1 / 7

Security SIG in MTS 02 nd October 2013 Progress Report

Security SIG in MTS 02 nd October 2013 Progress Report. Fraunhofer FOKUS. Agenda SIG #8. P articipants : Jürgen Großmann , Ari Takanen, D ieter Hogrefe , Emmanuelle. Chaulot-Talmon , Ian Bryant, Jorge Cuellar, Milan Zoric Review / discussion APs and WI status

imogene-phelps
Download Presentation

Security SIG in MTS 02 nd October 2013 Progress Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security SIG in MTS02nd October2013Progress Report Fraunhofer FOKUS

  2. Agenda SIG#8 • Participants: Jürgen Großmann, Ari Takanen, DieterHogrefe, Emmanuelle. Chaulot-Talmon, Ian Bryant, Jorge Cuellar, Milan Zoric • Review/discussion APs and WI status • Security Testing Terminology and Concepts • Case Study Experiences • Design Guide & Security Testing Methodologies • Schedule

  3. APs (from SIG#7) • Jürgen/Peter: complete Diamonds case study input • Ari/Peter: Invite E2NA and CTI to review Terminology & Concepts (after stable draft) • Ian/Scott: provide stable draft for September • MTS: request formal liaison with ISO SC27/WG3&4

  4. Security Testing Terminology • DTS/MTS-101583 SecTest_Terms in v0.4 • Ari invited E2NA and CTI to comment on the last version • Comments are available from Milan Zoric • Comments are available from Conformiq • Main remaining issues • MTS has to decide whether document shall be TS/TR (CTI proposes TR) • Alignment with other SIG WI -> AP: WI authors should provide major terms from their documents (until mid of October) • Imbalance between sections need to be resolved • References to ETSI performance testing documents necessary even if they do not tackle with security?

  5. Cases Study Experiences • DTS/MTS-101582 SecTest_casesin v0.3 • Stable draft with 6 cases studies • 4 case studies from DIAMONDS (banknote processing, banking, automotive, radio protocols) • 2 case studies from SPACIOS (eHealth, document server) • Main remaining issues • Minor editorial issues -> AP JGR check with EMM • Alignment with other Wis-> AP JGR/JCU provide list of terms from the case studies (until mid of October) • Start remote consensus -> AP JGR/EMM after 1 is finished Security SIG in MTS, 4-5 October 2011

  6. Design Guide & Security Testing M. • Document status • Work plan for WI has been provided by Ian • Draft with lots of notes, needs to be compiled in a draft document but only sparse progress • Support offer from Ari and Jürgen (input from RASEN/DIAMONDS project) • Resolution • Speedup the progress is main goal • Proposal to MTS: Split document in two WIs • WI: Verification and Validation Life Cycle part (Sections 1-5 and Annexes A, B from original document), Resp: IBR • WI: Security Testing Methodologies (Section 6 with methodologies for risk based security testing based on standards like ISO 31000 and IEEE 829/29119), Resp: JGR • AP JGR/IBR establish work plan and initial contribution until next Security SIG meeting • AP JGR/IBR provide list of terms from the case studies (until mid of October) Security SIG in MTS, 4-5 October 2011

  7. Schedule • Next versionofDTS/MTS-101583 SecTest_Terms to be delivered for January MTS • Next version of DTS/MTS-101582 SecTest_Cases to be provided for RC in October • Work plan and initial version of • WI: Verification and Validation Life Cycle part (Sections 1-5 and Annexes A, B from original document), Resp: IBR • WI: Security Testing Methodologies (Section 6 with methodologies for risk based security testing based on standards like ISO 31000 and IEEE 829/29119), Resp: JGR to be provided until next MTS Security SIG • Next MTS Security SIG November 5th

More Related