BS ISO/IEC TR 13335-4:2000
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Information technology. Guidelines for the management of IT security Selection of safeguards
Hardcopy , PDF
30-06-2008
English
01-03-2004
FOREWORD
INTRODUCTION
1 SCOPE
2 REFERENCES
3 DEFINITIONS
4 AIM
5 OVERVIEW
6 INTRODUCTION TO SAFEGUARD SELECTION AND THE CONCEPT
OF BASELINE SECURITY
7 BASIC ASSESSMENTS
7.1 IDENTIFICATION OF THE TYPE OF IT SYSTEM
7.2 IDENTIFICATION OF PHYSICAL/ENVIRONMENTAL
CONDITIONS
7.3 ASSESSMENT OF EXISTING/PLANNED SAFEGUARDS
8 SAFEGUARDS
8.1 ORGANIZATIONAL AND PHYSICAL SAFEGUARDS
8.1.1 IT Security Management and Policies
8.1.2 Security Compliance Checking
8.1.3 Incident Handling
8.1.4 Personnel
8.1.5 Operational Issues
8.1.6 Business Continuity Planning
8.1.7 Physical Security
8.2 IT SYSTEM SPECIFIC SAFEGUARDS
8.2.1 Identification and Authentication
(I&A)
8.2.2 Logical Access Control and Audit
8.2.3 Protection against Malicious Code
8.2.4 Network Management
8.2.5 Cryptography
9 BASELINE APPROACH: SELECTION OF SAFEGUARDS ACCORDING
TO THE TYPE OF IT SYSTEM
9.1 GENERALLY APPLICABLE SAFEGUARDS
9.2 IT SYSTEM SPECIFIC SAFEGUARDS
10 SELECTION OF SAFEGUARDS ACCORDING TO SECURITY
CONCERNS AND THREATS
10.1 ASSESSMENT OF SECURITY CONCERNS
10.1.1 Loss of confidentiality
10.1.2 Loss of integrity
10.1.3 Loss of availability
10.1.4 Loss of accountability
10.1.5 Loss of authenticity
10.1.6 Loss of reliability
10.2 SAFEGUARDS FOR CONFIDENTIALITY
10.2.1 Eavesdropping
10.2.2 Electromagnetic radiation
10.2.3 Malicious code
10.2.4 Masquerading of user identity
10.2.5 Misrouting/re-routing of messages
10.2.6 Software failure
10.2.7 Theft
10.2.8 Unauthorized access to computers, data,
services and applications
10.2.9 Unauthorized access to storage media
10.3 SAFEGUARDS FOR INTEGRITY
10.3.1 Deterioration of storage media
10.3.2 Maintenance error
10.3.3 Malicious code
10.3.4 Masquerading of user identity
10.3.5 Misrouting/re-routing of messages
10.3.6 Non-Repudiation
10.3.7 Software failure
10.3.8 Supply failure (power, air conditioning)
10.3.9 Technical failure
10.3.10 Transmission errors
10.3.11 Unauthorized access to computers, data,
services and applications
10.3.12 Use of unauthorized programmes and data
10.3.13 Unauthorized access to storage media
10.3.14 User error
10.4 SAFEGUARDS FOR AVAILABILITY
10.4.1 Destructive attack
10.4.2 Deterioration of storage media
10.4.3 Failure of communication equipment and
services
10.4.4 Fire, water
10.4.5 Maintenance error
10.4.6 Malicious code
10.4.7 Masquerading of user identity
10.4.8 Misrouting/re-routing of messages
10.4.9 Misuse of resources
10.4.10 Natural disasters
10.4.11 Software failures
10.4.12 Supply failure (power, air
conditioning)
10.4.13 Technical failures
10.4.14 Theft
10.4.15 Traffic overloading
10.4.16 Transmission errors
10.4.17 Unauthorized access to computers, data,
services and applications
10.4.18 Use of unauthorized programmes and data
10.4.19 Unauthorized access to storage media
10.4.20 User error
10.5 SAFEGUARDS FOR ACCOUNTABILITY, AUTHENTICITY AND
RELIABILITY
10.5.1 Accountability
10.5.2 Authenticity
10.5.3 Reliability
11 SELECTION OF SAFEGUARDS ACCORDING TO DETAILED
ASSESSMENTS
11.1 RELATION BETWEEN PART 3 AND PART 4 OF THIS
TECHNICAL REPORT
11.2 PRINCIPLES OF SELECTION
12 DEVELOPMENT OF AN ORGANIZATION-WIDE BASELINE
13 SUMMARY
BIBLIOGRAPHY
ANNEX A CODE OF PRACTICE FOR INFORMATION SECURITY
MANAGEMENT
ANNEX B ETSI BASELINE SECURITY STANDARD FEATURES AND
MECHANISMS
ANNEX C IT BASELINE PROTECTION MANUAL
ANNEX D NIST COMPUTER SECURITY HANDBOOK
ANNEX E MEDICAL INFORMATICS: SECURITY CATEGORISATION AND
PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS
ANNEX F TC68 BANKING AND RELATED FINANCIAL SERVICES -
INFORMATION SECURITY GUIDELINES
ANNEX G PROTECTION OF SENSITIVE INFORMATION NOT COVERED
BY THE OFFICIAL SECRETS ACT - RECOMMENDATIONS FOR
COMPUTER WORKSTATIONS
ANNEX H CANADIAN HANDBOOK ON INFORMATION TECHNOLOGY
SECURITY
Provides guidance on the selection of safeguards, taking into account business needs and security concerns. It describes a process for the selection of safeguards according to security risks and concerns and the specific environment of an organization.
Committee |
IST/33
|
DocumentType |
Standard
|
Pages |
72
|
PublisherName |
British Standards Institution
|
Status |
Superseded
|
SupersededBy |
Standards | Relationship |
ISO/IEC TR 13335-4:2000 | Identical |
BS 25999-2:2007 | Business continuity management Specification |
BIP 2150 : 2008 | BS 25999-2 - BUSINESS CONTINUITY MANAGEMENT - SPECIFICATION - LAMINATED POCKETBOOK |
PD 3002:2002 | GUIDE TO BS 7799 RISK ASSESSMENT |
BS 7799-2:2002 | Information security management Specification with guidance for use |
BS 7799-3:2006 | Information security management systems Guidelines for information security risk management |
ISO/IEC 10181-2:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework |
ISO/IEC 13335-1:2004 | Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for information and communications technology security management |
ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.