Information technology — Process assessment — Process capability assessment model for information security management

ISO/IEC TS 33072:2016: - defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020; - provides guidance, by example, on the definition, selection and use of assessment indicators.

Technologies de l'information — Évaluation des procédés — Modèle d'évaluation de la capacité des procédés pour le management de la sécurité de l'information

General Information

Status
Published
Publication Date
06-Jul-2016
Current Stage
9093 - International Standard confirmed
Completion Date
10-May-2024
Ref Project

Buy Standard

Technical specification
ISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security management
English language
183 pages
sale 15% off
Preview
sale 15% off
Preview
Technical specification
ISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security management
English language
183 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/IEC TS
SPECIFICATION 33072
First edition
2016-06-01
Information technology — Process
assessment — Process capability
assessment model for information
security management
Technologies de l’information — Évaluation des procédés — Modèle
d’évaluation de la capacité des procédés pour le management de la
sécurité de l’information
PROOF/ÉPREUVE
Reference number
ISO/IEC TS 33072:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC TS 33072:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TS 33072:2016(E)
Contents Page
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Overview of the Process Assessment Model . 2
4.1 Introduction to Overview . 2
4.2 Structure of the Process Assessment Model . 3
4.2.1 Processes . 3
4.2.2 Process dimension . 4
4.2.3 Capability dimension . 4
4.3 Assessment Indicators . 6
4.3.1 Process Capability Indicators . 7
4.3.2 Process Performance Indicators . 8
4.4 Measuring process capability . 9
5 The process dimension and process performance indicators (Level 1) . 10
5.1 General . 10
5.2 ORG.1 Asset management . 11
5.3 TEC.01 Capacity management . 12
5.4 TEC.02 Change management . 13
5.5 COM.01 Communication management . 13
5.6 TEC.03 Configuration management . 14
5.7 COM.02 Documentation management . 15
5.8 ORG.2 Equipment management . 17
5.9 ORG.3 Human resource employment management . 18
5.10 COM.03 Human resource management .
...

TECHNICAL ISO/IEC TS
SPECIFICATION 33072
First edition
2016-07-15
Corrected version
2016-09-01
Information technology — Process
assessment — Process capability
assessment model for information
security management
Technologies de l’information — Évaluation des procédés — Modèle
d’évaluation de la capacité des procédés pour le management de la
sécurité de l’information
Reference number
ISO/IEC TS 33072:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC TS 33072:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TS 33072:2016(E)
Contents Page
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of the Process Assessment Model . 2
4.1 Introduction to Overview . 2
4.2 Structure of the Process Assessment Model . 3
4.2.1 Processes . 3
4.2.2 Process dimension . 4
4.2.3 Capability dimension . 4
4.3 Assessment Indicators . 6
4.3.1 Process Capability Indicators . 7
4.3.2 Process Performance Indicators . 8
4.4 Measuring process capability . 9
5 The process dimension and process performance indicators (Level 1) . 10
5.1 General . 10
5.2 ORG.1 Asset management . 11
5.3 TEC.01 Capacity management . 12
5.4 TEC.02 Change management . 13
5.5 COM.01 Communication management . 13
5.6 TEC.03 Configuration management . 14
5.7 COM.02 Documentation management . 15
5.8 ORG.2 Equipment management . 17
5.9 ORG.3 Human resource employment management . 18
5.10 COM.03 Human resource management .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.