, ISO/IEC. ORCID ORCID ISO/IEC
|
|
- Herbert Dickerson
- 6 years ago
- Views:
Transcription
1 .,. «ИФИ» ,, К, 31, ORCID ORCID DOI: ( ) ( ) ( )., ( ). (ISO) ISO/IEC ISO/IEC 19896,., ISO/IEC «e-cf 3.0». К :,,, ISO/IEC. Д. А А,.;, А. ISO/IEC., ДS.Х.], Я. 24, Ч. 4, p. 6-18, nov ISSN : <СЭЭpЬ://ЛТЭ.ЦОpСТ.Ыu/ТЧНОб.pСp/ЛТЭ/КЫЭТМХО/ЯТОа/282>. : 28 nov doi: Natalia G. Miloslavskaya, Alexander I. Tolstoy National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), Kashirskoe shosse, 31, Moscow, , Russia NGMiloslavskaya@mephi.ru, ORCID AITolstoj@mephi.ru, ORCID Competence Requirements of ISO/IEC Standards for Information Security Professionals DOI: Abstract. The rapid progress in the filed of information security (IS) puts one in a need of periodic revision of professional competencies (formulated in the federal state educational standards FSESs) and working functions (formulated in the professional standards PSs). Under these conditions, a timely reaction to everything new that emerges or will appear in modern regulatory documents (primarily in standards) is extremely important. We make a forecast for the content of the ISO/IEC and ISO/IEC standards drafted by the International Organization for Standardization (ISO), which should contain the requirements for the competencies of IS management system professionals and the competence of IS testers and evaluators. Our forecast takes into account the requirements of the ISO/IEC standard group and the recommendations of the European e-competence Framework e-cf 3.0. Keywords: information security, competence, Information Security Professional, ISO/IEC standard For citation. MILOSLAVSKAYA, Natalia G.; TOLSTOY, Alexander I. Competence Requirements of ISO/IEC Standards for Information Security Professionals. IT Security, [S.l.], v. 24, n. 4, p. 6-18, nov ISSN = IT Security, 24, 4(2017) 6
2 7136. Available at: < Date accessed: 28 nov doi: ( ). ( ) [1]. : 1. ( ) (, ).. ( ) (, ). 2. ( ),,.,.,., ( ) ( ). ( ), ( ( ), ( ) ( )) ( )., (,, ), (, ).,.,.. ( ) «,» Д2]. ( ). (АШЫХН ТЧЭОЫЧКЭТШЧКХ МШЧПОЫОЧМОЬ ШЧ IS EНuМКЭТШЧ АISE) Д3-5]. ( CISA, CISSP, GIAC..). = IT Security, 24, 4(2017) 7
3 , : 1., : «( ):» Д7] Д8]; 2. (AGIMO) Д9]; 3. «e-cf 3.0» [10]., ( -CF 3.0) ( ): - ISO/IEC ; - ISO/IEC ( ): «,»; «, ISO/IEC 19790»; «, ISO/IEC 15408». e-cf 3.0, ISO/IEC ISO/IEC Е ( -CF 3.0) [10] - ( ), CENICTSkills Workshopcommunity.. ( ) ( ) ( ).,.,, /., ( ).,,,,,,,,.,., - CF 3.0, = IT Security, 24, 4(2017) 8
4 ( / ): 1:, : ( ) ( ) (C) (D) ( ). 2: ( -CF ) 1. 3: 2. 4: (, ) 2. e-cf 3.0,,,. (.1). ( ), ИК ИК А ИК М : ( )....,. : ( ): ; :, ( ); :,,. О :, ; ; ; ; ;. ИК М :..,,..,. : ( ): ( ); : ( ); :,. О : ;, ; ; ; ; ;,. = IT Security, 24, 4(2017) 9
5 К :. К :. e-cf 3.0 ( )..2.3., щ, A.7. ( ): ;, ;. D.1. ( ):, ; ;, ;,. E.3. ( ): ;,, ;. E.8. ( ): ;, ;, ;,,. E.9. ( ):, - ;, 2. ИК.4:, :..5:..3:, ;, ;..4:,,,..4:, = IT Security, 24, 4(2017) 10
6 ( )., щ, C.2. ( ): ;, ; (SLA);. C.3. ( ): SLA;, ; ; (, ); ;. D.9. ( ):, ;, ; /. D.10. ( ): ; ;,,,, -,. E.8. ( ):.. 3. ИК.3:,, ;..3: ; ;,..3:..3: -..3: ; -. = IT Security, 24, 4(2017) 11
7 4:. : 1.,. 2. ( ) A.7., (C) C.2. C (D) ( ) : D.1., E.3., E.8. E.9. ( ); ( ): D.9., D.10., E.8. ( ). 4. ( ) E.8.,.4. -CF 3.0 ( ), (, - K) (, - S).,.8. (K1,, K7) (S1,,S7).. :, (K1); (K2); (K3); (K4);, (K5); (K6); (K7). : - (S1); (S2); (S3); (S4); (S5); (S6); (S7).,,, -CF 3.0,, :.1. И ( 8) ИК, ИК (S4);.2. ИК (K6);.5. (,,,,, ) (K2); B.1 И ( 14); И ( 5). = IT Security, 24, 4(2017) 12
8 e-cf 3.0,.,. 2 Ч ISO/IEC ISO/IEC ISO/IEC , ( ).,..,,,,,, ( ) PDCA (PХКЧ-Do-Check-Act). 7.2 ISO/IEC 27001, / 27001, Д11]. :, (,, );, ; ;, ;. ISO/IEC 27021,, : ),,. ; ),. ; ) ; ), ; ),. ISO/IEC 27001, : ( ), - = IT Security, 24, 4(2017) 13
9 -., : 1) : :,,,, ; : :,,,,,, ; :,, ; 2) - : : -,,, ( ISO/IEC 27014),,,,..; : ( ISO/IEC 27005); :,,, ( ISO/IEC 27035); :,, ( ISO/IEC ); :,,,,,,,.. 3) - : :,,,,,,,,,,, ; :,,,,,,,, SIEM-, ; :,,,, ; :,,, / ; :. 3 Ч ISO/IEC ISO/IEC ISO/IEC «,» -, - - / = IT Security, 24, 4(2017) 14
10 , (Committee on Conformity Assessment, CASCO). ISO/IEC 19896,. ISO/IEC 27021, ISO/IEC ( ),,,,,,,. ISO/IEC «, ISO/IEC 19790», ISO/IEC ISO/IEC «, ISO/IEC 15408», ISO/IEC ISO/IEC ISO/IEC 17025, CASCO / ( - ). ISO/IEC 17025:2005 :,, /,,,,, /., -,,.,.,,, -. (,, ) -,,,,,. ( ),,,,,,,. = IT Security, 24, 4(2017) 15
11 .,,...,,,,,.,,. ( ),., ( ) ( ),,,,,,,. ( ),,.,, (, ). ISO/IEC ,,., ( ),.. ( ),. ( ),,,,. ( ) ( )., ( ). ISO/IEC ISO/IEC : 1., ISO/IEC 27000,,. 2. = IT Security, 24, 4(2017) 16
12 ,. -CF 3.0. ISO/IEC ISO/IEC ,.,,,., ISO/IEC ISO/IEC : 1 Tolstoy A., Miloslavskaya N. Professional Competencies Level Assessment for Training of Masters in Information Security. In book: Information Security Education Across the Curriculum. IFIP Advances in Information and Communication Technology. 9th IFIP WG 11.8 World Conference, WISE 9, Hamburg, Germany, May 26-28, 2015, Proceedings. ISBN ISSN Springer International Publishing. Vol. 453, 2015, pp Bishop, M., Engle, S. The Software Assurance CBK and University Curricula. 10 th Colloquium for Information Systems Security Education. University of Maryland, U.S.A (2006). URL: (access date ). 3 FТЬМСОЫ-HüЛЧОЫ, S., ВЧРЬЭЫШ Ц, L. (EНЬ.): АISE 1: PЫШМООНТЧРЬ ШП ЭСО IFIP АG 11.8 FТЫЬЭ Аorld Conference on Information Security Education, June 1999, Kista, Sweden. 4 AЫЦЬЭЫШЧР, H., ВЧРЬЭЫШ Ц, L. (EНЬ.): АISE 2: pышмоонтчрь ШП ЭСО IFIP АG 11.8 SОМШЧН АШЫХН CШЧПОЫОЧМО ШЧ Information Security Education: July 2001, Perth, Australia. 5 Irvine, C.E., Armstrong, H.L. (Eds.): Security Education and Critical Infrastructures, IFIP WG11.8 Third Annual World Conference on Information Security Education (WISE3), June 26-28, 2003, Monterey, California, U.S.A. Kluwer Miloslavskaya N., Tolstoy A. State-Level Views on Professional Competencies in the Field of IoT and Cloud Information Security. Proceedings of th International Conference on Future Internet of Things and Cloud Workshops. The 3rd International Symposium on Intercloud and IoT (ICI 2016). Vienna (Austria), August Pp State Government Information Security Workforce Development Model. A Best Practice Model and Framework. June Final Version 1.0 (U.S.). 8 The U.S. National Cybersecurity Workforce Framework. URL: nationalcybersecurity-workforce-framework (access date ). 9 The Cyber Security Capability Framework & Mapping of ISM Roles. Final Report. Australian Government Information Management Office. June The European e-competence Framework 3.0. A common European Framework for ICT Professionals in all industry sectors. CWA 16234:2014 Part 1. CEN. 11 ISO/IEC 27001:2013 "Information technology -- Security techniques Information security management systems Requirements". REFERENCES: [1] Tolstoy A., Miloslavskaya N. Professional Competencies Level Assessment for Training of Masters in Information Security. In book: Information Security Education Across the Curriculum. IFIP Advances in Information and Communication Technology. 9th IFIP WG 11.8 World Conference, WISE 9, Hamburg, Germany, May 26-28, 2015, Proceedings. ISBN ISSN Springer International Publishing. Vol. 453, 2015, pp [2] Bishop, M., Engle, S. The Software Assurance CBK and University Curricula. 10th Colloquium for Information Systems Security Education. University of Maryland, U.S.A (2006). URL: (access date ). [3] FТЬМСОЫ-HüЛЧОЫ, S., ВЧРЬЭЫШ Ц, L. (EНЬ.): АISE 1: PЫШМООНТЧРЬ ШП ЭСО IFIP АG 11.8 FТЫЬЭ АШЫХН CШЧПОЫОЧМО ШЧ Information Security Education, June 1999, Kista, Sweden. [4] AЫЦЬЭЫШЧР, H., ВЧРЬЭЫШ Ц, L. (EНЬ.): АISE 2: pышмоонтчрь ШП ЭСО IFIP АG 11.8 SОМШЧН АШЫХН CШЧПОЫОЧМО ШЧ Information Security Education: July 2001, Perth, Australia. [5] Irvine, C.E., Armstrong, H.L. (Eds.): Security Education and Critical Infrastructures, IFIP WG11.8 Third Annual World Conference on Information Security Education (WISE3), June 26-28, 2003, Monterey, California, U.S.A. Kluwer [6] Miloslavskaya N., Tolstoy A. State-Level Views on Professional Competencies in the Field of IoT and Cloud Information Security. Proceedings of th International Conference on Future Internet of Things and Cloud = IT Security, 24, 4(2017) 17
13 Powered by TCPDF ( Workshops. The 3rd International Symposium on Intercloud and IoT (ICI 2016). Vienna (Austria), August Pp [7] State Government Information Security Workforce Development Model. A Best Practice Model and Framework. June Final Version 1.0 (U.S.). [8] The U.S. National Cybersecurity Workforce Framework. URL: nationalcybersecurity-workforce-framework (access date ). [9] The Cyber Security Capability Framework & Mapping of ISM Roles. Final Report. Australian Government Information Management Office. June [10] The European e-competence Framework 3.0. A common European Framework for ICT Professionals in all industry sectors. CWA 16234:2014 Part 1. CEN. [11] ISO/IEC 27001:2013 "Information technology -- Security techniques Information security management systems Requirements" Received July 21, The final version November 09, = IT Security, 24, 4(2017) 18
Standardization of Knowledge and Skills for IT Security
Standardization of Knowledge and Skills for IT Security Milan Friday, October 28th 2016 Veronica Salsano Overview Standardization in general Legislation Technical foundations Actors Current situation Security
More informationITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018
GLOBAL ICT CAPACITY BUILDING SYMPOSIUM ITU CBS SANTO DOMINGO 2018 Digital Capacity Building: Role of the University 18 20 June 2018 Santo Domingo, Dominican Republic Dr. Nizar Ben Neji Faculty of Sciences
More informationA CBK for Information Security and Critical Infrastructure Protection
A CBK for Information Security and Critical Infrastructure Protection Marianthi Theoharidou, Eleftheria Stougiannou, Dimitris Gritzalis Information Security and Critical Infrastructure Protection Research
More informationNON-PROFIT ORGANIZATION CHARITY FUND
NON-PROFIT ORGANIZATION CHARITY FUND ONLY RELIABLE STRATEGIC DEVELOPMENT and REAL INNOVATIONS are CAPABLE To DEVELOP ECONOMY of ALL COUNTRIES of the WORLD, to LEAD THEM TO PROSPERITY, And to MAKE the WORLD
More informationAustralian Standard. General requirements for the competence of testing and calibration laboratories AS ISO/IEC ISO/IEC 17025:1999
AS ISO/IEC 17025 1999 ISO/IEC 17025:1999 AS ISO/IEC 17025 Australian Standard General requirements for the competence of testing and calibration laboratories This is a free 7 page sample. Access the full
More information6th Working Draft of ISO/IEC Introduction from the Convenor
May 2009 6th Working Draft of ISO/IEC 17065 3 rd meeting of WG 29 on June 29-30 - July 1 Introduction from the Convenor April 30th, 2009 Mario O. Wittner The Drafting Group prepared the WD 6 of ISO/IEC
More informationInformation Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community
Information Security Management Systems Standards ISO/IEC 27001 Global Opportunity for the Business Community Prof. Edward (Ted) Humphreys IPA Global Symposium 2013 23 rd May 2013, Tokyo, Japan CyberSecurity
More information4WCE * 5 * : GEO. Air Products and Chemicals, Inc., 2009
ХН Ч АН А 4WCE-600700* 5 9 2015. 1 93 : * : 600.700 600.730 1. 2 2. 2 3. 2 4. 3 5. 5 6. 7 7.,,, 8 8. 9 9., 10 10. 12 11., 13 12. 14 13. 16 14. 16 15. 17 16. 17 17., 18 18. 21 19., 24 20., 25 21., 26 22.
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationJOINT-STOCK COMPANY GIDROPRIVOD. RADIAL PISTON PUMPS OF VARIABLE DISPLACEMENT type 50 НРР
JOINT-STOCK COMPANY GIDROPRIVOD RADIAL PISTON PUMPS OF VARIABLE DISPLACEMENT type 50 НРР Item purpose Radial piston pumps of variable displacement of the type 50НРР with adjustable delivery and constant
More informationuninsta un in sta 9 weights & italics 5 numeral variations Full Cyrillic alphabet
un in sta 9 weights & italics 5 numeral variations Full Cyrillic alphabet contemporary geometric web normal versitile universal adaptable neutral systematic consistant print humanist homogeneous unique
More informationแนวทางการพ ฒนา Information Security Professional ในประเทศไทย
แนวทางการพ ฒนา Information Security Professional ในประเทศไทย โดย Thailand Information Security Association (TISA) Agenda 1) Global Information Security Professional Situation 2) Current Thailand Information
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More information_isms_27001_fnd_en_sample_set01_v2, Group A
1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001
More informationCURRICULUM VITAE. Central European University, Graduate School of Business - Budapest Hungary From To September 2002 December 2003
1. Surname: Trajkovski 2. First Name: Jasmina 3. Date of Birth: 23.01.1978 4. Nationality: n 5. Civil Status: Single CURRICULUM VITAE 6. Telephone: 02 3123601 ; 075 280609 7. E-mail: jasmina.trajkovski@tpconsulting.com.mk
More informationICNDT WG1 on qualification and certification efforts on global harmonization of the process of personnel certification
19 th World Conference on Non-Destructive Testing 2016 ICNDT WG1 on qualification and certification efforts on global harmonization of the process of personnel certification Alexander MULLIN 1 1 RTC Testing
More informationTHE MATHEMATICAL MODEL OF AN OPERATOR IN A HUMAN MACHINE SYSTEMS. PROBLEMS AND SOLUTIONS
50 І н ф о р м а ц і й н і с и с т е м и, м е х а н і к а т а к е р у в а н н я UDC 621.396 A. Kopyt THE MATHEMATICAL MODEL OF AN OPERATOR IN A HUMAN MACHINE SYSTEMS. PROBLEMS AND SOLUTIONS That s why
More informationThe role of professional bodies in the development of innovative onshore education
The role of professional bodies in the development of innovative onshore education AIEC, Brisbane, 8 th October 2014 Asheley Jones MACS (Snr) CP Head of Education and Workforce Development ACS - The Professional
More informationGuide 28 General rules for a model third-party certification system for products
SAA HB18.28 1991 SANZ HB18.28 1991 ISO/IEC Guide 28 1982 Guidelines for third-party certification and accreditation Guide 28 General rules for a model third-party certification system for products STANDARDS
More informationSMART ICT STANDARDS ANALYSIS
Bienvenue SMART ICT STANDARDS ANALYSIS Journée Mondiale de la Normalisation 2017 13 octobre 2017 Nicolas Domenjoud Chargé de Mission Normalisation et TIC ANEC GIE TABLE OF CONTENT I Context and objectives
More informationAS/NZS ISO/IEC 17067:2015
Australian/New Zealand Standard AS/NZS ISO/IEC 17067:2015 (ISO/IEC 17067:2013, IDT) Conformity assessment Fundamentals of product certification and guidelines for product certification schemes AS/NZS ISO/IEC
More informationTHE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS
SESSION ID: AST3-R02 THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS Jon Oltsik Senior Principal Analyst Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International Board Director ISSA
More informationCollaboration on Cybersecurity program between California University and Shippensburg University
Collaboration on Cybersecurity program between California University and Shippensburg University Weifeng Chen Dept. of Math, Computer Science and Information Systems California University, California,
More informationOverview of Global Nuclear Safety and Security Network (GNSSN)
Overview of Global Nuclear Safety and Security Network (GNSSN) Overview of GNSSN Third Meeting of the Steering Committee (SC) on Competence of Human Resources for Regulatory Bodies in Member States with
More informationMaster degree program Technical legislation, standardization and quality management
The experience of the Technical University of Sofia in education about standardization Master degree program Technical legislation, standardization and quality management Opened in 2007 at the Faculty
More informationGlobal Standards Information. Standards Simulation Training for the USG ICES Workshop. July 6, 2010
Global Standards Information Standards Simulation Training for the USG ICES Workshop July 6, 2010 Today s Discussion Why use a Standards Simulation Exercise? Role of the U.S. Government and NIST in standards
More informationRole of I&C Conceptual Design in NPP Licensing
Role of I&C Conceptual Design in NPP Licensing RASU Deputy Design Division Director, Head of Subdivision Galivets Eugeniy Moscow October, 2016 Abstract Currently, modern NPP construction projects face
More informationForum. Ningbo, China 25 February
2014/SOM1/SCE-COW/014 Agenda Item: 4 Telecommunications and Inform ation Working Group Strategic Plan Purpose: Consideration Submitted by: TEL Chair Forum Doc. No.: 2013/SOM3/SCE/017 SOM Steering Committee
More informationDIGITIZING INDUSTRY, ICT STANDARDS TO
DIGITIZING INDUSTRY, ICT STANDARDS TO DELIVER ON DIGITAL SINGLE MARKET OBJECTIVES ETSI When Standards Support Policy 14 November 2016 Emilio Davila Gonzalez Unit Start ups & Innovation, EC DG Connect 72%
More informationAustralian/New Zealand Standard
AS/NZS ISO/IEC 27005:2012 Australian/New Zealand Standard Information technology Security techniques Information security risk management (ISO/IEC 27005:2011, MOD) This Joint Australian/New Zealand Standard
More informationCEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
More informationHigh Confidence Transportation Cyber-Physical Systems: Automotive, Aviation, and Rail
High Confidence Transportation Cyber-Physical Systems: Automotive, Aviation, and Rail November 20, 2008 Chris Greer Director, US National Coordination Office Networking and Information Technology Research
More informationAustralian Government Cyber-security Activities in the Pacific
Australian Government Cyber-security Activities in the Pacific Daniel Wells International Branch Department of Broadband, Communications and the Digital Economy Overview Australia s engagement with the
More informationDigital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria
Digital Healthcare Yordan Iliev Director R&D Healthcare Regional Cybersecurity Forum, 29-30 November 2016, Grand Hotel Sofia, Bulgaria AGENDA Introduction Security challenges in healthcare IT Change ahead
More informationFriedrich Smaxwil CEN President. CEN European Committee for Standardization
Friedrich Smaxwil CEN President CEN European Committee for Standardization www.cen.eu www.cencenelec.eu Friedrich Smaxwil, CEN President 1. Standards & standardization 2. CEN s role in European Standardization
More informationSA/SNZ TR ISO/IEC :2014
(ISO/IEC TR 20000-5:2013, IDT) Australian/New Zealand Technical Report Information technology Service management Part 5: Exemplar implementation plan for ISO/IEC 20000-1 SA/SNZ TR ISO/IEC 20000.5:2014
More informationIn Accountable IoT We Trust
In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design
More information5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America
5G Security Jason Boswell Head of Security, IT, and Cloud Ericsson North America Drew Morin Director Federal Cybersecurity Technology and Engineering Programs T-Mobile USA Chris White Head of Algorithms,
More informationITU- Arab Regional Cyber Security Center s Activities & Regional Threats landscape
ITU- Arab Regional Cyber Security Center s Activities & Regional Threats landscape ENG. BADAR ALI ALSALEHI HEAD OF ITU-ARAB REGIONALCYBER SECURITY CENTER DG OF OMAN NATIONAL CERT Dar es Salaam November
More informationSiemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris September 2018
Siemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris 24-25 September 2018 Unrestricted https://www.siemens.com/press/charter-of-trust Cybersecurity
More informationFuture-Proof Security & Privacy in IoT
All rights reserved, Arthur s Legal B.V. Future-Proof Security & Privacy in IoT From State of Play, To State of The Art Arthur van der Wees, LLM Managing Director Arthur s Legal, the global tech-by-design
More informationAn Approach to Information Security Policy Modeling for Enterprise Networks
An Approach to Information Security Policy Modeling for Enterprise Networks Dmitry Chernyavskiy and Natalia Miloslavskaya Information Security of Banking Systems Department National Research Nuclear University
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationMetadata Elements Comparison: Vetadata and ANZ-LOM
Metadata Elements Comparison: Vetadata and ANZ-LOM The Learning Federation and E-standards for Training Version 1.0 April 2008 flexiblelearning.net.au thelearningfederation.edu.au Disclaimer The Australian
More information«, 68, 55, 23. (, -, ).,,.,,. (workcamps).,. :.. 2
,.. 2017. 49.03.03. -,......,..... 2017 «, 68, 55, 23. (, -, ).,,.,,. (workcamps).,. :.. 2 ......4 1..6 1. 1...6 1. 2...9 1.3...14 2...20 2.1.........20 3. 22 3.1...22 3.2...34 3.3,.41.....44..... 48 A
More informationETSI ISG ISI Information Security Indicators
ETSI ISG ISI Information Security Indicators Updates on ISI standardization results Paolo De Lutiis (Telecom Italia Information Technology) 9th ETSI Security Workshop ETSI 2014. All rights reserved Cyber
More informationOFFER VALID FROM R. 15 COLORS TEXT DISPLAYS SERIES RGB12-K SERIES RGB16-K SERIES RGB20-K SERIES RGB25-K SERIES RGB30-K
OFFER VALID FROM 1.11.2016R. 15 COLORS TEXT DISPLAYS SERIES RGB12-K SERIES RGB16-K SERIES RGB20-K SERIES RGB25-K SERIES RGB30-K RGB Technology RGB Technology Ltd. is a Polish market-leading manufacturer
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationBACKGROUND NOTE ON ACTION PLANS
BACKGROUND NOTE ON ACTION PLANS SMO Action Plans are developed by IFAC Members and Associates to demonstrate fulfillment of IFAC Statements of Membership Obligations (SMOs). SMOs require IFAC Members and
More informationTACOMA PUBLIC UTILITIES CYBERSECURITY PROGRAM NIAC WORKSHOP JUNE 2017
TACOMA PUBLIC UTILITIES CYBERSECURITY PROGRAM NIAC WORKSHOP JUNE 2017 AGENDA TPU Cybersecurity Program Overview Document Management & Program Governance Compliance Driven Best Practices Protect, Detect,
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationProf HA Kruger. Last updated: 19 January Publications and Technical reports
Prof HA Kruger Last updated: 19 January 2009 Publications and Technical reports 1) Kruger, H.A. & Coetsee, L.D. 1996. A model to optimize internal audit service quality, South African Journal of Economic
More informationNIST Smart Grid Interoperability Framework
NIST Smart Grid Interoperability Framework Jerry FitzPatrick National Institute of Standards and Technology (NIST) Gaithersburg, MD 20899 fitzpa@nist.gov 2010 IEEE Power & Energy Society General Meeting
More informationISO/IEC ISO/IEC
ISO/IEC 27000 2010 6 3 1. ISO/IEC 27000 ISO/IEC 27000 ISMS ISO IEC ISO/IEC JTC1 SC 27 ISO/IEC 27001 ISO/IEC 27000 ISO/IEC 27001 ISMS requirements ISO/IEC 27000 ISMS overview and vocabulary ISO/IEC 27002
More informationSecurity in Today s Insecure World for SecureTokyo
Security in Today s Insecure World for SecureTokyo David Shearer (ISC) 2 Chief Executive Officer dshearer@isc2.org www.isc2.org I m Influenced by a Mission Driven Background U.S. Maritime Transportation
More informationCPA PEP 2018 Schedule and Fees
CPA PEP Schedule and Fees The CPA Professional Education Program (CPA PEP) is a graduatelevel program. CPA PEP comprises a series of modules that focus primarily on enhancing CPA candidates ability to
More informationPRESENTATION OVERVIEW
ITU Regional Seminar for the Africa Region on Conformance and Interoperability Testing Centre(s) Accra (Ghana), 4-6 July 2011 Accreditation Bodies Presented by Andrew Kwan ITU Consultant 1 PRESENTATION
More informationThe European Platform in Network and Information Security (NIS) Fabio Martinelli
The European Platform in Network and Information Security (NIS) Fabio Martinelli Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche IIT-CNR, Pisa, Italy Institute of Informatics and
More informationNational Strategies. Key Domain Primary Direction
An Overview of PQC Research Activities and Standardization Concerns in China 4 th ETSI Quantum-Safe Cryptography Workshop Toronto, Canada. Sept. 19-21 2016 Hong Xiang, Tao Xiang Chongqing University Zhen-feng
More informationCloud Security. Copyright Ramesh Nagappan. All rights reserved.
Cloud Security 1 Cloud Security Week 1 Lecture 1 Ramesh Nagappan Harvard University Extension School Brandeis University GPS 2 Week 1 Lecture - 1 Course Introduction Evolution of Cloud Computing Introduction
More informationConformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant
Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Standardization Bureau (TSB) Consultant Moscow, 9-11 november 2011 Contents The benefits of conformity assessment Conformity
More informationBlock 1: Introduction Overview, Requirements, Knowledge Profiles. FH-Prof. DI Dr. Stefan Sauermann Juliane Herzog, MSc.
Block 1: Introduction Overview, Requirements, Knowledge Profiles FH-Prof. DI Dr. Stefan Sauermann Juliane Herzog, MSc. University of Applied Sciences Technikum Wien University of Applied Sciences (UAS)
More informationTechnical Advisory Board (TAB) Terms of Reference
Technical Advisory Board (TAB) Terms of Reference ACS Technical Advisory Board Terms of Reference V1.1 27 May 2017 Page 1 ACS Technical Advisory Board Terms of Reference V1.1 27 May 2017 Page 1 CONTENTS
More informationEnglish Version. Health informatics - Quality of service requirements for health information interchange
TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 15253 December 2005 ICS 35.240.80 English Version Health informatics - Quality of service requirements for health information interchange Informatique
More informationGLOBAL PKI TRENDS STUDY
2018 GLOBAL PKI TRENDS STUDY Sponsored by Thales esecurity Independently conducted by Ponemon Institute LLC SEPTEMBER 2018 EXECUTIVE SUMMARY #2018GlobalPKI Mi Ponemon Institute is pleased to present the
More informationMonetDB/DataCell: leveraging the column-store database technology for efficient and scalable stream processing Liarou, E.
UvA-DARE (Digital Academic Repository) MonetDB/DataCell: leveraging the column-store database technology for efficient and scalable stream processing Liarou, E. Link to publication Citation for published
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationViews on the Framework for Improving Critical Infrastructure Cybersecurity
This document is scheduled to be published in the Federal Register on 12/11/2015 and available online at http://federalregister.gov/a/2015-31217, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationEnglish version. ICT Certification in Europe
CEN WORKSHOP CWA 16052 December 2009 AGREEMENT ICS 35.240.99 English version ICT Certification in Europe This CEN Workshop Agreement has been drafted and approved by a Workshop of representatives of interested
More informationFostering Competitiveness, Growth and Jobs. Wrocław, Poland, 15 October 2014
e-skills Fostering Competitiveness, Growth and Jobs Wrocław, Poland, 15 October 2014 The e-skills Pyramid e-leaders e-leadership skills): these correspond to the capabilities needed to exploit opportunities
More informationInformation Systems Analyst Certification Study Guide
Information Systems Analyst Certification Study Guide CISSP - Certified Information Systems Security Professional - CISSP - Certified Information Systems Security The vendor-neutral CISSP certification
More informationOpportunities to Integrate Technology Into the Classroom. Presented by:
Opportunities to Integrate Technology Into the Classroom Presented by: Mark Salamasick, CIA, CISA, CRMA, CSP Executive Director of Audit University of Texas System Discussion Topics Internal Audit Textbook
More informationUnited States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS
United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS UTILITY CYBER SECURITY INITIATIVE (UCSI) CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) ASSESSMENT FOR THE
More informationExploring Emerging Cyber Attest Requirements
Exploring Emerging Cyber Attest Requirements With a focus on SOC for Cybersecurity ( Cyber Attest ) Introductions and Overview Audrey Katcher Partner, RubinBrown LLP AICPA volunteer: AICPA SOC2 Guide Working
More informationTITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in Lillehammer, Norway
ISO/IEC JTC 1 Information Technology ISO/IEC JTC 1 N 13251 DATE: 2016-10-21 Replaces: N13093 DOC TYPE: Meeting Agenda TITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in
More informationCybersecurity Vulnerabilities and Process Frameworks for Oil and Gas
Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas Presentation to WVONGA Jack L. Shaffer, Jr. Business Transformation Director vcio/ vciso 2017 Cybersecurity in the news Ransomware Wanacry,
More informationOPERATING SYSTEMS PRINCIPLES AND PRACTICE
page 1 / 5 page 2 / 5 operating systems principles and pdf Student Resources Operating Systems: Internals and Design Principles, Sixth Edition Operating Systems, Sixth Edition - William Stallings Technical
More informationOverview of conformity assessment programs and ASTM International s related activities
Overview of conformity assessment programs and ASTM International s related activities African Organization for Standardization 21 June 2016 Tim Brooke Vice President Certification Training, and Proficiency
More informationBetter Regulatory Outcomes & the CASCO Toolbox
2011/SOM1/SCSC/CON1/013 Session 8 Better Regulatory Outcomes & the CASCO Toolbox Submitted by: Underwriters Laboratories 6 th Conference on Good Regulatory Practice Washington, D.C., United States 1-2
More informationReport on ISO/IEC/JTC1/SC27 Activities in Digital Identities
International Telecommunication Union ITU-T Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities Dick Brackney ISO/SC27 Liaison Officer to ITU-T SG17 Standards Program Manager, U.S. Dept of Defense
More information2018 CALENDAR OF ACTIVITIES
2018 CALENDAR OF ACTIVITIES WHO WE ARE AND WHAT WE OFFER Ý Public Trainings Technical Sessions Reviews GMM Other Chapter Activities Conferences Professionals Night ISACA was incorporated by individuals
More informationNIST Standard Enterprise Big Data Ecosystem
NIST Standard Enterprise Big Data Ecosystem Wo Chang Digital Data Advisor ISO/IEC JTC1/WG 9 Big Data, Convenor wchang@nist.gov June 19, 2017 Agenda Revisit Enterprise Computing What s the Computing Infrastructure
More informationNational program of digital transformation
National program of digital transformation Omuraliev Mirlan Deputy Chairman State Committee of Information Technologies and Communications of the Kyrgyz Republic Global Infrastructure Cooperation Conference
More informationDATA CENTRE CODES AND STANDARDS
DATA CENTRE CODES AND STANDARDS A EUROPEAN PERSPECTIVE 10 TH NOVEMBER 2015 MARK ACTON CRITICAL SERVICES DIRECTOR ASHRAE - TC 9.9 2011 American Society of Heating, Refrigerating and Air Conditioning Engineers
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationInternational Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018
International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018 Dr. Dennis-Kenji Kipker University of Bremen Washington DC, 10.04.2018 Gefördert vom FKZ: 16KIS0213 bis 16KIS0216 Slide
More informationTraining Programmes Sri Lanka Accreditation Board for Conformity Assessment
Training Programmes -2018 Sri Lanka Accreditation Board for Conformity Assessment General Instructions: All interested parties are requested to fill separate reservation form for each and submit to the
More informationElectronic Government: 12th IFIP WG 8.5 International Conference, EGOV 2013, Koblenz, Germany, September 16-19, 2013, Proceedings (Lecture Notes
Electronic Government: 12th IFIP WG 8.5 International Conference, EGOV 2013, Koblenz, Germany, September 16-19, 2013, Proceedings (Lecture Notes In... Applications, Incl. Internet/Web, And HCI) Electronic
More informationLaboratory Accreditation Building Confidence on Testing Quality
Laboratory Accreditation Building Confidence on Testing Quality Dr. George Anastasopoulos, Director (Conformity Assessment) & Prasanth S Ramakrishnan, MS, LEED-AP (Principal Staff & Program Manager) ASME
More information*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship
More informationCyber risk resilience
Cyber risk resilience A consistent approach for a consistently major risk Sara Walton Standards Market Development (Risk, Resilience, Governance) 12 Sept 2017 Copyright 2017 BSI. All rights reserved 1
More informationAWERProcedia Information Technology & Computer Science
AWERProcedia Information Technology & Computer Science Vol 03 (2013) 1424-1429 3 rd World Conference on Information Technology (WCIT-2012) Comparison of routing protocols in mobile ad-hoc wireless networks
More informationDevelopment of a new IEC Standard on Cybersecurity Controls for I&C in Nuclear Power Plants IEC 63096
Development of a new IEC Standard on Cybersecurity Controls for I&C in Nuclear Power Plants IEC 63096 Juergen Bochtler Siemens AG PG ES IC T2000SOL PN QC Freyeslebenstr. 1 D-91058 Erlangen, Germany juergen.bochtler@siemens.com
More informationISO/IEC JTC 1 N 13538
ISO/IEC JTC 1 N 13538 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Business Plan Title: SC 41 Business Plan and Dashboard 2017 Status: This document is circulated
More informationISO/IEC JTC 1 Study Group on Smart Cities
ANSI WORKSHOP ISO/IEC JTC 1 Study Group on Smart Cities Presented by Alex Tarpinian Senior Manager, IBM ANSI WORKSHOP: Smart and Sustainable Cities November 21, 2013 1 Overview ISO/IEC JTC 1 Study Group
More informationInfusion Pump CODAN ARGUS 717 / 718 V - Release Notes. Firmware V
Infusion Pump CODAN ARGUS 717 / 718 V - Release Notes Firmware V5.06.20165 Version Firmware V.5.06.20165 Release Date 28-May-2014 Update Type Optional Recommended Required (Field Safety Notice 1/2014 and
More information