Age of high level of information security demand

30130-mir-palec-tehnologii-tehnologia-informacionnye_tehnologii-1920x1080.jpg

Information technology is developing at a frantic pace, just 10 years ago, few people had a mobile phone, and now you can access the Internet from almost every phone (which itself appeared in its usual form less than 20 years ago). In the modern world, not only office computers are connected to the Internet and various networks, but also numerous devices that control street, transport, industrial and other infrastructures. The safety of such facilities is extremely important, but it cannot always be ensured by standard means due to extreme operating conditions. To regulate these processes, international standards are created, which will be discussed below.

Information technology — Security techniques — Methodology for IT security evaluation

SIST EN ISO/IEC 18045:2020

Clear structuring of the establishment of a security system is responsible for the quality of information storage. Therefore, it is necessary to select the right standard for your particular field of activity. EN-ISO/IEC 18045 is a companion document to the “Evaluation criteria for IT security”, ISO/IEC 15408. This International Standard defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408. This International Standard does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance. The safety system is an important aspect and in order for it to be productive, we recommend purchasing an international standard that regulates it. To clarify the details, you can follow the link to our website and get answers to all questions from our team.

Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components

SIST EN ISO/IEC 15408–2:2020

A set of information security criteria allows you to clearly adjust the entire system. All technical characteristics and features of their application are prescribed in international standards to minimize possible risks. EN-ISO/IEC 15408–2 defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalog of functional components that will meet the common security functionality requirements of many IT products. If your company is in contact with the IT sector, we recommend that you study this standard in more detail.

Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components

SIST EN ISO/IEC 15408–3:2020

Information is one of the most valuable resources. Like any other resource, the information requires a security system. To regulate its construction, norms and rules are prescribed in the relevant international standards. EN-ISO/IEC 15408–3 defines the assurance requirements of ISO/IEC 15408. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance for component TOEs, the composed assurance packages (CAPs) that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of PPs and STs. If you have any questions about the compliance of the document with your business, you can familiarize yourself with its detailed characteristics using the link attached above.

135479-sinij_cvet-upravlenie-voda-sinij-elektrik-1920x1080.jpg

Information technology — Security techniques — Information security controls for the energy utility industry

SIST EN ISO/IEC 27019:2020

The number of possible threats to information security is increasing every day. International standards are being updated more frequently to include an increasing number of technical parameters. That is why the use of international recommendations specified in these documents significantly minimizes the possible negative aspects of non-compliance with information security techniques. EN-ISO/IEC 27019 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage, and distribution of electric power, gas, oil, and heat, and for the control of associated supporting processes. This includes in particular the following: — central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices; — digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements; — all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes; — communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology; — Advanced Metering Infrastructure (AMI) components, e.g. smart meters; — measurement devices, e.g. for emission values; — digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms; — energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations; — distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations; — all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System); — any premises housing the above-mentioned equipment and systems; — remote maintenance systems for above-mentioned systems. Since this document has many amendments and clarifications, for complete confidence in the usefulness of the standard, we recommend that you clarify the characteristics in more detail.

Information technology — Security techniques — Security requirements for cryptographic modules

SIST EN ISO/IEC 19790:2020

Various electrical devices are used in the creation of the company’s information security system. Even individual stages of their configuration and operation are regulated by certain documents. EN-ISO/IEC 19790 is a companion document to the “Evaluation criteria for IT security”, ISO/IEC 15408. This International Standard defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408. This International Standard does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance. If your business uses these electrical systems in building a security system, the specified standard is necessary in the company’s regulatory framework.

Information technology — Security techniques — Information security management systems — Overview and vocabulary

SIST EN ISO/IEC 27000:2020

For a clearer understanding of the terminology used in the information technology industry, international standards are being created, which play the role of a kind of dictionary. In order to clearly understand which technical characteristics a particular document describes, an additional clarifying standard must be available. EN ISO/IEC 27000 provides an overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. Since this document applies to any business carrying out activities related to information management, it is the main and one of the main.

Security of information resources is the key to the successful development of the company

The concept of building an information security system should be based on the postulates characteristic of an enterprise security system, that is, each employee must identify himself when entering the system by analogy with an entry in the visit log, assign different degrees of information access (such as information with limited access, or confidential information ) similar to the prohibition of access to certain premises, there should be a prohibition to perform certain actions, and much more. Therefore, the presence of a base of standards describing these processes and the structure of building a security system is a necessary aspect. In order to find the right standard, you can always contact our team of professionals who will help you find the most relevant document for you. Stay with iTeh and be confident that you will take the lead in international business.

References:

https://standards.iteh.ai/catalog/standards/sist/82cc6a62-8567-484e-9a45-d6796051e37c/sist-en-iso-iec-15408-1-2020 https://standards.iteh.ai/catalog/standards/sist/15a8bde9-8779-441a-a2f9-db9582f28fb0/sist-en-iso-iec-18045-2020 https://standards.iteh.ai/catalog/standards/sist/e97c5427-be26-40c1-9ab7-ec12372c3a3f/sist-en-iso-iec-15408-2-2020 https://standards.iteh.ai/catalog/standards/sist/0cef8337-3eb5-4491-8331-28b64ea2b4a2/sist-en-iso-iec-15408-3-2020 https://standards.iteh.ai/catalog/standards/sist/619d09cb-7da7-405a-9b50-2d94beb3d61f/sist-en-iso-iec-27019-2020 https://standards.iteh.ai/catalog/standards/sist/0bd04ea3-f89b-4b1e-8367-603ab1d3989a/sist-en-iso-iec-19790-2020