Skip to main content

Bibliography

  1. ISO 9000, Quality management systems — Fundamentals and vocabulary
  2. ISO 55001, Asset management — Management systems — Requirements
  3. ISO/IEC 11770 (all parts), Information security — Key management
  4. ISO/IEC 15408 (all parts), Information technology — Security techniques — Evaluation criteria for IT security
  5. ISO 15489 (all parts), Information and documentation — Records management
  6. ISO/IEC 17788, Information technology — Cloud computing — Overview and vocabulary
  7. ISO/IEC 17789, Information technology — Cloud computing — Reference architecture
  8. ISO/IEC 19086 (all parts), Cloud computing — Service level agreement (SLA) framework
  9. ISO/IEC 19770 (all parts), Information technology — IT asset management
  10. ISO/IEC 19941, Information technology — Cloud computing — Interoperability and portability
  11. ISO/IEC 20889, Privacy enhancing data de-identification terminology and classification of techniques
  12. ISO 21500, Project, programme and portfolio management — Context and concepts
  13. ISO 21502, Project, programme and portfolio management — Guidance on project management
  14. ISO 22301, Security and resilience — Business continuity management systems — Requirements
  15. ISO 22313, Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
  16. ISO/TS 22317, Societal security — Business continuity management systems — Guidelines for business impact analysis (BIA)
  17. ISO 22396, Security and resilience — Community resilience — Guidelines for information exchange between organizations
  18. ISO/IEC TS 23167, Information technology — Cloud computing — Common technologies and techniques
  19. ISO/IEC 23751:—2), Information technology — Cloud computing and distributed platforms — Data sharing agreement (DSA) framework
  20. ISO/IEC 24760 (all parts), IT Security and Privacy — A framework for identity management
  21. ISO/IEC 27001:2013, Information technology — Security techniques — Information security management systems — Requirements
  22. ISO/IEC 27005, Information technology — Security techniques — Information security risk management
  23. ISO/IEC 27007, Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing
  24. ISO/IEC TS 27008, Information technology — Security techniques — Guidelines for the assessment of information security controls
  25. ISO/IEC 27011, Information technology — Security techniques — Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations
  26. ISO/IEC TR 27016, Information technology — Security techniques — Information security management — Organizational economics
  27. ISO/IEC 27017, Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
  28. ISO/IEC 27018, Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
  29. ISO/IEC 27019, Information technology — Security techniques — Information security controls for the energy utility industry
  30. ISO/IEC 27031, Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity
  31. ISO/IEC 27033 (all parts), Information technology — Security techniques — Network security
  32. ISO/IEC 27034 (all parts), Information technology — Application security
  33. ISO/IEC 27035 (all parts), Information technology — Security techniques — Information security incident management
  34. ISO/IEC 27036 (all parts), Information technology — Security techniques — Information security for supplier relationships
  35. ISO/IEC 27037, Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence
  36. ISO/IEC 27040, Information technology — Security techniques — Storage security
  37. ISO/IEC 27050 (all parts), Information technology — Electronic discovery
  38. ISO/IEC TS 27110, Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines
  39. ISO/IEC 27701, Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
  40. ISO 27799, Health informatics — Information security management in health using ISO/IEC 27002
  41. ISO/IEC 29100, Information technology — Security techniques — Privacy framework
  42. ISO/IEC 29115, Information technology — Security techniques — Entity authentication assurance framework
  43. ISO/IEC 29134, Information technology — Security techniques — Guidelines for privacy impact assessment
  44. ISO/IEC 29146, Information technology — Security techniques — A framework for access management
  45. ISO/IEC 29147, Information technology — Security techniques — Vulnerability disclosure
  46. ISO 30000, Ships and marine technology — Ship recycling management systems — Specifications for management systems for safe and environmentally sound ship recycling facilities
  47. ISO/IEC 30111, Information technology — Security techniques — Vulnerability handling processes
  48. ISO 31000:2018, Risk management — Guidelines
  49. IEC 31010, Risk management — Risk assessment techniques
  50. ISO/IEC 22123 (all parts), Information technology — Cloud computing
  51. ISO/IEC 27555, Information security, cybersecurity and privacy protection — Guidelines on personally identifiable information deletion
  52. Information Security Forum (ISF). The ISF Standard of Good Practice for Information Security 2020, August 2018. Available at ISF Standard
  53. ITIL® Foundation, ITIL 4 edition, AXELOS, February 2019, ISBN: 9780113316076
  54. National Institute of Standards and Technology (NIST), SP 800-37, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, Revision 2. December 2018 [viewed 2020-07-31]. Available at NIST.SP.800-37r2
  55. Open Web Application Security Project (OWASP). OWASP Top Ten - 2017, The Ten Most Critical Web Application Security Risks, 2017 [viewed 2020-07-31]. Available at OWASP Top Ten 2017
  56. Open Web Application Security Project (OWASP). OWASP Developer Guide, [online] [viewed 2020-10-22]. Available at OWASP Developer Guide
  57. National Institute of Standards and Technology (NIST), SP 800-63B, Digital Identity Guidelines; Authentication and Lifecycle Management. February 2020 [viewed 2020-07-31]. Available at NIST.SP.800-63b
  58. OASIS, Structured Threat Information Expression. Available at OASIS STIX 2.0
  59. OASIS, Trusted Automated Exchange of Indicator Information. Available at OASIS TAXII 2.0