IT-säkerhet

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 29 sep 2020
Se merSe mindre
 

This document provides guidance on the ways an organization can plan and prepare for, and implement, electronic discovery from the perspective of both technology and processes.

This document is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities. It is important to note that this guidance is not intended to contradict or supersede local jurisdictional laws and regulations, so care should be exercised to ensure compliance with the prevailing jurisdictional requirements.

Se merSe mindre
 

This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.

The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification.

NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 10 okt 2020
Se merSe mindre
 

This document establishes five modes of operation for applications of an n-bit block cipher (e.g. protection of data during transmission or in storage). The defined modes only provide protection of data confidentiality. Protection of data integrity is not within the scope of this document. Also, most modes do not protect the confidentiality of message length information.

NOTE 1 Methods for protecting the integrity of data using a block cipher are provided in ISO/IEC 9797-1.

NOTE 2 Methods for simultaneously protecting the confidentiality and integrity of data are provided in ISO/IEC 19772.

This document specifies the modes of operation and gives recommendations for choosing values of parameters (as appropriate).

NOTE 3 The modes of operation specified in this document have been assigned object identifiers in accordance with ISO/IEC 9834. The list of assigned object identifiers is given in Annex A. In applications in which object identifiers are used, the object identifiers specified in Annex A are to be used in preference to any other object identifiers that can exist for the mode concerned.

NOTE 4 Annex B contains comments on the properties of each mode and important security guidance.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 24 okt 2020
Se merSe mindre
 

ISO/IEC 10118-1:2016 specifies hash-functions and is therefore applicable to the provision of authentication, integrity and non-repudiation services. Hash-functions map strings of bits of variable (but usually upper bounded) length to fixed-length strings of bits, using a specified algorithm. They can be used for - reducing a message to a short imprint for input to a digital signature mechanism, and - committing the user to a given string of bits without revealing this string. NOTE The hash-functions specified in ISO/IEC 10118 (all parts) do not involve the use of secret keys. However, these hash-functions may be used, in conjunction with secret keys, to build message authentication codes. Message Authentication Codes (MACs) provide data origin authentication as well as message integrity. Techniques for computing a MAC using a hash-function are specified in ISO/IEC 9797-2 [1]. ISO/IEC 10118-1:2016 contains definitions, symbols, abbreviations and requirements that are common to all the other parts of ISO/IEC 10118. The criteria used to select the algorithms specified in subsequent parts of ISO/IEC 10118 are defined in Annex B of this document

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 27 okt 2020
Se merSe mindre
 

This document specifies mechanisms for cross-domain password-based authenticated key exchange, all of which are Four-party Password-based Authenticated Key Exchange (4PAKE) protocols. Such protocols let two communicating entities establish a shared session key using just the login passwords that they share with their respective domain authentication servers. The authentication servers, assumed to be part of a standard public key infrastructure (PKI), act as ephemeral certification authorities (CAs) that certify key materials that the users can subsequently use to exchange and agree on as a session key.

This document does not specify the means to be used to establish a shared password between an entity and its corresponding domain server. This document also does not define the implementation of a PKI and the means for two distinct domain servers to exchange or verify their respective public key certificates.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 28 okt 2020
Se merSe mindre
 

ISO/IEC 11770-3:2015 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals: a) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them should be able to predetermine the value of the shared secret key; b) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques; and c) make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A shall be transferred to other entities in an authenticated way, but not requiring secrecy. Some of the mechanisms of ISO/IEC 11770-3:2015 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3. ISO/IEC 11770-3:2015 does not cover certain aspects of key management, such as key lifecycle management, mechanisms to generate or validate asymmetric key pairs, and mechanisms to store, archive, delete, destroy, etc. keys. While ISO/IEC 11770-3:2015 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc. ISO ...

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 1 nov 2020
Se merSe mindre
 

Se merSe mindre
 

This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing:

– additional implementation guidance for relevant controls specified in ISO/IEC 27002;

– additional controls with implementation guidance that specifically relate to cloud services.

This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 15 nov 2020
Se merSe mindre
 

This document specifies MAC algorithms that use a secret key and a hash-function (or its round-function or sponge function) to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorised manner.

NOTE A general framework for the provision of integrity services is specified in ISO/IEC 10181-6 [5].

Kommittébeteckning: SIS/TK 614 (Blockchain)
Källa: ISO
Svarsdatum: den 27 nov 2020
Se merSe mindre
 

This document specifies a reference architecture for distributed ledger technology (DLT) systems including blockchain systems. The reference architecture addresses concepts, cross-cutting aspects, architectural considerations, and architecture views, including functional components, roles, activities, and their relationships for blockchain and DLT.