已阅读5页,还剩34页未读, 继续免费阅读
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1 iso iec17799thenewinternationalstandardforinformationsecuritymanagement carolinehamiltonriskwatch inc withassistancefrom mikenash gammasecuresystemsltdcamberley unitedkingdom 2 importanceofstandards examplesfromamerica spastincluderailroadtracksshoesizing 3 foundingofnist 1901 atthattime theunitedstateshadfew ifany authoritativenationalstandardsforanyquantitiesorproducts whatithadwasapatchworkoflocallyandregionallyappliedstandards oftenarbitrary thatwereasourceofconfusionincommerce itwasdifficultforamericanstoconductfairtransactionsorgetpartstofittogetherproperly constructionmaterialswereofunevenquality andhouseholdproductswereunreliable fewamericansworkedasscientists becausemostscientificworkwasbasedoverseas 4 thebaltimorefireof1904 theneedforstandardswasdramatizedin1904 whenmorethan1 500buildingsburneddowninbaltimore md becauseofalackofstandardfire hosecouplings whenfirefightersfromwashingtonandasfarawayasnewyorkarrivedtohelpdousethefire fewoftheirhosesfitthehydrants nisthadcollectedmorethan600sizesandvariationsinfire hosecouplingsinapreviousinvestigationand afterthebaltimorefire participatedintheselectionofanationalstandard 5 competingstandards us government niststandardsbs7799 iso iec17799standard 6 internationalstandards internationalstandardsininformationsecurityaredevelopedbysecuritytechniquescommitteeiso iecjtc1sc27threeareaswg1 securitymanagementwg2 securityalgorithms techniqueswg3 securityassessment evaluationincludesresponsibilityforiso iec17799 bs7799 themaintopicfortoday 7 history sc27formedin1990replacedpreviousiso iecsecuritycommitteewhichwasfailingtomakeprogressscopeexcludedstandardisationofalgorithms nowrelaxed 8 membership membersofsc27arenationalstandardsbodiesparticipatingorobservingalsoliaisonsfromotherstandardsmakingbodiesorcommitteesworkinggroupsarecomposedofexpertsnominatedbynationalbodiesupto200participatingexperts 9 participatingmembers saiaustraliaibnbelgiumabntbrazilscccanadacsbts cesichinacsniczechrepdsdenmarksfsfinlandafnorfrancedingermanymszthungarybisindiauninfoitalyjiscjapan katskorea repofdsmmalaysianennetherlandsnts itnorwaypknpolandgostrrussianfedsabssouthafricaaenorspainsisswedensnvswitzerlandbsiukdstuukraineansiusa 10 adoptionofnewstandard australia newzealandas nzsiso iec17799 2000theprimaryinformationsecuritystandardinaustraliawasas4444 andinnewzealandwasnzs4444 thesehavebeenreplacedwithanewinternationalstandard 17799 seestandardsaustraliaonlineat au 11 observers asroromaniadsnindonesiaevsestoniaipqportugaliramargentinansaiireland onaustriapsbsingaporesiiisraelsnznewzealandsutnslovakiaszsyugoslavia 12 wg2securitytechniques thereareinternationalstandardsfor encryption wd18033 modesofoperation is8372 messageauthenticationcodes is9797 entityauthentication is9798 non repudiationtechniques is13888 digitalsignatures is9796 is14888 hashfunctions is10118 keymanagement is11770 ellipticcurvecryptography wd15946 timestampingservices wd18014 13 otherstandards usgovernmentstandardsdataencryptionstandard des fips46 advancedencryptionstandard aes fips197 fips federalinformationprocessingstandard proprietarystandardse g rsa therivestshamiradlemanalgorithm 14 wg3securityevaluation thirdpartyevaluationcriteriaforanindependentbodytoformanimpartialandrepeatableassessmentofthepresence correctnessandeffectivenessofsecurityfunctionality commoncriteria cc is15408 15 commoncriteria producedbyaconsortiumofgovernmentbodiesinnorthamerica europeanunionmainlynationalsecurityagenciesinfluencedbyinternationalstandardisationcommitteeadoptedasinternationalstandard15408adoptedandrecognisedbyothermajorgovernmentsalleu australia japan russiareplaces orangebook us anditsec eu 16 contentofcc part1 introductionandgeneralmodelpart2 functionalcomponentspart3 assurancecomponentsrelatedstandards protectionprofileregistrationprocedures is15292 frameworkforassurance wd15443 guideonproductionofprotectionprofiles wd15446 securityevaluationmethodology wd18045 17 relevanceofcc thecommoncriteriaanditspredecessors orangebook itsec raisedthelevelandreliabilityofsecurityfunctionalityfoundinstandardproductsoperatingsystems databases firewallsimportantformajorproductvendorsimportantforhigh riskgovernmentsystemsimportantforsmartcardsirrelevanttoeveryoneelse 18 why commoncriteriaiscomplexevaluationiscomplexandtimeconsuminglimitednumberofapprovedevaluationfacilitiesexpensiveinflexiblemoneyisusuallybetterspentimprovingsecurity 19 wg1securitymanagement twokeystandards guidelinesforinformationsecuritymanagement gmits tr13335 codeofpracticeforinformationsecuritymanagement is17799 otherstandards guidelinesontheuseandmanagementoftrustedthirdparties tr14516 guidelinesforimplementation operationandmanagementofintrusiondetectionsystems wd18043 guidelinesforsecurityincidentmanagement wd18044 20 gmitsand17799 gmitsdevelopedbyiso iecjtc1sc27 standardscommittee is17799is almost identicaltobs7799 1bs7799 1wasthemostwidelypurchasedsecuritystandardworldwideofficially nooverlapthisisrubbishgmitsisdyingscopeisitsecurity notinformationsecurityonlyatr technicalreport editorsofgmitsaremovingtoworkon17799 21 iso iec17799andbs7799 2 is17799isacatalogueofgoodthingstodobs7799part2isaspecificationforanisms informationsecuritymanagementsystem ismscompliancecanbeindependentlyassessed 22 whatisanisms 23 iso iec17799layout 10majorheadings36objectives127majorcontrolsseveralthousandpiecesofguidance 24 the10majorheadings securitypolicysecurityorganisationassetclassificationandcontrolpersonnelsecurityphysicalandenvironmentalsecuritycommsandoperationalmanagementaccesscontrolsystemsdevelopmentandmaintenancebusinesscontinuitymanagementcompliance 25 securityobjectives securitypolicysecurityorganisationassetclassificationandcontrolpersonnelsecurityphysicalandenvironmentalsecuritycommsandoperationalmanagementaccesscontrolsystemsdevelopmentandmaintenancebusinesscontinuitymanagementcompliance secureareasequipmentsecuritygeneralcontrols 26 securitycontrols securitypolicysecurityorganisationassetclassificationandcontrolpersonnelsecurityphysicalandenvironmentalsecuritycommsandoperationalmanagementaccesscontrolsystemsdevelopmentandmaintenancebusinesscontinuitymanagementcompliance secureareasequipmentsecuritygeneralcontrols sitingpowersuppliescablingmaintenanceoff premisesdisposal reuse 27 iso iec17799 astandardforinformationsecuritymanagementverywideacceptancebasedonbritishstandardbs7799replacedpart1ofbs7799part2ofbs7799stillexistsandiscurrentpart2describeshowtobuildandassessasecuritymanagementsystemnationalequivalentstobs7799 2existinmostdevelopedcountriesexceptnorthamerica 28 bs7799 2 ismsrequirementsscopesecuritypolicyriskassessmentstatementofapplicabilitydevelop maintainismsdocumentationiso iec17799controls inimperativeformat 29 complyingwithbs7799 2 securitypolicyriskassessmentstatementofapplicabilitymanagementsystem 30 securitypolicy scopeconfidentialityintegrityavailabilityaccountabilityassetsriskassessmentregulatory legal 31 riskassessment asset vulnerability threat risk 32 statementofapplicability identifiesactualsecuritycontrolsmustconsiderall7799 2listedcontrolsincludeorexcludewithjustificationselectapplicablecontrolsbybusinessandriskanalysis 33 34 35 securitymanagement themeansbywhichmanagementmonitorsandcontrolssecurityrequiresregularchecksthat controlsarestillinplaceandeffectiveresidualrisksarestillacceptableassumptionsaboutthreatsetc remainvalid 36 revisionofis17799
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 孝感桥墩施工方案(3篇)
- 娱乐直播活动策划方案案例(3篇)
- 室外猜灯谜活动方案策划(3篇)
- 618活动策划方案目的(3篇)
- 名校教师考试题库及答案
- 北京市昌平区2024-2025学年八年级下学期期末考试道德与法制题目及答案
- 安徽省六安市舒城县2023-2024学年高一下学期期末考试地理考试题目及答案
- 感知艺术:初中美术欣赏与实践活动教案
- 定制家居产品销售及安装合同
- 叙事作文小小推销员250字(8篇)
- 2024年中国人寿:养老险总公司招聘笔试参考题库含答案解析
- 知识产权风险预警项目分析报告
- 南城一中高三年级工作计划
- 企业重组改变组织结构以提高效率
- 污水处理设施运维服务投标方案(技术标)
- 围术期高钾血症的识别与救治
- 微信点餐系统小程序的设计与实现
- 行业标准项目建议书
- 订单评审表-模板
- 夏米尔350Pedm火花机快速入门操作
- 人教新版高中物理必修说课实验练习使用多用电表
评论
0/150
提交评论