• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

BS ISO/IEC 19792:2009

Current
Current

The latest, up-to-date edition.

Information technology. Security techniques. Security evaluation of biometrics
Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

31-08-2009

Foreword
1 Scope
2 Conformance
3 Normative references
4 Terms and definitions
  4.1 General
  4.2 Biometric systems
  4.3 Biometric processes
  4.4 Error rates
  4.5 Statistical
5 Abbreviated terms
6 Security evaluation
  6.1 Overview
  6.2 Methodology
7 Error rates of biometric systems
  7.1 Introduction
  7.2 Concept - Testing security-relevant error rates
8 Vulnerability assessment
  8.1 Introduction
  8.2 Vulnerability assessment
  8.3 Common vulnerabilities of biometric systems
9 Privacy
  9.1 Overview
Annex A (informative) - Reference model of a biometric
                        system
Bibliography

Describes the subjects to be addressed during a security evaluation of a biometric system.

This International Standard specifies the subjects to be addressed during a security evaluation of a biometric system.

It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).

This International Standard does not aim to define any concrete methodology for the security evaluation of biometric systems but instead focuses on the principal requirements. As such, the requirements in this International Standard are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme.

This International Standard defines various areas that are important to be considered during a security evaluation of a biometric system. These areas are represented by the following clauses of this International Standard:

  • Clauses4 and 5 of this International Standard give an overview of all terms, definitions and acronyms used,

  • Clause6 introduces the overall concept for a security evaluation of a biometric system,

  • Clause7 describes statistical aspects of security-relevant error rates,

  • Clause8 deals with the vulnerability assessment of biometric systems and

  • Clause9 describes the evaluation of privacy aspects.

This International Standard is relevant to both evaluator and developer communities.

  • It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system.

  • It serves to inform developers of the requirements for biometric security evaluations to help them prepare for security evaluations.

Although this International Standard is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into existing evaluation and certification schemes.

This International Standard refers to and utilizes other biometric standards, notably those for biometric performance testing and reporting from ISO/JTC1 SC37. These standards have been adapted as necessary for the specific requirements of biometric security evaluation.

Committee
IST/33/3
DevelopmentNote
Supersedes 08/30091038 DC. (08/2009)
DocumentType
Standard
Pages
46
PublisherName
British Standards Institution
Status
Current
Supersedes

Standards Relationship
ISO/IEC 19792:2009 Identical

ISO/IEC 24713-1:2008 Information technology Biometric profiles for interoperability and data interchange Part 1: Overview of biometric systems and biometric profiles
ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
ISO/IEC 19795-1:2006 Information technology Biometric performance testing and reporting Part 1: Principles and framework
ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model

View more information
£262.00
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.