Security SIG in MTS 27th January 2016 Progress Report

Slides:

Advertisements

Similar presentations

Software Quality Assurance Plan

Advertisements

SEBGIS 2005, Agia Napa, Cyprus, October 31 - November 4, 2005 MECOSIG Adapted to the Design of Distributed GIS F. Pasquasy, F. Laplanche, J-C. Sainte &

TITLE OF PROJECT PROPOSAL NUMBER Principal Investigator PI’s Organization ESTCP Selection Meeting DATE.

ISO Current status of development

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

ISO/IEC Software Testing

How an idea becomes an IEC standard Gary Johnson Chairman IEC SC45A

Software as a Medical Device (SaMD) Application of Quality Management System IMDRF/WG/N23 Proposed Document (PD1)R3.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

ISA99 - Industrial Automation and Controls Systems Security

Representing nursing in SNOMED CT Proposal for TR or Guideline.

Work Item “Patterns in Test Development (PTD)” Re-start Meeting 17 March, Berlin Helmut Neukirchen Institute for.

ERM/MTS STF proposal on formal Phy measurement framework Friedbert Berens Vice Chair ERM TGUWB Presentation to ERM, July 2010.

Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.

SECURITY SIG IN MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011 Berlin, 15 December 2011 update.

SECURITY SIG IN MTS 02 ND OCTOBER 2013 PROGRESS REPORT Fraunhofer FOKUS.

World Class Standards 44TD21 The ETSI Standards Engineering Process STF308 DTR/MTS Steve Randall STF308 © ETSI All rights reserved MTS#44 March.

Jeju, 13 – 16 May 2013Standards for Shared ICT ETSI Conformance and Interoperability Testing Jørgen Friis ETSI Chief Services Officer (CSO) Document No:

ISO/IEC Software Testing The New International Software Testing Standard By Tafline Murnane and Stuart Reid ISO/IEC JTC1/SC7 WG26 Software Testing.

“Supply Chain Management Handbook” Supplier Selection and Capability Assessment Model IAQG Leader: Christian Buck – Safran Updated: June 2008.

ISO/IEC Software Testing

Jürgen Großmann, Fraunhofer FOKUS

Security SIG#6‘ in MTS 26th November 2012 Agenda & report

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011.

ISO/IEC Software Testing

Prepared by Rand E Winters, Jr. ASR Senior Auditor October 2014

Implementation Strategy July 2002

Updates from SC18 Summer Meeting

Exit Capacity User Commitment – Transmission Workstream update

Transmission Planning Code

Berlin, 15 December 2011 update

Outcome TFCS-11// February Washington DC

ETSI Conformance and Interoperability Testing

Vertical Applications TAG

IFTA AUDIT SUB COMMITTEE

Security in MTS 14th May2013 SIG Report

Sophia Antipolis, 25 January 2012

Software Measurement Process ISO/IEC

Step by step: completing PMP at Year-End

Security in MTS 19th September 2012 SIG Report

ETSI STF333: European accessibility requirements for public procurement of products and services in the ICT domain (Phase 1, EC Standardisation Mandate.

Management of product authorization for in situ cases (IGS)

Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011.

Berlin, 15 December 2011 update

Berlin, 15 December 2011 update

Security SIG#4 in MTS 10th August 2012

Security SIG#4 in MTS 10th August 2012 Report

Security SIG#5 in MTS 19th September 2012 Agenda

IEEE RR-TAG Annual Subgroup Review

Critical Infrastructure Protection Committee

Security SIG#7 in MTS 18th January 2013 draft Agenda

Strategic Planning Timeline Overview

ISO Current status of development

GSC: Standardization Advancing Global Communications

Portfolio, Programme and Project

July doc.: IEEE /0997r0 July Response to Comments received on the proposed a PAR and 5C Date: Authors: Gerald.

Security SIG#6 in MTS 19th November 2012 draft Agenda

ETSI STF333: European accessibility requirements for public procurement of products and services in the ICT domain (Phase 1, EC Standardisation Mandate.

The ETSI Standardisation Process

Overview Headlines General progress report High level plan

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

GSC: Standardization Advancing Global Communications

Review of the Community Council Scheme of Establishment

Name of Speaker, Title and Organization

DRAFT ISO 10007:2017 Revision Overview Quality management – Guidelines for configuration management ISO/TC176 TG 01.

Security in MTS 19th September 2012 SIG Report

“Methodology for RESTful APIs specifications and testing”

Introduction of TC MTS - Methods for Testing and Specification

“Methodology for RESTful APIs specifications and testing”

Presentation transcript:

Security SIG in MTS 27th January 2016 Progress Report Fraunhofer FOKUS

MTS SECURITY SIG Work Items Case Studies: To assemble case study experiences related to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication Terminology: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. TR 101 583 Terminology EG 203 250 Security Assurance Lifecycle TR 101 582 Case Studies EG 203 251 Risk-based Security Testing Published Security Assurance Life Cycle: Guidance to the application system designers in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the system's security measures. Risk-based Security Testing: Describes a set of methodologies that combine risk assessment and testing. The methodologies are based on standards like ISO 31000 and IEEE 829/29119 Published Draft Published TC MTS – Security SIG – Update 2016-01-27

EG 203 250: Security Assurance Lifecycle Document Reference DEG 203 250 Document Title Methods for Testing and Specification (MTS); Security Assurance Activities in the System Lifecycle Document Purpose The present document gives guidance to the product and/or system development and deployment communities as to activities required to achieve appropriate security assurance. It provides an high level guidance as to how security assurance fits into a system lifecycle in such a way as to maximise the overall product and/or system’s security. Document Status Draft v0.0.14 (2015-12) TC MTS – Security SIG – Update 2016-01-27

EG 203 250: Security Assurance Lifecycle -- Progress Document Progress Design section of Life Cycle drafted TVRA parts reduced Aligned with TR 101583 Restructuring of document after review Introduced “Demonstration of Fulfillment” for each Sections 6-9 Alignment of diagrams Processing of comments from Jürgen/Milan Next steps/open issues Amplifying guidance in Security Activities section for each of the workstreams Introducing the SFDs for each of the workstreams Final shouldification and simplification of language TB approval planned for May 2016 TC MTS – Security SIG – Update 2016-01-27

Group status/members Ari has left Codenmicon and has canceled his activities in ETSI MTS Security SIG (he might come back in future) Current active Security SIG members: Jürgen and Ian Either stop/suspend Security SIG (after publication of EG 203250) or find a way to attract people to join TC MTS – Security SIG – Update 2016-01-27

Outlook Future topics/issues/cooperation: Automated security testing: See proposal Study Period Report – Automation of Security Testing (Doc#21) Document timeline: TR 101 582 (Case Studies) has been approved in May 2014 TR 101 583 Terminology has been approved in January 2015 DEG 203 251 (Security Risk Assessment and Testing) has been approved in October 2015 DEG 203 250 (Security Assurance Lifecycle) to be approved in May 2016 TC MTS – Security SIG – Update 2016-01-27