Connect with us

Hi, what are you looking for?

Regulation

ISO/IEC 27011

ISO/IEC 27011:2016 – Information technology – Security protocols – Information security guidelines based on ISO/IEC 27002 for telecom companies

Introduction

ITU-T and ISO/IEC JTC1/SC27 developed this ISMS implementation guide for telecom industry organizations, the text of which has been published as both ITU-T X.1051 and ISO/IEC 27011.

Scope and objectives

Specifically, this standard:

“Provides guidelines and general principles for establishing, implementing, maintaining, and strengthening information security controls in telecom organizations based on ISO/IEC 27002; [and]

Sets the standards for the implementation of information security controls within telecom organizations to guarantee the confidentiality, integrity and availability of facilities, information and services that are handled, managed, or stored on those facilities or services.”

The content

Furthermore, there are minor modifications of ISO/IEC 27002’s core content and an additional ‘extended control set’ that provides advice to telecoms organizations on access controls, physical security, and environmental security, as well as on communications security and compliance. This document elaborates on network security, addressing “cyber attacks” and network congestion.

The standard’s status

2008 marked the first publication of the standard.

In keeping with the new ISO/IEC 27002 and 27001 versions from 2013, this guideline was revised. The second edition of this book was released in 2016.

A corrigendum was presented in 2018, adding corrections to the title of clause 8.2.1.

The revision project has reached the 4th Working Draft stage. It was titled as “Information security, cybersecurity and privacy protection – Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations”.

Commentary

ITU-T has proposed to extend ISO/IEC 27011 with two new parts, which are:

– Security management Guidelines for Small and Medium-sized telecommunications organizations [X.sgsm]: A document that presents guidance for the implementation of information security management systems based on X.1051 (ISO/IEC 27011);
– Asset Management Guidelines [X.amg]: an essential guide to asset management for telecom companies.

These are not included in ISO/IEC 27011:2016. They may become separate standards, or may be incorporated into the 3rd edition?

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Information Privacy

ISO/IEC TS 27560 — Privacy technologies — Consent record information structure [Draft] Introduction For recording PII Principals’ (data subjects’) consent to data processing, this...

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...