TELECOM ORGANIZATIONS PACKAGE - Consists of CAN/CSA-ISO/IEC 27000:11 - Information technology - Security techniques - Information security management systems - Overview and vocabulary (Adopted ISO/IEC 27000:2009, first edition, 2009-05-01); CAN/CSA-ISO/IEC 27001-06, Information technology - Security techniques - Information security management systems - Requirements (Adopted ISO/IEC 27001:2005, first edition, 2005-10-15); CAN/CSA-ISO/IEC 27002-08, Information technology - Security techniques - Code of practice for information security management (Adopted ISO/IEC 27002:2005, first edition, 2005-06-15); CAN/CSA-ISO/IEC 27003-10, Information technology - Security techniques - Information security management system implementation guidance (Adopted ISO/IEC 27003:2010, first edition, 2010-02-01); CAN/CSA-ISO/IEC 27004- 10, Information technology - Security techniques - Information security management - Measurement (Adopted ISO/IEC 27004:2009, first edition, 2009-12-15; CAN/CSA-ISO/IEC 27005-09, Information technology - Security techniques - Information security risk management (Adopted ISO/IEC 27005:2008, first edition, 2008-06-15) and CAN/CSA-ISO/IEC 27011:11 - Information technology - Security techniques - Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 (Adopted ISO/IEC 27011:2008, first edition, 2008- 12-15).

CAN/CSA-ISO/IEC 27000:18 - Information technology - Security techniques - Information security management systems - Overview and vocabulary

CSA Preface

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).

For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27000" throughout.

This Standard supersedes CAN/CSA-ISO/IEC 27000:15 (adopted ISO/IEC 27000:2014), available in English only.

Scope

This International Standard provides the overview of information security management systems, and terms and definitions commonly used in the ISMS family of standards. This International Standard is applicable to all types and sizes of organization (e.g. commercial enterprises, government agencies, not-for-profit organizations).

-------------------------------------------------------------------------------

CAN/CSA-ISO/IEC 27001:14 - Information technology - Security techniques - Information security management systems - Requirements

CSA Preface

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).

Scope

This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard.

-------------------------------------------------------------------------------

CAN/CSA-ISO/IEC 27002:15 - Information technology - Security techniques - Code of practice for information security controls

CSA Preface

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).

For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27002" throughout.

This Standard supersedes CAN/CSA-ISO/IEC 27002:08 (adoption of ISO/IEC 27002:2005).

Scope

This International Standard gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).

This International Standard is designed to be used by organizations that intend to:

a) select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;

b) implement commonly accepted information security controls;

c) develop their own information security management guidelines.

-------------------------------------------------------------------------------

CAN/CSA-ISO/IEC 27003-10 - Information technology - Security techniques - Information security management system implementation guidance

CSA Preface

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).

Scope

This International Standard focuses on the critical aspects needed for successful design and implementation of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2005. It describes the process of ISMS specification and design from inception to the production of implementation plans. It describes the process of obtaining management approval to implement an ISMS, defines a project to implement an ISMS (referred to in this International Standard as the ISMS project), and provides guidance on how to plan the ISMS project, resulting in a final ISMS project implementation plan.

This International Standard is intended to be used by organizations implementing an ISMS. It is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations) of all sizes. Each organization's complexity and risks are unique, and its specific requirements will drive the ISMS implementation. Smaller organizations will find that the activities noted in this International Standard are applicable to them and can be simplified. Large-scale or complex organizations might find that a layered organization or management system is needed to manage the activities in this International Standard effectively. However, in both cases, the relevant activities can be planned by applying this International Standard.

This International Standard gives recommendations and explanations; it does not specify any requirements.
This International Standard is intended to be used in conjunction with ISO/IEC 27001:2005 and ISO/IEC 27002:2005, but is not intended to modify and/or reduce the requirements specified in ISO/IEC 27001:2005 or the recommendations provided in ISO/IEC 27002:2005. Claiming conformity to this International Standard is not appropriate.

-------------------------------------------------------------------------------

CAN/CSA-ISO/IEC 27004-18 - Information technology ? Security techniques ? Information security management ? Monitoring, measurement, analysis and evaluation

CSA Preface

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).

For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27004" throughout.

This Standard supersedes CAN/CSA-ISO/IEC 27004:10 (adopted ISO/IEC 27004:2009).

Scope

This document provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1. It establishes:

a) the monitoring and measurement of information security performance;

b) the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls;

c) the analysis and evaluation of the results of monitoring and measurement.

This document is applicable to all types and sizes of organizations.

-------------------------------------------------------------------------------

CAN/CSA-ISO/IEC 27005-11 - Information technology - Security techniques - Information security risk management

CSA Preface

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).

Scope

This International Standard provides guidelines for information security risk management.

This International Standard supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.

Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of this International Standard.

This International Standard is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization's information security.

-------------------------------------------------------------------------------

CAN/CSA-ISO/IEC 27011:18 - Information technology ? Security techniques ? Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations

CSA Preface

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).

For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27011" throughout.

This Standard supersedes CAN/CSA-ISO/IEC 27011:11 (adopted ISO/IEC 27011:2008).

Scope

The scope of this Recommendation | International Standard is to define guidelines supporting the implementation of information security controls in telecommunications organizations.

The adoption of this Recommendation | International Standard will allow telecommunications organizations to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property.