CSA ISO/IEC TR 13335-4 : 2001
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 4: SELECTION OF SAFEGUARDS
24-06-2011
12-01-2013
FOREWORD
INTRODUCTION
1 SCOPE
2 REFERENCES
3 DEFINITIONS
4 AIM
5 OVERVIEW
6 INTRODUCTION TO SAFEGUARD SELECTION AND THE CONCEPT
OF BASELINE SECURITY
7 BASIC ASSESSMENTS
7.1 IDENTIFICATION OF THE TYPE OF IT SYSTEM
7.2 IDENTIFICATION OF PHYSICAL/ENVIRONMENTAL CONDITIONS
7.3 ASSESSMENT OF EXISTING/PLANNED SAFEGUARDS
8 SAFEGUARDS
8.1 ORGANIZATIONAL AND PHYSICAL SAFEGUARDS
8.2 IT SYSTEM SPECIFIC SAFEGUARDS
9 BASELINE APPROACH: SELECTION OF SAFEGUARDS ACCORDING TO
THE TYPE OF IT SYSTEM
9.1 GENERALLY APPLICABLE SAFEGUARDS
9.2 IT SYSTEM SPECIFIC SAFEGUARDS
10 SELECTION OF SAFEGUARDS ACCORDING TO SECURITY CONCERNS
AND THREATS
10.1 ASSESSMENT OF SECURITY CONCERNS
10.2 SAFEGUARDS FOR CONFIDENTIALITY
10.3 SAFEGUARDS FOR INTEGRITY
10.4 SAFEGUARDS FOR AVAILABILITY
10.5 SAFEGUARDS FOR ACCOUNTABILITY, AUTHENTICITY AND
RELIABILITY
11 SELECTION OF SAFEGUARDS ACCORDING TO DETAILED
ASSESSMENTS
11.1 RELATION BETWEEN PART 3 AND PART 4 OF THIS
TECHNICAL REPORT
11.2 PRINCIPLES OF SELECTION
12 DEVELOPMENT OF AN ORGANIZATION-WIDE BASELINE
13 SUMMARY
BIBLIOGRAPHY
ANNEX A CODE OF PRACTICE FOR INFORMATION SECURITY
MANAGEMENT
ANNEX B ETSI BASELINE SECURITY STANDARD FEATURES AND
MECHANISMS
ANNEX C IT BASELINE PROTECTION MANUAL
ANNEX D NIST COMPUTER SECURITY HANDBOOK
ANNEX E MEDICAL INFORMATICS: SECURITY CATEGORISATION AND
PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS
ANNEX F TC68 BANKING AND RELATED FINANCIAL SERVICES -
INFORMATION SECURITY GUIDELINES
ANNEX G PROTECTION OF SENSITIVE INFORMATION NOT COVERED
BY THE OFFICIAL SECRETS ACT - RECOMMENDATIONS FOR
COMPUTER WORKSTATIONS
ANNEX H CANADIAN HANDBOOK ON INFORMATION TECHNOLOGY SECURITY
Provides guidance on the selection of safeguards, taking into account business needs and security concerns. Describes a process for the selection of safeguards according to security risks and concerns and the specific environment of an organization.
| DocumentType |
Standard
|
| PublisherName |
Canadian Standards Association
|
| Status |
Superseded
|
| Standards | Relationship |
| ISO/IEC TR 13335-4:2000 | Similar to |
| ISO/IEC TR 13335-2:1997 | Information technology Guidelines for the management of IT Security Part 2: Managing and planning IT Security |
| ISO/IEC TR 13335-3:1998 | Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security |
| ISO/IEC 10181-2:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework |
| ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
| ISO/IEC TR 13335-1:1996 | Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.