEC 27002 : 2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS
    UNE-EN ISO/IEC 27002:2017 Information technology - Security techniques - Code of practice for information security controls (ISO/IEC 27002:2013 including Cor 1:2014 and Cor 2:2015)
    ISO/IEC 27013:2015 Information technology Security techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
    DIN EN ISO/IEC 27002 E : 2017 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS (ISO/IEC 27002:2013 INCLUDING COR 1:2014 AND COR 2:2015)
    17/30342692 DC : 0 BS ISO/IEC 27007 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR INFORMATION SECURITY MANAGEMENT SYSTEMS AUDITING
    BIP 0139 : 2013 AN INTRODUCTION TO ISO/IEC 27001:2013
    BS EN ISO/IEC 27002:2017 Information technology. Security techniques. Code of practice for information security controls
    DIN EN ISO/IEC 27002:2017-06 Information technology - Security techniques - Code of practice for information security controls (ISO/IEC 27002:2013 including Cor 1:2014 and Cor 2:2015)
    I.S. EN ISO/IEC 27000:2017 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY (ISO/IEC 27000:2016)
    ISO/IEC 24760-1:2011 Information technology Security techniques A framework for identity management Part 1: Terminology and concepts
    CSA INFORMATION SECURITY PACKAGE : 2018 CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION
    14/30304350 DC : 0 BS EN ISO 27799 - HEALTH INFORMATICS - INFORMATION SECURITY MANAGEMENT IN HEALTH USING ISO/IEC 27002
    INCITS/ISO/IEC 27002 : 2014 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS
    CAN/CSA-ISO/IEC 30100-2:18 Information technology — Home network resource management — Part 2: Architecture (Adopted ISO/IEC 30100-2:2016, first edition, 2016-04)
    BS EN ISO 27799:2008 Health informatics. Information security management in health using ISO/IEC 27002
    UNE-ISO/IEC 27000:2014 Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
    GS ISI 001-2 : 1.1.2 INFORMATION SECURITY INDICATORS (ISI); INDICATORS (INC); PART 2: GUIDE TO SELECT OPERATIONAL INDICATORS BASED ON THE FULL SET GIVEN IN PART 1
    BS EN ISO/IEC 27000:2017 Information technology. Security techniques. Information security management systems. Overview and vocabulary
    I.S. EN ISO/IEC 27002:2017 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS (ISO/IEC 27002:2013 INCLUDING COR 1:2014 AND COR 2:2015)
    ISO/IEC 30100-2:2016 Information technology Home network resource management Part 2: Architecture
    CEI UNI ISO/IEC 27002 : 2014 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS
    EN ISO/IEC 27000:2017 Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2016)
    EN ISO/IEC 27002:2017 Information technology - Security techniques - Code of practice for information security controls (ISO/IEC 27002:2013 including Cor 1:2014 and Cor 2:2015)
    EN ISO 27799:2016 Health informatics - Information security management in health using ISO/IEC 27002 (ISO 27799:2016)
    INCITS/ISO/IEC 27013 : 2014 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDANCE ON THE INTEGRATED IMPLEMENTATION OF ISO/IEC 27001 AND ISO/IEC 20000-1
    11/30207802 DC : 0 BS ISO/IEC 27013 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES ON THE INTEGRATED IMPLEMENTATION OF ISO/IEC 27001 AND ISO/IEC 20000-1
    BS ISO/IEC 27013:2015 Information technology. Security techniques. Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
    UNI/TR 11465-2 : 2012 ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI) - DATA PRESERVATION SYSTEMS SECURITY - PART 2: GUIDELINES FOR ASSESSORS
    I.S. ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS
    UNI CEI ISO/IEC 27002 : 2014 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO 19011:2011 Guidelines for auditing management systems
    ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
    ISO/IEC 27006:2015 Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
    ISO/IEC 27007:2017 Information technology Security techniques Guidelines for information security management systems auditing
    ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
    ISO Guide 73:2009 Risk management — Vocabulary
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective