ETSI TC MTS, SECURITY SIG IN MTS (METHODS FOR TESTING AND SPECIFICATION) Jürgen Großmann, Fraunhofer FOKUS
|
|
- Lynne Francine Fields
- 6 years ago
- Views:
Transcription
1 ETSI TC MTS, SECURITY SIG IN MTS (METHODS FOR TESTING AND SPECIFICATION) Jürgen Großmann, Fraunhofer FOKUS
2 MTS SECURITY SIG Security testing at a glance Assemble security testing experiences from multiple domains Integrate recent research results from relevant research projects Preparatory work for European standards in security testing Sustainable provision of advanced security test technologies to European industry Main topics: Advanced model-based security testing methods Risk-based security testing methods Security assurance life cycle 2
3 MTS SECURITY SIG Work Items Case Studies:To assemble case study experiencesrelated to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication Security Assurance Life Cycle: Guidance to the application system designers in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the systems's security measures. EG Security Assurance Lifecycle TR Terminology TR Case Studies Terminology:To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testingin order to have a common understanding in MTS and related committees. EG Risk-based Security Testing Risk-based Security Testing: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees.
4 TR : SECURITY TESTING CASE STUDIES Risk-based security testing Different domains Different vulnerabilities Different approaches Common evaluation Automotive (head unit) Radio protocols (ad-hoc networks) E-health (patient monitoring) Banking (banknote processing, share-based payment) ITEA DIAMONDS: Development and Industrial Application of Multi-Domain-Security Testing Technologies SPaCIoS: Secure Provision and Consumption in the Internet of Services 4
5 TR : SECURITY TESTING CASE STUDIES EXAMPLE: Risk-based security testing CORAS Risk Analysis Behavioural Fuzzing Data Fuzzing with TTCN-3 Risk Analysis Security Test Test Code Test Pattern Generation (CORAS) Generation Identification (TTCN-3) Test Execution Pattern name Context Problem/Goal Solution Usage of Unusual Behavior Sequences Test pattern kind: Behavior Testing Approach(es): Prevention Security of information systems is ensured in many cases by a strict and clear definition of what constitutes valid behavior sequences from the security perspective on those systems. For example Test procedure template: Known uses Model-based behavioural fuzzing of sequence diagrams is an application of this pattern Security Test Pattern Catalogue
6 EG : Risk-based Security Testing Test-based risk assessment Risk Assessment Step1: Establish Objective and Context Step3: Risk Identification Step4: Risk Estimation Step5: Risk Evaluation Step7: Risk Validation and Treatment Step2: Testing Process Step6: Testing Process Step 1: Establish Objective and Context Step 2: Testing Process: using testing for identifying/discovering threat test scenarios or areas or vulnerabilities where the risk assessment should be focused. Step 3: Risk Identification Step 4: Risk Estimation Step 5: Risk Evaluation Step 6: Testing Process: using testing to validate the correctness of the risk model. Step 7: Risk Validation and Treatment 6
7 EG : Risk-based Security Testing Risk-based testing Testing Process Step1: Test Planning Step3: Test Design & Implementation Step4: Test Environment Setup & Maintenance Step6: Test Execution Step2: Risk assessment Step5: Risk assessment Step 1: Test Planning Step 2: Risk Assessment: using risk assessment to identify and prioritize test procedures that will be used as a starting point for test design. Step 3: Test Design and Implementation Step 4: Test Environment Set-up and Maintenance Step 5: Risk Assessment: using risk assessment to prioritize the test cases which should be executed. Step 6: Test Execution Step7: Test Incident Reporting 7
8 EG : Security Assurance Lifecycle 8
9 TR : SECURITY TESTING TERMINOLOGY To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. Introduction to security testing Penetration testing Verification of security functions Resilience and robustness testing Risk-based security testing
10 Summary & Outlook Document timeline: TR (Case Studies) approved in 2014 Terminology to be approved in 2014 EG (Security Assurance Lifecycle) and EG (Risk-based Security Testing) to be approved in 2015 ETSI ISI/MTS liaisons to ISO/IEC JTC1 SC27 WG4/WG3 have been confirmed by the SC27, Oct. 28, 2013, Songdo Korea: Liaison Officer nominated by JTC1 SC27: Jan demeer (DIN NIA27) SC27 IT ST PoW: Economics of Information Security and Privacy Security Evaluation, Testing, Processes, Methods and Specification Certification and Auditing Requirements and Methods SC27 WG3: IT ST Security Evaluation Criteria, Convenor M. Banon SC27 WG4: IT ST Security Controls and Services, Convenor J. Amsenga 10
Security Testing Improvement Profile (STIP) An evaluation scheme for security testing
Security Testing Improvement Profile (STIP) An evaluation scheme for security testing SASSI13 Security Assessment for Systems, Services and Infrastructures September 2013 at the Technical University (TU)
More informationDevelopment and Industrial Application of Multi-Domain Security Testing Technologies
Development and Industrial Application of Multi-Domain Security Testing Technologies Case Study Experience Sheet Banking Case Study from Giesecke & Devrient Case study characterization Banknote processing
More informationCase Study Experiences from the DIAMONDS Project 8 th ETSI Security Conference January, Sophia Antipolis - France
Case Study Experiences from the DIAMONDS Project 8 th ETSI Security Conference 16. -17. January, Sophia Antipolis - France Ina Schieferdecker www.itea2-diamonds.org DIAMONDS Project In six countries Project
More informationSecurity Standardization
ISO-ITU ITU Cooperation on Security Standardization Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany 7th ETSI Security Workshop - Sophia Antipolis, January 2012
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationISO/IEC JTC 1/SC 27 N7769
ISO/IEC JTC 1/SC 27 N7769 REPLACES: N ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany DOC TYPE: officer's contribution TITLE: SC 27 Presentation to ITU-T Workshop
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationSecurity Testing: Terminology, Concepts, Lifecycle
Security Testing: Terminology, Concepts, Lifecycle Ari Takanen, CTO, Codenomicon Ltd. Ian Bryant, Technical Director, UK TSI 1 About the Speakers Ari Takanen Researcher/Teacher 1998-2002 @University of
More informationB C ISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 13335-3 First edition 1998-06-15 Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security Technologies de l'information
More informationISO/IEC JTC 1 Study Group on Smart Cities
ANSI WORKSHOP ISO/IEC JTC 1 Study Group on Smart Cities Presented by Alex Tarpinian Senior Manager, IBM ANSI WORKSHOP: Smart and Sustainable Cities November 21, 2013 1 Overview ISO/IEC JTC 1 Study Group
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationINTEGRATING SECURITY TESTING, RISK ASSESSMENT AND COMPLIANCE ASSESSMENT
INTEGRATING SECURITY TESTING, RISK ASSESSMENT AND COMPLIANCE ASSESSMENT Matthias Heyde / Fraunhofer FOKUS TAROT Summer School, Paris 2016 Jürgen Großmann, Fraunhofer FOKUS The results presented here have
More informationIntroduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing. Junfeng ZHAO
Introduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing Junfeng ZHAO 2011.3.23 Agenda Introduction of ISO/IEC JTC1 /SC 38 Introduction of ISO/IEC JTC1 /SC 38 SG1 Introduction of On-going
More informationReport on ISO/IEC/JTC1/SC27 Activities in Digital Identities
International Telecommunication Union ITU-T Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities Dick Brackney ISO/SC27 Liaison Officer to ITU-T SG17 Standards Program Manager, U.S. Dept of Defense
More informationInformation technology Security techniques Code of practice for personally identifiable information protection
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationSýnishorn ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationISO/IEC ISO/IEC
ISO/IEC 27000 2010 6 3 1. ISO/IEC 27000 ISO/IEC 27000 ISMS ISO IEC ISO/IEC JTC1 SC 27 ISO/IEC 27001 ISO/IEC 27000 ISO/IEC 27001 ISMS requirements ISO/IEC 27000 ISMS overview and vocabulary ISO/IEC 27002
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationInformation technology Service management. Part 11: Guidance on the relationship between ISO/IEC :2011 and service management frameworks: ITIL
Provläsningsexemplar / Preview TECHNICAL REPORT ISO/IEC TR 20000-11 First edition 2015-12-15 Information technology Service management Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011
More informationInternet of Things Security standards
Internet of Things Security standards Vangelis Gazis (vangelis.gazis@huawei.com) Chief Architect Security Internet of Things (IoT) Security Solution Planning & Architecture Design (SPD) Security standards
More informationSC27 WG4 Mission. Security controls and services
copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Second edition 2012-12-01 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l'information Techniques
More informationInformation technology Security techniques Telebiometric authentication framework using biometric hardware security module
INTERNATIONAL STANDARD ISO/IEC 17922 First edition 2017-09 Information technology Security techniques Telebiometric authentication framework using biometric hardware security module Technologies de l information
More informationWork and Projects in ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy technologies
Work and Projects in ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy technologies 30th Plenary meeting of the Consultative Committee of the Convention for the Protection of Individuals with Regard
More informationModule 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan
Module 6: Network and Information Security and Privacy Session 3: Information Security Methodology Presenter: Freddy Tan Learning Objectives Understanding the administrative, physical, and technical aspects
More informationTITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in Lillehammer, Norway
ISO/IEC JTC 1 Information Technology ISO/IEC JTC 1 N 13251 DATE: 2016-10-21 Replaces: N13093 DOC TYPE: Meeting Agenda TITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 27017 First edition 2015-12-15 Information technology Security techniques Code of practice for information security
More informationAustralian/New Zealand Standard
AS/NZS ISO/IEC 27005:2012 Australian/New Zealand Standard Information technology Security techniques Information security risk management (ISO/IEC 27005:2011, MOD) This Joint Australian/New Zealand Standard
More informationContinual Improvement of Data Centre Energy Performance
Continual Improvement of Data Centre Energy Performance Solutions for maintaining ISO 50001 certification Mike Gilmore, e-ready Building Limited Mike Gilmore Standards Activities Member - JTC1 SC25 WG3
More informationIAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)
IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001) (IAF MD 13:2015) Issue 1 IAF MD - Knowledge Requirements for Accreditation
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationBudapest, October 2016 FUZZ TESTING ITS. Presented by Jürgen Großmann and Dorian Knoblauch. All rights reserved
Budapest, 26-28 October 2016 FUZZ TESTING ITS Presented by Jürgen Großmann and Dorian Knoblauch All rights reserved OVERVIEW AND GENERAL CONSIDERATIONS Why should Fuzz Testing be applied to ITS? All rights
More informationNSAI s ICT standardization participation and consultation system and operation as ETSI/NSO. Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC
NSAI s ICT standardization participation and consultation system and operation as ETSI/NSO Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC Telecommunication standards a key component for business development
More informationUnited States Government Cloud Standards Perspectives
United States Government Cloud Standards Perspectives in the context of the NIST initiative to collaboratively build a USG Cloud Computing Technology Roadmap NIST Mission: To promote U.S. innovation and
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationModel-based Behavioural Fuzzing. Martin Schneider (Fraunhofer FOKUS)
Model-based Behavioural Fuzzing Martin Schneider (Fraunhofer FOKUS) Outline Introduction to fuzzing Behavioural fuzzing of UML sequence diagrams Test case selection by augmenting the model Conclusions
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 25064 First edition 2013-09-01 Systems and software engineering Software product Quality Requirements and Evaluation (SQuaRE) Common Industry Format (CIF) for usability:
More informationInformation technology Service management. Part 10: Concepts and vocabulary
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 20000-10 First edition 2018-09 Information technology Service management Part 10: Concepts and vocabulary Technologies de l'information Gestion
More informationThis document is a preview generated by EVS
TECHNICAL REPORT ISO/IEC TR 20000-12 First edition 2016-10-01 Information technology Service management Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks:
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 90003 First edition 2004-02-15 Software engineering Guidelines for the application of ISO 9001:2000 to computer software Ingénierie du logiciel Lignes directrices pour l'application
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services
TECHNICAL REPORT ISO/IEC TR 27015 First edition 2012-12-01 Information technology Security techniques Information security management guidelines for financial services Technologies de l'information Techniques
More informationEA-7/05 - EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits
Publication Reference EA-7/05 EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits PURPOSE This document has been prepared by a task force under the direction of the European Cooperation
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationISO/IEC/ IEEE Systems and software engineering Content of life-cycle information items (documentation)
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC/ IEEE 15289 Second edition 2015-05-15 Systems and software engineering Content of life-cycle information items
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC/ IEEE 90003 First edition 2018-11 Software engineering Guidelines for the application of ISO 9001:2015 to computer software Ingénierie du logiciel Lignes directrices pour
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationISO/IEC JTC1/SC7 /N3040
ISO/IEC JTC1/SC7 Software and Systems Engineering Secretariat: CANADA (SCC) ISO/IEC JTC1/SC7 /N3040 2004-05-12 Document Type Title Source Report ISO/IEC JTC 1/SC7 WG9 Report to the Brisbane Plenary AG
More informationUK-led international standards for BIM
UK-led international standards for BIM Kieran Parkinson Digital Transformation Standards Manager Built Environment Copyright 2018 BSI. All rights reserved 27/11/2018 1 BSI Group structure Policy, Engagement
More informationInformation technology Service management. Part 10: Concepts and terminology
TECHNICAL REPORT ISO/IEC TR 20000-10 Second edition 2015-11-01 Information technology Service management Part 10: Concepts and terminology Technologies de l information Gestion des services Partie 10:
More informationRaising standards for consumers
ANEC comments on European Commission Rolling Plan for ICT standardisation (review) Introduction ANEC is a member of the European multi-stakeholder platform on ICT standardisation, which collaborated in
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationISA Security Compliance Institute
ISA Security Compliance Institute ISASecure from an Asset Owner s perspective ISA Automation Week 2013 1 ISA Security Compliance Institute Presentation objectives Introduction to ISA/IEC 62443 Standards
More informationAre there any new or emerging trends in technology that will impact the scope and work activities of the TC? Please describe briefly.
SMB/5748/R STRATEGIC BUSINESS PLAN (SBP) IEC/TC OR SC: SECRETARIAT: DATE: TC 106 Germany 30 September 2015 NOTE: THIS DOCUMENT CONTAINS THE STRATEGIC BUSINESS PLAN OF IEC TC 106. THE BOXES IN GREY PROVIDE
More informationSTANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?
ETSI SUMMIT Releasing the Flow Data Protection and Privacy in a Data-Driven Economy 19 April 2018 STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL? Presented by
More informationWorldwide Standards and Regulations
Worldwide Standards and Regulations Henry Wong Chief Technologist E 3 HS IT Consulting, LLC Copyright 1988 2016 Standard Performance Evaluation Corporation (SPEC). All rights reserved. JTC1 SC39 WG1 Convenor
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationThis document is a preview generated by EVS
TECHNICAL REPORT ISO/IEC TR 24722 Second edition 2015-12-15 Information technology Biometrics Multimodal and other multibiometric fusion Technologies de l information Biométrie Fusion multimodale et autre
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security incident management
INTERNATIONAL STANDARD ISO/IEC 27035 First edition 2011-09-01 Information technology Security techniques Information security incident management Technologies de l'information Techniques de sécurité Gestion
More informationInformation technology IT asset management Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 19770-5 Second edition 2015-08-01 Information technology IT asset management Overview and vocabulary Technologies de l information Gestion de biens de logiciel Vue d ensemble
More informationInformation technology Security techniques Sector-specific application of ISO/IEC Requirements
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 27009 First edition 2016-06-15 Information technology Security techniques Sector-specific application of ISO/IEC 27001 Requirements Technologies
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More informationPROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK
PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK 23.11.2015 DEFINITION OF CRITICAL INFRASTRUCTURE US EU The nation's
More informationInternational Software & Systems Engineering Standards
This presentation represents the opinion of the author and does not present positions of The MITRE Corporation or of the U.S. Department of Defense. Jim Moore The MITRE Corporation Chair, US TAG to ISO/IEC
More informationEN 50600, EU COC, EMAS AND EUROPEAN DATA CENTRE ENERGY EFFICIENCY MANAGEMENT
PRINT COVER EN 50600, EU COC, EMAS AND EUROPEAN DATA CENTRE ENERGY EFFICIENCY MANAGEMENT Mark Acton - CBRE Data Centre Solutions May 2018 EUROPEAN DATA CENTRE STANDARDS Genuine Standards are important
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationStandardization of Knowledge and Skills for IT Security
Standardization of Knowledge and Skills for IT Security Milan Friday, October 28th 2016 Veronica Salsano Overview Standardization in general Legislation Technical foundations Actors Current situation Security
More informationSoftware engineering Product quality Part 1: Quality model
SVENSK STANDARD SS-ISO/IEC 9126-1 Fastställd 2003-01-31 Utgåva 1 Software engineering Product Part 1: Quality model ICS 35.080.00 Språk: engelska Publicerad: mars 2003 Copyright SIS. Reproduction in any
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Biometric information protection
INTERNATIONAL STANDARD ISO/IEC 24745 First edition 2011-06-15 Information technology Security techniques Biometric information protection Technologies de l'information Techniques de sécurité Protection
More informationElectronic Commerce Working Group report
RESTRICTED CEFACT/ECAWG/97N012 4 December 1997 Electronic Commerce Ad hoc Working Group (ECAWG) Electronic Commerce Working Group report SOURCE: 10 th ICT Standards Board, Sophia Antipolis, 4 th November
More informationInformation technology Security techniques Application security. Part 5: Protocols and application security controls data structure
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 27034-5 First edition 2017-10 Information technology Security techniques Application security Part 5: Protocols
More informationFrequently Asked Questions
December 2001 Introduction International Standard ISO/IEC 17799:2000 Information Security Management, Code of Practice for Information Security Management Frequently Asked Questions The National Institute
More informationNew ETSI-CEN-CENELEC approach for rapid SG deployments. Jean-Pierre Mennella CIM User Group, Oslo 18 June, 2014
New ETSI-CEN-CENELEC approach for rapid SG deployments Jean-Pierre Mennella CIM User Group, Oslo 18 June, 2014 Page 1 CEN/CENELEC/ETSI Joint Working Group on standards for Smart Grids CEN-CENELEC-ETSI
More informationQuality Assurance and IT Risk Management
Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank IT RISK - REGULATORY GOVERNANCE Major shifts in the
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationAdapting to Climate Change Contribution for ICT infrastructure
Adapting to Climate Change Contribution for ICT infrastructure Dipl.-Ing. (Univ.) Thomas H. Wegmann International Standardization Manager DKE Deutsche Kommission Elektrotechnik Elektronik Informationstechnik
More informationSummary of Contents LIST OF FIGURES LIST OF TABLES
Summary of Contents LIST OF FIGURES LIST OF TABLES PREFACE xvii xix xxi PART 1 BACKGROUND Chapter 1. Introduction 3 Chapter 2. Standards-Makers 21 Chapter 3. Principles of the S2ESC Collection 45 Chapter
More informationSystem and Practice of Information Security Certification for IT products in China
System and Practice of Information Security Certification for IT products in China Catalogue 01 Introduction to IT product information security certification 02 Practice of industrial control security
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationITU-T activities related to Smart Cities - focus on SG20 and FG-DPM
Connected Smart Cities Conference "Global Standards for IoT and Smart Cities & Communities 11 January 2018, Brussels ITU-T activities related to Smart Cities - focus on SG20 and FG-DPM Marco Carugi Senior
More informationISO/IEC/ IEEE INTERNATIONAL STANDARD. Systems and software engineering Architecture description
INTERNATIONAL STANDARD ISO/IEC/ IEEE 42010 First edition 2011-12-01 Systems and software engineering Architecture description Ingénierie des systèmes et des logiciels Description de l'architecture Reference
More informationSecurity Analysis Part I: Basics
Security Analysis Part I: Basics Ketil Stølen, SINTEF & UiO CORAS 1 Acknowledgments The research for the contents of this tutorial has partly been funded by the European Commission through the FP7 project
More informationInternational Standardisation on IT Security
International Standardisation on IT Security Dr. Marijke De Soete Security4Biz Vice Chair ISO/IEC JTC 1/SC 27 IT Security Techniques Course Secure Application Development Faculty Club Leuven March 7 th
More informationHow ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016
How ISO 22301 helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016 Copyright SP PowerGrid Ltd Threat Threat 1 Threat 2 Organisation Threat 3 2 Threat - Terrorist actions ST 19Mar16
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits September 2016 Copyright
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationInformation technology Security techniques Requirements for bodies providing audit and certification of information security management systems
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 27006 Third edition 2015-10-01 Information technology Security techniques Requirements for bodies providing audit and certification of information
More informationISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
This is a preview - click here to buy the full publication TECHNICAL REPORT ISO/IEC TR 14516 First edition 2002-06-15 Information technology Security techniques Guidelines for the use and management of
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 25064 First edition 2013-09-01 Systems and software engineering Software product Quality Requirements and Evaluation
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationConformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:
TECHNICAL SPECIFICATION ISO/IEC TS 17021-6 First edition 2014-12-01 Conformity assessment Requirements for bodies providing audit and certification of management systems Part 6: Competence requirements
More informationDraft Terms of Reference for ISO TC 46/SC 9 Working Group 10: ISO Project 3901, revision of the "International Standard Recording Code (ISRC)"
ISO TC 46/SC 9/Working Group 10 for ISO Project 3901: Revision of the International Standard Recording Code (ISRC) ISO TC46/SC9 N 477 Draft Terms of Reference for ISO TC 46/SC 9 Working Group 10: ISO Project
More informationFeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.
FeliCa Approval for Security and Trust (FAST) Overview Introduction The security certification scheme called FeliCa Approval for Security and Trust (FAST) has been set up to enable the evaluation and certification
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More information