Relevant Standards

There are several relevant standards in the field of Information Security & IT Security. The applicable standard may be chosen by considering several aspects: e.g.: aim of the audit, aim of the usage of the audit, business type of client, existing certificates of client, applicable methods, the field to be audited, etc. This is always decided at start of the project.

The complete description of relevant standards is not in our goal, but on the following referred pages detailed information can be fined about standards.

ISO/IEC 17799:2000 and BS 7799 series

Relevant pages:

• http://en.wikipedia.org/wiki/BS_7799
• http://www.standardsdirect.org/iso17799.htm
• http://iso-17799.safemode.org/
• http://www.bsi-global.com/index.xalter
• http://www.17799central.com/cert.htm
• http://www.induction.to/bs7799/

TCSEC - Trusted Computer Systems Evaluation Criteria, Orange Book

Relevant pages:

• http://en.wikipedia.org/wiki/TCSEC

ITSEC - Information Technology Evaluation Criteria

Relevant pages:

• http://en.wikipedia.org/wiki/ITSEC
• InfoSec Assurance and Certification Services (IACS)

ISO/IEC 15408 - Common Criteria

Relevant pages:

• http://www.commoncriteriaportal.org
• The Common Criteria standard documents
• http://en.wikipedia.org/wiki/Common_Criteria

ITIL (ISO 20000 earlier BS 15000:2000) - Information Technology Infrastructure Library

Relevant pages:

• http://en.wikipedia.org/wiki/ITIL
• http://www.itil.co.uk/
• http://www.itsmf.com/
• http://www.itil.org.uk/
• http://www.itilcommunity.com/
• http://www.itlibrary.org/
• ttp://itil.technorealism.org/

COBIT

Relevant pages:

• http://en.wikipedia.org/wiki/COBIT
• http://it.safemode.org/
• http://www.isaca.org/
• http://www.controlit.org/
• http://www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=43