Security Standardization
|
|
- Stephen Shields
- 6 years ago
- Views:
Transcription
1 ISO-ITU ITU Cooperation on Security Standardization Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany 7th ETSI Security Workshop - Sophia Antipolis, January 2012
2 Agenda ISO/IEC JTC 1/SC 27 IT Security Techniques Scope, organization, work programme Recent achievements New projects Collaboration with ITU-T Modes of collaboration JTC 1 ITU-T collaboration on security standardization Conclusion Walter Fumy I 2
3 ISO/IEC JTC 1/SC 27 Scope The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as Information Security Management Systems (ISMS), security controls and services; Cryptographic mechanisms; Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the area of information security; Security evaluation criteria and methodology. Walter Fumy I 3
4 ISO/IEC JTC 1/SC 27 Structure ISO/IEC JTC 1/SC 27 IT Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia Working Group 1 Information security management systems Convener Mr. T. Humphreys Working Group 2 Cryptography and security mechanisms Convener Mr. T. Chikazawa Working Group 3 Security evaluation criteria Convener Mr. M. Bañón Working Group 4 Security controls and services Convener Mr. M.-C. Kang Working Group 5 Identity management and privacy technologies Convener Mr. K. Rannenberg Walter Fumy I 4
5 SC 27/WG 1 ISMS Family of Standards 27001: 2005 ISMS Requirements 27000: 2009 ISMS Overview and Vocabulary 27002: 2005 (pka 17799) Code of Practice 27003: 2010 ISMS Implementation Guidance 27004: 2009 Information Security Mgt Measurement 27005: 2011 Information Security Risk Management Supporting Guidelines 27006: 2011 Accreditation Requirements 27007: 2011 ISMS Auditing Guidelines TR 27008: 2011 ISMS Guide for auditors on ISMS controls Accreditation Requirements and Auditing Guidelines ISMS for inter-sector and inter- organisational communications 27011: 2008 ITU-T X.1051 Telecom Sector ISMS Requirements ITU-T X.1054 Governance of information security TR Information security mgt guidelines for financial services TR Information security mgt - Organizational economics Sector Specific Requirements and Guidelines Walter Fumy I 5
6 SC 27/WG 4 Security Controls and Services ICT Readiness for Business Continuity (IS 27031) Cybersecurity (FDIS 27032) Unknown or emerging g security issues Network Security (CD , WD /3/4) 2/3/4) Application Security (IS ) Security Info-Objects for Access Control (TR 15816) Known security issues Security of Outsourcing (27036) TTP Services Security (TR 14516; 15945) Time Stamping Services (TR 29149) Information security incident management (27035) ICT Disaster Recovery Services (24762) Identification, collection and/or acquisition, and preservation of digital evidence (NP) Security breaches and compromises Walter Fumy I 6
7 SC 27/WG 2 Cryptography and Security Mechanisms Entity Authentica tion (IS 9798) Key Mgt (IS 11770) Non- Repudiatio n (IS 13888) Cryptographic Protocols Time Stamping Services (IS 18014) Hash Functions (IS 10118) Message Authentica tion Codes (IS 9797) Check Character Systems (IS 7064) Message Authentication Cryptographic Techniques based on Elliptic Curves (IS 15946) Signatures giving Msg Recovery (IS 9796) Digital Signatures Signatures with Appendix (IS 14888) Biometric Template Protection (NP 24745) Authentica Modes of Encryption ted & Operation Modes Encryption of Operation (IS 19772) (IS 10116) Encryption (IS 18033) Random Prime Number Generation (IS 18032) Bit Parameter Generation Generation (IS 18031) Walter Fumy I 7
8 SC 27/WG 3 Security Evaluation Criteria Secure System Responsible Vulnerability Engineering Principles Disclosure and Techniques (NWIP) (WD 29147) Trusted Platform Module (IS 11889) SSE-CMM Security Requirements for (IS 21827) Cryptographic Modules A Framework for (IS 19790) IT Security Assurance Security Assessment of (TR 15443) Test Requirements for Operational Systems Cryptographic Modules (TR 19791) (IS 24759) IT Security Evaluation Criteria (CC) (IS 15408) Evaluation Methodology (CEM) (IS 18045) PP/ ST Protection Profile Guide Registration Procedures (TR 15446) (IS 15292) Verification of Cryptographic Protocols (IS 29128) Security Evaluation of Biometrics (IS 19792) Walter Fumy I 8
9 SC 27/WG 5 Identity Management & Privacy Technologies WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data. This includes: Frameworks & Architectures A framework for identity management (ISO/IEC 24760, IS/WD/WD) Privacy framework (ISO/IEC 29100, IS) Privacy reference architecture (ISO/IEC 29101, CD) Entity authentication assurance framework (ISO/IEC / ITU-T X.1254, DIS) A framework for access management (ISO/IEC 29146, WD) Protection o Concepts Biometric information protection (ISO/IEC 24745, IS) Requirements for partially anonymous, partially unlinkable authentication (ISO/IEC 29191, CD) Guidance on Context and Assessment Authentication context for biometrics (ISO/IEC 24761, 2009) Privacy capability assessment framework (ISO/IEC 29190, WD) Walter Fumy I 9
10 Recent Achievements between October 2010 and September International Standards and Technical Reports have been published 14 new projects have been approved (total number of projects: ~ 170) 4 additional P-members (total t 46) (total number of O-members: 17) 24 internal liaisons 29 external liaisons Walter Fumy I 10
11 Approved New Projects (I) ISO/IEC 17825: Testing methods for the mitigation of noninvasive attack classes against cryptographic modules ISO/IEC : Time-stamping services Part 4: Traceability of time sources ISO/IEC : Encryption algorithms Part 5: Identity-based mechanisms ISO/IEC : Anonymous entity authentication Part 3: Mechanisms based on blind signatures ISO/IEC 27017: Guidelines on information security controls for the use of cloud computing services based on ISO/IEC (as Technical Specification) Walter Fumy I 11
12 Approved New Projects (II) ISO/IEC 27036: Information security for supplier relationships Part 1: Overview and concepts Part 2: Common requirements Part 3: Guidelines for ICT supply chain security Part 4: Guidelines for security of outsourcing ISO/IEC 27041: Guidance on assuring suitability and adequacy of finvestigation i i methods ISO/IEC 27042: Guidelines for the analysis and interpretation of digital evidence ISO/IEC 27043: Investigation principles and processes ISO/IEC 30111: Vulnerability handling processes ISO/IEC 30104: Physical security attacks, mitigation techniques and security requirements Walter Fumy I 12
13 Participation & More Information Next SC 27 meetings May 7-15, 2012 Stockholm, Sweden (WGs and Plenary) Oct 22-26, 2012 Italy (WGs) Walter Fumy I 13
14 SC 27 Collaboration with ITU-T ITU-T SG17 and SC 27 collaborate on many projects in order to progress common or twin text documents and to publish common standards. These include ISO/IEC ITU T Title Type Remark TR X.842 Guidelines on the use and management of Trusted Third Party services Common X.841 Security information objects (SIOs) for access control Common X X X.1051 Specification of TTP Services to support the application of digital signatures Common 2002 IT network security 2006 Twin Part 2: Network security architecture 2003 Information security management guidelines for telecommunications organizations based on Common 2008 ISO/IEC X.1054 Governance of information security Common DIS X.1254 Entity authentication assurance framework Common DIS tbs X.bhsm Telebiometric authentication framework using biometric hardware security module Common NWIP Walter Fumy I 14
15 Example for Common Text Standard ISO/IEC 27011: 2008 = ITU T Recommendation X.1051: Information technology Security techniques Information security management guidelines for telecommunications organizations based on ISO/IEC Walter Fumy I 15
16 Guide for ITU-T and ISO/IEC JTC 1 cooperation ISO/IEC JTC 1 Standing Document 3 Annex A to Recommendation ITU-T TA23 A.23 Walter Fumy I 16
17 Modes of Collaboration Specific to collaboration of JTC 1 and ITU-T Desire: produce common or twin (technically aligned) texts JTC 1 and ITU-T keep their own processes, approvals are synchronized Two options for collaboration Interchange mode is used when the work is straightforward, non-controversial, and with sufficient common participation in the meetings of the two organizations For more complex situations a joint Collaborative Team may work better Walter Fumy I 17
18 Useful References Guide for ITU-T and ISO/IEC JTC 1 Cooperation i t/ /T A A List of common text and technically aligned Recommendations International Standards Mapping between ISO/IEC International Standards and ITU-T T Recommendations Relationships of SG 17 Questions with JTC 1 SCs categorized as joint work (collaboration) (level 1) technical cooperation via liaison (level 2) informational liaison (level 3) T/studygroups/com17/Pages/relationships.aspx / / ti Walter Fumy I 18
19 ISO/IEC JTC 1 Information Technology Security Related Sub-committees SC 6 Telecommunications and information exchange between systems SC 7 Software and systems engineering SC 17 Cards and personal identification SC 25 Interconnection of information technology equipment SC 27 IT Security techniques SC 29 Coding of audio, picture, multimedia and hypermedia information SC 31 Automatic identification and data capture techniques SC 32 Data management and interchange SC 36 Information technology for learning, education and training SC 37 Biometrics SC 38 Distributed application platforms and services (DAPS) Walter Fumy I 19
20 Relationships of SG 17 Questions with JTC 1 SCs (I) Question Title ISO, IEC Level Q.1/WP1 Telecommunications systems security project JTC 1/SC 27 2&3 Q.2/WP1 Security architecture and framework JTC 1/SC 27 1&2 Q.3/WP1 Telecommunication information security management JTC 1/SC 27 1&2 Q.4/WP1 Cybersecurity JTC1/SC27 2 ISO TC Q.5/WP1 Countering spam by technical means JTC 1/SC 27 2 Q.6/WP2 Q.7/WP2 Security aspects of ubiquitous telecommunication services Secure application services JTC 1/SC 6 1&2 JTC 1/SC 25 2 JTC 1/SC 27 2 JTC 1/SC 31 3 JTC 1/SC 6 JTC1/SC25 JTC 1/SC 27 JTC 1/SC Q.8/WP2 Service oriented architecture security JTC 1/SC 38 3 Q.9/WP2 Telebiometrics JTC 1/SC 17 JTC 1/SC 27 JTC 1/SC 37 ISO TC 12 IEC TC &2 2 2 IEC TC 25 2 Walter Fumy I 20
21 Relationships of SG 17 Questions with JTC 1 SCs (II) Question Title ISO, IEC Level Q.10/WP3 Identity management architecture and mechanisms JTC 1/SC 27 1&2 Q.11/WP3 Directory services, Directory systems, and public-key/attribute certificates JTC 1/SC 6 JTC 1/SC 27 JTC 1/SC Q.12/WP3 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration JTC 1/SC 6 JTC 1/SC 27 JTC 1/SC 31 JTC 1/SC 37 JTC 1/SC 38 ISO TC 215 IEC TC Q.13/WP3 Formal languages and telecommunication software JTC 1/SC 7 1 JTC 1/SC 22 1&3 Q.14/WP3 Testing languages, methodologies and framework JTC 1/SC 7 3 Q.15/WP3 Open Systems Interconnection (OSI) JTC 1/SC 6 1 Walter Fumy I 21
22 Further Examples for ISO-ITU Collaboration on Security Standardization ISO/IEC ITU T Title Type JTC 1 SC Remark X.800 TR X X.803 Open Systems Interconnection Basic Reference Model Part 2: Security Architecture Open Systems Interconnection Lower layers security model Open Systems Interconnection Upper layers security model... Twin SC Common SC Common SC X.1083 Biometrics BioAPI interworking protocol Common SC X.1311 Security framework kfor the ubiquitous it sensor network Common SC Walter Fumy I 22
23 Conclusion SG 17 is the ITU-T lead study group on security SC 27 is responsible for generic IT Security techniques Almost every security Question in ITU-T has some relation with the work programme of SC 27 ISO-ITU cooperation on security standardization affects many JTC 1 SCs Additional new work items where cooperation/collaboration is needed are continually being identified Walter Fumy I 23
24 Thank You!
ISO/IEC JTC 1/SC 27 N7769
ISO/IEC JTC 1/SC 27 N7769 REPLACES: N ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany DOC TYPE: officer's contribution TITLE: SC 27 Presentation to ITU-T Workshop
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationISO/IEC ISO/IEC
ISO/IEC 27000 2010 6 3 1. ISO/IEC 27000 ISO/IEC 27000 ISMS ISO IEC ISO/IEC JTC1 SC 27 ISO/IEC 27001 ISO/IEC 27000 ISO/IEC 27001 ISMS requirements ISO/IEC 27000 ISMS overview and vocabulary ISO/IEC 27002
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationSC27 WG4 Mission. Security controls and services
copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial
More informationRecent Developments in ISO Security Standardization
Recent Developments in ISO Security Standardization Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH 20-Jan-10/BPC Copyright 2010 Bundesdruckerei GmbH. All rights reserved.
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 27017 First edition 2015-12-15 Information technology Security techniques Code of practice for information security
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Second edition 2012-12-01 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l'information Techniques
More informationReport on ISO/IEC/JTC1/SC27 Activities in Digital Identities
International Telecommunication Union ITU-T Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities Dick Brackney ISO/SC27 Liaison Officer to ITU-T SG17 Standards Program Manager, U.S. Dept of Defense
More informationISO/IEC JTC 1 Study Group on Smart Cities
ANSI WORKSHOP ISO/IEC JTC 1 Study Group on Smart Cities Presented by Alex Tarpinian Senior Manager, IBM ANSI WORKSHOP: Smart and Sustainable Cities November 21, 2013 1 Overview ISO/IEC JTC 1 Study Group
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 15945 First edition 2002-02-01 Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de l'information
More informationITU-T SG 17 Achievements in ICT Security Standardization
ITU-T SG 17 Achievements in ICT Security Standardization Arkadiy Kremer (Chairman, ITU-T Study Group 17) kremer@rans.ru 6th ETSI SECURITY WORKSHOP, 19.01.2011 1/15 Topics ITU Plenipotentiary Conference
More informationInformation Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community
Information Security Management Systems Standards ISO/IEC 27001 Global Opportunity for the Business Community Prof. Edward (Ted) Humphreys IPA Global Symposium 2013 23 rd May 2013, Tokyo, Japan CyberSecurity
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
This is a preview - click here to buy the full publication TECHNICAL REPORT ISO/IEC TR 14516 First edition 2002-06-15 Information technology Security techniques Guidelines for the use and management of
More informationInternational Standardisation on IT Security
International Standardisation on IT Security Dr. Marijke De Soete Security4Biz Vice Chair ISO/IEC JTC 1/SC 27 IT Security Techniques Course Secure Application Development Faculty Club Leuven March 7 th
More informationWork and Projects in ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy technologies
Work and Projects in ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy technologies 30th Plenary meeting of the Consultative Committee of the Convention for the Protection of Individuals with Regard
More informationNSAI s ICT standardization participation and consultation system and operation as ETSI/NSO. Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC
NSAI s ICT standardization participation and consultation system and operation as ETSI/NSO Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC Telecommunication standards a key component for business development
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationISO/IEC JTC 1 N 13538
ISO/IEC JTC 1 N 13538 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Business Plan Title: SC 41 Business Plan and Dashboard 2017 Status: This document is circulated
More informationInformation technology Security techniques Telebiometric authentication framework using biometric hardware security module
INTERNATIONAL STANDARD ISO/IEC 17922 First edition 2017-09 Information technology Security techniques Telebiometric authentication framework using biometric hardware security module Technologies de l information
More informationJTC 1 SC 37 Biometrics International Standards
JTC 1 SC 37 Biometrics International Standards Dr. Stephen Elliott Biometrics Standards, Performance, and Assurance Laboratory Purdue University www.bspalabs.org Overview Market Opportunities for Biometric
More informationInformation Systems Security Management: A Review and a Classification of the ISO Standards
Information Systems Security Management: A Review and a Classification of the ISO Standards Aggeliki Tsohou, Spyros Kokolakis, Costas Lambrinoudakis, Stefanos Gritzalis Dept. of Information and Communication
More informationInternational standardization activities in SC 27 regarding Security Assurance and Evaluation
International standardization activities in SC 27 regarding Security Assurance and Evaluation ICCC September 2005 Mats Ohlin ISO/IEC JTC 1/SC 27/WG 3 Convener Swedish Defence Materiel Administration Organization
More informationTITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in Lillehammer, Norway
ISO/IEC JTC 1 Information Technology ISO/IEC JTC 1 N 13251 DATE: 2016-10-21 Replaces: N13093 DOC TYPE: Meeting Agenda TITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 27011 Second edition 2016-12-01 Information technology Security techniques Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications
More informationIntroducing the JTC 1 Strategic Advisory Committee. October 2013
Introducing the JTC 1 Strategic Advisory Committee October 2013 Background JTC 1 Joint Technical Committee 1 (JTC 1) is an internationally recognised Standards developer for Information, Communications
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27011 First edition 2008-12-15 Information technology Security techniques Information security management guidelines for telecommunications organizations based on ISO/IEC
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More information_isms_27001_fnd_en_sample_set01_v2, Group A
1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001
More informationISO/IEC JTC 1 N 13127
ISO/IEC JTC 1 N 13127 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN for JTC1/SC6, Telecommunications and Information Exchange
More informationSMART ICT STANDARDS ANALYSIS
Bienvenue SMART ICT STANDARDS ANALYSIS Journée Mondiale de la Normalisation 2017 13 octobre 2017 Nicolas Domenjoud Chargé de Mission Normalisation et TIC ANEC GIE TABLE OF CONTENT I Context and objectives
More informationISO/IEC Information technology Common Biometric Exchange Formats Framework Security block format specifications
INTERNATIONAL STANDARD ISO/IEC 19785-4 First edition 2010-08-15 Information technology Common Biometric Exchange Formats Framework Part 4: Security block format specifications Technologies de l'information
More informationISO/IEC JTC 1/SC 22 N Replaces
ISO/IEC JTC /SC N 0 00-0- Replaces ISO/IEC JTC /SC Programming Languages Document Type: Working Draft Document Title: Document Source: Text for ISO/IEC WD 0 Information technology Security techniques Application
More informationIntroduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing. Junfeng ZHAO
Introduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing Junfeng ZHAO 2011.3.23 Agenda Introduction of ISO/IEC JTC1 /SC 38 Introduction of ISO/IEC JTC1 /SC 38 SG1 Introduction of On-going
More informationInformation technology Security techniques Requirements for bodies providing audit and certification of information security management systems
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 27006 Third edition 2015-10-01 Information technology Security techniques Requirements for bodies providing audit and certification of information
More informationISO/IEC JTC1/SC7 /N3040
ISO/IEC JTC1/SC7 Software and Systems Engineering Secretariat: CANADA (SCC) ISO/IEC JTC1/SC7 /N3040 2004-05-12 Document Type Title Source Report ISO/IEC JTC 1/SC7 WG9 Report to the Brisbane Plenary AG
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Fifth edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationISO/IEC JTC 1/SWG 5 N 11
ISO/IEC JTC 1/SWG 5 N 11 ISO/IEC JTC 1/SWG 5 Internet of Things (IoT) Secretariat: KATS (Korea, Republic of) Document type: Title: Status: Contributions An Overview of ISO/IEC JTC 1/WG 7: Information Technology
More informationNetworks - Technical specifications of the current networks features used vs. those available in new networks.
APPENDIX V TECHNICAL EVALUATION GUIDELINES Where applicable, the following guidelines will be applied in evaluating the system proposed by a service provider: TABLE 1: HIGH LEVEL COMPONENTS Description
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationISO/IEC INTERNATIONAL STANDARD. Information technology JPEG 2000 image coding system: Motion JPEG 2000
INTERNATIONAL STANDARD ISO/IEC 15444-3 Second edition 2007-05-01 Information technology JPEG 2000 image coding system: Motion JPEG 2000 Technologies de l'information Système de codage d'image JPEG 2000:
More informationISO/IEC JTC 1/SC 27 N17XXX ISO/IEC JTC 1/SC 27/WG 1 N9XX
ISO/IEC JTC 1/SC 27/WG 1 N9XX ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany Replaces: DOC TYPE:, CRM Resolutions and Acclamations TITLE: Recommendations of
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 7816-15 Second edition 2016-05-15 Identification cards Integrated circuit cards Part 15: Cryptographic information application Cartes d identification Cartes à circuit intégré
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits September 2016 Copyright
More informationTWELVEDOT SECURITY DESIGN.BUILD.SECURE
TWELVEDOT SECURITY DESIGN.BUILD.SECURE 1 AGENDA About Us The Threat Landscape IoT Standards Using an ISMS Approach Testing and Evaluation Privacy Considerations 2 ABOUT US - YOW based company - Global
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Fourth edition 2001-08-01 Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks Technologies de l'information
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Entity authentication assurance framework
INTERNATIONAL STANDARD ISO/IEC 29115 First edition 2013-04-01 Information technology Security techniques Entity authentication assurance framework Technologies de l'information Techniques de sécurité Cadre
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27039 First edition 2015-02-15 Corrected version 2016-05-01 Information technology Security techniques Selection, deployment and operations of intrusion detection and prevention
More informationBRUCON BISI Norm track
BRUCON BISI Norm track General information Objectives Actual situation Ir. Alain De Greve, MCA, CISA 1 Personal presentation Agronomist (ULB-Brussels) Information Technology since 1986 (MF, DBA, Unix,
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27006 Second edition 2011-12-01 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Open Systems Interconnection The Directory: Procedures for distributed operation
INTERNATIONAL STANDARD ISO/IEC 9594-4 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Procedures for distributed operation Technologies de l'information Interconnexion
More informationMark Hofman SANS Institute/Shearwater Solutions
Risk and Compliance Mark Hofman SANS Institute/Shearwater Solutions 06 November 2012 The risks we face Agenda How are we compromised o The standards we face Why do they fail? How can they work? What else
More informationCyber Security Standards Developments
INTERNATIONAL ELECTROTECHNICAL COMMISSION Cyber Security Standards Developments Bart de Wijs Head of Cyber Security Power Grids Division ABB b.v. Frédéric Buchi Sales&Consulting Cyber Security Siemens
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationInformation technology Security techniques Sector-specific application of ISO/IEC Requirements
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 27009 First edition 2016-06-15 Information technology Security techniques Sector-specific application of ISO/IEC 27001 Requirements Technologies
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 86-1 Second edition 94-l 2-15 Information technology - Open Document Architecture (ODA) and Interchange Format: Introduction and general principles Technologies de I informa
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 90003 First edition 2004-02-15 Software engineering Guidelines for the application of ISO 9001:2000 to computer software Ingénierie du logiciel Lignes directrices pour l'application
More informationSERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1159 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2014) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY
More informationInternet of Things Security standards
Internet of Things Security standards Vangelis Gazis (vangelis.gazis@huawei.com) Chief Architect Security Internet of Things (IoT) Security Solution Planning & Architecture Design (SPD) Security standards
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Abstract Syntax Notation One (ASN.1): Information object specification
INTERNATIONAL STANDARD ISO/IEC 8824-2 Fifth edition 2015-11-15 Information technology Abstract Syntax Notation One (ASN.1): Information object specification Technologies de l'information Notation de syntaxe
More informationInformation technology Security techniques Code of practice for personally identifiable information protection
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationInformation technology Security techniques Blind digital signatures. Part 1: General
INTERNATIONAL STANDARD ISO/IEC 18370-1 First edition 2016-11-15 Information technology Security techniques Blind digital signatures Part 1: General Technologie de l information Techniques de sécurité Signatures
More informationInformation technology Security techniques Cryptographic algorithms and security mechanisms conformance testing
INTERNATIONAL STANDARD ISO/IEC 18367 First edition 2016-12-15 Information technology Security techniques Cryptographic algorithms and security mechanisms conformance testing Technologie de l information
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.
INTERNATIONAL STANDARD ISO/IEC 8824-4 Fifth edition 2015-11-15 Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications Technologies de l'information Notation
More informationISO/IEC Information technology Open Systems Interconnection The Directory. Part 9: Replication
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 9594-9 Seventh edition 2017-05 Information technology Open Systems Interconnection The Directory Part 9: Replication
More informationSynergies of the Common Criteria with Other Standards
Synergies of the Common Criteria with Other Standards Mark Gauvreau EWA-Canada 26 September 2007 Presenter: Mark Gauvreau (mgauvreau@ewa-canada.com) Overview Purpose Acknowledgements Security Standards
More informationFrequently Asked Questions
December 2001 Introduction International Standard ISO/IEC 17799:2000 Information Security Management, Code of Practice for Information Security Management Frequently Asked Questions The National Institute
More informationElectronic Commerce Working Group report
RESTRICTED CEFACT/ECAWG/97N012 4 December 1997 Electronic Commerce Ad hoc Working Group (ECAWG) Electronic Commerce Working Group report SOURCE: 10 th ICT Standards Board, Sophia Antipolis, 4 th November
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationISO & ISO & ISO Cloud Documentation Toolkit
ISO & ISO 27017 & ISO 27018 Cloud ation Toolkit Note: The documentation should preferably be implemented order in which it is listed here. The order of implementation of documentation related to Annex
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance
INTERNATIONAL STANDARD ISO/IEC 27003 First edition 2010-02-01 Information technology Security techniques Information security management system implementation guidance Technologies de l'information Techniques
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationETSI TC MTS, SECURITY SIG IN MTS (METHODS FOR TESTING AND SPECIFICATION) Jürgen Großmann, Fraunhofer FOKUS
ETSI TC MTS, SECURITY SIG IN MTS (METHODS FOR TESTING AND SPECIFICATION) Jürgen Großmann, Fraunhofer FOKUS juergen.grossmann@fokus.fraunhofer.de MTS SECURITY SIG Security testing at a glance Assemble security
More informationPart 7: Selected object classes
INTERNATIONAL STANDARD ISO/IEC 9594-7 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 7: Selected object classes Technologies de l information Interconnexion
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Open distributed processing Reference model: Architecture
INTERNATIONAL STANDARD ISO/IEC 10746-3 Second edition 2009-12-15 Information technology Open distributed processing Reference model: Architecture Technologies de l'information Traitement réparti ouvert
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques A framework for IT security assurance Part 2: Assurance methods
TECHNICAL REPORT ISO/IEC TR 15443-2 First edition 2005-09-01 Information technology Security techniques A framework for IT security assurance Part 2: Assurance methods Technologies de l'information Techniques
More informationKey Security Issues for implementation of Digital Currency, including ITU-T SG17 activities
ITU Workshop on FG DFC Workshop on Standards for Digital Fiat Currency (DFC) () Key Issues for implementation of Digital Currency, including ITU-T SG17 activities Heung Youl Youm, PhD. Chairman of ITU-T
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 13335-1 First edition 2004-11-15 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for
More informationISO/IEC Information technology Radio frequency identification (RFID) for item management: Data protocol Application interface
STANDARD ISO/IEC 15961-1 First edition 2013-03-15 Information technology Radio frequency identification (RFID) for item management: Data protocol Part 1: Application interface Technologies de l'information
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Message Handling Systems (MHS): MHS routing
INTERNATIONAL STANDARD ISO/IEC 10021-10 Second edition 1999-12-15 Information technology Message Handling Systems (MHS): MHS routing Technologies de l'information Systèmes de messagerie (MHS): Routage
More informationSPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)
BELAC 2-405-ISMS R0 2017 SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001) The only valid versions of the documents
More informationITU-T Standardization on Countering Spam
Joint Internet Society, CITEL and ITU Workshop on Combating SPAM (Mendoza, Argentina, 7 October 2013) ITU-T Standardization on Countering Spam Sergio Scarabino Area Representative sergio.scarabino@itu.int
More informationISO/IEC JTC1/SC7 /N4314
ISO/IEC JTC1/SC7 Software and Systems Engineering Secretariat: CANADA (SCC) ISO/IEC JTC1/SC7 /N4314 Document Type Liaison Presentation 2009-06-15 Title Source Presentation IEEE-CS Liaison Report to the
More informationB C ISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 13335-3 First edition 1998-06-15 Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security Technologies de l'information
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 9594-8 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 8: frameworks
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 9834-8 Second edition 2008-12-15 Information technology Open Systems Interconnection Procedures for the operation
More informationIAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)
IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001) (IAF MD 13:2015) Issue 1 IAF MD - Knowledge Requirements for Accreditation
More informationISO/IEC JTC 1 N 11737
ISO/IEC JTC 1 N 11737 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Business Plan Title: JTC 1 SC 39 Business Plan for the period November 2012 - November 2013 Status:
More informationETSI ISG ISI Information Security Indicators
ETSI ISG ISI Information Security Indicators Updates on ISI standardization results Paolo De Lutiis (Telecom Italia Information Technology) 9th ETSI Security Workshop ETSI 2014. All rights reserved Cyber
More informationB C ISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 15773 First edition 1998-07-15 Information technology Telecommunications and information exchange between systems Broadband Private Integrated Services Network Inter-exchange
More information