IT SECURITY STANDRADS
For an overview of security standards see the AUSCERT
Information Security Standards page.
AS/NZS 4444
The primary information security standard in Australia is AS4444,
and in New Zealand NZS4444. This two-part standard is closely related to BS
7799.
- AS/NZS 4444.1:1999 (BS 7799.1)
Information security management -
Code of practice for information
security management
- AS/NZS 4444.2:2000 (BS 7799.2)
Information security management -
Specification for information security
management systems
- Standards Australia standards for
electronic commerce
BS 7799
British Standard BS 7799 is a widely accepted standard that has been used as the basis for other Information
Security standards, including AS/NZS 4444. It was developed by the British Standards Institute (BSI)
- BS7799-1:1999 Information Security Management.
Code of Practice for Information Security Management
- BS7799-2:1999 Information Security Management.
Specification for Information Security Management Systems
ACSI 33
Australian Communications-Electronic Security Instruction 33,
Australian Government Information
Technology Security Manual
IS 15408
ISO standard IS 15408. This standard, The Common Criteria for
Information Technology Security Evaluation v2.1 (ISO IS 15408) is effectively an
evolutionary blending of ITSEC (see below), the Canadian
criteria, and the US Federal Criteria.
RFC2196
The Internet Engineering Task Force (IETF) has produced RFC2196
Site Security Handbook, which provides practical guidance to
administrators trying to secure their information and services.
AS/NZS 4360
Risk Management - This standard provides a generic guide for the establishment and implementation
of the risk management process involving establishing the context and the identification, analysis,
evaluation, treatment, communication and ongoing moniyoring of risks.
|
