This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:
ISO27008 (ISO/IEC 27008) Guidelines for Auditors on Information Security Controls (SU Download)

ISO27008 (ISO/IEC 27008) Guidelines for Auditors on Information Security Controls

SKU: 3644
Publishers: ISO/IEC
Format: Hardcopy
Pages: 36
Published: 06 Oct 2011
Availability: In Stock
Format: PDF
Published: 06 Oct 2011
Availability: Immediate Download

The international Standard that provides guidelines for auditors on information security controls.

Options:
Price: £200.00

Description

ISO27008 (ISO/IEC 27008) Information technology – Security techniques - Guidelines for auditors on information security controls

ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of information security controls within an organisation. It supports the risk management process in ISO/IEC 27001 and the information security controls in ISO/IEC 27002.

This Standard will be of particular use where the technical compliance checking of information system controls is taking place, in compliance with an organisation's established information security standards.

ISO/IEC TR 27008:2011 is applicable to any type of organisation, including public and private companies, government entities and not-for-profit organisations undertaking information security reviews and technical compliance checks.

Why buy this Standard?

Information security control reviews and technical compliance testing should be integral parts of any enterprise-wide information security programme. They will help an organisation to:

  • Identify and understand the extent of potential problems or shortfalls in the organisation's implementation and operation of information security controls, information security standards and, consequently, technical information security controls.
  • Identify and understand the potential organisational impacts of inadequately mitigated information security threats and vulnerabilities.
  • Prioritise information security risk mitigation activities.
  • Confirm that previously identified or emergent information security weaknesses or deficiencies have been adequately addressed.
  • Support budgetary decisions within the investment process and other management decisions relating to improvement of the organisation's information security management.

Please note: We supply, interchangeably, the British and other national or international adoptions of ISO/IEC 27008, which all contain exactly the same content.

Purchase and use of the PDF version of this product is subject to this EULA.

Customer Reviews

(0# of Ratings:)
Loading...