标准资料网-标准资料免费资源平台

【英文标准名称】:Informationtechnology-Securitytechniques-AframeworkforITsecurityassurance-Part2:Assurancemethods
【原文标准名称】:信息技术.安全技术.IT安全保障框架.第2部分:保障方法
【标准号】:ISO/IECTR15443-2-2005
【标准状态】:作废
【国别】:国际
【发布日期】:2005-09
【实施或试行日期】:
【发布单位】:国际标准化组织(IX-ISO)
【起草单位】:ISO/IECJTC1/SC27
【标准类型】:()
【标准水平】:()
【中文主题词】:规范(验收);安全程序;PC;安全;数据处理;电气工程;电气器具;电气安全;安全工程;电信;信息技术;安全要求;质量保证;危害;数据安全;设备;安全规则;计算机;信息处理;系统;信息安全;寿命;EDP;IT安全;数据保护;办公机器;数据处理设备;办公室设备;合格性
【英文主题词】:Assuranceprogrammes;Computers;Confidentiality;Dataprocessing;Dataprocessingequipment;Dataprotection;Datasecurity;EDP;Electricappliances;Electricalengineering;Electricalsafety;Equipment;Hazards;Informationprocessing;Informationsecurity;Informationtechnology;ITsecurity;Lifecycles;Officeequipment;Officemachines;PC;Qualityassurance;Safety;Safetyengineering;Safetyregulations;Safetyrequirements;Specification(approval);Systems;Telecommunications
【摘要】:1.1PurposeThispartofISO/IECTR15443providesacollectionofassurancemethodsincludingthosenotuniquetoICTsecurityaslongastheycontributetooverallICTsecurity.Itgivesanoverviewastotheiraimanddescribestheirfeatures,referenceandstandardizationaspects.Inprinciple,theresultantICTsecurityassuranceistheassuranceoftheproduct,systemorserviceinoperation.Theresultantassuranceisthereforethesumoftheassuranceincrementsobtainedbyeachoftheassurancemethodsappliedtotheproduct,systemorserviceduringitslifecyclestages.ThelargenumberofavailableassurancemethodsmakesguidancenecessaryastowhichmethodtoapplytoagivenICTfieldtogainrecognizedassurance.EachitemofthecollectionpresentedinthispartofISO/IECTR15443isclassifiedinanoverviewfashionusingthebasicassuranceconceptsandtermsdevelopedinISO/IECTR15443-1.Usingthiscategorization,thispartofISO/IECTR15443guidestheICTprofessionalintheselection,andpossiblecombination,oftheassurancemethod(s)suitableforagivenICTsecurityproduct,system,orserviceanditsspecificenvironment.1.2FieldofApplicationThispartofISO/IECTR15443givesguidanceinasummaryandoverviewfashion.Itissuitabletoobtainfromthepresentedcollectionareducedsetofapplicablemethodstochoosefrom,bywayofexclusionofinappropriatemethods.Thesummariesareinformativetoprovidethebasicstofacilitatetheunderstandingoftheanalysiswithoutrequiringthesourcestandards.IntendedusersofthispartofISO/IECTR15443includethefollowing:1.acquirer(anindividualororganizationthatacquiresorprocuresasystem,softwareproductorsoftwareservicefromasupplier);2.evaluator(anindividualororganizationthatperformsanevaluation;anevaluatormay,forexample,beatestinglaboratory,thequalitydepartmentofasoftwaredevelopmentorganization,agovernmentorganizationorauser);3.developer(anindividualororganizationthatperformsdevelopmentactivities,includingrequirementsanalysis,design,andtestingthroughacceptanceduringthesoftwarelifecycleprocess);4.maintainer(anindividualororganizationthatperformsmaintenanceactivities);5.supplier(anindividualororganizationthatentersintoacontractwiththeacquirerforthesupplyofasystem,softwareproductorsoftwareserviceunderthetermsofthecontract)whenvalidatingsoftwarequalityatqualificationtest;6.user(anindividualororganizationthatusesthesoftwareproducttoperformaspecificfunction)whenevaluatingqualityofsoftwareproductatacceptancetest;7.securityofficerordepartment(anindividualororganizationthatperformasystematicexaminationofthesoftwareproductorsoftwareservices)whenevaluatingsoftwarequalityatqualificationtest.1.3LimitationsThispartofISO/IECTR15443givesguidanceinanoverviewfashiononly.ISO/IECTR15443-3providesguidancetorefinethischoiceforbetterresolutionofassurancerequirementsenablingareviewoftheircomparableandsynergeticproperties.TheregulatoryinfrastructuretosupportverificationofanassuranceapproachandthepersonneltoperformverificationisoutsidethescopeofthispartofISO/IECTR15443.
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:66P;A4
【正文语种】:英语


Product Code:SAE AIR5113
Title:Legal Issues Associated With the Use of Probabilistic Design Methods
Issuing Committee:G-11 Probabilistic Methods Committee
Scope:This SAE Aerospace Information Report (AIR) addresses legal issues concerning use of non-deterministic methods in the design and/or analysis of systems. The investigation includes an assessment of legal precedent for use of these methods both in the aerospace industry and in other non-aerospace engineering contexts. The investigation is primarily, but not exclusively, focused on United States of America Federal and State Law.This document is not intended to be used in any way as a 驴legal justification驴 for the use of Probabilistic Methods - it is simply a compilation of experience and past precedent. Many engineers note that the use of Probabilistic Methods for failure risk assessment implies an acceptance that any design will have a finite, albeit small, risk of loss of function, and express concern that this could be seized upon in a Court of Law to indicate that the design was 驴unsafe驴. This report helps to allay some of these fears by presenting the logic used in past legal determinations to assess liability following loss of function of artifacts designed using both deterministic and probabilistic engineering methods. Some recommendations are also provided in the report of 驴good practice驴 to be followed when using non-deterministic design methods - most of which are equally applicable to deterministic design methods.