The international Standard that provides guidelines for auditors on information security controls.
ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of information security controls within an organisation. It supports the risk management process in ISO/IEC 27001 and the information security controls in ISO/IEC 27002.
This Standard will be of particular use where the technical compliance checking of information system controls is taking place, in compliance with an organisation's established information security standards.
ISO/IEC TR 27008:2011 is applicable to any type of organisation, including public and private companies, government entities and not-for-profit organisations undertaking information security reviews and technical compliance checks.
Information security control reviews and technical compliance testing should be integral parts of any enterprise-wide information security programme. They will help an organisation to:
Please note: We supply, interchangeably, the British and other national or international adoptions of ISO/IEC 27008, which all contain exactly the same content.
Purchase and use of the PDF version of this product is subject to this EULA.