PD ISO/IEC TR 15443-3:2007
Current
The latest, up-to-date edition.
Information technology. Security techniques. A framework for IT security assurance Analysis of assurance methods
01-31-2008
Foreword
Introduction
1 Scope
1.1 Purpose
1.2 Application
1.3 Field of Application
1.4 Limitations
2 Terms and definitions
3 Abbreviated terms
4 Understanding Assurance
4.1 Setting the assurance goal
4.2 Applying assurance methods
4.3 Assessing assurance results
4.4 Example
5 Comparing, selecting and composing assurance
5.1 Selecting the assurance approach
5.2 Composing assurance methods
5.3 Comparing assurance methods
5.4 Focus on assurance properties
6 Guidance
6.1 Developmental Assurance (DA)
6.2 Integration Assurance (IA)
6.3 Operational Assurance (OA)
Annex A - Tabular comparisons
A.1 Methods and their target groups
A.2 Available Assurance Methods
Annex B - Assurance properties of selected methods
B.1 ISO/IEC 15408
B.2 ISO/IEC 19790
B.3 ISO/IEC 21827
B.4 ISO/IEC 13335
B.5 ISO/IEC 27001 and ISO/IEC 27002
B.6 IT Baseline Protection Manual
B.7 COBIT
B.8 ISO 9000
Annex C - Composition of assurance methods
C.1 ISO/IEC 15408 + IT Baseline Protection Manual
C.2 ISO/IEC 27002 + IT Baseline Protection
C.3 ISO/IEC 27001 and ISO/IEC 27002
C.4 ISO/IEC 27002 + ISO 9000
C.5 COBIT + IT Baseline Protection
Annex D - Case Studies
D.1 A chip-card manufacturer's assurance composition strategy
D.2 A service provider assures the upgrade of business processes
Annex E - Determination of the assurance goal
E.1 Risk Assessment
E.2 Risk Management
E.3 Security Model
E.4 Organizational security policy
E.5 Applicable Assurance goal
E.6 Security Measures
E.7 Example: ISO/IEC 15408
Bibliography
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.