Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISO turbehalduse standardid Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös)

Published byAmber Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "ISO turbehalduse standardid Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös)"— Presentation transcript:

1 ISO turbehalduse standardid Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös)

2 ISO/IEC JTC1 www.iso.org ISO & IEC Joint Technical Committee on IT standardization (EU: CEN/CENELEC)

3 JTC1 allkomiteed: JTC 1/SC 2 Coded character sets JTC 1/SC 6 Telecommunications and information exchange between systems JTC 1/SC 7 Software and system engineering JTC 1/SC 17 Cards and personal identification JTC 1/SC 22 Programming languages, their environments and system software interfaces JTC 1/SC 23 Digital storage media for information interchange JTC 1/SC 24 Computer graphics, image processing and environmental data representation JTC 1/SC 25 Interconnection of information technology equipment

4 JTC1 allkomiteed: JTC 1/SC 27 IT Security techniques JTC 1/SC 28 Office equipment JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information JTC 1/SC 31 Automatic identification and data capture techniques JTC 1/SC 32 Data management and interchange JTC 1/SC 34 Document description and processing languages JTC 1/SC 35 User interfaces JTC 1/SC 36 Information technology for learning, education and training JTC 1/SC 37 Biometrics

5 SC27 IT Security techniques Secretariat: DIN Secretary: Ms. Krystyna Passia Chair: Dr. Marijke De Soete (Germany) Number of published ISO standards under the direct responsibility of the JTC 1/SC 27 Secretariat: 59 Participating countries: 31 Observer countries: 11

6 SC27 töögrupid: JTC 1/SC 27/WG 1 Requirements, security services and guidelines (BSI - UK) JTC 1/SC 27/WG 2 Security techniques and mechanisms (IBN - Belgia) JTC 1/SC 27/WG 3 Security evaluation criteria (SIS - Rootsi)

7 Turbehaldus: oli ISO/IEC 13335 - GMITS Guidelines for the Management on IT Security, Part 1: Concepts and Models for IT Security, Part 2: Managing and Planning IT Security, Part 3: Techniques for the Management of IT Security, Part 4: Selection of Safeguards, and Part 5: Management Guidance on Network Security. Kõik need on ka EVS-d ja eestikeelsed “Infoturbe baaskursus”

8 Määratlused 3.10 infoturve: kõik konfidentsiaalsuse, tervikluse, käideldavuse, jälitatavuse, autentsuse ja töökindluse määratlemise, saavutamise ja säilitamisega seotud aspektid.

9 Turvamudel

10 Relationships in Risk Management

11 Infoturbe haldus kui protsess

12 Siis tuli BS 7799…. ISO/IEC 17799:2000 Code of Practice for Information Security Management Otsus: EI TULE SERTIFITSEERIMSISKEEMI Uus 13335: Management of Information and Communication Technology Security Part 1: Concepts and models for information and communication technology security management Part 2: Techniques for the information security risk management ISO/IEC 17799:2005 – oluliselt töödeldud FCD 24743 ISMS Specification -

13 Information Security Road Map

14 Terminology SD6 Glossary of IT Security terminology ISO Guide 73 Oleks vaja: Definitions of terms in ISM

15 Principles Ei mingeid

16 Framework 13335-1*… Oleks vaja: Information Security Management Framework

17 Element Standards ISMS requirements 13335-2*

18 Application Guides Ei ole, aga kasutatakse… ISO 19011 Auditing Financial ISMS Guide (TC68, ISO 13569) Telecom ISMS Guide (ITU) Health Care ISMS Guide (?)

19 Toolboxes and Techniques ISO/IEC 15947 IT Intrusion Detection Framework ISO/IEC 18028 IT Network Security ISO/IEC 18044 Information Security Incident Management ISO/IEC TR 14516 Guidelines on the use and management of trusted Third Party services ISO/IEC 21827 Systems Security Engineering – Capability Maturity Model (SSE-CMM)…

20 Uus initsiatiiv: ISO/IEC 27000 27000 – framework (13335-1* ??) 27001- Information Security Management Systems – Requirements (24743 + ??) 27002 – “Best Practice” (17799:2005…??) 27003 – ISMS implementation Guidance – 13335-4,13335-2*…??) 27004 27005 – Security Risk Management (13335-2*) Täpsustub novembris 2005 !

Download ppt "ISO turbehalduse standardid Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös)"

Similar presentations

Security standardization for Health Informatics ITU-T eHealth conference Geneva 2003-05-23 Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.

Security standardization for Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
SIGAda2001© 2001, The MITRE Corporation. Permission is granted to reproduce without modification.James W. Moore - 1 ISO/IEC Standardization James W. Moore.

SIGAda2001© 2001, The MITRE Corporation. Permission is granted to reproduce without modification.James W. Moore - 1 ISO/IEC Standardization James W. Moore.
JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.

JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.
Overview of WG8 and ITS Transit Standards

Overview of WG8 and ITS Transit Standards
© 2012 Security Compass inc. 1 Application Security ISO Tak Chijiiwa, CISSP, CSSLP Principal Consultant, Security Compass Copyright 2012.

© 2012 Security Compass inc. 1 Application Security ISO Tak Chijiiwa, CISSP, CSSLP Principal Consultant, Security Compass Copyright 2012.
JTC1 Structure - Australian Engagement (For further information regarding each Sub-committees/working groups, please click on their icon) SCsSCs WGsWGs.

JTC1 Structure - Australian Engagement (For further information regarding each Sub-committees/working groups, please click on their icon) SCsSCs WGsWGs.
ISO/IEC JTC1 SC37 Overview

ISO/IEC JTC1 SC37 Overview
26.10.2004 Walter siemens.com SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives.

Walter siemens.com SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
GSC16-OBS-03 ITU-T GSC – 16 Observer Presentation Karen Higginbottom, JTC 1 Chair.

GSC16-OBS-03 ITU-T GSC – 16 Observer Presentation Karen Higginbottom, JTC 1 Chair.
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
ISO/TC 176 Quality Management Standards “Meet the Family” Presented by David Zimmerman Project Manager Project Manager ISO/TC 176 Secretariat.

ISO/TC 176 Quality Management Standards “Meet the Family” Presented by David Zimmerman Project Manager Project Manager ISO/TC 176 Secretariat.
ELECTROTECHNICAL DIVISION COUNCIL (ETDC) BUREAU OF INDIAN STANDARDS MANAK BHAWAN, 9 BAHADURSHAH ZAFAR MARG NEW DELHI 110002 STANDARDIZATION ACTIVITIES.

ELECTROTECHNICAL DIVISION COUNCIL (ETDC) BUREAU OF INDIAN STANDARDS MANAK BHAWAN, 9 BAHADURSHAH ZAFAR MARG NEW DELHI STANDARDIZATION ACTIVITIES.
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
1 Standards Australia and accessibility standards Irene Hagstrom Standards Australia.

1 Standards Australia and accessibility standards Irene Hagstrom Standards Australia.
32 nd Session of SIO Thessaloniki Milovan Misic Tuesday, September 26, 2006 Standards for digital archives and electronic records management.

32 nd Session of SIO Thessaloniki Milovan Misic Tuesday, September 26, 2006 Standards for digital archives and electronic records management.
Gurpreet Dhillon Virginia Commonwealth University

Gurpreet Dhillon Virginia Commonwealth University

Similar presentations

Ads by Google