Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

Published byKristina McBride Modified over 9 years ago

Similar presentations

Presentation on theme: "SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS."— Presentation transcript:

1 SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS

2 MTS SECURITY SIG Work Items TR 101 583 Terminology EG 203 250 Security Assurance Lifecycle TR 101 582 Case Studies EG 203 251 Risk-based Security Testing Case Studies: To assemble case study experiences related to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication Security Assurance Life Cycle: Guidance to the application system designers in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the system's security measures. Terminology: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. Risk-based Security Testing: Describes a set of methodologies that combine risk assessment and testing. The methodologies are based on standards like ISO 31000 and IEEE 829/29119 TC MTS – Security SIG – Update 2014-05-27 Published Final draft Draft

3 TR 101 583: SECURITY TESTING TERMINOLOGY Security SIG in MTS, 14th January 2014 Document Reference TR 101 583 Document Title Methods for Testing and Specification (MTS); Security testing terminology Document Purpose To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. Document Status Final Draft v0.0.8 (2015-01)

4 TR 101 583: SECURITY TESTING TERMINOLOGY -- PROGRESS Security SIG in MTS, 14th January 2014 Document Progress 1. New section on risk-based security testing 2. New life-cycle figure 3. Discussing conflicting terms (solved) Asset, Model-based security testing, Risk-based testing, Security Requirement, Security test case, Susceptibility, Threat, Unwanted Incident, Vulnerability, Vulnerability Test,Weakness Found consensus on definitions 4. Application for remote consensus

5 EG 203 250: Security Assurance Lifecycle Document Reference DEG 203 250 Document Title Methods for Testing and Specification (MTS); Security Assurance Lifecycle Document Purpose Guide to the application of security capabilities in systems in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the system's security measures. Security Assurance Lifecycle Document Status Draft v0.0.8 (2015-01) Security SIG in MTS, 4-5 October 2011 5

6 EG 203 251: Security Assurance Lifecycle -- Progress Document Progress 1. Work Plan produced and updated 2. Initial draft structure agreed, 3. Design section of Life Cycle drafted 4. TVRA parts reduced 5. Aligned with TR 101583 Open Issues Integration of information from other WI required (ongoing) TB approval October 1 st, 2015 Review Cycle: Review feedback until end of February, next version end of this week Security SIG in MTS, 4-5 October 2011 6

7 EG 203 251: Risk-based Security Testing Document Reference DEG 203 251 Document Title Methods for Testing and Specification (MTS); Risk-based security testing methodologies Proposal for new title: Risk-based security assessment and testing methodologies Document Purpose Describes a set of methodologies that combine risk assessment and testing. The methodologies are based on standards like ISO 31000 and IEEE 829/29119. Document Status Draft v0.0.7 (2015-01) Security SIG in MTS, 4-5 October 2011 7

8 Discussion and Comments Issues from last MTS Terminology and processes are described differently in the Terminology Report and the Risk-based Security Testing document. Added life cycle figure (new Figure in TR 101 583, extended version in EG 203 251) Contributed with Risk-based testing part to TR 101 583 Alignment of terms in both of the documents Next steps/open issues Renaming to Risk-based security assessment and testing methodologies Simple risk and testing metrics TB approval planned for October 1 st, 2015 Security SIG in MTS, 4-5 October 2011 8

9 ETSI MTS - ISO/IEC JTC1 SC27 ETSI ISO/MTS liaisons to ISO/IEC JTC1 SC7 WG26, in particular with the ISO/IEC/IEEE 29119 series (Software and systems engineering -- Software testing). ETSI ISO/MTS liaisons to ISO/IEC JTC1 SC27 WG4/WG3 As per Resolution 11 (contained in SC 27 N14236) of the 16th ISO/IEC JTC 1/SC 27/WG 4 meeting held in Hong Kong, China, 7th – 11th April 2014 this document has been sent to ETSI MTS. This document is circulated within SC 27 for information. ISO/IEC 27034 series - Information technology -- Security techniques -- Application Answer for WG3/ WG4 prepared and available at meeting folder Security SIG in MTS, 14th January 2014 9

10 Outlook Security SIG in MTS, 4-5 October 2011 10 Document timeline: - TR 101 582 (Case Studies) has been approved in May 2014 - TR 101 583 Terminology to be approved in January 2015 - DEG 203 250 (Security Assurance Lifecycle) to be approved in October 2015 - DEG 203 251 (Risk-based Security Testing) to be approved in October 2015 Future topics/issues/cooperation: - Requirements metrics and acceptance criteria for Fuzzing (WI proposal planned for next MTS meeting in May 2015)

Download ppt "SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS."

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
1 Accredited Standards Committee C63 ® - EMC Subcommittee 8 Bob DeLisi / Stephen Berger Chair / Vice-Chair 2014-11-11.

1 Accredited Standards Committee C63 ® - EMC Subcommittee 8 Bob DeLisi / Stephen Berger Chair / Vice-Chair
International Standards for Software & Systems Documentation Ralph E. Robinson R 2 Innovations.

International Standards for Software & Systems Documentation Ralph E. Robinson R 2 Innovations.
ISO Current status of development

ISO Current status of development
ISO/IEC Software Testing

ISO/IEC Software Testing
Software testing standards ISO/IEC and 33063

Software testing standards ISO/IEC and 33063
Doc.: IEEE 802.11-12/1454r7 Submission March 2013 IEEE 802 JTC1 Standing Committee Proposal for SC6 contribution process 20 March 2013 Haasz et al, IEEESlide.

Doc.: IEEE /1454r7 Submission March 2013 IEEE 802 JTC1 Standing Committee Proposal for SC6 contribution process 20 March 2013 Haasz et al, IEEESlide.
Software as a Medical Device (SaMD) Application of Quality Management System IMDRF/WG/N23 Proposed Document (PD1)R3.

Software as a Medical Device (SaMD) Application of Quality Management System IMDRF/WG/N23 Proposed Document (PD1)R3.
January 2008 T. M. Kurihara, Chair, IEEE P1609Slide 1 doc: IEEE 802.11-08-0161-00-000p Submission IEEE DSRC Application Services (P1609) Status Report.

January 2008 T. M. Kurihara, Chair, IEEE P1609Slide 1 doc: IEEE p Submission IEEE DSRC Application Services (P1609) Status Report.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Introduction to the ISO 27000 series ISO 27000 – principles and vocabulary (in development) ISO 27001 – ISMS requirements (BS7799 – Part 2) ISO 27002 –

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
ISO/TC 211 WG 5 Profiles and Functional Standards Presentation to 7th Plenary of ISO TC 211, Beijing, China, 24 September 19981/18 Presentation to ISO/TC.

ISO/TC 211 WG 5 Profiles and Functional Standards Presentation to 7th Plenary of ISO TC 211, Beijing, China, 24 September 19981/18 Presentation to ISO/TC.
Page 1 ISO/IEC JTC 1/SC 7/WG 7 N1025 2007-05-24 Summary of the Alignment of System and Software Life Cycle Process Standards The material in this briefing.

Page 1 ISO/IEC JTC 1/SC 7/WG 7 N Summary of the Alignment of System and Software Life Cycle Process Standards The material in this briefing.
SQI © T.P. Rout and Griffith University, 1996 A Unified Reference Model for the Processes of Software and System Life Cycles Terry Rout Software Quality.

SQI © T.P. Rout and Griffith University, 1996 A Unified Reference Model for the Processes of Software and System Life Cycles Terry Rout Software Quality.
ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.

ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.
IEEE CS SAB, 15-16 May 2007 For Computer Society Internal Use Only 1 4.9 Liaison Report - IEEE-CS Professional Practices Committee John Harauz Prepared.

IEEE CS SAB, May 2007 For Computer Society Internal Use Only Liaison Report - IEEE-CS Professional Practices Committee John Harauz Prepared.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
Terminology and Use Cases Status Report David Harrington IETF 88 – Nov 4 2013 Security Automation and Continuous Monitoring WG.

Terminology and Use Cases Status Report David Harrington IETF 88 – Nov Security Automation and Continuous Monitoring WG.
Joint Meeting Report on Standards 8 July 2006. 2 Recent Accomplishments Systems Modeling Language (SysML) specification accepted for adoption by OMG AP233.

Joint Meeting Report on Standards 8 July Recent Accomplishments Systems Modeling Language (SysML) specification accepted for adoption by OMG AP233.
TIA TECHNICAL COMMITTEE UPED-20030617-005 Title: UPED Update of Activities within TR-42, User-Premises Telecommunications Infrastructure NameBob Jensen.

TIA TECHNICAL COMMITTEE UPED Title: UPED Update of Activities within TR-42, User-Premises Telecommunications Infrastructure NameBob Jensen.

Similar presentations

Ads by Google