• Shopping Cart
    There are no items in your cart

CAN/CSA-ISO/IEC 27011:18

Current

Current

The latest, up-to-date edition.

Information technology ? Security techniques ? Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations (Adopted ISO/IEC 27011:2016, second edition, 2016-12-01)

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2018

€142.67
Excluding VAT

1 Scope
2 Normative references
3 Definitions and abbreviations
4 Overview
5 Information security policies
6 Organization of information security
7 Human resource security
8 Asset management
9 Access control
10 Cryptography
11 Physical and environmental security
12 Operations security
13 Communications security
14 System acquisition, development and maintenance
15 Supplier relationships
16 Information security incident management
17 Information security aspects of business continuity
   management
18 Compliance
Annex A - Telecommunications extended control set
Annex B - Additional guidance for network security
Bibliography

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as \"CAN/CSA-ISO/IEC 27011\" throughout. This Standard supersedes CAN/CSA-ISO/IEC 27011:11 (adopted ISO/IEC 27011:2008). Scope The scope of this Recommendation | International Standard is to define guidelines supporting the implementation of information security controls in telecommunications organizations. The adoption of this Recommendation | International Standard will allow telecommunications organizations to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property.

DevelopmentNote
Also available in CSA TELECOM ORGANIZATIONS PACKAGE. (02/2018)
DocumentType
Standard
ISBN
978-1-4883-0966-3
Pages
49
PublisherName
Canadian Standards Association
Status
Current

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as \"CAN/CSA-ISO/IEC 27011\" throughout. This Standard supersedes CAN/CSA-ISO/IEC 27011:11 (adopted ISO/IEC 27011:2008). Scope The scope of this Recommendation | International Standard is to define guidelines supporting the implementation of information security controls in telecommunications organizations. The adoption of this Recommendation | International Standard will allow telecommunications organizations to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property.

Standards Relationship
ISO/IEC 27011:2016 Identical

ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 27033-1:2015 Information technology Security techniques Network security Part 1: Overview and concepts
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/IEC 27033-5:2013 Information technology — Security techniques — Network security — Part 5: Securing communications across networks using Virtual Private Networks (VPNs)
ISO/IEC 27036-3:2013 Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security
ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
ISO/IEC 27035-2:2016 Information technology — Security techniques — Information security incident management — Part 2: Guidelines to plan and prepare for incident response
ISO/IEC 27033-4:2014 Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways
ISO/IEC 27036-1:2014 Information technology Security techniques Information security for supplier relationships Part 1: Overview and concepts
ISO/IEC 27036-2:2014 Information technology Security techniques Information security for supplier relationships Part 2: Requirements
ISO/IEC 27033-3:2010 Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues
ISO/IEC 27033-2:2012 Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security
ISO/IEC 27039:2015 Information technology Security techniques Selection, deployment and operations of intrusion detection and prevention systems (IDPS)
ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
ISO/IEC 27035-1:2016 Information technology — Security techniques — Information security incident management — Part 1: Principles of incident management

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.