|
US$1014.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GBZ29830.3-2013: Information technology -- Security technology -- A framework for IT security assurance -- Part 3: Analysis of assurance methods
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/Z 29830.3-2013 | English | 1014 |
Add to Cart
|
6 days [Need to translate]
|
Information technology -- Security technology -- A framework for IT security assurance -- Part 3: Analysis of assurance methods
| Valid |
GB/Z 29830.3-2013
|
PDF similar to GBZ29830.3-2013
Basic data | Standard ID | GB/Z 29830.3-2013 (GB/Z29830.3-2013) | | Description (Translated English) | Information technology -- Security technology -- A framework for IT security assurance -- Part 3: Analysis of assurance methods | | Sector / Industry | National Standard | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 51,516 | | Adopted Standard | ISO/IEC TR 15443-3-2007, IDT | | Regulation (derived from) | National Standards Bulletin No. 22 of 2013 | | Issuing agency(ies) | Ministry of Health of the People's Republic of China | | Summary | This standard applies to the development of ICT products and ICT systems with security requirements, implementation, and operation. Security requirements may be complex, a variety of security methods, resources, and culture, and between organizations are | GBZ29830.3-2013: Information technology -- Security technology -- A framework for IT security assurance -- Part 3: Analysis of assurance methods
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information technology. Security technology .A framework for IT security assurance. Part 3. Analysis of assurance methods
ICS 35.040
L80
People's Republic of China national standardization of technical guidance documents
Information Technology Security Technology
Information Technology Security Framework
Part 3. Analysis of safeguard methods
assurance-Part 3.Analysisofassurancemethods
(ISO /IEC TR15443-3.2007, IDT)
Posted on.2013-11-12
2014-02-01 Implementation
General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
China National Standardization Administration released
Directory
Foreword Ⅲ
Introduction IV
1 Scope 1
1.1 Intention 1
1.2 Application 1
1.3 Application 1
1.4 restrictions 1
2 Terms and definitions 1
3 Abbreviations 3
4 Understanding of Safeguards 4
4.1 Security objectives set 4
4.2 Application of the safeguard method 6
4.3 Evaluation of safeguard results 10
4.4 Example 11
5 Guarantee Comparison, Selection and Combination 11
5.1 Selection of safeguards 11
5.2 Combination of safeguard methods 13
5.3 Comparison of safeguard methods 13
5.4 concerned about the security features 14
6 Guidance 18
6.1 Development Assurance (DA) 19
6.2 Integration Assurance (IA) 20
6.3 Operation Support (OA) 23
Appendix A (informative) list comparison 26
Appendix B (informative) security features of the selected method
Appendix C (informative) Combination of safeguards 43
References 45
Figure 1 to protect the supply 5
Figure 2 life cycle process management 9
Figure 3 available methods 13
Figure 4 matrix comparison principle 14
Figure 5 guarantees attention
Figure 6 System Testing and Evaluation 22
Figure B.1 Test Requirements Evolution 31
Table 1 Type of protection provided 5
Table 2 Safeguarding the Use of Supplies 6
Table 3 Strictness of protection 7
Table 4 coverage of the scope of application 7
Table 5 life cycle guarantee model 8
Table 6 Safeguards Approach 10
Table 7 Key aspects of comparison 15
Table 8 Security Domains 24
Table 9 Safety Management Features 24
Table 10 Maturity of the whole OA 25
Table A.1 Method and Target Users 26
Table A.2 Basic Authentication Modes
Table A.3 Available Security Measures 27
Foreword
GB /Z 29830 "Information Technology Security Technology Information Technology Security Framework" is divided into the following three sections.
--- Part 1. Overview and framework;
--- Part 2. Safeguard methods;
--- Part 3. Safeguard method analysis.
This section GB /Z 29830 Part 3.
This section drafted in accordance with GB/T 1.1-2009 given rules.
This section uses the translation method identical with ISO /IEC TR15443-3.2007 "Information Technology Security Technology Information Technology Security
Barrier Framework Part 3. Safeguard Method Analysis. "
This section made the following editorial changes.
--- International Standards in Appendix D, Appendix E is an informative annex, to be deleted when the transcript.
This part of the National Information Security Standardization Technical Committee (SAC/TC260) and focal point.
This part of the main drafting unit. China Electronics Standardization Institute, Beijing University of Chemical Technology.
The main drafters of this section. Wang Jing, Zhang Mingtian, Luo Feng surplus, Wang Yanming, Chen Xing, Yang Jianjun.
Introduction
The purpose of this guidance document is that in order to obtain the confidence that a given deliverable satisfies the information security assurance it has identified,
Provide a variety of security methods, and instruct information security professionals how to choose a suitable security method (or a combination of some). This refers to
The guidance document examines the safeguards and approaches proposed by different types of organizations, including approved standards and de facto standards.
In order to achieve this goal, this guidance document consists of the following seven aspects.
a) A framework model for locating existing safeguards and giving the relationship between them;
b) a set of safeguards and descriptions and references to them;
c) the generality and individuality of the specific safeguards approach;
d) qualitative comparison of existing safeguards methods, where quantitative comparison is as possible;
e) the identity of the safeguards pattern associated with the current safeguards method;
f) a description of the relationship between different safeguards methods; and
g) Guidance on the application, combination and perception of safeguards methods.
This Guidance Document consists of three parts and deals with the ways of assurance, analysis and mutual relations as follows.
Part 1. Overview and framework. Some basic concepts are outlined, such as safeguards, safeguards frameworks and more. And gives the method of security
General description. Its purpose is to help understand Part 2 and Part 3 of this guidance document. Part 1 is for information
Safety managers and others, including those responsible for developing safety assurance procedures, determining the safety and security of their deliverables, participating in safety
Assess people who audit or participate in other safeguards activities.
Part 2. Safeguards. Describe a variety of IT security assurance methods and approaches proposed and used by different types of organizations, regardless of their
They are generally accepted, de facto recognized or standard; and relate these safeguards to the security model in Part 1. weight
Points are qualitative features that identify the safeguards method that has an impact on assurance and, where possible, the level of assurance. This material is for IT security
Professionals help understand how to be assured during a specific life cycle of a product or service.
GB /Z 29830.2-2013 use the terms and definitions defined in GB /Z 29830.1-2013.
This part should be used together with GB /Z 29830.1-2013.
Part 3. Analysis of safeguard methods. The security features of various security methods are analyzed. This analysis helps the agency in determining each one
A way of ensuring the relative value of ways and determining ways to ensure that these approaches provide the best fit for the specific context of the operating environment
Barrier results. Moreover, this analysis helps to ensure that the results of the safeguards approach are applied by the organization to achieve the level of assurance envisioned by the deliverable. this part
Materials are geared toward IT security professionals who must choose how to approach and safeguard them.
This part should be used together with GB /Z 29830.1-2013.
This guidance document analyzes some of the safeguards that may not be specific to IT security; however, in the guidance document
Guidance given will be limited to IT security needs. Only provide the corresponding guidance in the field of IT security, and do not expect this guide to the general quality
Management, assessment or IT compliance is instructive.
Information Technology Security Technology
Information Technology Security Framework
Part 3. Analysis of safeguard methods
1 Scope
1.1 Intent
GB /Z 29830 in this section is intended to provide the means for the protection agencies to choose the appropriate type of ICT (information and communication technology)
Guide and provide a framework for the analysis of specific safeguards methods for a given environment.
1.2 application
This section enables users to compare specific assurance needs and/or typical safeguards with the general performance provided by some of the available safeguards approaches
Features match.
1.3 areas of application
The guidance in this section applies to the development, implementation and operation of ICT products and ICT systems that have security needs.
1.4 restrictions
Security needs can be complex, security approaches varied, and the resources and culture of the organization vary widely. because
In this regard, the recommendations given in this section are qualitative and general and may require the user to analyze which of the methods in Part 2 are best suited to self
Specific deliverables and organizational security needs.
2 Terms and definitions
ISO /IEC TR15443-1 and ISO /IEC TR15443-2 define the following terms and definitions apply to this document.
2.1
Asset asset
Anything that is valuable to the organization.
2.2
Assessment
Systematically check the extent to which an entity is capable of meeting its stated requirements; evaluations are evalua- tions when dealing with a deliverable
synonymous.
[ISO /IEC 14598-1]
2.3
Assessmentmethod
To determine whether a deliverable is acceptable or to be released, apply a specific documented evaluation criterion to the actions of a deliverable.
2.4
Assurance agency assuranceauthority
The persons and organizations entrusted with making decisions (ie selection, specification, acceptance, enhancement) on the security of a deliverable, which of these decisions
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GBZ29830.3-2013_English be delivered?Answer: Upon your order, we will start to translate GBZ29830.3-2013_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GBZ29830.3-2013_English with my colleagues?Answer: Yes. The purchased PDF of GBZ29830.3-2013_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|