ISO/IEC 27011
ISO27k-aligned security awareness service

ISO/IEC 27011:2008 Information technology — Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 Status update March

Introduction

This ISMS implementation guide for the telecomms industry was developed jointly by ITU-T and ISO/IEC JTC1/SC 27, with the identical text being published as both ITU-T X.1051 and ISO/IEC 27011.

Scope and purpose

This standard:

    “Establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security controls in telecommunications organizations based on ISO/IEC 27002; [and]

    Provides an implementation baseline of information security controls within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities, services and information handled, processed or stored by the facilities and services.”

[Quoted from the FDIS of the new version in preparation.]

Status of the standard

The standard was first published in 2008.

The standard is currently being revised to reflect the 2013 versions of ISO/IEC 27001 and 27002.

ITU-T proposed extending ISO/IEC 27011 with two new parts, namely:

  • Security management Guidelines for Small and Medium-sized telecommunications organizations [X.sgsm]: a guide to the implementation of information security management based on X.1051 (ISO/IEC 27011);
  • Asset Management Guidelines [X.amg]: a guide to good asset management practices for telecoms organizations.

[Unless I missed them, those two do not appear to have made it into the FDIS of ISO/IEC 27011.]

In addition to minor variations/explanations of the core content of ISO/IEC 27002, there will be an ‘extended control set’ with additional advice for telecoms organizations on:

  • Access controls;
  • Physical and environmental security;
  • Communications security;  and
  • Compliance;

plus some further guidance on network security (covering “cyber attacks” and network congestion).

The revision is at FDIS stage. The title will become “Information security control guidelines based on ISO/IEC 27002 for telecommunications organizations”. It should be published during 2016.  Status update March

Copyright © 2016 IsecT Ltd.