IT-säkerhet

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 5 mar 2019
Se merSe mindre
 

This document gives guidelines for:

a) information security professionals considering the purchase of cyber insurance as a risk treatment option to share cyber risks;

b) leveraging cyber insurance to assist manage the impact of a cyber incident;

c) sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber insurance policy;

d) leveraging an information security management system when sharing relevant data and information with an insurer.

This document is applicable to organizations of all types, sizes and nature as the insured and an insurer of cyber insurance.

This document covers organizations that choose to insure with a 3rd party also known as an insurer.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 11 mar 2019
Se merSe mindre
 

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

In particular, this document specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing. 

This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.

Excluding any of the requirements specified in Clause 5 of this document is not acceptable when an organization claims conformity to this document.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 17 mar 2019
Se merSe mindre
 

ISO/IEC 11770-4:2017 defines key establishment mechanisms based on weak secrets, i.e. secrets that can be readily memorized by a human, and hence, secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing offline brute-force attacks associated with the weak secret. ISO/IEC 11770-4:2017 is not applicable to the following aspects of key management:
-      life-cycle management of weak secrets, strong secrets, and established secret keys;
-      mechanisms to store, archive, delete, destroy, etc. weak secrets, strong secrets, and established secret keys.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 611 (Systemintegration för unika enheters identifiering och dess attribut)
Källa: ISO
Svarsdatum: den 15 apr 2019
Se merSe mindre
 

suites defined in ISO/IEC 29167-10.

This part of ISO/IEC 19823 contains conformance tests for all mandatory and applicable optional functions.

The conformance parameters are the following:

— parameters that apply directly affecting system functionality and inter-operability

— protocol including commands and replies

— nominal values and tolerances

Unless otherwise specified, the tests in this part of ISO/IEC 19823 are to be applied exclusively related to RFID tags and interrogators defined in the ISO/IEC 18000- series using ISO/IEC 29167-10.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 24 apr 2019
Se merSe mindre
 

This document specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms.

Firstly, this document specifies methods for testing whether a given number is prime. The testing methods included in this document are divided into two groups:

- Probabilistic primality tests, which have a small error probability. All probabilistic tests described here can declare a composite to be a prime.

- Deterministic methods, which are guaranteed to give the right verdict. These methods use so-called primality certificates.

Secondly, this document specifies methods to generate prime numbers. Again, both probabilistic and deterministic methods are presented.

NOTE Readers with a background in algorithm theory may have had previous encounters with probabilistic and deterministic algorithms. The deterministic methods in this document internally still make use of random bits (to be generated via methods described in ISO/IEC 18031), and “deterministic” only refers to the fact that the output is correct with probability one.

Annex A provides error probabilities that are utilized by the Miller-Rabin primality test.

Annex B describes variants of the methods for generating primes so that particular cryptographic requirements can be met.

Annex C defines primitives utilized by the prime generation and verification methods.