drap
 Republic of Tunisia
 Home | Contact | Site map Français    عربي  
Ministry of Information and Communication Technologies
  header
 
loupe
p Home p Audit National Alert level indicateur
Documentary References
. Audit Legislation ..
c Audit Standards clic
b Audit Methodologies b

Ensuring the continued functioning and the security of an information system is no longer considered a simple feat, but it is a necessity.
Among all the tasks for which the Chief Information Security Officers (CISO) at private or public are responsible of, which consists in building a coherent security policy taking into account the human, organizational and legal issues is certainly the most difficult. Such a policy must be based on a very specific standard. Indeed, there are many standards and methods which computer security systems are based on.
A standard (which may be organizational or technical) has often been very broad and generally based on concepts or general notions.

The scope of application of each concept must then be clarified so that the standard can be applied effectively.

t The ISO 27001 Standard

The standard 27001 represents the 27001 as the new family of information security standards.it is about a set of standards specifically reserved by ISO for topics of information security. The standard 27001 is naturally aligned with a number of other matters, including ISO 9000 (quality management) and ISO 14000 (environmental management). The set of standards 2700x is the family related to computer security, and ISO 27001 is included and it is the only certification standard in matters of security.

The 27001 standard was published in 2005 and represents a new version of the standard BS 7799 part 2.....More

t The ISO 27002 Standard

Information Security Management - Code of practice for information security management (formerly ISO 17799). Recognized as an international standard, the ISO 27002 has become the refirentiel of good security practices and related control..... More

t Standard BS 7799

The BS7799 standard was first published by the British Standards Institute "in 1995. Its objective is to enable the establishment of a management system of information security or WSIS (ISMS or Information Security Management System )in the enterprise management system of information security or WSIS..... More

t The ISO 13335 Standard

This standard has already existed for over 10 years, it is composed of four parts, among which the most known (Part 1: Concepts and models for managing the security of information technology and communications) was updated in 2004..... More

t The ISO 15408 Standard

Born in 1996, ISO 15408 (also known as "Common Criteria" ) provides a security assurance on specific criteria for a product or system (hardware security, firewall, encryption mechanism ... )..... More

 

t Others Standards

 
 
ban
bani
Television advertising
pub
pict Quick Links
puc1 List of auditors
puc1 Terms of reference audit
puc1 Tenders & consultations
puc1 Certified office
puc1 Encouragement of national solutions
The NACS is member of
first
unctad
oic
hon
Copyright © 2011 ANSI webmaster@ansi.tn