Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca

8/12/2019 Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca

http://slidepdf.com/reader/full/abnt-nbr-bsi-iso-nist-ietf-coso-normas-padroes-e-melhores-praticas 1/7

NORMAS, PADRÕES E MELHORES PRÁTICAS EMGESTÃO DE SEGURANÇA DA INFORMAÇÃO

Compilação: 13/04/2004

Por: Carlos Krause

NORMAS, PADRÕES E MELHORES PRÁTICAS NACIONAIS

ABNT (Associação Brasileira de Normas Técnicas)www.abnt.org.br

Norma NBR ISO/IEC 17799:2001 - Código de prática para a gestão dasegurança da informação

Norma NBR 6493 - Emprego de cores para identificação de tubulações

Norma NBR 7195 - Cores para segurança

Norma NBR 9077 - Saídas de emergência em edifícios

Norma NBR 10080 - Instalações de ar-condicionado para salas decomputadores

Norma NBR 10152 - Níveis de ruído para conforto acústico

Norma NBR 10898 - Sistema de iluminação de emergência

Norma NBR 11514 - Controle de acesso para segurança física de instalaçõesde processamento de dados

Norma NBR 11515 - Critérios de segurança física, relativos aoarmazenamento de dados

Norma NBR 11584 - Critérios de segurança física, relativos amicrocomputadores e terminais, em estações de trabalho

Norma NBR 13434 - Sinalização de segurança contra incêndio e pânico -Formas dimensões e cores

Norma NBR 13435 - Sinalização contra incêndio e pânico

Norma NBR 13437 - Símbolos gráficos para sinalização contra incêndio epânico

MINISTÉRIO DO TRABALHO E EMPREGOhttp://www.mte.gov.br/Temas/SegSau/Legislacao/Normas/Default.asp

NR 5 - Comissão Interna de Prevenção de Acidentes - CIPA, Ministério doTrabalho e Emprego

NR 8 - Edificações, Ministério do Trabalho e Emprego



NR 10 - Instalações e Serviços em Eletricidade, Ministério do Trabalho eEmprego

NR 17 - Ergonomia, Ministério do Trabalho e Emprego

NR 23 - Proteção contra incêndios, Ministério do Trabalho e Emprego

NR 26 - Sinalização de segurança, Ministério do Trabalho e Emprego

AGÊNCIA NACIONAL DE VIGILÂNCIA SANITÁRIAhttp://e-legis.bvs.br/leisref/public/php/home.php

Resolução Nº 176 - Padrões de qualidade do ar para interiores de ambientesde uso público e coletivo climatizados artificialmente, Agência Nacional deVigilância Sanitária do Ministério da Saúde

TRIBUNAL DE CONTAS DA UNIÃOwww.tcu.gov.br

Boas práticas em segurança da informação

Manual de Auditoria

NORMAS, PADRÕES E MELHORES PRÁTICAS INTERNACIONAIS

BSI (British Standards Institution )www.bsi.org.uk

www.bsi-global.com

Norma BS 7799-2:2002 - Information security management systems -Specificaton with guidance for use

Norma BS 15000-1:2002 - IT Service Management: Specification for ServiceManagement.

Norma BS 15000-2:2003 - IT Service Management: Code of practice forservice management.

Norma BS 8800:1996 - Guide to occupational health and safety managementsystems.

Norma OHSAS 18001:1999 - Occupational health and safety managementsystems.

ISO (International Organization for Standardization )www.iso.org

Norma ISO 9001:2000 - Quality management systems -- Requirements



Norma ISO 10007:2003 - Quality management systems -- Guidelines forconfiguration management

Norma ISO/IEC 11801:2002 - Generic cabling for customer premises

Norma ISO/IEC 12207:1995 - Software life cycle processes

Norma ISO/IEC TR 13335-1:1996 - Guidelines for the management of ITSecurity - Part 1: Concepts and models for IT Security

Norma ISO/IEC TR 13335-2:1997 - Guidelines for the management of IT

Security - Part 2: Managing and planning IT SecurityNorma ISO/IEC TR 13335-3:1998 - Guidelines for the management of ITSecurity - Part 3: Techniques for the management of IT Security

Norma ISO/IEC TR 13335-4:2000 - Guidelines for the management of ITSecurity - Part 4: Selection of safeguards

Norma ISO/IEC TR 13335-5:2001 - Guidelines for the management of ITSecurity - Part 5: Management guidance on network security

Norma ISO/IEC TR 15271:1998 - Guide for ISO/IEC 12207

Norma ISO/IEC 15408-1:1999 - Evaluation Criteria for Information Technology

Security (Common Criteria) - Part 1: Introduction and general modelNorma ISO/IEC 15408-2:1999 - Evaluation Criteria for Information TechnologySecurity (Common Criteria) - Part 2: Security functional requirements

Norma ISO/IEC 15408-3:1999 - Evaluation Criteria for Information TechnologySecurity (Common Criteria) - Part 3: Security assurance requirements

Norma ISO/IEC TR 15486:1998 - Software life cycle processes -Configuration management

Norma ISO/IEC TR 16326:1999 - Guide for the application of ISO/IEC 12207to project management

Norma ISO/IEC 18028-1: IT Network Security - Network security management Norma ISO/IEC 18028-2: IT Network Security - Network security architecture

Norma ISO/IEC 18028-3: IT Network Security - Securing communicationsbetween networks using security gateways

Norma ISO/IEC 18028-4: IT Network Security - Remote access

Norma ISO/IEC 18028-5: IT Network Security - Securing communicationsacross networks using VPN

Norma ISO/IEC 18043: Guidelines for the implementation, operation andmanagement of IDS

Norma ISO/IEC 18044: Information security incident management

Norma ISO/IEC 13569: Banking and related financial services - Informationsecurity guidelines

Norma ISO/IEC 90003:2004 - Guidelines for the application of ISO 9001:2000to computer software



NIST (National Institute of Standards and Technology )www.nist.gov

http://csrc.nist.gov/publications/nistpubs/index.html

SP 800-2 - Public-Key Cryptography

SP 800-5 - A Guide to the Selection of Anti-Virus Tools and Techniques

SP 800-6 - Automated Tools for Testing Computer System VulnerabilitySP 800-7 - Security in Open Systems

SP 800-8 - Security Issues in the Database Language SQL

SP 800-9 - Good Security Practices for Electronic Commerce, IncludingElectronic Data Interchange

SP 800-10 - Keeping Your Site Comfortably Secure: An Introduction toInternet Firewalls

SP800-11 - The Impact of the FCC's Open Network Architecture on NS/EPTelecommunications Security

SP 800-12 - An Introduction to Computer Security: The NIST Handbook SP 800-13 - Telecommunications Security Guidelines for TelecommunicationsManagement Network

SP 800-14 - Generally Accepted Principles and Practices for SecuringInformation Technology Systems

SP 800-15 - Minimum Interoperability Specification for PKI Components(MISPC), Version 1

SP800-16 - Information Technology Security Training Requirements: A Role-and Performance-Based Model

SP 800-17 - Modes of Operation Validation System (MOVS): Requirementsand Procedures

SP 800-18 - Guide for Developing Security Plans for Information TechnologySystems

SP 800-19 - Mobile Agent Security

SP 800-20 - Modes of Operation Validation System for the Triple DataEncryption Algorithm (TMOVS): Requirements and Procedures

SP 800-21 - Guideline for Implementing Cryptography in the FederalGovernment

SP 800-22 - A Statistical Test Suite for Random and Pseudorandom NumberGenerators for Cryptographic Applications

SP 800-23 - Guidelines to Federal Organizations on Security Assurance andAcquistion/Use of Tested/Evaluated Products: Recommendations of theNational Institute of Standards and Technologly

SP 800-24 - PBX Vulnerability Analysis: Finding Holes in Your PBX BeforeSomeone Else Does.



SP 800-25 - Federal Agency Use of Public Key Technology for DigitalSignatures and Authentication

SP 800-26 - Security Self-Assessment Guide for Information TechnologySystems

SP 800-27 - Engineering Principles for Information Technology Security (ABaseline for Achieving Security)

SP 800-28 - Guidelines on Active Content and Mobile Code

SP 800-29 - A Comparison of the Security Requirements for CryptographicModules in FIPS 140-1 and FIPS 140-2

SP 800-30 - Risk Management Guide for Information Technology Systems

SP 800-31 - Intrusion Detection Systems

SP 800-32 - Introduction to Public Key Technology and the Federal PKIInfrastructure

SP 800-33 - Underlying Technical Models for Information TechnologySecurity; Recommendations of the National Institute of Standards andTechnology

SP 800-34 - Contingency Planning Guide for Information Technology SystemsSP 800-35 - Guide to Information Technology Security Services

SP 800-36 - Guide to Selecting Information Security Products

SP 800-38A - Recommendation for Block Cipher Modes of OperationMethods and Techniques

SP 800-40 - Procedures for Handling Security Patches

SP 800-41 - Guidelines on Firewalls and Firewall Policy

SP 800-42 - Guideline on Network Security Testing

SP 800-43 - Systems Administration Guidance for Windows 2000Professional

SP 800-44 - Guidelines on Securing Public Web Servers

SP 800-45 - Guidelines on Electronic Mail Security

SP 800-46 - Security for Telecommuting and Broadband Communications

SP 800-47 - Security Guide for Interconnecting Information TechnologySystems

SP 800-48 - Wireless Network Security: 802.11, Bluetooth, and HandheldDevices

SP 800-49 - Federal S/MIME V3 Client Profile

SP 800-50 - Building an Information Technology Security Awareness andTraining Program

SP 800-51 - Use of the Common Vulnerabilities and Exposures (CVE)Vulnerability Naming Scheme

SP 800-55 - Security Metrics Guide for Information Technology Systems



SP 800-59 - Guideline for Identifying an Information System as a NationalSecurity System

SP 800-61 - Computer Security Incident Handling Guide

SP 800-64 - Security Considerations in the Information System DevelopmentLife Cycle

IETF (Internet Engineering Task Force)http://www.ietf.org/rfc.html RFC 3631 - Security Mechanisms for the Internet

RFC 2504 - Users' Security Handbook

RFC 2350 - Expectations for Computer Security Incident Response

RFC 2196 - Site Security Handbook

COSO -The Committee of Sponsoring Organizations of the TreadwayCommission

www.coso.org COSO Enterprise Risk Management Framework - Released for Comment

Report of the National Commission on Fraudulent Financial Reporting

Internal Control — Integrated Framework (Executive Summary)

Internal Control Issues in Derivatives Usage (Executive Summary)

DIVERSOSCISSP CBK Study Guide

www.isc2.org

COBITTM - Control Objectives for Information and Related Technology

www.isaca.org/cobit

ITIL® - Information Technology Infrastructure Library

http://www.itil.org.uk

OECD Guidelines for the Security of Information Systems and Networks

www.oecd.org

SA8000 Standard - Social Accountability Systemhttp://www.cepaa.org/SA8000/SA8000.htm

Capability Maturity Model® for Software (SW-CMM®)

http://www.sei.cmu.edu/cmm/cmm.html

OCTAVE® ( Operationally Critical Threat, Asset, and Vulnerability Evaluation )

http://www.cert.org/octave



TickiT - addresses the use of the ISO 9000 series of Standards for QualitySystems in Software Development

http://www.tickit.org

Sarbanes-Oxley

http://www.sec.gov/spotlight/sarbanes-oxley.htm

http://www.sarbanes-oxley.com

HIPAA - Health Insurance Portability and Accountability Act

http://www.hhs.gov/ocr/hipaa

http://www.hipaa.org

Gaisp - Generally Accepted Information Security Principles

http://www.issa.org/gaisp/gaisp.html

Documents

Abnt Nbr, Bsi, Iso, Nist, Ietf, Coso - Normas, Padroes E Melhores Praticas Em Gestao de Seguranca