Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.

Published byCruz Henthorn Modified over 9 years ago

Similar presentations

Presentation on theme: "ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04."— Presentation transcript:

1 ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04

2 Situation today (Nov 2008) ISA 99 is a multipart standard to be aligned with IEC 62443 parts 99.01.01: Terminology, Concepts and Models: Published 99.02.01: Framework for a Security Program: In ballot 99.02.02: Guideline for Operating a Security Program: Not started 99.03.01: Target System Security Levels: Work-in-progress 99.03.02: System Security Compliance Metrics: Work-in-progress 99.03.03: Protection of Data at Rest: Work-in-progress Derived requirements (99.03.0x) are prescriptive, requiring Traceability to the 7 foundational requirements in 99.01.01 Supporting rationale with use cases Security assurance metrics Technical Requirements work-in-progress task teams Foundational requirements Zones, conduits and security levels Derived requirements 13 November 20082ISA99WG04

3 Maturity assessment Foundational Requirements Zones, Conduits and Security Levels Derived Requirements Team LeaderFreemon JohnsonRahul BhojaniKevin Staggs (Interim) Status of team composition Team in place Very weak participation Team in place Barely acceptable participation Very weak participation Status of work-in- progress Mapping to NIST 800 complete Need to document as an ISA TR Active discussion via weekly LiveMeetings/TELECONs Focus on Protection of Data at Rest Structure of release series in debate Prognosis for publication Ready for community review by end of 2008 Probably ready for by the end of 2009 99.03.03 ready by the end of 2009 Crystal ball projection for the rest - 2013 at best Long pole in the tentNone Security Metrics Use Cases Security Assurance Levels Security Metrics Allocation to subsystems & components Use Cases Security Metrics 13 November 20083ISA99WG04

4 Timely publication best serves our community Part TitleScope and Purpose Primary UsersExpected Publication Date Technical Requirements: Target Security Levels Use NIST 800-53 mapping to establish target security levels Includes high-level description of domains including their zones and conduits Asset owner Security system architect System integrator System providers including 3 rd party outsources Mid 2009 13 Nov 2008: ready for ballot? Technical Requirements: System Security Compliance Metrics Defines measurable compliance metrics that are context specific Asset owner Security system architect System integrator ISA Compliance Institute System providers including 3 rd party outsources Late 2009 Technical Requirements: Allocation to Subsystems and Components Normative specification of security requirements including rationale and supporting use cases based on example reference models Includes detailed description of domains including their zones and conduits Asset owner Security system architect System integrator ISA Compliance Institute System, subsystem and component providers including 3 rd party outsources 99.03.03: Late 2009 99.03.0x: ???? 13 November 20084ISA99WG04

5 In summary Accelerate publication of technical requirements ISA-DS99.03.01 “Target Security Levels” With editorial changes, is it ready to ballot? Use formal review processes and procedures of ISA and IEC in parallel Use agreed-to ISA/IEC document template Ballot resolution team address comments received from both balloting bodies Charlie Robinson will coordinate ISA & IEC (via Tom Phinney) balloting Lessons learned feed-forward to next publication in the series 13 November 20085ISA99WG04

Download ppt "ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
2 3 Global Foundation Services Security Global Delivery Sustainability Infrastructure.

2 3 Global Foundation Services Security Global Delivery Sustainability Infrastructure.
Program Management Office (PMO) Design

Program Management Office (PMO) Design
High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.

High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
S&I Framework Laboratory Initiatives Update June 6, 2013.

S&I Framework Laboratory Initiatives Update June 6, 2013.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
ISO 9001:2015 Just around the corner ASQ Ottawa Chapter – June 30, 2015.

ISO 9001:2015 Just around the corner ASQ Ottawa Chapter – June 30, 2015.
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.

COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
NESCC Meeting March 28, 2013 1. Topics Accomplishments Since Last Meeting Program Management for NESCC Support to the NESCC Sponsor Committee Review and.

NESCC Meeting March 28, Topics Accomplishments Since Last Meeting Program Management for NESCC Support to the NESCC Sponsor Committee Review and.
EOSC Generic Application Security Framework

EOSC Generic Application Security Framework
Service Organization Control (SOC) Reporting Options and Information

Service Organization Control (SOC) Reporting Options and Information
COMPANY CONFIDENTIAL Page 1 Final Findings Briefing Client ABC Ltd CMMI (SW) – Ver 1.2 Staged Representation Conducted by: QAI India SM - CMMI is a service.

COMPANY CONFIDENTIAL Page 1 Final Findings Briefing Client ABC Ltd CMMI (SW) – Ver 1.2 Staged Representation Conducted by: QAI India SM - CMMI is a service.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.
Test Organization and Management

Test Organization and Management
(ISC)2 SecureLondon 2009, London, United Kingdom This information is not intended, and should not be construed, as an offer to sell, or as a solicitation.

(ISC)2 SecureLondon 2009, London, United Kingdom This information is not intended, and should not be construed, as an offer to sell, or as a solicitation.
Copyright © 2009 NDIA PMSC Robert Loop August 2009 NDIA PMSC Guides Working Group Status.

Copyright © 2009 NDIA PMSC Robert Loop August 2009 NDIA PMSC Guides Working Group Status.

Similar presentations

Ads by Google