Para facilitar a nossa vida, podemos encontar essa lista como parte da norma "ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary". E, o melhor ainda, podemos visualizar a lista de normas, na seção de Bibliografia dessa norma.
No site da ISO, podemos visualizar uma pequena parte da norma 27000, que felizmente inclui as Bibliografias, e a partir dela podemos identificar todas as normas que fazem parte da família 27000:
- ISO/IEC 27000:2018, Information technology — Security techniques — Information security management systems — Overview and vocabulary
- ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management system requirements
- ISO/IEC 27001:2013, Information technology — Security techniques — Information security management systems — Requirements
- ISO/IEC 27002, Information technology — Security techniques — Code of practice for information security controls
- ISO/IEC 27003, Information technology — Security techniques — Information security management — Guidance
- ISO/IEC 27004:2016, Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation
- ISO/IEC 27005, Information technology — Security techniques — Information security risk management
- ISO/IEC 27006, Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
- ISO/IEC 27007, Information technology — Security techniques — Guidelines for information security management systems auditing
- ISO/IEC TR 27008, Information technology — Security techniques — Guidelines for auditors on information security controls
- ISO/IEC 27009, Information technology — Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements
- ISO/IEC 27010, Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications
- ISO/IEC 27011, Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations
- ISO/IEC 27013, Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000‑1
- ISO/IEC 27014, Information technology — Security techniques — Governance of information security
- ISO/IEC TR 27016, Information technology — Security techniques — Information security management — Organizational economics
- ISO/IEC 27017, Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
- ISO/IEC 27018, Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
- ISO/IEC 27019, Information technology — Security techniques — Information security controls for the energy utility industry
- ISO/IEC 27021, Information technology — Security techniques — Competence requirements for information security management systems professionals
- ISO 27799, Health informatics — Information security management in health using ISO/IEC 27002
- ISO Guide 73:2009, Risk management — Vocabulary
PS: Eu mantive a nomenclatura oficial (ou seja, "burocrática") das normas.
PS/2: Eu mantive algumas normas relacionadas a segurança, mesmo não sendo parte da família 27000.
Vale a pena lembrar que a ABNT mantém uma versão Brasileira das normas ISO, traduzindo e, quando necessário, adaptando-as a nossa realidade.
PS-3 (Atualizado em 10/05/2021): O blog Minuto de Segurança publicou um artigo em Março de 2021 com uma lista extensa de normas ISO relacionadas a SI: "ISOs Relacionadas à Segurança da Informação. Você sabe quantas existem?". A relação deles é muito mais completa e genérica, tanto é que a minha lista acima tem 22 normas, e a deles, 183 !!!
Nenhum comentário:
Postar um comentário