Informationstechnik - Prozessbewertung - Prozessfähigkeitsbewertungsmodell für das Informationssicherheitsmanagement Information technology - Process assessment - Process capability assessment model for information security management
Informationstechnik - Prozessbewertung - Prozessfähigkeitsbewertungsmodell für das InformationssicherheitsmanagementInformation technology - Process assessment - Process capability assessment model for information security management |
| Shortname | ISO/IEC TS 33072:2016-07 |
|---|---|
| Dokumentnummer | 33072 |
| Ausgabedatum | 2016-07-00 |
| Erwerb bei | https://www.vde-verlag.de/iec-normen/223725/iso-iec-ts-33072-2016.html |
| Internationales Gremium | ISO/IEC JTC 1/SC 27 |
| Thema | Prozessbewertung |
| Sektor | Informationstechnik und Telekommunikation |
| Branche | Informationstechnik |
| Level of Abstraction | 4 |
- Einführungsbeitrag (short) EN:
ISO/IEC TS 33072:2016: - defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020; - provides guidance, by example, on the definition, selection and use of assessment indicators. A PAM comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of indicators included in ISO/IEC TS 33072:2016 is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. The PAM in ISO/IEC TS 33072:2016 is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement). Additionally it may be of use to developers of assessment models in the construction of their own model, by providing examples of good information security management practices. It can be used by: a) service providers to assess and improve an Information Security Management System (ISMS); b) service providers to demonstrate their capability for the design, development, transition and delivery of services that fulfil information security management requirements. Any PAM meeting the requirements defined in ISO/IEC 33004 concerning models for process assessment can be used for assessment. Different models and methods might be needed to address differing business needs. The assessment model in ISO/IEC TS 33072:2016 meets all the requirements expressed in ISO/IEC 33004. NOTE Copyright release for the PAM: Users of ISO/IEC TS 33072 :2016 may reproduce subclauses 5.2 to 5.27, 6.2, B.2 and B.3 as part of any tool or other material to support the performance of process assessments so that it can be used for its intended purpose.
- Anmerkung:
/ Achtung: Berichtigter Nachdruck 2016-09-01
- ISO/IEC 12207 (2008-02)
- ISO/IEC 15289 (2006-04)
- ISO/IEC 15504-5 (2012-02)
- ISO/IEC 15504-6 (2013-06)
- ISO/IEC 20000-1 (2011-04)
- ISO/IEC 27000 (2016-02)
- ISO/IEC 27001 (2013-10)
- ISO/IEC 33001 (2015-03)
- ISO/IEC 33002 (2015-03)
- ISO/IEC 33004 (2015-03)
- ISO/IEC 33020 (2015-03)
- ISO/IEC TR 20000-4 (2010-12)
- ISO/IEC TR 24774 (2010-09)
- ISO/IEC TS 33052 (2016-06)
-
Transnational Branche: Informationstechnik
Ergebnis 6RICHTLINIE (EU) 2016/1148 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 6. Juli 2016 über Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen in der UnionRL 2016/1148/EU - NIS-Richtlinie
Einzelne Vorschriften
Alle, insbes. Art. 14-16
Transnational Branche: Informationstechnik
Ergebnis 7VERORDNUNG (EU) 2016/679 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 27. April 2016 zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten, zum freien Datenverkehr und zur Aufhebung der Richtlinie 95/46/EG (Datenschutz-Grundverordnung)DS-GVO
Einzelne Vorschriften
Art. 5; 24; 25; 28; 29; 32; 33; 34; 35; 36; 37; 38; 39; 40; 42; 43; 45; 46; 47; 49; 51; 57; 58
Transnational Branche: Informationstechnik
Ergebnis 8RICHTLINIE 2013/40/EU DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 12. August 2013 über Angriffe auf Informationssysteme und zur Ersetzung des Rahmenbeschlusses 2005/222/JI des RatesRL 2013/40/EU
Einzelne Vorschriften
Alle
Transnational Branche: Informationstechnik
Ergebnis 9RICHTLINIE 2008/114/EG DES RATES vom 8. Dezember 2008 über die Ermittlung und Ausweisung europäischer kritischer Infrastrukturen und die Bewertung derNotwendigkeit, ihren Schutz zu verbessernRL 2008/114/EG
Einzelne Vorschriften
Alle
Bundesrecht Branche: Informationstechnik
Ergebnis 10AktiengesetzAktG
Einzelne Vorschriften
§§ 91; 93 I