Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
Click here to load reader
Transcript of Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 1/7
NORMAS, PADRÕES E MELHORES PRÁTICAS EMGESTÃO DE SEGURANÇA DA INFORMAÇÃO
Compilação: 13/04/2004
Por: Carlos Krause
NORMAS, PADRÕES E MELHORES PRÁTICAS NACIONAIS
ABNT (Associação Brasileira de Normas Técnicas)www.abnt.org.br
Norma NBR ISO/IEC 17799:2001 - Código de prática para a gestão dasegurança da informação
Norma NBR 6493 - Emprego de cores para identificação de tubulações
Norma NBR 7195 - Cores para segurança
Norma NBR 9077 - Saídas de emergência em edifícios
Norma NBR 10080 - Instalações de ar-condicionado para salas decomputadores
Norma NBR 10152 - Níveis de ruído para conforto acústico
Norma NBR 10898 - Sistema de iluminação de emergência
Norma NBR 11514 - Controle de acesso para segurança física de instalaçõesde processamento de dados
Norma NBR 11515 - Critérios de segurança física, relativos aoarmazenamento de dados
Norma NBR 11584 - Critérios de segurança física, relativos amicrocomputadores e terminais, em estações de trabalho
Norma NBR 13434 - Sinalização de segurança contra incêndio e pânico -Formas dimensões e cores
Norma NBR 13435 - Sinalização contra incêndio e pânico
Norma NBR 13437 - Símbolos gráficos para sinalização contra incêndio epânico
MINISTÉRIO DO TRABALHO E EMPREGOhttp://www.mte.gov.br/Temas/SegSau/Legislacao/Normas/Default.asp
NR 5 - Comissão Interna de Prevenção de Acidentes - CIPA, Ministério doTrabalho e Emprego
NR 8 - Edificações, Ministério do Trabalho e Emprego
8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 2/7
NR 10 - Instalações e Serviços em Eletricidade, Ministério do Trabalho eEmprego
NR 17 - Ergonomia, Ministério do Trabalho e Emprego
NR 23 - Proteção contra incêndios, Ministério do Trabalho e Emprego
NR 26 - Sinalização de segurança, Ministério do Trabalho e Emprego
AGÊNCIA NACIONAL DE VIGILÂNCIA SANITÁRIAhttp://e-legis.bvs.br/leisref/public/php/home.php
Resolução Nº 176 - Padrões de qualidade do ar para interiores de ambientesde uso público e coletivo climatizados artificialmente, Agência Nacional deVigilância Sanitária do Ministério da Saúde
TRIBUNAL DE CONTAS DA UNIÃOwww.tcu.gov.br
Boas práticas em segurança da informação
Manual de Auditoria
NORMAS, PADRÕES E MELHORES PRÁTICAS INTERNACIONAIS
BSI (British Standards Institution )www.bsi.org.uk
www.bsi-global.com
Norma BS 7799-2:2002 - Information security management systems -Specificaton with guidance for use
Norma BS 15000-1:2002 - IT Service Management: Specification for ServiceManagement.
Norma BS 15000-2:2003 - IT Service Management: Code of practice forservice management.
Norma BS 8800:1996 - Guide to occupational health and safety managementsystems.
Norma OHSAS 18001:1999 - Occupational health and safety managementsystems.
ISO (International Organization for Standardization )www.iso.org
Norma ISO 9001:2000 - Quality management systems -- Requirements
8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 3/7
Norma ISO 10007:2003 - Quality management systems -- Guidelines forconfiguration management
Norma ISO/IEC 11801:2002 - Generic cabling for customer premises
Norma ISO/IEC 12207:1995 - Software life cycle processes
Norma ISO/IEC TR 13335-1:1996 - Guidelines for the management of ITSecurity - Part 1: Concepts and models for IT Security
Norma ISO/IEC TR 13335-2:1997 - Guidelines for the management of IT
Security - Part 2: Managing and planning IT SecurityNorma ISO/IEC TR 13335-3:1998 - Guidelines for the management of ITSecurity - Part 3: Techniques for the management of IT Security
Norma ISO/IEC TR 13335-4:2000 - Guidelines for the management of ITSecurity - Part 4: Selection of safeguards
Norma ISO/IEC TR 13335-5:2001 - Guidelines for the management of ITSecurity - Part 5: Management guidance on network security
Norma ISO/IEC TR 15271:1998 - Guide for ISO/IEC 12207
Norma ISO/IEC 15408-1:1999 - Evaluation Criteria for Information Technology
Security (Common Criteria) - Part 1: Introduction and general modelNorma ISO/IEC 15408-2:1999 - Evaluation Criteria for Information TechnologySecurity (Common Criteria) - Part 2: Security functional requirements
Norma ISO/IEC 15408-3:1999 - Evaluation Criteria for Information TechnologySecurity (Common Criteria) - Part 3: Security assurance requirements
Norma ISO/IEC TR 15486:1998 - Software life cycle processes -Configuration management
Norma ISO/IEC TR 16326:1999 - Guide for the application of ISO/IEC 12207to project management
Norma ISO/IEC 18028-1: IT Network Security - Network security management Norma ISO/IEC 18028-2: IT Network Security - Network security architecture
Norma ISO/IEC 18028-3: IT Network Security - Securing communicationsbetween networks using security gateways
Norma ISO/IEC 18028-4: IT Network Security - Remote access
Norma ISO/IEC 18028-5: IT Network Security - Securing communicationsacross networks using VPN
Norma ISO/IEC 18043: Guidelines for the implementation, operation andmanagement of IDS
Norma ISO/IEC 18044: Information security incident management
Norma ISO/IEC 13569: Banking and related financial services - Informationsecurity guidelines
Norma ISO/IEC 90003:2004 - Guidelines for the application of ISO 9001:2000to computer software
8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 4/7
NIST (National Institute of Standards and Technology )www.nist.gov
http://csrc.nist.gov/publications/nistpubs/index.html
SP 800-2 - Public-Key Cryptography
SP 800-5 - A Guide to the Selection of Anti-Virus Tools and Techniques
SP 800-6 - Automated Tools for Testing Computer System VulnerabilitySP 800-7 - Security in Open Systems
SP 800-8 - Security Issues in the Database Language SQL
SP 800-9 - Good Security Practices for Electronic Commerce, IncludingElectronic Data Interchange
SP 800-10 - Keeping Your Site Comfortably Secure: An Introduction toInternet Firewalls
SP800-11 - The Impact of the FCC's Open Network Architecture on NS/EPTelecommunications Security
SP 800-12 - An Introduction to Computer Security: The NIST Handbook SP 800-13 - Telecommunications Security Guidelines for TelecommunicationsManagement Network
SP 800-14 - Generally Accepted Principles and Practices for SecuringInformation Technology Systems
SP 800-15 - Minimum Interoperability Specification for PKI Components(MISPC), Version 1
SP800-16 - Information Technology Security Training Requirements: A Role-and Performance-Based Model
SP 800-17 - Modes of Operation Validation System (MOVS): Requirementsand Procedures
SP 800-18 - Guide for Developing Security Plans for Information TechnologySystems
SP 800-19 - Mobile Agent Security
SP 800-20 - Modes of Operation Validation System for the Triple DataEncryption Algorithm (TMOVS): Requirements and Procedures
SP 800-21 - Guideline for Implementing Cryptography in the FederalGovernment
SP 800-22 - A Statistical Test Suite for Random and Pseudorandom NumberGenerators for Cryptographic Applications
SP 800-23 - Guidelines to Federal Organizations on Security Assurance andAcquistion/Use of Tested/Evaluated Products: Recommendations of theNational Institute of Standards and Technologly
SP 800-24 - PBX Vulnerability Analysis: Finding Holes in Your PBX BeforeSomeone Else Does.
8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 5/7
SP 800-25 - Federal Agency Use of Public Key Technology for DigitalSignatures and Authentication
SP 800-26 - Security Self-Assessment Guide for Information TechnologySystems
SP 800-27 - Engineering Principles for Information Technology Security (ABaseline for Achieving Security)
SP 800-28 - Guidelines on Active Content and Mobile Code
SP 800-29 - A Comparison of the Security Requirements for CryptographicModules in FIPS 140-1 and FIPS 140-2
SP 800-30 - Risk Management Guide for Information Technology Systems
SP 800-31 - Intrusion Detection Systems
SP 800-32 - Introduction to Public Key Technology and the Federal PKIInfrastructure
SP 800-33 - Underlying Technical Models for Information TechnologySecurity; Recommendations of the National Institute of Standards andTechnology
SP 800-34 - Contingency Planning Guide for Information Technology SystemsSP 800-35 - Guide to Information Technology Security Services
SP 800-36 - Guide to Selecting Information Security Products
SP 800-38A - Recommendation for Block Cipher Modes of OperationMethods and Techniques
SP 800-40 - Procedures for Handling Security Patches
SP 800-41 - Guidelines on Firewalls and Firewall Policy
SP 800-42 - Guideline on Network Security Testing
SP 800-43 - Systems Administration Guidance for Windows 2000Professional
SP 800-44 - Guidelines on Securing Public Web Servers
SP 800-45 - Guidelines on Electronic Mail Security
SP 800-46 - Security for Telecommuting and Broadband Communications
SP 800-47 - Security Guide for Interconnecting Information TechnologySystems
SP 800-48 - Wireless Network Security: 802.11, Bluetooth, and HandheldDevices
SP 800-49 - Federal S/MIME V3 Client Profile
SP 800-50 - Building an Information Technology Security Awareness andTraining Program
SP 800-51 - Use of the Common Vulnerabilities and Exposures (CVE)Vulnerability Naming Scheme
SP 800-55 - Security Metrics Guide for Information Technology Systems
8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 6/7
SP 800-59 - Guideline for Identifying an Information System as a NationalSecurity System
SP 800-61 - Computer Security Incident Handling Guide
SP 800-64 - Security Considerations in the Information System DevelopmentLife Cycle
IETF (Internet Engineering Task Force)http://www.ietf.org/rfc.html RFC 3631 - Security Mechanisms for the Internet
RFC 2504 - Users' Security Handbook
RFC 2350 - Expectations for Computer Security Incident Response
RFC 2196 - Site Security Handbook
COSO -The Committee of Sponsoring Organizations of the TreadwayCommission
www.coso.org COSO Enterprise Risk Management Framework - Released for Comment
Report of the National Commission on Fraudulent Financial Reporting
Internal Control — Integrated Framework (Executive Summary)
Internal Control Issues in Derivatives Usage (Executive Summary)
DIVERSOSCISSP CBK Study Guide
www.isc2.org
COBITTM - Control Objectives for Information and Related Technology
www.isaca.org/cobit
ITIL® - Information Technology Infrastructure Library
http://www.itil.org.uk
OECD Guidelines for the Security of Information Systems and Networks
www.oecd.org
SA8000 Standard - Social Accountability Systemhttp://www.cepaa.org/SA8000/SA8000.htm
Capability Maturity Model® for Software (SW-CMM®)
http://www.sei.cmu.edu/cmm/cmm.html
OCTAVE® ( Operationally Critical Threat, Asset, and Vulnerability Evaluation )
http://www.cert.org/octave
8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca
http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 7/7
TickiT - addresses the use of the ISO 9000 series of Standards for QualitySystems in Software Development
http://www.tickit.org
Sarbanes-Oxley
http://www.sec.gov/spotlight/sarbanes-oxley.htm
http://www.sarbanes-oxley.com
HIPAA - Health Insurance Portability and Accountability Act
http://www.hhs.gov/ocr/hipaa
http://www.hipaa.org
Gaisp - Generally Accepted Information Security Principles
http://www.issa.org/gaisp/gaisp.html