IT-säkerhet

Kommittébeteckning: SIS/TK 614 (Blockchain)
Källa: ISO
Svarsdatum: den 18 dec 2019
Se merSe mindre
 

This document provides fundamental terminology for blockchain and distributed ledger technologies.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This part of ISO/IEC 15408 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.

Part one provides an overview of all parts of ISO/IEC 15408 standard. It describes the various parts of the standard; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); the evaluation context and describes the audience to which the evaluation criteria are addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.

It defines the various operations by which the functional and assurance components given in ISO/IEC 15408-2 and ISO/IEC 15408-3 may be tailored through the use of permitted operations.

The key concepts of protection profiles (PP), packages of security requirements and the topic of conformance are specified and the consequences of evaluation, evaluation results are described. This part of ISO/IEC 15408 gives guidelines for the specification of Security Targets (ST) and provides a description of the organization of components throughout the model. General information about the evaluation methodology are given in ISO/IEC 18045 and the scope of evaluation schemes is provided.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This part of ISO/IEC 15408 defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This part of ISO/IEC 15408 defines the assurance requirements of ISO/IEC 15408. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance for component Targets of Evaluation (TOEs), the composed assurance packages (CAPs) that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of Protection Profiles (PPs) and Security Targets (STs)

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This International Standard is a companion document to the "Evaluation criteria for IT security", ISO/IEC 15408. This International Standard defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408.

This International Standard does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This document gives guidelines for

— a process on privacy impact assessments, and

— a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.

This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This International Standard specifies the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. This International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). This International Standard specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level.

This International Standard specifies security requirements specified intended to maintain the security provided by a cryptographic module and compliance to this International Standard is not sufficient to ensure that a particular module is secure or that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected.

Ämnesområden: Ledningssystem; IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011:2011.

This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.