ENISA - RM/RA Standards Risk Managemet / Risk Assessment Standards

The overview (see link under web resources) provides an overview of Risk Management / Risk Assessment Standards (RM / RA).

Direct Relevance:

• ISO/IEC Standard 13335 - Information technology -- Security techniques -- Management of information and communications technology security
• BS 25999 – Business continuity management
• ISO/IEC Standard 15443 - Information technology -- Security techniques -- A framework for IT security assurance
• ISO/IEC Standard 17799 - Information technology -- Security techniques -- Code of practice for information security management
• ISO/IEC Standard 18028 - Information technology -- Security techniques -- IT network security
• ISO/IEC Standard 27001 - Information technology -- Security techniques -- Information security management systems
• BS 7799-3 – Information security management systems -- Guidelines for information security risk management
• ISO/IEC TR 18044 – Information technology -- Security techniques -- Information security incident management
• Initiatives of the Information Security Forum, including the Standard of Good Practice and their auditing standards
• ISO Standard 13569 - Financial services -- Information security guidelines

Indirect Relevance

• ISO/IEC Standard 15816 – Information technology -- Security techniques -- Security information objects for access control
• ISO/IEC TR 15947 - Information technology -- Security techniques -- IT intrusion detection framework
• ISO/IEC Standard 15408 - Information technology -- Security techniques -- Evaluation criteria for IT security
• ISO/IEC TR 15446 – Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets
• ISO/IEC 18045 – Information technology -- Security techniques -- Methodology for IT security evaluation