The Nice Thing About Standards

A senior engineer from Hewlett-Packard once told mesuch as service delivery, relationship management,
that the nice thing about standards was that you hadresolution process, control processes, release
so many to choose from ... this is particularly true ofprocesses, changed services and service
security standards. In this article I have reviewed themanagement.
main security standards and commented on theirISO/IEC 18028:2006
applicability.This was developed to define a standard security
ISO/IEC 27001:2005architecture that describes a framework to support
The ISO/IEC 27001:2005 standard covers all types ofthe planning, design and implementation of network
organisations and specifies the requirements forsecurity. This standard had major contributions from
implementing, operating, monitoring, reviewing,the ITU X.805 standard.
maintaining and improving a documented InformationPCI DSS 1.1:2006
Security Management System (ISMS) and relates thisThe Payment Card Industry Data Security Standard
to the organisation's overall business risks.(PCI-DSS) includes requirements for security
ISO/IEC 20000:2005management, policies, procedures, network
This standard was developed to reflect the bestarchitecture, software design and other critical
practice guidance contained within the Informationmeasures. It is designed to help reduce the frequency
Technology Infrastructure Library (ITIL) framework. Itand impact of security incidents in the processing of
consists of two part: Specification for IT Servicepayment cards. PCI-DSS is applicable to any
Management and code of practice for serviceoragnisation that is processing card payments.
management. ITIL enables organisations to define aThis is a brief review of four major security standards
model to manage their IT operations covering areasand their relevance to different types of organisation.