Standardization in information security management
- PDF / 69,892 Bytes
- 4 Pages / 595.276 x 793.701 pts Page_size
- 45 Downloads / 201 Views
BRIEF NOTES STANDARDIZATION IN INFORMATION SECURITY MANAGEMENT UDC 681.3
A. M. Fal’
Abstract. The paper describes the state of the art in the standardization in information security management. The requirements to the standards being developed, the types of standards, and the principles to adhere to are discussed. The study is based on the documents adopted within the subcommittee 27 “IT Security techniques” of the joint technical committee ISO/IEC JTC 1 “Information technology”. Keywords: information security, model of management systems, standard, risk management, guidelines, process model. INTRODUCTION The paper [1] describes asymmetric cryptographic algorithms used in modern systems of electronic document management and emphasizes the importance of developing and implementing standards concerning information security. A. I. Kochubinskii, a co-author of [1], is a founder of the national standard on digital signature [2]. The present paper describes the state of the art in the standardization in information security management, which is one of the major fields in information protection. To develop standards on security of information technologies, the subcommittee SC27 Security Techniques was founded within the framework of the joint technical committee ISO/IEC JTC 1 Information Technology. Ukrainian experts take part in developing such standards, and Ukraine, as an active member of the subcommittee, is obliged to vote on projects of standards. A wide range of issues in information security considered by experts participating in SC27 is distributed among five working groups that constitute the subcommittee. Each group is responsible for a specific field. The first working group (WG1) Information Security Management Systems develops standards and guidelines on creating information security management systems (ISMSs). The second working group (WG2) Cryptography and Security Mechanisms is focused on the standardization of methods and mechanisms to provide security of information technologies. The third working group (WG3) Security Evaluation Criteria develops standards to evaluate the security and certify information systems and their components. The fourth working group (WG4) Security Controls and Services develops and supports standards and guidelines concerning services and applications that promote information protection measures defined in ISO/IEC 27001, 27002 standards. The fifth working group (WG5) Identity Management and Privacy Technologies develops standards and guidelines concerning the management of identification data, biometrics, and personal data (privacy) protection. The working groups follow the principles and rules adopted in the ISO and IEC. In particular, they should develop road maps and revise them each six months. In what follows, we will dwell on the contents of the road map adopted in WG1 in May 2009. The purpose of a road map is the following: (a) exact identification of the standards concerning WG 1, both already published and being developed or prepared to be developed; (b) description
Data Loading...
