1 / 20

ISO turbehalduse standardid

ISO turbehalduse standardid. Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös). ISO/IEC JTC1. (EU: CEN/CENELEC). www.iso.org ISO & IEC Joint Technical Committee on IT standardization. JTC1 allkomiteed:. JTC 1/SC 2 Coded character sets

davis-middleton
Download Presentation

ISO turbehalduse standardid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISO turbehalduse standardid Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös)

  2. ISO/IEC JTC1 (EU: CEN/CENELEC) • www.iso.org • ISO & IEC Joint Technical Committee on IT standardization

  3. JTC1 allkomiteed: • JTC 1/SC 2 Coded character sets • JTC 1/SC 6 Telecommunications and information exchange between systems • JTC 1/SC 7 Software and system engineering • JTC 1/SC 17 Cards and personal identification • JTC 1/SC 22 Programming languages, their environments and system software interfaces • JTC 1/SC 23 Digital storage media for information interchange • JTC 1/SC 24 Computer graphics, image processing and environmental data representation • JTC 1/SC 25 Interconnection of information technology equipment

  4. JTC1 allkomiteed: • JTC 1/SC 27 IT Security techniques • JTC 1/SC 28 Office equipment • JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information • JTC 1/SC 31 Automatic identification and data capture techniques • JTC 1/SC 32 Data management and interchange • JTC 1/SC 34 Document description and processing languages • JTC 1/SC 35 User interfaces • JTC 1/SC 36 Information technology for learning, education and training • JTC 1/SC 37 Biometrics

  5. SC27 IT Security techniques • Secretariat: DIN • Secretary: Ms. Krystyna Passia • Chair: Dr. Marijke De Soete (Germany) • Number of published ISO standards under the direct responsibility of the JTC 1/SC 27 Secretariat: 59 • Participating countries: 31 • Observer countries: 11

  6. SC27 töögrupid: • JTC 1/SC 27/WG 1 Requirements, security services and guidelines (BSI - UK) • JTC 1/SC 27/WG 2 Security techniques and mechanisms (IBN - Belgia) • JTC 1/SC 27/WG 3 Security evaluation criteria (SIS - Rootsi)

  7. Turbehaldus:oli ISO/IEC 13335 - GMITS • Guidelines for the Management on IT Security, • Part 1: Concepts and Models for IT Security, • Part 2: Managing and Planning IT Security, • Part 3: Techniques for the Management of IT Security, • Part 4: Selection of Safeguards, and • Part 5: Management Guidance on Network Security. • Kõik need on ka EVS-d ja eestikeelsed • “Infoturbe baaskursus”

  8. Määratlused • 3.10 infoturve: kõik konfidentsiaalsuse, tervikluse, käideldavuse, jälitatavuse, autentsuse ja töökindluse määratlemise, saavutamise ja säilitamisega seotud aspektid.

  9. Turvamudel

  10. Relationships in Risk Management

  11. Infoturbe haldus kui protsess

  12. Siis tuli BS 7799…. • ISO/IEC 17799:2000 Code of Practice for Information Security Management • Otsus: EI TULE SERTIFITSEERIMSISKEEMI • Uus 13335: Management of Information and Communication Technology Security • Part 1: Concepts and models for information and communication technology security management • Part 2: Techniques for the information security risk management • ISO/IEC 17799:2005 – oluliselt töödeldud • FCD 24743 ISMS Specification -

  13. Information Security Road Map

  14. Terminology • SD6 Glossary of IT Security terminology • ISO Guide 73 • Oleks vaja: Definitions of terms in ISM

  15. Principles • Ei mingeid

  16. Framework • 13335-1*… • Oleks vaja: Information Security Management Framework

  17. Element Standards • ISMS requirements • 13335-2*

  18. Application Guides • Ei ole, aga kasutatakse… • ISO 19011 Auditing • Financial ISMS Guide (TC68, ISO 13569) • Telecom ISMS Guide (ITU) • Health Care ISMS Guide (?)

  19. Toolboxes and Techniques • ISO/IEC 15947 IT Intrusion Detection Framework • ISO/IEC 18028 IT Network Security • ISO/IEC 18044 Information Security Incident Management • ISO/IEC TR 14516 Guidelines on the use and management of trusted Third Party services • ISO/IEC 21827 Systems Security Engineering – Capability Maturity Model (SSE-CMM)…

  20. Uus initsiatiiv: ISO/IEC 27000 • 27000 – framework (13335-1* ??) • 27001- Information Security Management Systems – Requirements (24743 + ??) • 27002 – “Best Practice” (17799:2005…??) • 27003 – ISMS implementation Guidance – 13335-4,13335-2*…??) • 27004 • 27005 – Security Risk Management (13335-2*) Täpsustub novembris 2005 !

More Related