Applied 

Information protection and information security international and Russian standards. Gost r - national standards of the Russian Federation in the field of information security Information security discipline Russian and international standards

Let's look at the most famous international standards in the field of information security.

ISO standard 17799 “Practical Rules for Information Security Management” considers the following aspects of information security:

Basic concepts and definitions;

Information security policy;

Organizational security issues;

Asset classification and management;

Safety issues related to personnel;

Physical and environmental protection;

Management of data transfer and operational activities;

Access control;

Systems development and maintenance;

Business continuity management;

Internal audit of the company's information security;

Compliance with legal requirements.

The standard occupies an important place in the system of standards ISO 15408"Common Criteria for Information Technology Security", known as "Common Criteria". The “General Criteria” classifies a wide range of information technology security requirements, defines their grouping structures and principles of use.

An important component of the standards system is infrastructure public keys PKI (Public Key Infrastructure). This infrastructure involves the deployment of a network of key certification authorities and the use digital certificates, satisfying X.509 recommendations

Russian information security standards

GOST R 50739-95. Computer facilities. Protection against unauthorized access to information. General technical requirements. Gosstandart of Russia

GOST R 50922-2006. Data protection. Basic terms and definitions. Gosstandart of Russia

GOST R 51188-98. Data protection. Tests software for availability computer viruses. Model manual. Gosstandart of Russia

GOST R 51275-2006. Data protection. Information object. Factors influencing information. General provisions. Gosstandart of Russia

GOST R 51583-2000. Data protection. The procedure for creating automated systems in a secure design. General provisions

GOST R 51624-2000. Data protection. Automated systems in a secure design. General requirements

GOST R 52069-2003. Data protection. System of standards. Basic provisions

GOST R 53131-2008 (ISO/IEC TO 24762-2008). Data protection. Recommendations for disaster recovery services for information and telecommunications technology security functions and mechanisms. General provisions

GOST R ISO 7498-1-99. Information technology. Relationship open systems. Basic reference model. Part 1. Basic model. Gosstandart of Russia

GOST R ISO 7498-2-99. Information technology. Interconnection of open systems. Basic reference model. Part 2. Information security architecture. Gosstandart of Russia

GOST R ISO/IEC 13335-1-2006. Information technology. Methods and means of ensuring security. Part 1. Concept and models of security management of information and telecommunication technologies

GOST R ISO/IEC TO 13335-3-2007. Information technology. Methods and means of ensuring security. Part 3. Information technology security management methods

GOST R ISO/IEC TO 13335-4-2007. Information technology. Methods and means of ensuring security. Part 4. Selection of protective measures

GOST R ISO/IEC TO 13335-5-2007. Information technology. Methods and means of ensuring security. Part 5: Network Security Management Guide

GOST R ISO/IEC 15408 -1-2008. Methods and means of ensuring security. Criteria for assessing information technology security. Part 1. Introduction and general model. Gosstandart of Russia

GOST R ISO/IEC 15408-2-2008. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 2. Functional safety requirements. Gosstandart of Russia

GOST R ISO/IEC 15408-3-2008. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 3. Security assurance requirements. Gosstandart of Russia

GOST R ISO/IEC TO 15443-1-2011. Information technology. Methods and means of ensuring security. Fundamentals of trust in IT security. Part 1: Overview and Basics

GOST R ISO/IEC TO 15443-2-2011. Information technology. Methods and means of ensuring security. Fundamentals of trust in IT security. Part 2. Trust Methods

GOST R ISO/IEC TO 15443-3-2011. Information technology. Methods and means of ensuring security. Fundamentals of trust in IT security. Part 3. Analysis of trust methods

GOST R ISO/IEC 17799- 2005. Information technology. Methods and means of ensuring security. Information Security Management Practices

GOST R ISO/IEC 18028-1-2008. Information technology. Methods and means of ensuring security. Network security of information technologies. Management network security

GOST R ISO/IEC TO 19791-2008. Information technology. Methods and means of ensuring security. Security assessment of automated systems

GOST R ISO/IEC 27001- 2006. Methods and means of ensuring security. Information security management systems. Requirements

GOST R ISO/IEC 27004-2011. Information technology. Methods and means of ensuring security. Information security management. Measurements

GOST R ISO/IEC 27005-2009. Information technology. Methods and means of ensuring security. Information Security Risk Management

GOST R ISO/IEC 27033-1-2011. Information technology. Methods and means of ensuring security. Network security. Part 1: Overview and Concepts

GOST 28147 -89 Information processing systems. Cryptographic protection. Cryptographic conversion algorithm.

GOST R 34.10 -2001 Information technology. Cryptographic protection information. Processes for generating and verifying electronic digital signature.

GOST R 34.11 -94 Information technology. Cryptographic information protection. Hash Functions.

Very important is the family of international standards for information security management of the ISO 27000 series (which, with some delay, are also adopted as Russian state standards). Separately, we note GOST/ISO 27001 (Information security management systems), GOST/ISO 27002 (17799) (Practical rules for information security management)

Firewall Technologies

Firewall (ME) - a complex of hardware or software that monitors and filters passing through it network packets in accordance with given rules. ME is also called firewall(German) Brandmauer) or firewall(English) firewall). ME allows you to divide the overall network into 2 parts and implement a set of rules that determine the conditions for the passage of data packets through the screen from one part of the network to another. Typically, the firewall is installed between the corporate (local) network and the Internet, protecting the enterprise’s internal network from attacks from global network, but can also protect the local network from threats from the corporate network.

The main purpose of a firewall is to protect computer networks or individual nodes from unauthorized access. Firewalls often called filters, since their main task is not to pass (filter) packets that do not meet the criteria defined in the configuration.

One of the most important problems and needs modern society is the protection of human rights in the conditions of involving him in the processes of information interaction, including the right to the protection of personal information in the processes automated processing information.

I. N. Malanych, 6th year student at VSU

The Institute for Personal Data Protection today is no longer a category that can be regulated only by national law. The most important feature of modern automated information systems is the “supranationality” of many of them, their “exit” beyond state borders, the development of publicly accessible world information networks, such as the Internet, the formation of a single information space within the framework of such international structures.

Today in the Russian Federation there is a problem not only of introducing into the legal field the institution of personal data protection within the framework of automated information processes, but also of correlating it with existing international legal standards in this area.

There are three main trends in the international legal regulation of the institution of personal data protection, which relates to the processes of automated information processing.

1) Declaration of the right to the protection of personal data, as an integral part of fundamental human rights, in acts of a general humanitarian nature adopted within international organizations.

2) Securing and regulating the right to protection personal information in regulatory acts of the European Union, the Council of Europe, partly the Commonwealth of Independent States and some regional international organizations. This class of norms is the most universal and directly concerns the rights to the protection of personal data in automated information processing processes.

3) Inclusion of rules on the protection of confidential information (including personal information) into international treaties.

The first method historically appeared earlier than the others. In the modern world, information rights and freedoms are an integral part of fundamental human rights.

The Universal Declaration of Human Rights of 1948 declares: “No one shall be subjected to arbitrary interference with his privacy or family, or to arbitrary attacks on ... the privacy of his correspondence” and further: “Everyone has the right to the protection of the law against such interference or attacks.” The International Covenant on Civil and Political Rights of 1966 repeats the declaration in this part. The 1950 European Convention details this right: “Everyone has the right to freedom of expression. This right includes freedom to hold opinions and to receive and impart information and ideas without interference from public authorities and regardless of frontiers.”

These international documents establish human information rights.

Currently, a stable system of views on human information rights has been formed at the international level. In general terms, this is the right to receive information, the right to privacy in terms of protecting information about it, the right to protect information both from the point of view of state security and from the point of view of business security, including financial activities.

The second method - more detailed regulation of the right to the protection of personal information is associated with the ever-increasing intensity of processing personal information in recent years using automated computer information systems. In recent decades, a number of international documents have been adopted within the framework of a number of international organizations that develop basic information rights in connection with the intensification of cross-border information exchange and the use of modern information technologies. Among such documents are the following:

The Council of Europe in 1980 developed the European Convention on the Protection individuals in matters relating to the automatic processing of personal data, which came into force in 1985. The Convention defines the procedure for collecting and processing personal data, the principles of storage and access to this data, and methods of physical protection of data. The Convention guarantees respect for human rights in the collection and processing of personal data, principles of storage and access to this data, methods of physical protection of data, and also prohibits the processing of data on race, political opinions, health, religion without appropriate legal grounds. Russia acceded to the European Convention in November 2001.

In the European Union, issues of personal data protection are regulated by a whole range of documents. In 1979, the European Parliament Resolution “On the protection of individual rights in connection with the progress of informatization” was adopted. The resolution invited the Council and the Commission of the European Communities to develop and adopt legal acts on the protection of personal data in connection with technical progress in the field of computer science. In 1980, the Recommendations of the Organization for Cooperation of Member States of the European Union “On guidelines for the protection of privacy in the interstate exchange of personal data” were adopted. Currently, issues of personal data protection are regulated in detail by directives of the European Parliament and the Council of the European Union. These are Directives No. 95/46/EC and No. 2002/58/EC of the European Parliament and of the Council of 24 October 1995 on the protection of the rights of individuals with regard to the processing of personal data and on the free movement of such data, Directive No. 97/66 /EC of the European Parliament and of the Council of the European Union of 15 December 1997 concerning the use of personal data and the protection of privacy in telecommunications and other documents.

The acts of the European Union are characterized by a detailed elaboration of the principles and criteria for automated data processing, the rights and obligations of subjects and holders of personal data, issues of their cross-border transfer, as well as liability and sanctions for damage. In accordance with Directive No. 95/46/EC, the European Union created Working group on the protection of individuals in relation to the processing of their personal data. It has the status of an advisory body and acts as an independent structure. The working group consists of a representative of the body established by each Member State for the purpose of supervising compliance on its territory with the provisions of the Directive, a representative of the body or bodies established for the Community institutions and structures, and a representative of the European Commission.

The Organization for Economic Cooperation and Development (OECD) has a Framework for the Protection of Privacy and the International Exchange of Personal Data, which was adopted on September 23, 1980. The preamble to this Directive states: “...OECD member countries have considered it necessary to develop Frameworks that could help harmonize national privacy laws and, while respecting relevant human rights, would not allow blocking of international data exchanges...”. These provisions apply in both the public and private sectors to personal data which, either due to the manner in which it is processed or due to its nature or the context in which it is used, poses a risk of violating privacy and individual freedoms. It defines the need to provide personal data with adequate protection mechanisms against risks associated with their loss, destruction, modification or disclosure, unauthorized access. Russia, unfortunately, does not participate in this organization.

Interparliamentary Assembly of the CIS Member States on October 16, 1999. The Model Law “On Personal Data” was adopted.

According to the law “Personal data” - information (recorded on a tangible medium) about specific person, which is identified or can be identified with it. Personal data includes biographical and identification data, personal characteristics, information about family, social status, education, profession, professional and financial status, health status, and others. The law also lists the principles of legal regulation of personal data, forms government regulation operations with personal data, rights and obligations of subjects and holders of personal data.

It seems that the considered second method of regulatory regulation of the protection of personal data in international legal acts is the most interesting for analysis. The norms of this class not only directly regulate public relations in this area, but also help bring the legislation of the member countries to international standards, thereby ensuring the effectiveness of these norms on their territory. Thus, the guarantee of information rights enshrined in the Universal Declaration of Human Rights is ensured in the sense of the “right to the protection of the law from ... interference or ... encroachment” declared in Article 12 of the latter.

The third way to consolidate the rules on the protection of personal data is to consolidate their legal protection in international treaties.

Articles on the exchange of information are included in international treaties on legal assistance, on the avoidance of double taxation, and on cooperation in certain public and cultural spheres.

According to Art. 25 of the Treaty between the Russian Federation and the United States for the avoidance of double taxation and the prevention of tax evasion with respect to taxes on income and capital, states are required to provide information that constitutes a professional secret. The Treaty between the Russian Federation and the Republic of India on Mutual Legal Assistance in Criminal Matters contains Article 15 “Confidentiality”: the requested party may require that the information transmitted be kept confidential. The practice of concluding international treaties shows the desire of contracting states to comply with international standards for the protection of personal data.

It seems that the most effective mechanism for regulating this institution at the international legal level is the publication of special regulatory documents within the framework of international organizations. This mechanism not only promotes appropriate internal regulation of the pressing issues of personal information protection within these organizations mentioned at the beginning of the article, but also has a beneficial effect on the national legislation of the participating countries.

ISO/IEC 27001- an international standard for information security, developed jointly by the International Organization for Standardization and the International Electrotechnical Commission. The standard contains requirements in the field of information security for the creation, development and maintenance of an Information Security Management System (ISMS).

Purpose of the standard. The ISO/IEC 27001 standard (ISO 27001) contains descriptions of the world's best practices in the field of information security management. ISO 27001 specifies requirements for an information security management system to demonstrate an organization's ability to protect its information assets. This standard has been prepared as a model for the development, implementation, operation, monitoring, analysis, support and improvement of an Information Security Management System (ISMS).

Purpose of the ISMS— selection of appropriate security controls designed to protect information assets and ensure the trust of interested parties.

Basic concepts. Information Security- maintaining confidentiality, integrity and availability of information; in addition, other properties may be included, such as authenticity, non-repudiation, and reliability.

Confidentiality - ensuring that information is accessible only to those who have the appropriate authority (authorized users).

Integrity - ensuring the accuracy and completeness of information, as well as methods for processing it.

Availability - ensuring access to information to authorized users when necessary (on demand).

The ISO 27001 standard provides:

· defining goals and understanding the direction and principles of activity regarding information security;

· determination of approaches to risk assessment and management in the organization;

· information security management in accordance with applicable laws and regulatory requirements;

· using a unified approach when creating, implementing, operating, monitoring, analyzing, supporting and improving the management system so that information security goals are achieved;

· defining the processes of the information security management system;

· determination of the status of information security measures;

· use of internal and external audits to determine the degree of compliance of the information security management system with the requirements of the standard;



· providing adequate information to partners and other interested parties about the information security policy.


Principles of legal regulation of relations in the field of information, information technologies and information protection according to the content of the Federal Law of the Russian Federation of July 27, 2006 No. 149-FZ “On information, information technologies and information protection.”

Legal regulation relations arising in the field of information, information technology and information protection are based on the following principles:

1) freedom to search, receive, transmit, produce and disseminate information in any legal way;

2) establishing restrictions on access to information only by federal laws;

3) openness of information about the activities of state bodies and local government bodies and free access to such information, except in cases established by federal laws;

4) equality of rights for the languages ​​of the peoples of the Russian Federation in the creation of information systems and their operation;

5) ensuring the security of the Russian Federation during the creation of information systems, their operation and protection of the information contained in them;

6) reliability of information and timeliness of its provision;

7) inviolability of private life, inadmissibility of collecting, storing, using and distributing information about the private life of a person without his consent;

8) the inadmissibility of establishing by regulatory legal acts any advantages of using some information technologies over others, unless the mandatory use of certain information technologies for the creation and operation of state information systems is established by federal laws.


National Security Strategy of the Russian Federation until 2020.” Structure, objectives, methods and ways for the state to implement its functions to ensure information security in the “Doctrine of Information Security of the Russian Federation”.



The National Security Strategy of the Russian Federation until 2020 is an officially recognized system of strategic priorities, goals and measures in the field of domestic and foreign policy that determine the state of national security and the level of sustainable development of the state in the long term.

The Doctrine of Information Security of the Russian Federation is a set of official views on the goals, objectives, principles and main directions of ensuring information security of the Russian Federation.

Components of the national interests of the Russian Federation in information sphere in doctrine:

1) Mandatory observance of constitutional human rights and freedoms in the field of obtaining information and using it.

2) Information support for the state policy of the Russian Federation (communicating to citizens of the Russian Federation and the international community about the state policy of the Russian Federation, the official position on significant events in Russia and in the world) with citizens’ access to open government resources.

3) Development of modern IT in the domestic industry (means of information, telecommunications and communications). Providing IT for the Russian domestic market and entering global markets.

4) Protection information resources from unauthorized access, ensuring the security of information and telecommunication systems.

Types of threats to the information security of the Russian Federation in the doctrine:

1. Threats aimed at constitutional human rights and freedoms in the field of information activities.

2. Threats information support state policy of the Russian Federation.

3. A threat to the development of modern IT in the domestic industry, as well as entry into the domestic and global markets.

4. Threats to the security of information and telecommunications facilities and systems.

Methods for ensuring information security of the Russian Federation in the doctrine:

Legal methods

Development of normative legal acts regulating relations in the IT field

Organizational and technical methods

Creation of the information security system of the Russian Federation and its improvement

Bringing to justice those who have committed crimes in this area

Creation of systems and means to prevent unauthorized access to processed information

Economic methods

Development of information security programs and their financing

Financing of work related to ensuring information security of the Russian Federation

International standards

  • BS 7799-1:2005 - British Standard BS 7799 first part. BS 7799 Part 1 - Code of Practice for Information Security Management describes the 127 controls required to build information security management systems(ISMS) of the organization, defined on the basis best examples world experience (best practices) in this area. This document serves practical guide on creating an ISMS
  • BS 7799-2:2005 - British Standard BS 7799 is the second part of the standard. BS 7799 Part 2 - Information Security management - specification for information security management systems defines the ISMS specification. The second part of the standard is used as criteria during the official certification procedure for the organization's ISMS.
  • BS 7799-3:2006 - British Standard BS 7799 third part of the standard. New standard in the field of information security risk management
  • ISO/IEC 17799:2005 - " Information Technology- Security technologies - Practical rules for information security management.” International standard based on BS 7799-1:2005.
  • ISO/IEC 27000 - Vocabulary and definitions.
  • ISO/IEC 27001:2005 - "Information technology - Security techniques - Information security management systems - Requirements." International standard based on BS 7799-2:2005.
  • ISO/IEC 27002 - Now: ISO/IEC 17799:2005. "Information technologies - Security technologies - Practical rules for information security management." Release date: 2007.
  • ISO/IEC 27005 - Now: BS 7799-3:2006 - Guidance on information security risk management.
  • German Information Security Agency. IT Baseline Protection Manual - Standard security safeguards.

State (national) standards of the Russian Federation

  • GOST R 50922-2006 - Information protection. Basic terms and definitions.
  • R 50.1.053-2005 - Information technologies. Basic terms and definitions in the field of technical information security.
  • GOST R 51188-98 - Information protection. Testing software for computer viruses. Model manual.
  • GOST R 51275-2006 - Information protection. Information object. Factors influencing information. General provisions.
  • GOST R ISO/IEC 15408-1-2008 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 1. Introduction and general model.
  • GOST R ISO/IEC 15408-2-2008 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 2. Functional safety requirements.
  • GOST R ISO/IEC 15408-3-2008 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 3. Security assurance requirements.
  • GOST R ISO/IEC 15408 - “General criteria for assessing the security of information technologies” - a standard that defines the tools and methodology for assessing security information products and systems; it contains a list of requirements against which the results of independent safety assessments can be compared - allowing the consumer to make decisions about the safety of products. Scope of application " General criteria» - protection of information from unauthorized access, modification or leakage, and other methods of protection implemented by hardware and software.
  • GOST R ISO/IEC 17799 - “Information technologies. Practical rules for information security management.” Direct application of the international standard with the addition of ISO/IEC 17799:2005.
  • GOST R ISO/IEC 27001 - “Information technologies. Security methods. Information security management system. Requirements". The direct application of the international standard is ISO/IEC 27001:2005.
  • GOST R 51898-2002: Safety aspects. Rules for inclusion in standards.

Guiding Documents

  • RD SVT. Protection against NSD. Security indicators from NSD to information - contains a description of security indicators of information systems and requirements for security classes.

see also

  • Undeclared capabilities

External links


Wikimedia Foundation. 2010.

See what “Information Security Standards” are in other dictionaries:

    Information security audit system process obtaining objective qualitative and quantitative assessments of the current state of the company’s information security in accordance with certain security criteria and indicators... ... Wikipedia

    GOST R 53114-2008: Information protection. Ensuring information security in the organization. Basic terms and definitions- Terminology GOST R 53114 2008: Information protection. Ensuring information security in the organization. Basic terms and definitions original document: 3.1.19 automated system in a protected design; Protected speaker:... ... Dictionary-reference book of terms of normative and technical documentation

    OCCUPATIONAL SAFETY STANDARDS- documents that, for the purpose of voluntary repeated use, establish product safety characteristics, rules for safe implementation and characteristics of production processes, operation, storage, transportation, sales... Russian encyclopedia of labor protection

    Contents 1 Defining a security policy 2 Assessment methods 3 ... Wikipedia

    National Security Agency/Central Security Service ... Wikipedia

    Audit Types of audit Internal audit External audit Tax audit Environmental audit Social audit Fire audit Due diligence Basic concepts Auditor Material ... Wikipedia

    State standards for products, works and services- State standards are developed for products, works and services that have intersectoral significance and should not contradict the legislation of the Russian Federation. State standards must contain: requirements for products, work... ... Vocabulary: accounting, taxes, business law

    Ministry of Emergency Situations of Ukraine (LGUBZhD, LDU BZD) ... Wikipedia

    It was classically believed that ensuring information security consists of three components: Confidentiality, Integrity, Availability. The points of application of the information security process to the information system are Hardware... Wikipedia

Books

  • Information security standards. Protection and processing of confidential documents. Training manual, Sychev Yuri Nikolaevich. It is impossible for specialists working in the field of information security to do without knowledge of international and national standards and guidance documents. The need to use...
  • International foundations and standards of information security of financial and economic systems. Study guide, Yulia Mikhailovna Beketnova. The publication is intended for undergraduate and graduate students studying Information Security, as well as researchers, teachers, graduate students,…

International standards

  • BS 7799-1:2005 - British Standard BS 7799 first part. BS 7799 Part 1 - Code of Practice for Information Security Management describes the 127 controls required to build information security management systems(ISMS) of the organization, determined on the basis of the best examples of global experience (best practices) in this area. This document serves as a practical guide to creating an ISMS
  • BS 7799-2:2005 - British Standard BS 7799 is the second part of the standard. BS 7799 Part 2 - Information Security management - specification for information security management systems defines the ISMS specification. The second part of the standard is used as criteria during the official certification procedure for the organization's ISMS.
  • BS 7799-3:2006 - British Standard BS 7799 third part of the standard. A new standard in information security risk management
  • ISO/IEC 17799:2005 - "Information technology - Security technologies - Information security management practice." International standard based on BS 7799-1:2005.
  • ISO/IEC 27000 - Vocabulary and definitions.
  • ISO/IEC 27001 - "Information technology - Security techniques - Information security management systems - Requirements." International standard based on BS 7799-2:2005.
  • ISO/IEC 27002 - Now: ISO/IEC 17799:2005. "Information technologies - Security technologies - Practical rules for information security management." Release date: 2007.
  • ISO/IEC 27005 - Now: BS 7799-3:2006 - Guidance on information security risk management.
  • German Information Security Agency. IT Baseline Protection Manual - Standard security safeguards.

State (national) standards of the Russian Federation

  • GOST R 50922-2006 - Information protection. Basic terms and definitions.
  • R 50.1.053-2005 - Information technologies. Basic terms and definitions in the field of technical information security.
  • GOST R 51188-98 - Information protection. Testing software for computer viruses. Model manual.
  • GOST R 51275-2006 - Information protection. Information object. Factors influencing information. General provisions.
  • GOST R ISO/IEC 15408-1-2012 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 1. Introduction and general model.
  • GOST R ISO/IEC 15408-2-2013 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 2. Functional safety requirements.
  • GOST R ISO/IEC 15408-3-2013 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 3. Security assurance requirements.
  • GOST R ISO/IEC 15408 - “General criteria for assessing the security of information technologies” - a standard that defines tools and methods for assessing the security of information products and systems; it contains a list of requirements against which the results of independent safety assessments can be compared - allowing the consumer to make decisions about the safety of products. The scope of the application of the “General Criteria” is the protection of information from unauthorized access, modification or leakage, and other methods of protection implemented by hardware and software.
  • GOST R ISO/IEC 17799 - “Information technologies. Practical rules for information security management.” Direct application of the international standard with the addition of ISO/IEC 17799:2005.
  • GOST R ISO/IEC 27001 - “Information technologies. Security methods. Information security management system. Requirements". The direct application of the international standard is ISO/IEC 27001:2005.
  • GOST R 51898-2002: Safety aspects. Rules for inclusion in standards.