Informationsteknik, kontorsutrustning

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 5 mar 2019
Se merSe mindre
 

This document gives guidelines for:

a) information security professionals considering the purchase of cyber insurance as a risk treatment option to share cyber risks;

b) leveraging cyber insurance to assist manage the impact of a cyber incident;

c) sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber insurance policy;

d) leveraging an information security management system when sharing relevant data and information with an insurer.

This document is applicable to organizations of all types, sizes and nature as the insured and an insurer of cyber insurance.

This document covers organizations that choose to insure with a 3rd party also known as an insurer.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 11 mar 2019
Se merSe mindre
 

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

In particular, this document specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing. 

This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.

Excluding any of the requirements specified in Clause 5 of this document is not acceptable when an organization claims conformity to this document.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 17 mar 2019
Se merSe mindre
 

ISO/IEC 11770-4:2017 defines key establishment mechanisms based on weak secrets, i.e. secrets that can be readily memorized by a human, and hence, secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing offline brute-force attacks associated with the weak secret. ISO/IEC 11770-4:2017 is not applicable to the following aspects of key management:
-      life-cycle management of weak secrets, strong secrets, and established secret keys;
-      mechanisms to store, archive, delete, destroy, etc. weak secrets, strong secrets, and established secret keys.

Kommittébeteckning: SIS/TK 323 (Geodata)
Källa: CEN
Svarsdatum: den 24 mar 2019
Se merSe mindre
 

This document specifies the data structure and content of an interface that permits communication between position-providing device(s) and position-using device(s) enabling the position-using device(s) to obtain and unambiguously interpret position information and determine, based on a measure of the degree of reliability, whether the resulting position information meets the requirements of the intended use.

A standardized interface for positioning will allow the integration of reliable position information obtained from non-specific positioning technologies and will be useful in various location-focused information applications, such as surveying, navigation, intelligent transportation systems (ITS), and location-based services (LBS).

Kommittébeteckning: SIS/TK 448 (Teknik och stödsystem för personlig identifiering)
Källa: ISO
Svarsdatum: den 31 mar 2019
Se merSe mindre
 

This International standard is one of a series of standards describing the characteristics for identification cards as defined in the definitions clause and the use of such cards for international interchange.

This International standard specifies the physical characteristics of identification cards including card materials, construction, characteristics, and dimensions for four sizes of cards.

ISO/IEC 10373-1 and ISO/IEC 24789-2 specify the test procedures used to check cards against the parameters specified in this International Standard.

This International Standard specifies the requirements for card interface devices used for identification. It takes into consideration both human and machine aspects and states minimum requirements.

It is the purpose of this series of standards to provide criteria to which cards shall perform. No consideration is given within these standards to the amount of use, if any, experienced by the card prior to test. Failure to conform to specified criteria should be negotiated between the involved parties.

NOTE 1 Numeric values in the SI and/or Imperial measurement system in this International Standard may have been rounded off and therefore are consistent with, but not exactly equal to, each other. Either system may be used, but the two should not be intermixed or reconverted. The original design was made using the Imperial measurement system.

NOTE 2 Thin flexible cards are not within the scope of this international standard (see ISO/IEC 15457).