Source: American National Standards Institute (ANSI)
The American National Standards Institute is pleased to announce the release of the new member of the ISO/IEC 27000 series, ISO/IEC TR 27008:2011 – Information Technology – Security Techniques – Guidelines for auditors on information security controls, which is now available from the ANSI standards store (webstore.ansi.org)
ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization’s established information security standards.
ISO/IEC TR 27008:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. It is not intended for management systems audits.