ISOs Relacionadas à Segurança da Informação. Você sabe quantas existem?

Views: 139
0 0
Read Time:17 Minute, 16 Second

ISOs Relacionadas à Segurança da Informação. Você sabe quantas existem?  Existe mais de uma centena de ISOs relacionadas à Segurança da Informação, mas nem todos as conhecem.

A referência internacional é sempre importante na todas de decisão, ou até mesmo para subsidiar nossos planos de ação junto à diretoria executiva.

ISO – International Organization for Standardization é reconhecidamente a mais respeitável organização e referência nos mais diversos setores. A ISO desenvolveu e publicou mais de 23680 Padrões Internacionais, os quais estão incluídos no catálogo de Padrões ISO.

Os padrões ISO são internacionalmente aceitos por especialistas.

Pense neles como uma fórmula que descreve a melhor maneira de fazer algo. Pode ser sobre como fazer um produto, gerenciar um processo, entregar um serviço ou fornecer materiais – os padrões cobrem uma ampla gama de atividades.

Os padrões são a sabedoria destilada de pessoas com experiência em seus assuntos e que conhecem as necessidades das organizações que representam – pessoas como fabricantes, vendedores, compradores, clientes, associações comerciais, usuários ou reguladores.

Por exemplo,

Assim, pensando em contribuir com os nossos leitores, o Blog minuto da Segurança compilou uma relação de ISOs relacionadas à Segurança de Informação, que em algum momento podem ser úteis aos profissionais que acompanham nosso blog.

Embora não tenhamos esgotado a lista e cientes da temporalidade das normas, nos aventuramos a publicar abaixo a nossa lista de referência.

ISO NUMBER DESCRIPTION
ISO/IEC 2382-8:1998Information technology — Vocabulary — Part 8: Security 
ISO/IEC 7064:2003Information technology — Security techniques — Check character systems
ISO 7498-2:1989Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture 
ISO/IEC 7816-8:2004Identification cards — Integrated circuit cards — Part 8: Commands for security operations 
ISO/IEC 7816-11:2004Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods
ISO 9564-2:2005Banking — Personal Identification Number management and security — Part 2: Approved algorithms for PIN encipherment 
ISO/TR 9564-4:2004Banking — Personal Identification Number (PIN) management and security — Part 4: Guidelines for PIN handling in open networks 
ISO/IEC 9579:2000Information technology — Remote database access for SQL with security enhancement 
ISO/IEC 9796-2:2010Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms
ISO/IEC 9796-3:2006Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms
ISO/IEC 9797-1:2011Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher
ISO/IEC 9797-2:2011Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function
ISO/IEC 9797-3:2011Information technology — Security techniques — Message Authentication Codes (MACs) — Part 3: Mechanisms using a universal hash-function 
ISO/IEC 9798-1:2010Information technology — Security techniques — Entity authentication — Part 1: General
ISO/IEC 9798-2:2008Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms 
ISO/IEC 9798-3:1998Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques 
ISO/IEC 9798-4:1999Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function
ISO/IEC 9798-5:2009Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques 
ISO/IEC 9798-6:2010Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer
ISO/IEC 10116:2006Information technology — Security techniques — Modes of operation for an n-bit block cipher 
ISO/IEC 10118-1:2000Information technology — Security techniques — Hash-functions — Part 1: General 
ISO/IEC 10118-2:2010Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher
ISO/IEC 10118-3:2004Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions 
ISO/IEC 10118-4:1998Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic
ISO/IEC 10164-7:1992Information technology — Open Systems Interconnection — Systems Management: Security alarm reporting function
ISO/IEC 10164-8:1993Information technology — Open Systems Interconnection — Systems Management: Security audit trail function
ISO/IEC 10181-1:1996Information technology — Open Systems Interconnection — Security frameworks for open systems: Overview 
ISO/IEC 10181-2:1996Information technology — Open Systems Interconnection — Security frameworks for open systems: Authentication framework 
ISO/IEC 10181-3:1996Information technology — Open Systems Interconnection — Security frameworks for open systems: Access control framework 
ISO/IEC 10181-4:1997Information technology — Open Systems Interconnection — Security frameworks for open systems: Non-repudiation framework 
ISO/IEC 10181-5:1996Information technology — Open Systems Interconnection — Security frameworks for open systems: Confidentiality framework 
ISO/IEC 10181-6:1996Information technology — Open Systems Interconnection — Security frameworks for open systems: Integrity framework 
ISO/IEC 10181-7:1996Information technology — Open Systems Interconnection — Security frameworks for open systems: Security audit and alarms framework 
ISO/IEC 10736:1995Information technology — Telecommunications and information exchange between systems — Transport layer security protocol 
ISO/IEC 10745:1995Information technology — Open Systems Interconnection — Upper layers security model 
ISO/IEC 11577:1995Information technology — Open Systems Interconnection — Network layer security protocol 
ISO/IEC 11586-1:1996Information technology — Open Systems Interconnection — Generic upper layers security: Overview, models and notation 
ISO/IEC 11586-3:1996Information technology — Open Systems Interconnection — Generic upper layers security: Security Exchange Service Element (SESE) protocol specification 
ISO/IEC 11586-4:1996Information technology — Open Systems Interconnection — Generic upper layers security: Protecting transfer syntax specification 
ISO/IEC 11586-5:1997Information technology — Open Systems Interconnection — Generic upper layers security: Security Exchange Service Element (SESE) Protocol Implementation Conformance Statement (PICS) proforma
ISO/IEC 11586-6:1997Information technology — Open Systems Interconnection — Generic upper layers security: Protecting transfer syntax Protocol Implementation Conformance Statement (PICS) proforma 
ISO/TR 11633-1:2009Health informatics — Information security management for remote maintenance of medical devices and medical information systems — Part 1: Requirements and risk analysis
ISO/TR 11633-2:2009Health informatics — Information security management for remote maintenance of medical devices and medical information systems — Part 2: Implementation of an information security management system (ISMS)
ISO/TR 11766:2010Intelligent transport systems — Communications access for land mobiles (CALM) — Security considerations for lawful interception 
ISO/IEC 11770-1:2010Information technology — Security techniques — Key management — Part 1: Framework
ISO/IEC 11770-2:2008Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques
ISO/IEC 11770-3:2008Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques 
ISO/IEC 11770-4:2006Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets 
ISO/IEC 11770-5:2011Information technology — Security techniques — Key management — Part 5: Group key management
ISO/IEC 13157-1:2010Information technology — Telecommunications and information exchange between systems — NFC Security — Part 1: NFC-SEC NFCIP-1 security services and protocol
ISO/IEC 13157-2:2010Information technology — Telecommunications and information exchange between systems — NFC Security — — Part 2: NFC-SEC cryptography standard using ECDH and AES 
ISO 13491-1:2007Banking — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods 
ISO 13491-2:2005Banking — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions 
ISO/IEC TR 13594:1995Information technology — Lower layers security 
ISO/TR 13569:2005Financial services — Information security guidelines
ISO/IEC 13888-1:2009Information technology — Security techniques — Non-repudiation — Part 1: General
ISO/IEC 13888-2:2010Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques
ISO/IEC 13888-3:2009Information technology — Security techniques — Non-repudiation — Part 3: Mechanisms using asymmetric techniques 
ISO/IEC TR 14516:2002Information technology — Security techniques — Guidelines for the use and management of Trusted Third Party services
ISO/TR 14742:2010Financial services — Recommendations on cryptographic algorithms and their use 
ISO/IEC 14496-8:2004Information technology — Coding of audio-visual objects — Part 8: Carriage of ISO/IEC 14496 contents over IP networks
ISO/IEC 14888-1:2008Information technology — Security techniques — Digital signatures with appendix — Part 1: General 
ISO/IEC 14888-2:2008Information technology — Security techniques — Digital signatures with appendix — Part 2: Integer factorization based mechanisms
ISO/IEC 14888-3:2006Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms
ISO/IEC 15408-1:2009Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model 
ISO/IEC 15408-2:2008Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components 
ISO/IEC 15408-3:2008Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
ISO/IEC TR 15443-1:2005Information technology — Security techniques — A framework for IT security assurance — Part 1: Overview and framework
ISO/IEC TR 15443-2:2005Information technology — Security techniques — A framework for IT security assurance — Part 2: Assurance methods
ISO/IEC TR 15443-3:2007Information technology — Security techniques — A framework for IT security assurance — Part 3: Analysis of assurance methods
ISO/IEC 15444-8:2007/Amd 1:2008File format security 
ISO/IEC TR 15446:2009Information technology — Security techniques — Guide for the production of Protection Profiles and Security Targets
ISO/IEC 15816:2002Information technology — Security techniques — Security information objects for access control 
ISO/IEC 15945:2002Information technology — Security techniques — Specification of TTP services to support the application of digital signatures 
ISO/IEC 15946-1:2008Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 1: General 
ISO/IEC 15946-5:2009Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 5: Elliptic curve generation 
ISO/IEC TR 16166:2010Information technology — Telecommunications and information exchange between systems — Next Generation Corporate Networks (NGCN) — Security of session-based communications
ISO ABNT NBR 16167:2020Segurança da informação – Diretrizes para classificação, rotulação, tratamento e gestão da informação 
ISO 17090-1:2008Health informatics — Public key infrastructure — Part 1: Overview of digital certificate services 
ISO 17090-3:2008Health informatics — Public key infrastructure — Part 3: Policy management of certification authority
ISO/IEC 18012-1:2004Information technology — Home Electronic System — Guidelines for product interoperability — Part 1: Introduction
ISO/IEC 18013-1:2005Information technology — Personal identification — ISO-compliant driving licence — Part 1: Physical characteristics and basic data set
ISO/IEC 18014-1:2008Information technology — Security techniques — Time-stamping services — Part 1: Framework
ISO/IEC 18014-2:2009Information technology — Security techniques — Time-stamping services — Part 2: Mechanisms producing independent tokens 
ISO/IEC 18014-3:2009Information technology — Security techniques — Time-stamping services — Part 3: Mechanisms producing linked tokens 
ISO/IEC 18028-3:2005Information technology — Security techniques — IT network security — Part 3: Securing communications between networks using security gateways 
ISO/IEC 18028-4:2005Information technology — Security techniques — IT network security — Part 4: Securing remote access
ISO/IEC 18028-5:2006Information technology — Security techniques — IT network security — Part 5: Securing communications across networks using virtual private networks
ISO/IEC 18031:2011Information technology — Security techniques — Random bit generation
ISO/IEC 18032:2005Information technology — Security techniques — Prime number generation
ISO/IEC 18033-1:2005Information technology — Security techniques — Encryption algorithms — Part 1: General
ISO/IEC 18033-2:2006Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers
ISO/IEC 18033-3:2010Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers 
ISO/IEC 18033-4:2011Information technology — Security techniques — Encryption algorithms — Part 4: Stream ciphers 
ISO/IEC 18043:2006Information technology — Security techniques — Selection, deployment and operations of intrusion detection systems
ISO/IEC 18045:2008Information technology — Security techniques — Methodology for IT security evaluation
ISO 19092:2008Financial services — Biometrics — Security framework
ISO/IEC 19772:2009Information technology — Security techniques — Authenticated encryption
ISO/IEC 19785-1:2006Information technology — Common Biometric Exchange Formats Framework — Part 1: Data element specification
ISO/IEC 19785-2:2006Information technology — Common Biometric Exchange Formats Framework — Part 2: Procedures for the operation of the Biometric Registration Authority 
ISO/IEC 19785-4:2010Information technology — Common Biometric Exchange Formats Framework — Part 4: Security block format specifications
ISO/IEC 19790:2012Information technology — Security techniques — Security requirements for cryptographic modules
ISO/IEC 19792:2009Information technology — Security techniques — Security evaluation of biometrics
ISO/IEC TR 19791:2010Information technology — Security techniques — Security assessment of operational systems
ISO/IEC 20000-1:2011Information technology — Service management — Part 1: Service management system requirements
ISO/IEC 20000-2:2011Information technology — Service management — Part 2: Guidance on the application of service management systems
ISO/IEC 20000-3:2011Information technology — Service management — Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1
ISO/IEC 20000-4:2011Information technology — Service management — Part 1: Service management system requirements
ISO/IEC 20000-5:2011Information technology — Service management — Part 5: Exemplar implementation plan for ISO/IEC 20000-1
ISO/IEC 20000-6:2011Information technology — Service management — Part 6: Requirements for bodies providing audit and certification of service management systems
ISO/IEC 20000-7:2011Não encontrada no site da ISO.ORG
ISO/IEC 20000-8:2011Não encontrada no site da ISO.ORG
ISO/IEC 20000-9:2011Information technology — Service management — Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services
ISO/IEC 20000-10:2011Information technology — Service management — Part 10: Concepts and terminology
ISO/IEC 20000-11:2011Information technology — Service management — Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: ITIL®
ISO/IEC 20000-12:2011Information technology — Service management — Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC
ISO/IEC TR 20004:2012Information technology — Security techniques — Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045
ISO/IEC TR 90006:2013Information technology — Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011
ISO/IEC 21000-15:2006/Amd 1:2008Security in Event Reporting 
ISO/TS 21547:2010Health informatics — Security requirements for archiving of electronic health records – Principles
ISO/TR 21548:2010Health informatics — Security requirements for archiving of electronic health records — Guidelines 
ISO 21549-5:2008Health informatics — Patient healthcard data — Part 5: Identification data 
ISO/IEC 21827:2008Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)
ISO/IEC 21991:2002Information technology — Telecommunications and information exchange between systems — Corporate Telecommunication Networks — Signalling interworking between QSIG and H.323 — Call completion supplementary services
ISO 22301:2012Societal security — Business continuity management systems — Requirements 
ISO 22320:2011Societal security — Emergency management — Requirements for incident response 
ISO/PAS 22399:2007Societal security – Guideline for incident preparedness and operational continuity management 
ISO/TR 22312:2011Societal security — Technological capabilities
ISO/IEC 23988:2007Information technology — A code of practice for the use of information technology (IT) in the delivery of assessments 
ISO/IEC 24713-3:2009Information technology — Biometric profiles for interoperability and data interchange — Part 3: Biometrics-based verification and identification of seafarers
ISO/IEC TR 24729-4:2009Information technology — Radio frequency identification for item management — Implementation guidelines — Part 4: Tag data security
ISO/IEC 24745:2011Information technology — Security techniques — Biometric information protection
ISO/IEC 24759:2008Information technology — Security techniques — Test requirements for cryptographic modules 
ISO/IEC 24760-1:2011Information technology — Security techniques — A framework for identity management — Part 1: Terminology and concepts 
ISO/IEC 24761:2009Information technology — Security techniques — Authentication context for biometrics 
ISO/IEC 24762:2008Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services 
ISO/IEC 24767-1:2008Information technology — Home network security — Part 1: Security requirements
ISO/IEC 24767-2:2009Information technology — Home network security — Part 2: Internal security services: Secure Communication Protocol for Middleware (SCPM)
ISO/IEC 24824-3:2008Information technology — Generic applications of ASN.1: Fast infoset security 
ISO/IEC TR 24772:2010Information technology — Programming languages — Guidance to avoiding vulnerabilities in programming languages through language selection and use
ISO/IEC 27000:2009Information technology — Security techniques — Information security management systems — Overview and vocabulary
ISO/IEC 27001:2005Information technology — Security techniques — Information security management systems – Requirements
ISO/IEC 27002:2013Information technology — Security techniques — Code of practice for information security management 
ISO/IEC 27003:2010Information technology — Security techniques — Information security management system implementation guidance 
ISO/IEC 27004:2009Information technology — Security techniques — Information security management — Measurement 
ISO/IEC 27005:2011Information technology — Security techniques — Information security risk management 
ISO/IEC 27006:2011Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
ISO/IEC 27007:2011Information technology — Security techniques — Guidelines for information security management systems auditing
ISO/IEC TR 27008:2011Information technology — Security techniques — Guidelines for auditors on information security controls
ISO/IEC 27010:2012Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications
ISO/IEC 27011:2008Information technology — Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
ISO/IEC 27013:2012Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 
ISO/IEC 27014  Information security governance
ISO/IEC 27017:2015Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO/IEC 27018:2014Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC 27031:2011Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity
ISO/IEC 27032:2012Information technology — Security techniques — Guidelines for cybersecurity
ISO/IEC 27033-1:2009Information technology — Security techniques — Network security — Part 1: Overview and concepts
ISO/IEC 27033-2:2012Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security
ISO/IEC 27033-3:2010Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues
ISO/IEC 27033-4:2014 Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways
ISO/IEC 27033-5:2013 Information technology — Security techniques — Network security – Part 5: Securing communications across networks using Virtual Private Networks
ISO/IEC 27034-1:2011Information technology — Security techniques — Application security — Part 1: Overview and concepts
ISO/IEC 27034-2:2018 Information technology — Security techniques — Application security – Part 2: Organization normative framework
ISO/IEC 27035:2016Information technology — Security techniques — Information security incident management
ISO/IEC 27036-1:2014Information technology — Security techniques — Information security for supplier relationships — Part 1: Overview and concepts
ISO/IEC 27036-2:2014 Information technology — Security techniques — Information security for supplier relationships — Part 2: Requirements
ISO/IEC 27036-4:2016Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services
ISO/IEC 27037:2012Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence
ISO/IEC 27701Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
ISO 27789:2013Health informatics — Audit trails for electronic health records
ISO 27799:2008Health informatics — Information security management in health using ISO/IEC 27002
ISO 28002:2011Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use 
ISO/PAS 28004-4:2012Security management systems for the supply chain — Guidelines for the implementation of ISO 28000 — Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective 
ISO/PAS 28004-3:2012Security management systems for the supply chain — Guidelines for the implementation of ISO 28000 — Part 3: Additional specific guidance for adopting ISO 28000 for use by medium and small businesses (other than marine ports) 
ISO/IEC 29100:2011Information technology — Security techniques — Privacy framework 
ISO/IEC 29128:2011Information technology — Security techniques — Verification of cryptographic protocols
ISO/IEC 29147:2014Information technology — Security techniques — Vulnerability disclosure
ISO/IEC TR 29149:2012Information technology — Security techniques — Best practices for the provision and use of time-stamping services
ISO/IEC 29150:2011Information technology — Security techniques – Signcryption
ISO/IEC 29167-1:2012Information technology — Automatic identification and data capture techniques — Part 1: Air interface for security services and file management for RFID architecture
ISO/IEC 29192-2:2012Information technology — Security techniques — Lightweight cryptography — Part 2: Block ciphers 
ISO/IEC 29192-3:2012Information technology — Security techniques — Lightweight cryptography — Part 3: Stream ciphers 
ISO/IEC 30111:2013Information technology — Security techniques — Vulnerability handling processes
IEC/TR 80001-2-2:2012Application of risk management for IT-networks incorporating medical devices — Part 2-2: Guidance for the communication of medical device security needs, risks and controlsMore details
  
OUTROS
NISTNIST Computer Security Publications – NIST Special Publications (SPs) 
SP-800NIST’s primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials
SP 800-53 Rev. 5Security and Privacy Controls for Information Systems and Organizations
SP 1800NIST Cybersecurity Practice Guides 
SP 500Computer Systems Technology 

Dado esta temporalidade e as constantes atualizações, alguns dos links podem ter sido atualizados desde a nossa última verificação, desta forma peço que caso isto tenha ocorrido, nossos leitores nos perdoem e possam nos passar um feedback para que possamos atualizar o link.

FONTE: MINUTO DA SEGURANÇA

Previous post Segurança digital: quais cuidados as fintechs devem ter com os dados financeiros dos clientes?
Next post 75% dos CEOs serão responsabilizados pelos incidentes de segurança

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *