ISOs Relacionadas à Segurança da Informação. Você sabe quantas existem? Existe mais de uma centena de ISOs relacionadas à Segurança da Informação, mas nem todos as conhecem.
A referência internacional é sempre importante na todas de decisão, ou até mesmo para subsidiar nossos planos de ação junto à diretoria executiva.
A ISO – International Organization for Standardization é reconhecidamente a mais respeitável organização e referência nos mais diversos setores. A ISO desenvolveu e publicou mais de 23680 Padrões Internacionais, os quais estão incluídos no catálogo de Padrões ISO.
Os padrões ISO são internacionalmente aceitos por especialistas.
Pense neles como uma fórmula que descreve a melhor maneira de fazer algo. Pode ser sobre como fazer um produto, gerenciar um processo, entregar um serviço ou fornecer materiais – os padrões cobrem uma ampla gama de atividades.
Os padrões são a sabedoria destilada de pessoas com experiência em seus assuntos e que conhecem as necessidades das organizações que representam – pessoas como fabricantes, vendedores, compradores, clientes, associações comerciais, usuários ou reguladores.
Por exemplo,
- Padrões de gerenciamento de qualidade para ajudar a trabalhar com mais eficiência e reduzir as falhas do produto.
- Padrões de gestão ambiental para ajudar a reduzir os impactos ambientais, reduzir o desperdício e ser mais sustentável.
- Normas de saúde e segurança para ajudar a reduzir acidentes no local de trabalho.
- Padrões de gestão de energia para ajudar a reduzir o consumo de energia.
- Padrões de segurança alimentar para ajudar a prevenir a contaminação dos alimentos.
- Padrões de segurança de TI para ajudar a manter as informações confidenciais seguras.
Assim, pensando em contribuir com os nossos leitores, o Blog minuto da Segurança compilou uma relação de ISOs relacionadas à Segurança de Informação, que em algum momento podem ser úteis aos profissionais que acompanham nosso blog.
Embora não tenhamos esgotado a lista e cientes da temporalidade das normas, nos aventuramos a publicar abaixo a nossa lista de referência.
| ISO NUMBER | DESCRIPTION |
| ISO/IEC 2382-8:1998 | Information technology — Vocabulary — Part 8: Security |
| ISO/IEC 7064:2003 | Information technology — Security techniques — Check character systems |
| ISO 7498-2:1989 | Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture |
| ISO/IEC 7816-8:2004 | Identification cards — Integrated circuit cards — Part 8: Commands for security operations |
| ISO/IEC 7816-11:2004 | Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods |
| ISO 9564-2:2005 | Banking — Personal Identification Number management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO/TR 9564-4:2004 | Banking — Personal Identification Number (PIN) management and security — Part 4: Guidelines for PIN handling in open networks |
| ISO/IEC 9579:2000 | Information technology — Remote database access for SQL with security enhancement |
| ISO/IEC 9796-2:2010 | Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms |
| ISO/IEC 9796-3:2006 | Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
| ISO/IEC 9797-1:2011 | Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher |
| ISO/IEC 9797-2:2011 | Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function |
| ISO/IEC 9797-3:2011 | Information technology — Security techniques — Message Authentication Codes (MACs) — Part 3: Mechanisms using a universal hash-function |
| ISO/IEC 9798-1:2010 | Information technology — Security techniques — Entity authentication — Part 1: General |
| ISO/IEC 9798-2:2008 | Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms |
| ISO/IEC 9798-3:1998 | Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques |
| ISO/IEC 9798-4:1999 | Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function |
| ISO/IEC 9798-5:2009 | Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques |
| ISO/IEC 9798-6:2010 | Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer |
| ISO/IEC 10116:2006 | Information technology — Security techniques — Modes of operation for an n-bit block cipher |
| ISO/IEC 10118-1:2000 | Information technology — Security techniques — Hash-functions — Part 1: General |
| ISO/IEC 10118-2:2010 | Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher |
| ISO/IEC 10118-3:2004 | Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
| ISO/IEC 10118-4:1998 | Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic |
| ISO/IEC 10164-7:1992 | Information technology — Open Systems Interconnection — Systems Management: Security alarm reporting function |
| ISO/IEC 10164-8:1993 | Information technology — Open Systems Interconnection — Systems Management: Security audit trail function |
| ISO/IEC 10181-1:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Overview |
| ISO/IEC 10181-2:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Authentication framework |
| ISO/IEC 10181-3:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Access control framework |
| ISO/IEC 10181-4:1997 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Non-repudiation framework |
| ISO/IEC 10181-5:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Confidentiality framework |
| ISO/IEC 10181-6:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Integrity framework |
| ISO/IEC 10181-7:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Security audit and alarms framework |
| ISO/IEC 10736:1995 | Information technology — Telecommunications and information exchange between systems — Transport layer security protocol |
| ISO/IEC 10745:1995 | Information technology — Open Systems Interconnection — Upper layers security model |
| ISO/IEC 11577:1995 | Information technology — Open Systems Interconnection — Network layer security protocol |
| ISO/IEC 11586-1:1996 | Information technology — Open Systems Interconnection — Generic upper layers security: Overview, models and notation |
| ISO/IEC 11586-3:1996 | Information technology — Open Systems Interconnection — Generic upper layers security: Security Exchange Service Element (SESE) protocol specification |
| ISO/IEC 11586-4:1996 | Information technology — Open Systems Interconnection — Generic upper layers security: Protecting transfer syntax specification |
| ISO/IEC 11586-5:1997 | Information technology — Open Systems Interconnection — Generic upper layers security: Security Exchange Service Element (SESE) Protocol Implementation Conformance Statement (PICS) proforma |
| ISO/IEC 11586-6:1997 | Information technology — Open Systems Interconnection — Generic upper layers security: Protecting transfer syntax Protocol Implementation Conformance Statement (PICS) proforma |
| ISO/TR 11633-1:2009 | Health informatics — Information security management for remote maintenance of medical devices and medical information systems — Part 1: Requirements and risk analysis |
| ISO/TR 11633-2:2009 | Health informatics — Information security management for remote maintenance of medical devices and medical information systems — Part 2: Implementation of an information security management system (ISMS) |
| ISO/TR 11766:2010 | Intelligent transport systems — Communications access for land mobiles (CALM) — Security considerations for lawful interception |
| ISO/IEC 11770-1:2010 | Information technology — Security techniques — Key management — Part 1: Framework |
| ISO/IEC 11770-2:2008 | Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
| ISO/IEC 11770-3:2008 | Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 11770-4:2006 | Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets |
| ISO/IEC 11770-5:2011 | Information technology — Security techniques — Key management — Part 5: Group key management |
| ISO/IEC 13157-1:2010 | Information technology — Telecommunications and information exchange between systems — NFC Security — Part 1: NFC-SEC NFCIP-1 security services and protocol |
| ISO/IEC 13157-2:2010 | Information technology — Telecommunications and information exchange between systems — NFC Security — — Part 2: NFC-SEC cryptography standard using ECDH and AES |
| ISO 13491-1:2007 | Banking — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| ISO 13491-2:2005 | Banking — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| ISO/IEC TR 13594:1995 | Information technology — Lower layers security |
| ISO/TR 13569:2005 | Financial services — Information security guidelines |
| ISO/IEC 13888-1:2009 | Information technology — Security techniques — Non-repudiation — Part 1: General |
| ISO/IEC 13888-2:2010 | Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques |
| ISO/IEC 13888-3:2009 | Information technology — Security techniques — Non-repudiation — Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC TR 14516:2002 | Information technology — Security techniques — Guidelines for the use and management of Trusted Third Party services |
| ISO/TR 14742:2010 | Financial services — Recommendations on cryptographic algorithms and their use |
| ISO/IEC 14496-8:2004 | Information technology — Coding of audio-visual objects — Part 8: Carriage of ISO/IEC 14496 contents over IP networks |
| ISO/IEC 14888-1:2008 | Information technology — Security techniques — Digital signatures with appendix — Part 1: General |
| ISO/IEC 14888-2:2008 | Information technology — Security techniques — Digital signatures with appendix — Part 2: Integer factorization based mechanisms |
| ISO/IEC 14888-3:2006 | Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
| ISO/IEC TR 15443-1:2005 | Information technology — Security techniques — A framework for IT security assurance — Part 1: Overview and framework |
| ISO/IEC TR 15443-2:2005 | Information technology — Security techniques — A framework for IT security assurance — Part 2: Assurance methods |
| ISO/IEC TR 15443-3:2007 | Information technology — Security techniques — A framework for IT security assurance — Part 3: Analysis of assurance methods |
| ISO/IEC 15444-8:2007/Amd 1:2008 | File format security |
| ISO/IEC TR 15446:2009 | Information technology — Security techniques — Guide for the production of Protection Profiles and Security Targets |
| ISO/IEC 15816:2002 | Information technology — Security techniques — Security information objects for access control |
| ISO/IEC 15945:2002 | Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
| ISO/IEC 15946-1:2008 | Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 1: General |
| ISO/IEC 15946-5:2009 | Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 5: Elliptic curve generation |
| ISO/IEC TR 16166:2010 | Information technology — Telecommunications and information exchange between systems — Next Generation Corporate Networks (NGCN) — Security of session-based communications |
| ISO ABNT NBR 16167:2020 | Segurança da informação – Diretrizes para classificação, rotulação, tratamento e gestão da informação |
| ISO 17090-1:2008 | Health informatics — Public key infrastructure — Part 1: Overview of digital certificate services |
| ISO 17090-3:2008 | Health informatics — Public key infrastructure — Part 3: Policy management of certification authority |
| ISO/IEC 18012-1:2004 | Information technology — Home Electronic System — Guidelines for product interoperability — Part 1: Introduction |
| ISO/IEC 18013-1:2005 | Information technology — Personal identification — ISO-compliant driving licence — Part 1: Physical characteristics and basic data set |
| ISO/IEC 18014-1:2008 | Information technology — Security techniques — Time-stamping services — Part 1: Framework |
| ISO/IEC 18014-2:2009 | Information technology — Security techniques — Time-stamping services — Part 2: Mechanisms producing independent tokens |
| ISO/IEC 18014-3:2009 | Information technology — Security techniques — Time-stamping services — Part 3: Mechanisms producing linked tokens |
| ISO/IEC 18028-3:2005 | Information technology — Security techniques — IT network security — Part 3: Securing communications between networks using security gateways |
| ISO/IEC 18028-4:2005 | Information technology — Security techniques — IT network security — Part 4: Securing remote access |
| ISO/IEC 18028-5:2006 | Information technology — Security techniques — IT network security — Part 5: Securing communications across networks using virtual private networks |
| ISO/IEC 18031:2011 | Information technology — Security techniques — Random bit generation |
| ISO/IEC 18032:2005 | Information technology — Security techniques — Prime number generation |
| ISO/IEC 18033-1:2005 | Information technology — Security techniques — Encryption algorithms — Part 1: General |
| ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
| ISO/IEC 18033-3:2010 | Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers |
| ISO/IEC 18033-4:2011 | Information technology — Security techniques — Encryption algorithms — Part 4: Stream ciphers |
| ISO/IEC 18043:2006 | Information technology — Security techniques — Selection, deployment and operations of intrusion detection systems |
| ISO/IEC 18045:2008 | Information technology — Security techniques — Methodology for IT security evaluation |
| ISO 19092:2008 | Financial services — Biometrics — Security framework |
| ISO/IEC 19772:2009 | Information technology — Security techniques — Authenticated encryption |
| ISO/IEC 19785-1:2006 | Information technology — Common Biometric Exchange Formats Framework — Part 1: Data element specification |
| ISO/IEC 19785-2:2006 | Information technology — Common Biometric Exchange Formats Framework — Part 2: Procedures for the operation of the Biometric Registration Authority |
| ISO/IEC 19785-4:2010 | Information technology — Common Biometric Exchange Formats Framework — Part 4: Security block format specifications |
| ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
| ISO/IEC 19792:2009 | Information technology — Security techniques — Security evaluation of biometrics |
| ISO/IEC TR 19791:2010 | Information technology — Security techniques — Security assessment of operational systems |
| ISO/IEC 20000-1:2011 | Information technology — Service management — Part 1: Service management system requirements |
| ISO/IEC 20000-2:2011 | Information technology — Service management — Part 2: Guidance on the application of service management systems |
| ISO/IEC 20000-3:2011 | Information technology — Service management — Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 |
| ISO/IEC 20000-4:2011 |
Information technology — Service management — Part 1: Service management system requirements |
| ISO/IEC 20000-5:2011 | Information technology — Service management — Part 5: Exemplar implementation plan for ISO/IEC 20000-1 |
| ISO/IEC 20000-6:2011 | Information technology — Service management — Part 6: Requirements for bodies providing audit and certification of service management systems |
| ISO/IEC 20000-7:2011 | Não encontrada no site da ISO.ORG |
| ISO/IEC 20000-8:2011 | Não encontrada no site da ISO.ORG |
| ISO/IEC 20000-9:2011 | Information technology — Service management — Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services |
| ISO/IEC 20000-10:2011 | Information technology — Service management — Part 10: Concepts and terminology |
| ISO/IEC 20000-11:2011 | Information technology — Service management — Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: ITIL® |
| ISO/IEC 20000-12:2011 | Information technology — Service management — Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC |
| ISO/IEC TR 20004:2012 | Information technology — Security techniques — Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045 |
| ISO/IEC TR 90006:2013 | Information technology — Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011 |
| ISO/IEC 21000-15:2006/Amd 1:2008 | Security in Event Reporting |
| ISO/TS 21547:2010 | Health informatics — Security requirements for archiving of electronic health records – Principles |
| ISO/TR 21548:2010 | Health informatics — Security requirements for archiving of electronic health records — Guidelines |
| ISO 21549-5:2008 | Health informatics — Patient healthcard data — Part 5: Identification data |
| ISO/IEC 21827:2008 | Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®) |
| ISO/IEC 21991:2002 | Information technology — Telecommunications and information exchange between systems — Corporate Telecommunication Networks — Signalling interworking between QSIG and H.323 — Call completion supplementary services |
| ISO 22301:2012 | Societal security — Business continuity management systems — Requirements |
| ISO 22320:2011 | Societal security — Emergency management — Requirements for incident response |
| ISO/PAS 22399:2007 | Societal security – Guideline for incident preparedness and operational continuity management |
| ISO/TR 22312:2011 | Societal security — Technological capabilities |
| ISO/IEC 23988:2007 | Information technology — A code of practice for the use of information technology (IT) in the delivery of assessments |
| ISO/IEC 24713-3:2009 | Information technology — Biometric profiles for interoperability and data interchange — Part 3: Biometrics-based verification and identification of seafarers |
| ISO/IEC TR 24729-4:2009 | Information technology — Radio frequency identification for item management — Implementation guidelines — Part 4: Tag data security |
| ISO/IEC 24745:2011 | Information technology — Security techniques — Biometric information protection |
| ISO/IEC 24759:2008 | Information technology — Security techniques — Test requirements for cryptographic modules |
| ISO/IEC 24760-1:2011 | Information technology — Security techniques — A framework for identity management — Part 1: Terminology and concepts |
| ISO/IEC 24761:2009 | Information technology — Security techniques — Authentication context for biometrics |
| ISO/IEC 24762:2008 | Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services |
| ISO/IEC 24767-1:2008 | Information technology — Home network security — Part 1: Security requirements |
| ISO/IEC 24767-2:2009 | Information technology — Home network security — Part 2: Internal security services: Secure Communication Protocol for Middleware (SCPM) |
| ISO/IEC 24824-3:2008 | Information technology — Generic applications of ASN.1: Fast infoset security |
| ISO/IEC TR 24772:2010 | Information technology — Programming languages — Guidance to avoiding vulnerabilities in programming languages through language selection and use |
| ISO/IEC 27000:2009 | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
| ISO/IEC 27001:2005 | Information technology — Security techniques — Information security management systems – Requirements |
| ISO/IEC 27002:2013 | Information technology — Security techniques — Code of practice for information security management |
| ISO/IEC 27003:2010 | Information technology — Security techniques — Information security management system implementation guidance |
| ISO/IEC 27004:2009 | Information technology — Security techniques — Information security management — Measurement |
| ISO/IEC 27005:2011 | Information technology — Security techniques — Information security risk management |
| ISO/IEC 27006:2011 | Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems |
| ISO/IEC 27007:2011 | Information technology — Security techniques — Guidelines for information security management systems auditing |
| ISO/IEC TR 27008:2011 | Information technology — Security techniques — Guidelines for auditors on information security controls |
| ISO/IEC 27010:2012 | Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications |
| ISO/IEC 27011:2008 | Information technology — Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 |
| ISO/IEC 27013:2012 | Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 |
| ISO/IEC 27014 | Information security governance |
| ISO/IEC 27017:2015 | Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
| ISO/IEC 27018:2014 | Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors |
| ISO/IEC 27031:2011 | Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity |
| ISO/IEC 27032:2012 | Information technology — Security techniques — Guidelines for cybersecurity |
| ISO/IEC 27033-1:2009 | Information technology — Security techniques — Network security — Part 1: Overview and concepts |
| ISO/IEC 27033-2:2012 | Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security |
| ISO/IEC 27033-3:2010 | Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues |
| ISO/IEC 27033-4:2014 | Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways |
| ISO/IEC 27033-5:2013 | Information technology — Security techniques — Network security – Part 5: Securing communications across networks using Virtual Private Networks |
| ISO/IEC 27034-1:2011 | Information technology — Security techniques — Application security — Part 1: Overview and concepts |
| ISO/IEC 27034-2:2018 | Information technology — Security techniques — Application security – Part 2: Organization normative framework |
| ISO/IEC 27035:2016 | Information technology — Security techniques — Information security incident management |
| ISO/IEC 27036-1:2014 | Information technology — Security techniques — Information security for supplier relationships — Part 1: Overview and concepts |
| ISO/IEC 27036-2:2014 | Information technology — Security techniques — Information security for supplier relationships — Part 2: Requirements |
| ISO/IEC 27036-4:2016 | Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services |
| ISO/IEC 27037:2012 | Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence |
| ISO/IEC 27701 | Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines |
| ISO 27789:2013 | Health informatics — Audit trails for electronic health records |
| ISO 27799:2008 | Health informatics — Information security management in health using ISO/IEC 27002 |
| ISO 28002:2011 | Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use |
| ISO/PAS 28004-4:2012 | Security management systems for the supply chain — Guidelines for the implementation of ISO 28000 — Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective |
| ISO/PAS 28004-3:2012 | Security management systems for the supply chain — Guidelines for the implementation of ISO 28000 — Part 3: Additional specific guidance for adopting ISO 28000 for use by medium and small businesses (other than marine ports) |
| ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
| ISO/IEC 29128:2011 | Information technology — Security techniques — Verification of cryptographic protocols |
| ISO/IEC 29147:2014 | Information technology — Security techniques — Vulnerability disclosure |
| ISO/IEC TR 29149:2012 | Information technology — Security techniques — Best practices for the provision and use of time-stamping services |
| ISO/IEC 29150:2011 | Information technology — Security techniques – Signcryption |
| ISO/IEC 29167-1:2012 | Information technology — Automatic identification and data capture techniques — Part 1: Air interface for security services and file management for RFID architecture |
| ISO/IEC 29192-2:2012 | Information technology — Security techniques — Lightweight cryptography — Part 2: Block ciphers |
| ISO/IEC 29192-3:2012 | Information technology — Security techniques — Lightweight cryptography — Part 3: Stream ciphers |
| ISO/IEC 30111:2013 | Information technology — Security techniques — Vulnerability handling processes |
| IEC/TR 80001-2-2:2012 | Application of risk management for IT-networks incorporating medical devices — Part 2-2: Guidance for the communication of medical device security needs, risks and controlsMore details |
| OUTROS | |
| NIST | NIST Computer Security Publications – NIST Special Publications (SPs) |
| SP-800 | NIST’s primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials |
| SP 800-53 Rev. 5 | Security and Privacy Controls for Information Systems and Organizations |
| SP 1800 | NIST Cybersecurity Practice Guides |
| SP 500 | Computer Systems Technology |
Dado esta temporalidade e as constantes atualizações, alguns dos links podem ter sido atualizados desde a nossa última verificação, desta forma peço que caso isto tenha ocorrido, nossos leitores nos perdoem e possam nos passar um feedback para que possamos atualizar o link.
Por Kleber Melo proprietário da MindSec Segurança e Tecnologia e editor do blog Minuto da Segurança.
Clique e fale com a MindSec e conheça mais sobre o Stealth
Veja também:
- 6 dicas de segurança cibernética em smartphones Android para SMEs
- Especial Mulheres – 50 Associações e Grupos de Mulheres de Segurança Cibernética
- Mais de 10 milhões de senhas de e-mails brasileiros expostos em Megavazamento
- Ataques ao Exchange Server se espalham após a divulgação de falhas
- Os ciberataques trabalham 24/7. Mas e a sua equipe de segurança?
- Soluções de segurança de última geração para proteção cibernética
- Ransomware: cuidado com as táticas, ferramentas e procedimentos
- Como demonstrar que seu site é seguro pode aumentar as vendas do seu negócio
- Sistemas de controle industrial: o novo alvo do malware
- Resolução BACEN 4893 substitui 4658 – Veja o que muda.
- Você acha que sabe tudo sobre pen-testing de segurança na nuvem?
- Mais de 6.700 servidores VMware estão vulneráveis online a CVE 9.8
Deixe sua opinião!