UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

CSA ISO/IEC TR 27008

Information technology - Security techniques - Guidelines for auditors on information security controls

active, Most Current
Buy Now
Organization: CSA
Publication Date: 1 January 2013
Status: active
Page Count: 54
ICS Code (Information coding): 35.040
scope:

This Technical Report provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization's established information security standards.

This Technical Report is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. This Technical Report is not intended for management systems audits.

Document History

CSA ISO/IEC TR 27008
January 1, 2013
Information technology - Security techniques - Guidelines for auditors on information security controls
This Technical Report provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an...
CAN/CSA-ISO/IEC TR 27008:13
January 1, 2013
Information technology - Security techniques - Guidelines for auditors on information security controls
This Technical Report provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an...

References

This document references:
ISO 19011 - Guidelines for auditing management systems
Published by ISO on July 1, 2018
This document provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the...
This document references:
ISO GUIDE 73 - Risk management — Vocabulary
Published by ISO on January 1, 2009
This Guide provides the definitions of generic terms related to risk management. It aims to encourage a mutual and consistent understanding of, and a coherent approach to, the description of...
This document references:
ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by ISO on February 1, 2018
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document references:
ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements
Published by ISO on October 1, 2013
This International Standard specifies the requirements for establishing, implementing, maintain and continually improving an information security management system within the context of the...
This document references:
NIST SP 800-53A - Assessing Security and Privacy Controls in Federal Information Systems and Organizations - Building Effective Assessment Plans
Published by NIST on December 1, 2014
A description is not available for this item.
This document references:
ISO/IEC 27002 - Information technology - Security techniques - Code of practice for information security controls TECHNICAL CORRIGENDUM 2
Published by ISO on November 15, 2015
A description is not available for this item.
This document references:
ISO/IEC 27005 - Information technology - Security techniques - Information security risk management
Published by ISO on July 1, 2018
This document provides guidelines for information security risk management. This document supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory...
This document references:
ISO/IEC 27006 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems AMENDMENT 1
Published by ISO on March 1, 2020
A description is not available for this item.
This document references:
ISO/IEC 27007 - Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing
Published by ISO on January 1, 2020
This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance...
View Less
View All
Advertisement