Information technology. Security techniques. Security assessment of operational systems

Information technology. Security techniques. Security assessment of operational systems

£400.00
£400.00
£200.00
Sold out

PD ISO/IEC TR 19791:2010 Information technology. Security techniques. Security assessment of operational systems

PD ISO/IEC TR is a technical report which provides guidance and criteria for the security evaluation of operational systems. It provides an extension to the scope of ISO/IEC 15408, by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required address evaluation of the operational environment surrounding the target of evaluation, and the decomposition of complex operational systems into security domains that can be separately evaluated.

PD ISO/IEC TR provides

a) a definition and model for operational systems,

b) a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such operational systems,

c) a methodology and process for performing the security evaluation of operational systems,

d) additional security evaluation criteria to address those aspects of operational systems not covered by the

ISO/IEC 15408 evaluation criteria:

PD ISO/IEC TR permits the incorporation of security products evaluated against ISO/IEC 15408 into operational systems evaluated as a whole using this Technical Report.

PD ISO/IEC TR is limited to the security evaluation of operational systems and does not consider other forms of system assessment. It does not define techniques for the identification, assessment and acceptance of operational risk.

Contents of PD ISO/IEC TR 19791:

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Structure of this Technical Report

6 Technical approach

6.1 The nature of operational systems

6.2 Establishing operational system security

6.3 Security in the operational system life cycle

6.4 Relationship to other systems

7 Extending ISO/IEC 15408 evaluation concepts to operational systems

7.1 Overview

7.2 General philosophy

7.3 Operational system assurance

7.4 Composite operational systems

7.5 Domain Assurance

7.6 Types of security controls

7.7 System security functionality

7.8 Timing of evaluation

7.9 Use of evaluated products

7.10 Documentation requirements

7.11 Testing activities

7.12 Configuration management

8 Relationship to existing security standards

8.1 Overview

8.2 Relationship to ISO/IEC 15408

8.3 Relationship to non-evaluation standards

8.4 Relationship to Common Criteria development

9 Evaluation of operational systems

9.1 Introduction

9.2 Evaluation roles and responsibilities

9.3 Risk assessment and determination of unacceptable risks

9.4 Security problem definition

9.5 Security objectives

9.6 Security requirements

9.7 The System Security Target (SST

9.8 Periodic reassessment