GBZ29830.2-2013 English PDFUS$974.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. GBZ29830.2-2013: Information technology -- Security technology -- A framework for IT security assurance -- Part 2: Assurance methods Status: Valid
Basic dataStandard ID: GB/Z 29830.2-2013 (GB/Z29830.2-2013)Description (Translated English): Information technology -- Security technology -- A framework for IT security assurance -- Part 2: Assurance methods Sector / Industry: National Standard Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 49,421 Quoted Standard: ISO 9000; ISO 9001; ISO/IEC 12207; ISO/IEC 13335-1; ISO/IEC 13335-2; ISO/IEC 13335-3; ISO/IEC 13335-4; ISO/IEC 13335-5; ISO/IEC 14598 -1; ISO/IEC 15939; ISO/IEC 15288; ISO/IEC 15408-1; ISO/IEC 15408-2; ISO/IEC 15408-3; ISO/IEC 15504-1; ISO/IEC 15504-2; IS Adopted Standard: ISO/IEC TR 15443-2-2005, IDT Regulation (derived from): National Standards Bulletin No. 22 of 2013 Issuing agency(ies): Ministry of Health of the People's Republic of China Summary: This standard provides some protection methods, including some security has a role in the overall ICT but not exclusively on the ICT security protection methods. This standard outlines the objectives of these methods, describe their characteristics and re GBZ29830.2-2013: Information technology -- Security technology -- A framework for IT security assurance -- Part 2: Assurance methods---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information technology. Security technology .A framework for IT security assurance. Part 2. Assurance methods ICS 35.040 L80 People's Republic of China national standardization of technical guidance documents Information Technology Security Technology Information Technology Security Framework Part 2. Safeguards assurance-Part 2.Assurancemethods [ISO /IEC TR15443-2.2005, IDT] Posted on.2013-11-12 2014-02-01 Implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 1.1 Intention 1 1.2 Application 1 1.3 restrictions 1 2 Normative references 2 3 Terms, definitions and abbreviations 3 4 Method Overview and Expression 3 5 Secured life cycle phases with pictograms 3 5.1 Safeguards and Symbols 4 5.2 practicality and symbolic representation 4 5.3 Safety related and symbolic representation 4 5.4 Overview Table 4 5.5 Expression Methodology 6 6 safeguard method 6 6.1 ISO /IEC 15408 Information Technology Security Assessment Guidelines 6 6.2 TCSEC Trusted Computer System Evaluation Criteria 7 6.3 ITSEC/ITSEM Information Technology Security Assessment Guidelines and Methodologies 8 6.4 CTCPEC Canadian Trusted Products Assessment Guidelines 9 6.5 KISEC/KISEM Korea Information Security Assessment Guidelines and Methodologies 10 6.6 Evaluation of RAMP Maintenance Phase 11 6.7 ERM Assessment Assessment Maintenance (General) 12 6.8 TTAP Trusted Technologies Evaluation Procedure 13 6.9 TPEP Trusted Product Evaluation Program 13 6.10 Rational Unified Process ® (RUP ®) 14 6.11 ISO /IEC 15288 System Life Cycle Procedure 15 6.12 ISO /IEC 12207 Software Life Cycle Process 16 6.13 V-Model 17 6.14 ISO /IEC 14598 Software Product Evaluation 18 6.15 X/Open Baseline Security Services 19 6.16 SCT Strict Compliance Test 20 6.17 ISO /IEC 21827 System Security Engineering Capability Maturity Model (SSE-CMM®) 21 6.18 TCMM Trusted Capability Maturity Model 22 6.19 CMMI Integrated Capability Maturity Model ® 23 6.20 ISO /IEC 15504 Software Process Evaluation 24 6.21 CMM Capability Maturity Model® (for software) 25 6.22 SE-CMM® System Engineering Capability Maturity Model ® 26 6.23 TSDM Trusted Software Development Methodology 26 6.24 SDoC Provider Declaration of Conformity 27 6.25 SA-CMM® Software Requirements Capability Maturity Model ® 28 6.26 ISO 9000 Series Quality Management 29 6.27 ISO 13407 Human Centered Design (HCD) 6.28 Developer Liangyuan (General) 31 6.29 ISO /IEC 17025 Identification Assurance 31 6.30 ISO /IEC 13335 Information and Communication Technology Security Management (MICTS) 32 6.31 BS7799-2 Information Security Management System Specifications and Instructions 6.32 ISO /IEC 17799 Information Security Management Practices Guide 34 6.33 FR Defect Remedy (General) 35 6.34 IT Baseline Protection Guidelines 35 6.35 Penetration Test 36 6.36 Personnel Certification (not related to safety) 37 6.37 Personnel Certification (Safety Related) 38 References 40 Figure 1 ISO /IEC 14598 evaluation process flow 19 Table 1 Guidance in the framework of protection - the symbol 4 Table 2 Safeguards in the Framework - Overview 5 Table 3 SA-CMM® Key Process Areas 28 Table 4 Identification Process 32 ForewordGB /Z 29830 "Information Technology Security Technology Information Technology Security Framework" is divided into the following three sections. --- Part 1. Overview and framework; --- Part 2. Safeguard methods; --- Part 3. Safeguard method analysis. This section GB /Z 29830 Part 2. This section drafted in accordance with GB/T 1.1-2009 given rules. This section uses the translation method identical with ISO /IEC TR15443-2.2005 "Information Technology Security Technology Information Technology Security Barrier Framework Part 2. Safeguards Approach. " This part of the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This section mainly drafted unit. China Electronics Standardization Institute. The main drafters of this section. Zhang Mingtian, Luo Feng surplus, Wang Yanming, Chen Xing, Yang Jianjun.IntroductionThe purpose of this guidance document is that in order to obtain the confidence that a given deliverable satisfies the information security assurance it has identified, Provide a variety of security methods, and instruct information security professionals how to choose a suitable security method (or a combination of some). This refers to The guidance document examines the safeguards and approaches proposed by different types of organizations, including approved standards and de facto standards. In order to achieve this goal, this guidance document consists of the following seven aspects. a) A framework model for locating existing safeguards and giving the relationship between them; b) a set of safeguards and descriptions and references to them; c) the generality and individuality of the specific safeguards approach; d) qualitative comparison of existing safeguards methods, where quantitative comparison is as possible; e) the identity of the safeguards pattern associated with the current safeguards method; f) a description of the relationship between different safeguards methods; and g) Guidance on the application, combination and perception of safeguards methods. This Guidance Document consists of three parts and deals with the ways of assurance, analysis and mutual relations as follows. Part 1. Overview and framework. Outlines some of the basic concepts, such as security, security framework, etc., and gives the method of security General description. Its purpose is to help understand Part 2 and Part 3 of this standard. Part 1 is for information security managers And other personnel, including those responsible for the development of safety assurance procedures to determine the safety and security of their deliverables, to participate in the safety assessment audit or reference Plus other support activities personnel. Part 2. Safeguards. Describe a variety of IT security assurance methods and approaches proposed and used by different types of organizations, regardless of their They are generally accepted, de facto recognized or standard; and relate these safeguards to the security model in Part 1. weight Points are qualitative features that identify the safeguards method that has an impact on assurance and, where possible, the level of assurance. This material is for IT security Professionals help understand how to be assured during a specific life cycle of a product or service. This part should be used together with GB /Z 29830.1-2013. Part 3. Analysis of safeguard methods. The security features of various security methods are analyzed. This analysis helps the agency in determining each one A way of ensuring the relative value of ways and determining ways to ensure that these approaches provide the best fit for the specific context of the operating environment Barrier results. Moreover, this analysis helps to ensure that the results of the safeguards approach are applied by the organization to achieve the level of assurance envisioned by the deliverable. this part Materials are geared toward IT security professionals who must choose how to approach and safeguard them. GB /Z 29830.3-2013 use the terms and definitions defined in GB /Z 29830.1-2013. This part should be used together with GB /Z 29830.1-2013. This guidance document analyzes some of the safeguards that may not be specific to IT security; however, in the guidance document Guidance given will be limited to IT security needs. Only provide the corresponding guidance in the field of IT security, and do not expect this guide to the general quality Management, assessment or IT compliance is instructive. Information Technology Security Technology Information Technology Security Framework Part 2. Safeguards1 Scope1.1 Intent This part of GB /Z 29830 collected some security methods, which also includes some but not for the overall ICT security role How to protect ICT security. This section outlines the goals of these methods, describes their characteristics, and references and standards. In principle, the ultimate result of ICT security is the guarantee of a functioning product, system or service. Therefore, the ultimate guarantee should be The sum of the safeguards added to each of the safeguards used during the life-stage of a product, system, or service. A large number of available security methods are Provides the necessary guidance to apply in a given area in order to gain a recognized safeguards. This section uses the basic security concepts and terminology in GB /Z 29830.1-2013, in an overview of the methods collected in this section Each set of security methods are classified. By using this classification, this section guides ICT professionals in their choice of safeguards and the possible combinations of safeguards to apply to A given ICT security product, system or service and its specific environment. 1.2 areas of application This section gives guidance on safeguards in a general and overview manner. To get one from the methods collected in this section A small collection of available methods should be selected in such a way as to exclude inappropriate methods. This generalization is descriptive and provides the basis for supporting analytic understanding of the original criteria. This guideline is intended for readers to include. a) Acquirer (a person or organization that acquires or obtains a system, software product or service from a supplier); b) Evaluators (individuals or organizations performing evaluations; for example, evaluators may be a Quality Laboratory at a test lab, a software development organization Door, government organization or user); c) Developer (organization or individual performing development activities including requirements analysis, design, and acceptance during the software life cycle process test); d) maintenance party (organization or individual performing maintenance activities); e) The supplier at the time of confirming the software quality (authorization test) (in the acquirer's contract, the system provided in the contract terms, the software product Or software service to individuals or organizations); f) Users (using software products to perform specific functions for individuals or organizations) when evaluating software quality (acceptance testing); g) Security officers or departments that evaluate software quality (authorized testing) (individuals who perform a system check on software products or software services or department). 1.3 restrictions This section gives guidance in a single overview. In order to better form the protection requirements, GB /Z 29830.3 provides the refinement of this one Choice of guidance so that they can be assessed for comparability and collaboration. The rules and regulations that support the assurance of route validation and support for the implementation of validators are not covered by this section. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GBZ29830.2-2013_English be delivered?Answer: Upon your order, we will start to translate GBZ29830.2-2013_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GBZ29830.2-2013_English with my colleagues?Answer: Yes. The purchased PDF of GBZ29830.2-2013_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
