GBZ29830.1-2013 English PDFUS$474.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. GBZ29830.1-2013: Information technology -- Security technology -- A framework for IT security assurance -- Part 1: Overview and framework Status: Valid
Basic dataStandard ID: GB/Z 29830.1-2013 (GB/Z29830.1-2013)Description (Translated English): Information technology -- Security technology -- A framework for IT security assurance -- Part 1: Overview and framework Sector / Industry: National Standard Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 24,259 Adopted Standard: ISO/IEC TR 15443-1-2005, IDT Regulation (derived from): National Standards Bulletin No. 22 of 2013 Issuing agency(ies): Ministry of Health of the People's Republic of China Summary: This standard specifies the deliverables convinced of the safety function the way, according to the general life cycle model, introduced security method deliverables, contact and classification. GBZ29830.1-2013: Information technology -- Security technology -- A framework for IT security assurance -- Part 1: Overview and framework---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information technology.Security technology.A framework for IT security assurance. Part 1. Overview and framework ICS 35.040 L80 People's Republic of China national standardization of technical guidance documents Information Technology Security Technology Information Technology Security Framework Part 1. Overview and framework ITsecurityassurance-Part 1.Overviewandframework (ISO /IEC TR15443-1.2005, IDT) Posted on.2013-11-12 2014-02-01 Implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 1.1 Intention 1 1.2 ways 1 1.3 Application 1 1.4 Application 1 1.5 Restrictions 1 2 Terms and definitions 1 3 Abbreviations 5 4 concept 6 4.1 Why do we need protection? 4.2 The difference between assurance and confidence 6 4.3 What is delivery 7 4.4 Stakeholders 7 4.5 to protect the demand 8 4.6 Security Approaches to IT Security 8 4.7 Support Mode 9 4.8 Safeguards Risk Quantification and Mechanism Enhancement 9 4.9 Security Reduce security risks 9 4.10 Quantitative Protection 9 5 Choose Security 10 5.1 Security Requirements Description 10 5.2 Economic aspects 11 5.3 Organizational aspects 11 5.4 Types of protection 12 5.5 Technical aspects 12 5.6 Optimization Considerations 13 6 frame 13 6.1 Guarantee ways 13 6.2 Safeguard methods 13 6.3 Life cycle aspects 14 6.4 Correctness and Effectiveness Protection 15 6.5 Methods of Assurance 15 6.6 Portfolio Security 16 6.7 Security Assessment 17 References 18 Figure 1 Relationship between a safeguard approach and a simplified, typical life cycle phase Figure 2 Classification of Existing Safeguards Methods 16 Table 1 Examples of safeguards methods 14 ForewordGB /Z 29830 "Information Technology Security Technology Information Technology Security Framework" is divided into the following three sections. --- Part 1. Overview and framework; --- Part 2. Safeguard methods; --- Part 3. Safeguard method analysis. This section GB /Z 29830 Part 1. This section drafted in accordance with GB/T 1.1-2009 given rules. This section uses the translation method identical with ISO /IEC TR15443-1.2005 "Information Technology Security Technology Information Technology Security Barrier Framework Part 1. Overview and Framework. " This section made the following editorial changes. --- International standards 2.9 and 2.16 for repetitive content, delete transliteration 2.16. This part of the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This section mainly drafted unit. China Electronics Standardization Institute. The main drafters of this section. Luo Feng surplus, Zhang Mingtian, Wang Yanming, Chen Xing, Yang Jianjun.IntroductionThe purpose of this guidance document is that in order to obtain the confidence that a given deliverable satisfies the information security assurance it has identified, Provide a variety of security methods, and instruct information security professionals how to choose a suitable security method (or a combination of some). This one The report examines the safeguards and approaches proposed by different types of organizations, including approved standards and de facto standards. In order to achieve this goal, this guidance document consists of the following seven aspects. a) A framework model for locating existing safeguards and giving the relationship between them; b) a set of safeguards and descriptions and references to them; c) the generality and individuality of the specific safeguards approach; d) qualitative comparison of existing safeguards methods, where quantitative comparison is as possible; e) the identity of the safeguards pattern associated with the current safeguards method; f) a description of the relationship between different safeguards methods; and g) Guidance on the application, combination and perception of safeguards methods. This Guidance Document consists of three parts and deals with the ways of assurance, analysis and mutual relations as follows. Part 1. Overview and framework. Outlines some of the basic concepts, such as security, security framework, etc., and gives the method of security General description. Its purpose is to help understand Part 2 and Part 3 of this guidance document. Part 1 deals with information security Managers and other personnel, including those responsible for developing safety assurance procedures, determining the safety and security of their deliverables, participating in safety assessments Estimate or participate in other security activities personnel. Part 2. Safeguards. Describe a variety of IT security assurance methods and approaches proposed and used by different types of organizations, regardless of their They are generally accepted, de facto recognized or standard; and relate these safeguards to the security model in Part 1. weight Points are qualitative features that identify the safeguards method that has an impact on assurance and, where possible, the level of assurance. This material is for IT security Professionals help understand how to be assured during a specific life cycle of a product or service. Part 3. Analysis of safeguard methods. The security features of various security methods are analyzed. This analysis helps the agency in determining each one A way of ensuring the relative value of ways and determining ways to ensure that these approaches provide the best fit for the specific context of the operating environment Barrier results. Moreover, this analysis helps to ensure that the results of the safeguards approach are applied by the organization to achieve the level of assurance envisioned by the deliverable. this part Materials are geared toward IT security professionals who must choose how to approach and safeguard them. This guidance document analyzes some of the safeguards that may not be specific to IT security; however, in the guidance document Guidance given will be limited to IT security needs. Only provide the corresponding guidance in the field of IT security, and do not expect this guide to the general quality Management, assessment or IT compliance is instructive. Information Technology Security Technology Information Technology Security Framework Part 1. Overview and framework1 Scope1.1 Intent This part of GB /Z 29830 is intended to, in a way that enables incremental assurance of the deliverable safety functions, in accordance with the general Life cycle model, introduce the safeguards method of delivery, contact and its classification. 1.2 ways The approach adopted throughout this section is to outline some of the required bases by identifying the frameworks for the various safeguards approaches and assurance phases The concept and terminology in order to understand and apply the safeguards involved. 1.3 application Parts 2 and 3 of this guidance document, through the use of this section on the classification of safeguards, guide readers to a A given deliverable, select the appropriate safeguards and possible combinations. 1.4 areas of application This section gives guidance on the classification of safeguards, including some that are not specific to the field of information security. When necessary, This standard can be used in areas other than IT security. 1.5 restrictive This section only applies to delivery (see 4.3) and its related organizations information security issues.2 Terms and definitionsThe following terms and definitions apply to this document. NOTE In order to support the safety model in this section, the terms and definitions given are as generic as possible. The safeguard model should be applied to a wide range of safeguards This requires that specific terms can not be applied to a wide range of safeguards. In order to satisfy some of the available safeguards approaches, a large number of safeguards already exist, so defining a term for a common safeguards model is a difficult task. In addition, in the existing terms, similar terms have different definitions, and many terms are defined for some specific safeguards approach. Therefore, in order to protect the model Building a generalized language is difficult. In the face of these difficulties, in order to ensure the inherent characteristics of the safeguards framework and in order to be applicable to a large number of extensive safeguards, This instructional document has carefully given the terms and definitions. In particular, in order to maintain ISO /IEC 15408 Part 1 ~ 3 and ISO 9000 series standards Consistency, as far as possible using the relevant ISO standards. The next difficulty is how to deal with multiple definitions of the same term and how to deal with those who, due to their general notion, No definition of use. Whether these terms should be ignored or retained for reference. If these definitions were omitted, the protection of these definitions emerged during the discussion Path, the reader will be confused. The retention of terms specific to a safeguard approach would increase the complexity of the orchestration of this guidance document; therefore, Enclosed technical documents use the proper definition of terms in the correct context. In the case of multiple definitions of the same term, the first of these guidance documents List the main definitions. Alternative definitions, in parentheses and italics, apply only to the context of the reference source. ...... |
