Information Technology Reference
In-Depth Information
9.2.1.1 Legal Regulations
Every country issues laws, which may also be relevant to IT security under different
aspects. These include:
Data privacy protection
Laws regulating information and communication services
Laws regulating telecommunications
Signature regulations and
Many others.
9.2.1.2 Guidelines and Standards
Government agencies offer guidelines based on international standards concerning
IT security. Three of these standards will be outline in the following:
9.2.1.3 Standard ISO/IEC 13335
This standard together with the two others to be presented here were developed in
cooperation with the International Electro-technical Commission in Geneva. The
document outlines general principles as a reference base for more specific stan-
dards. It mainly contains:
Concepts and models
for
security in information and communication
technology,
Technical preconditions for the management of security risks and
Guidelines concerning network security.
9.2.1.4 Standard ISO/IEC 17799
This standard offers approaches and step sequences for the strategic implemen-
tation of IT security systems. Detailed technical instructions are not included in this
document. Its character is recommendatory without any binding force.
9.2.1.5 Standard 27001
The title of this standard reads: “Information Technology—Security Techniques—
Information Security Management Systems Requirements Specifications”. This
standard also has recommendatory character. Technical instructions for implemen-
tation are not given.