CityU Policies and Standards

CityU Resources

Public Policies and Standards

  • ISO - ISO Standards - JTC 1/SC 27 - IT Security techniques
    [Downloading BSI/IEC ISO Standards (CityU Community Only)]
    ISO/IEC 27000 (Information technology -- Security techniques) Family of Standards:
    • ISO/IEC 27001:2013 -- Information security management systems -- Requirements
    • ISO/IEC 27000:2009 -- Information security management systems -- Overview and vocabulary
    • ISO/IEC 27003:2010 -- Information security management system implementation guidance
    • ISO/IEC 27004:2009 -- Information security management -- Measurement
    • ISO/IEC 27005:2011 -- Information security risk management
    • ISO/IEC 27006:2011 -- Requirements for bodies providing audit and certification of information security management systems
    • ISO/IEC 27007:2011 -- Guidelines for information security management systems auditing
    • ISO/IEC TR 27008:2011 -- Guidelines for auditors on information security controls
    • ISO/IEC 27011:2008 -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
    • ISO/IEC 27018:2014 -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
    • ISO/IEC 27031:2011 -- Guidelines for information and communication technology readiness for business continuity
    • ISO/IEC 27033-1:2009 -- Network security -- Part 1: Overview and concepts
    • ISO/IEC 27033-3:2010 -- Network security -- Part 3: Reference networking scenarios -- Threats, design techniques and control issues
    • ISO/IEC 27034-1:2011 -- Application security -- Part 1: Overview and concepts
    • ISO/IEC 27035:2011 -- Information security incident management
  • BSI Group - ISO/IEC 27001 Information Security
  • Documents on IT Security Policy and Guidelines, Office of the Government Chief Information Officer, HKSAR

Security Advisories

Texture wallpaper