CityU Policies and Standards
CityU Resources
Public Policies and Standards
-
ISO - ISO Standards - JTC 1/SC 27 - IT Security techniques
[Downloading BSI/IEC ISO Standards (CityU Community Only)]
ISO/IEC 27000 (Information technology -- Security techniques) Family of Standards:
- ISO/IEC 27001:2013 -- Information security management systems -- Requirements
- ISO/IEC 27000:2009 -- Information security management systems -- Overview and vocabulary
- ISO/IEC 27003:2010 -- Information security management system implementation guidance
- ISO/IEC 27004:2009 -- Information security management -- Measurement
- ISO/IEC 27005:2011 -- Information security risk management
- ISO/IEC 27006:2011 -- Requirements for bodies providing audit and certification of information security management systems
- ISO/IEC 27007:2011 -- Guidelines for information security management systems auditing
- ISO/IEC TR 27008:2011 -- Guidelines for auditors on information security controls
- ISO/IEC 27011:2008 -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
- ISO/IEC 27018:2014 -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
- ISO/IEC 27031:2011 -- Guidelines for information and communication technology readiness for business continuity
- ISO/IEC 27033-1:2009 -- Network security -- Part 1: Overview and concepts
- ISO/IEC 27033-3:2010 -- Network security -- Part 3: Reference networking scenarios -- Threats, design techniques and control issues
- ISO/IEC 27034-1:2011 -- Application security -- Part 1: Overview and concepts
- ISO/IEC 27035:2011 -- Information security incident management
-
BSI Group - ISO/IEC 27001 Information Security
-
Documents on IT Security Policy and Guidelines, Office of the Government Chief Information Officer, HKSAR
Security Advisories