Table of Contents
1Scope
2Normativereferences
3Definitionsandabbreviations
3.1Definitions
3.2Abbreviations
4Overview
4.1Structureofthisguideline
4.2Informationsecuritymanagementsystemsin
telecommunicationsbusiness
5Securitypolicy
6Organizationofinformationsecurity
6.1Internalorganization
6.2Externalparties
7Assetmanagement
7.1Responsibilityforassets
7.2Informationclassification
8Humanresourcessecurity
8.1Priortoemployment
8.2Duringemployment
8.3Terminationorchangeofemployment
9Physicalandenvironmentalsecurity
9.1Secureareas
9.2Equipmentsecurity
10Communicationsandoperationsmanagement
10.1Operationalproceduresandresponsibilities
10.2Thirdpartyservicedeliverymanagement
10.3Systemplanningandacceptance
10.4Protectionagainstmaliciousandmobilecode
10.5Back-up
10.6Networksecuritymanagement
10.7Mediahandling
10.8Exchangeofinformation
10.9Electroniccommerceservices
10.10Monitoring
11Accesscontrol
11.1Businessrequirementforaccesscontrol
11.2Useraccessmanagement
11.3Userresponsibilities
11.4Networkaccesscontrol
11.5Operatingsystemaccesscontrol
11.6Applicationandinformationaccesscontrol
11.7Mobilecomputingandteleworking
12Informationsystemsacquisition,developmentandmaintenance
12.1Securityrequirementsofinformationsystems
12.2Correctprocessinginapplications
12.3Cryptographiccontrols
12.4Securityofsystemfiles
12.5Securityindevelopmentandsupportprocesses
12.6Technicalvulnerabilitymanagement
13Informationsecurityincidentmanagement
13.1Reportinginformationsecurityeventsandweaknesses
13.2Managementofinformationsecurityincidentsand
improvements
14Businesscontinuitymanagement
14.1Informationsecurityaspectsofbusinesscontinuity
management
15Compliance
AnnexA-Telecommunicationsextendedcontrolset
A.9Physicalandenvironmentalsecurity
A.10Communicationsandoperationsmanagement
A.11Accesscontrol
A.15Compliance
AnnexB-Additionalimplementationguidance
B.1Networksecuritymeasuresagainstcyberattacks
B.2Networksecuritymeasuresfornetworkcongestion
Bibliography Abstract
Provides guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; and implementation baseline of information security management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services.
