ISO/IEC TR 15443-1:2005 农用喷雾器 构架稳定性-试验方法
标准编号:ISO/IEC TR 15443-1:2005
中文名称:农用喷雾器 构架稳定性-试验方法
英文名称:Information technology — Security techniques — A framework for IT security assurance — Part 1: Overview and framework
发布日期:2005-02
标准范围
ISO/IEC TR 15443是一份由多部分组成的3类技术报告,用于指导IT安全专业人员在指定、选择或部署安全服务、产品或环境因素(如组织或人员)时选择适当的保证方法(称为可交付成果)。目的是了解所需的保证类型和数量,以确保可交付成果满足规定的IT安全保证要求,进而满足其安全政策。ISO/IEC TR 15443-1:2005描述了安全保证的基本原理及其与其他安全概念的关系。这是为了澄清为什么需要安全保证,并消除常见的误解,例如通过增加安全机制的强度来获得更高的保证。该框架包括保证类型的分类和通用生命周期模型,以确定可交付成果生命周期相关的适当保证类型。该模型还演示了在可交付成果的整个生命周期中必须如何管理安全保障,要求多个保障机构在与其组织相关的生命周期阶段做出保障决策(即:。e、 开发者、标准、消费者)。该框架的开发具有足够的通用性,可以适应不同的保证类型,并映射到任何生命周期方法中,从而不需要指定任何特定的设计。高级安全保证概念,如组合安全保证方法,将在ISO/IEC TR 15443的后续部分中简要介绍。ISO/IEC TR 15443的目标是IT安全经理和其他安全专业人员,他们负责制定安全保证计划,将安全设计为可交付成果,确定其可交付成果的安全保证,进入保证评估审计(e。g、 ISO 9000、SSE-CMM(ISO/IEC 21827)、ISO/IEC 15408-3)或其他保证活动。
ISO/IEC TR 15443 is a multi-part type 3 Technical Report to guide the IT security professional in the selection of an appropriate assurance method when specifying, selecting, or deploying a security service, product, or environmental factor such as an organization or personnel (known as a deliverable). The aim is to understand the assurance type and amount required to achieve confidence that the deliverable satisfies the stated IT security assurance requirements and consequently its security policy.ISO/IEC TR 15443-1:2005 describes the fundamentals of security assurance and its relation to other security concepts. This is to clarify why security assurance is required and dispel common misconceptions such as that increased assurance is gained by increasing the strength of a security mechanism. The framework includes a categorization of assurance types and a generic lifecycle model to identify the appropriate assurance types required for the deliverable with respect to the deliverable's lifecycle. The model also demonstrates how security assurance must be managed throughout the deliverable's lifecycle requiring assurance decisions to be made by several assurance authorities for the lifecycle stage relevant to their organization (i.e. developer, standards, consumer). The framework has been developed to be general enough to accommodate different assurance types and map into any lifecycle approach so as not to dictate any particular design. Advanced security assurance concepts, such as combining security assurance methods, are addressed briefly as they are to be addressed in later parts of ISO/IEC TR 15443.ISO/IEC TR 15443 targets IT security managers and other security professionals responsible for developing a security assurance program, engineering security into a deliverable, determining the security assurance of their deliverable, entering an assurance assessment audit (e.g. ISO 9000, SSE-CMM (ISO/IEC 21827), ISO/IEC 15408-3), or other assurance activities.
标准预览图
