miércoles, 10 de diciembre de 2008

Estado de situación de la serie ISO 27000 a fecha 10 de diciembre 2008

A continuación voy a listar el conjunto de normas publicadas o en proceso de elaboración de la serie ISO 27000 a fecha 10 de diciembre de 2008. Estos resultados son fruto de una consulta a la Web de ISO.org en relación al área de trabajo del Subcomité 27 del JTC 1 - IT Security techniques.

El estado de las normas se codifica en base a unos acrónimos que ISO tiene identificados y que son:
  • 1.PWI = Preliminary Work Item - initial feasibility and scoping activities

  • 2.NP = New Proposal (or study period) - formal scoping phase

  • 3.WD = Working Draft (1st WD, 2nd WD etc.) - development phase

  • 4.CD = Committee Draft (1st CD, 2nd CD etc.)- quality control phase

  • 5.FCD = Final Committee Draft - ready for final approval.

  • 6.DIS = Draft International Standard - nearly there. Stage 40.

  • 7.FDIS = Final Draft or Distribution International Standard - just about ready to publish. Stage 50.

  • 8.IS = International Standard - published. Stage 60.

  • 9. Under revisión. Stage 90.


Como podréis comprobar en la siguiente relación de normas, hay bastantes ya en el Stage 40 y 50 lo que indica que pronto pueden ver la luz. La situación actual del marco internacional de normas ISO 27000 es:

  • ISO/IEC FCD 27000.
    Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary. Stage:40.99

  • ISO/IEC 27001:2005.
    Information technology -- Security techniques -- Information security management systems -- Requirements. Stage:60.60

  • ISO/IEC 27002:2005
    Information technology -- Security techniques -- Code of practice for information security management. Stage:90.92

  • ISO/IEC FCD 27003
    Information technology -- Information security management system implementation guidance. Stage:40.20

  • ISO/IEC FCD 27004.2
    Information technology -- Security techniques -- Information security management -- Measurement. Stage:40.20

  • ISO/IEC 27005:2008
    Information technology -- Security techniques -- Information security risk management. Stage:60.60

  • ISO/IEC 27006:2007
    Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems. Stage:60.60

  • ISO/IEC WD 27007
    Guidelines for Information security management systems auditing. Stage:20.60

  • ISO/IEC FDIS 27011
    Information technology -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002. Stage:50.60

  • ISO/IEC NP 27012
    Information technology - Security techniques -- ISM guidelines for e-government services. Stage:10.99

  • ISO/IEC NP 27032
    Guidelines for cybersecurity. Stage:10.99

  • ISO/IEC NP 27033
    Information technology -- IT Network security.Stage:10.99

  • ISO/IEC CD 27033-1
    Information technology -- Security techniques -- IT network security -- Part 1: Guidelines for network security. Stage:30.60

  • ISO/IEC WD 27033-2
    Information technology -- Security techniques -- IT network security -- Part 2: Guidelines for the design and implementation of network security. Stage:20.60

  • ISO/IEC WD 27033-3
    Information technology -- Security techniques -- IT network security -- Part 3: Reference networking scenarios -- Risks, design techniques and control issues. Stage:20.60

  • ISO/IEC NP 27033-4
    Information technology -- Security techniques -- IT network security -- Part 4: Securing communications between networks using security gateways - Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27033-5
    Information technology -- Security techniques -- IT network security -- Part 5: Securing Remote Access - Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27033-6
    Information technology -- Security techniques -- IT network security -- Part 6: Securing communications across networks using Virtual Private Networks (VPNs) -- Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27033-7
    Information technology -- Security techniques -- IT network security -- Part 7: Guidelines for securing (specific networking technology topic heading(s) to be inserted3) -- Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27034
    Guidelines for application security. Stage:10.99

  • ISO/IEC NP 27037
    Information technology - Security techniques -- on Information security management: Sector to sector interworking and communications for industry and government . Stage:10.99


El detalle de los diferentes escalones dentro de cada nivel o stage lo podéis consultar en Stages ISO.

2 comentarios:

Edgard dijo...

Interesante recopilación. Gracias.

RaulS dijo...

Hola Javier,

Tan sólo un pequeño apunte, no se si te lo habrán dicho alguna vez pero considera el poner el post completo en los feed RSS, es más cómodo de leer desde nuestro lector de noticias para quientes estamos suscritos :)


Un saludo,

 
;