Michele Moss, Booz Allen Hamilton - Build Security In

More documents

Recommendations

Info

Processes and Techniques Overview Requirements Guidance ISO/IEC 27036 Dependencies and Influences ISO/IEC 27036-1 – Overview and Concepts ISO/IEC 27000 – Overview and Vocabulary ISO/IEC 27001 – Information Security Management Systems ISO/IEC 27036-2 – Information Security for Supplier Relationships - Requirements ISO/IEC 15288/12207 – Systems and Software Lifecycle Processes ISO/IEC 27036-3 - Information Security for Supplier Relationships – ICT SCRM ISO/IEC 27002 – Code of Practice for Information Security Controls • ISO/IEC 15026 – Software Assurance • ISO/IEC 27034 – Application Security • Security Engineering and Design techniques • NASPO and other Anti -Counterfeiting techniques • Microsoft Secure Development Lifecycle (SDL) • SAFECode • OWASP • BSIMM • Common Criteria – ISO/IEC 15408 • OMG KDM BPMN, RIF, XMI, RDF • OWASP Top 10 • SANS TOP 25 • Secure Content Automation Protocol (SCAP) • Secure Coding Checklists • Encryption • Software Asset Tagging • Trusted Platform Module (TPM) Source: Booz Allen Hamilton and DoD © 2012 Utilities Telecom Council
Using ISO/IEC 27036 with other SC27 Standards Certify against ISMS and… …general requirements for supplier relationships ISO/IEC 27036-2 – Information Security for Supplier Relationships - Requirements …ICT SCRM guidance ISO/IEC 27036-ICT Supply - Information Security for Supplier Relationships – ICT Supply Chain Security …Cloud-specific guidance ISO/IEC 27036-4 - Information Security for Supplier Relationships – Cloud Services ISO/IEC 27001 – Information Security Management Systems …27002 controls ISO/IEC 27002 – Code of Practice for Information Security Controls …27017 Cloud Controls ISO/IEC 27017 - ISMS – Code of practice for information security controls for cloud computing services Source: Booz Allen Hamilton and DoD © 2012 Utilities Telecom Council
Page 1 and 2: International Standards Efforts Hel
Page 3 and 4: Critical Infrastructure Perspective
Page 5 and 6: Mandiant APT 1 Report - February 20
Page 7 and 8: Success Involves Multiple Standards
Page 9 and 10: Panel Members • Nadya Bartol, Uti
Page 11 and 12: ISO/IEC 27036 - Information Securit
Page 13 and 14: Standards Landscape 3/11/2013 13 So
Page 15 and 16: ISO has over 90 existing cyber secu
Page 17 and 18: Why Use ISO/IEC 27001 • Integrate
Page 19: Existing and Emerging Practices ISO
Page 23 and 24: Contact Information • Nadya Barto
Page 25 and 26: Panel Members • Mike Grimm, Micro
Page 27: Questions

Michele Moss, Booz Allen Hamilton - Build Security In

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?