iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

oSIST prEN ISO/IEC 19896-1:2022

(Main)

IT security techniques - Competence requirements for information security testers and evaluators - Part 1: Introduction, concepts and general requirements (ISO/IEC 19896-1:2018)

IT security techniques - Competence requirements for information security testers and evaluators - Part 1: Introduction, concepts and general requirements (ISO/IEC 19896-1:2018)

This document defines terms and establishes an organized set of concepts and relationships to
understand the competency requirements for information security assurance conformance-testing
and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and
principles central to the ISO/IEC 19896 series across its user communities. It provides fundamental
information to users of the ISO/IEC 19896 series

IT-Sicherheitstechniken - Kompetenzanforderungen an Tester und Evaluatoren von Informationssicherheit - Teil 1: Einführung, Konzepte und allgemeine Anforderungen (ISO/IEC 19896‑1:2018)

Techniques de sécurité IT - Exigences de compétence pour l'information testeurs d'assurance et les évaluateurs - Partie 1: Introduction, concepts et exigences générales (ISO/IEC 19896-1:2018)

Le présent document définit les termes et établit un ensemble structuré de concepts et leurs relations pour comprendre les exigences de compétences des spécialistes des essais de conformité et de l'évaluation pour l'assurance de la sécurité de l'information, établissant ainsi la base d'une compréhension partagée des concepts et des principes centraux de la série ISO/IEC 19896 à travers ses communautés d'utilisateurs. Il fournit des informations fondamentales aux utilisateurs de la série ISO/IEC 19896.

IT varnostne tehnike - Zahteve za usposobljenost za preskuševalce in ocenjevalce informacijske varnosti - 1. del: Uvod, pojmi in splošne zahteve (ISO/IEC 19896-1:2018)

General Information

Status
Not Published
Public Enquiry End Date
13-Nov-2022
ICS
03.100.30 - Management of human resources
35.030 - IT Security
Technical Committee
ITC - Information technology
Current Stage
4020 - Public enquire (PE) (Adopted Project)
Start Date
22-Sep-2022
Due Date
09-Feb-2023
Ref Project
EN ISO/IEC 19896-1:2023 - IT security techniques - Competence requirements for information security testers and evaluators - Part 1: Introduction, concepts and general requirements (ISO/IEC 19896-1:2018)

Buy Standard

oSIST prEN ISO/IEC 19896-1:2022oSIST prEN ISO/IEC 19896-1:2022
PreviousNext
Draft
oSIST prEN ISO/IEC 19896-1:2022
English language
16 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
oSIST prEN ISO/IEC 19896-1:2022
01-november-2022
IT varnostne tehnike - Zahteve za usposobljenost za preskuševalce in ocenjevalce
informacijske varnosti - 1. del: Uvod, pojmi in splošne zahteve (ISO/IEC 19896-
1:2018)

IT security techniques - Competence requirements for information security testers and

evaluators - Part 1: Introduction, concepts and general requirements (ISO/IEC 19896-

1:2018)
IT-Sicherheitstechniken - Kompetenzanforderungen an Tester und Evaluatoren von

Informationssicherheit - Teil 1: Einführung, Konzepte und allgemeine Anforderungen

(ISO/IEC 19896‑1:2018)
Techniques de sécurité IT - Exigences de compétence pour l'information testeurs

d'assurance et les évaluateurs - Partie 1: Introduction, concepts et exigences générales

(ISO/IEC 19896-1:2018)
Ta slovenski standard je istoveten z: prEN ISO/IEC 19896-1
ICS:
03.100.30 Vodenje ljudi Management of human
resources
35.030 Informacijska varnost IT Security
oSIST prEN ISO/IEC 19896-1:2022 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
---------------------- Page: 2 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
INTERNATIONAL ISO/IEC
STANDARD 19896-1
First edition
2018-02
IT security techniques — Competence
requirements for information security
testers and evaluators —
Part 1:
Introduction, concepts and general
requirements
Techniques de sécurité IT — Exigences de compétence pour
l'information testeurs d'assurance et les évaluateurs —
Partie 1: Introduction, concepts et exigences générales
Reference number
ISO/IEC 19896-1:2018(E)
ISO/IEC 2018
---------------------- Page: 3 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
ISO/IEC 19896-1:2018(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2018

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved
---------------------- Page: 4 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
ISO/IEC 19896-1:2018(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Concepts ........................................................................................................................................................................................................................ 2

5 Elements of competence ............................................................................................................................................................................... 3

5.1 Competences ............................................................................................................................................................................................. 3

5.2 Knowledge .................................................................................................................................................................................................. 3

5.3 Skills ................................................................................................................................................................................................................. 4

5.4 Experience .................................................................................................................................................................................................. 4

5.5 Education ..................................................................................................................................................................................................... 5

5.6 Effectiveness ............................................................................................................................................................................................. 5

6 Competency levels ............................................................................................................................................................................................... 5

6.1 General ........................................................................................................................................................................................................... 5

6.2 Level 1 (Associate) ............................................................................................................................................................................... 5

6.3 Level 2 (Professional) ....................................................................................................................................................................... 5

6.4 Level 3 (Manager) ................................................................................................................................................................................ 5

6.5 Level 4 (Principal) ................................................................................................................................................................................ 6

7 Measurement of elements of competence ................................................................................................................................. 6

7.1 Knowledge .................................................................................................................................................................................................. 6

7.2 Skills ................................................................................................................................................................................................................. 6

7.3 Experience .................................................................................................................................................................................................. 6

7.4 Education ..................................................................................................................................................................................................... 6

7.5 Effectiveness ............................................................................................................................................................................................. 7

7.6 Recording elements of competence ...................................................................................................................................... 7

Annex A (informative) Framework for describing competence requirements ........................................................8

Annex B (informative) Example records of experience and competence ...................................................................10

Bibliography .............................................................................................................................................................................................................................11

© ISO/IEC 2018 – All rights reserved iii
---------------------- Page: 5 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
ISO/IEC 19896-1:2018(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work. In the field of information technology, ISO and IEC have established a joint technical committee,

ISO/IEC JTC 1.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: www .iso .org/ iso/ foreword .html.

This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 27, IT Security techniques.
A list of all parts in the ISO/IEC 19896 series can be found on the ISO website.
iv © ISO/IEC 2018 – All rights reserved
---------------------- Page: 6 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
ISO/IEC 19896-1:2018(E)
Introduction

The objective of the ISO/IEC 19896 series is to provide the fundamental concepts related to the topic

of the competence of the individuals responsible for performing IT product security evaluations

and conformance testing. The ISO/IEC 19896 series provides the framework and the specialized

requirements that specify the minimum competence of individuals performing IT product security

evaluations and conformance testing using established standards.
In pursuit of this objective, the ISO/IEC 19896 series comprises the following:

a) The terms and definitions relating to the topic of competence in IT product security evaluators and

testers;

b) The fundamental concepts relating to competence in IT product security evaluations and

conformance testing; and

c) The minimum competence requirements for IT product security evaluators and testers to conduct

IT product testing/evaluation.
The ISO/IEC 19896 series is of interest to:
a) Information security evaluation and conformance-testing specialists;
b) Information security evaluation and conformance-testing approval authorities;
c) Information security evaluation and conformance-testing laboratories;

d) Vendors or technology providers whose IT products can be the subject of information security

assurance evaluations or conformance-testing;
e) Organizations offering professional credentials or recognitions.

The ISO/IEC 19896 series is organized in parts to address the competence of evaluation and testing

professionals as follows.

In this document, the introduction and concepts, provides an overview of the definitions, fundamental

concepts and a general description of the framework used to communicate the competence requirements

for certain specialized areas. This material is aimed at providing the fundamental knowledge necessary

to use the framework presented in the other parts of the ISO/IEC 19896 series appropriately.

ISO/IEC 19896-2 describes the minimum set of competence requirements at each competency level for

conformance testers working with ISO/IEC 19790 and associated standards.

ISO/IEC 19896-3 describes the minimum set of competence requirements at each competency level for

information security evaluators working with ISO/IEC 15408 (all parts) and associated standards.

© ISO/IEC 2018 – All rights reserved v
---------------------- Page: 7 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
---------------------- Page: 8 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
INTERNATIONAL STANDARD ISO/IEC 19896-1:2018(E)
IT security techniques — Competence requirements for
information security testers and evaluators —
Part 1:
Introduction, concepts and general requirements
1 Scope

This document defines terms and establishes an organized set of concepts and relationships to

understand the competency requirements for information security assurance conformance-testing

and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and

principles central to the ISO/IEC 19896 series across its user communities. It provides fundamental

information to users of the ISO/IEC 19896 series.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 17000, Conformity assessment — Vocabulary and general principles

ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 17000, ISO/IEC 17025

and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
competence
ability to apply knowledge and skills to achieve intended results
[SOURCE: ISO/IEC 17024:2012, 3.6]
3.2
conformance-tester
tester

individual assigned to perform test activities in accordance with a given conformance testing standard

and associated testing methodology

Note 1 to entry: An example of such a standard is ISO/IEC 19790 and the testing methodology specified in

ISO/IEC 24759.
3.3
education

process of receiving or giving systematic instruction, especially at a school or university

© ISO/IEC 2018 – All rights reserved 1
---------------------- Page: 9 ----------------------
oSIST prEN ISO/IEC 19896-1:2022
ISO/IEC 19896-1:2018(E)
3.4
effectiveness

ability to apply knowledge and skills in a productive manner, characterized by attributes of behaviour

such as aptitude, initiative, enthusiasm, willingness, communication skills, team participation, and

leadership
3.5
evaluator

individual assigned to perform evaluations in accordance with a given evaluation standard and

associated evaluation methodology

Note 1 to entry: An example of evaluation standards is ISO/IEC 15408 (all parts) with the associated evaluation

methodology given in ISO/IEC 18045.
3.6
experience

involvement at a practical level with projects related to the field of competence

3.7
knowledge

facts, information, truths, principles or understanding acquired through experience or education

Note 1 to entry: An example of knowledge is the ability to describe the various parts of an information assurance

standard.

[SOURCE: ISO/IEC TS 17027:2014, 2.56, modified — Note 1 to entry has been added.]

3.8
laboratory

organization with a management system providing evaluation and or testing work in accordance with a

defined set of policies and procedures and utilizing a defined methodology for testing or evaluating the

security functionality of IT products

Note 1 to entry: These organizations are often given alternative names by various approval authorities. For

example, IT Security Evaluation Facility (ITSEF), Common Criteria Testing Laboratory (CCTL), Commercial

Evaluation Facility (CLEF).
3.9
skill

ability to perform a task or activity with a specific intended outcome acquired through education,

training, experience or other means
Note 1 to entry: An example of
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
oSIST prEN 17740:2021(Main)
Requirements for professional profiles related to personal data processing and protection
prEN 17740

The standard defines the requirements related to the professional activity of subjects active in the processing and protection of
personal data, namely the intellectual profession that is pursued at different levels of complexity and in different organizational
contexts, both public and private.
These requirements are specified, starting from the specific tasks and activities identified, in terms of knowledge, skills and
competence, in accordance with the European Qualifications Framework - EQF and are expressed in such a way as to facilitate and
contribute to harmonize, as far as possible, evaluation and validation processes of learning outcomes.

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO/IEC 19896-2:2022(Main)
IT security techniques - Competence requirements for information security testers and evaluators - Part 2: Knowledge, skills and effectiveness requirements for ISO/IEC 19790 testers (ISO/IEC 19896-2:2018)
EN ISO/IEC 19896-2:2023

This document provides the minimum requirements for the knowledge, skills and effectiveness
requirements of individuals performing testing activities for a conformance scheme using ISO/IEC
19790:2012 and ISO/IEC 24759

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO/IEC 19896-3:2022(Main)
IT security techniques - Competence requirements for information security testers and evaluators - Part 3: Knowledge, skills and effectiveness requirements for ISO/IEC 15408 evaluators (ISO/IEC 19896-3:2018)
EN ISO/IEC 19896-3:2023

This document provides the specialized requirements to demonstrate competence of individuals in
performing IT product security evaluations in accordance with ISO/IEC 15408 (all parts) and ISO/IEC
18045.

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN 17740:2021(Main)
Requirements for professional profiles related to personal data processing and protection
prEN 17740

The standard defines the requirements related to the professional activity of subjects active in the processing and protection of
personal data, namely the intellectual profession that is pursued at different levels of complexity and in different organizational
contexts, both public and private.
These requirements are specified, starting from the specific tasks and activities identified, in terms of knowledge, skills and
competence, in accordance with the European Qualifications Framework - EQF and are expressed in such a way as to facilitate and
contribute to harmonize, as far as possible, evaluation and validation processes of learning outcomes.

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO/IEC 19896-2:2022(Main)
IT security techniques - Competence requirements for information security testers and evaluators - Part 2: Knowledge, skills and effectiveness requirements for ISO/IEC 19790 testers (ISO/IEC 19896-2:2018)
EN ISO/IEC 19896-2:2023

This document provides the minimum requirements for the knowledge, skills and effectiveness
requirements of individuals performing testing activities for a conformance scheme using ISO/IEC
19790:2012 and ISO/IEC 24759

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO/IEC 19896-3:2022(Main)
IT security techniques - Competence requirements for information security testers and evaluators - Part 3: Knowledge, skills and effectiveness requirements for ISO/IEC 15408 evaluators (ISO/IEC 19896-3:2018)
EN ISO/IEC 19896-3:2023

This document provides the specialized requirements to demonstrate competence of individuals in
performing IT product security evaluations in accordance with ISO/IEC 15408 (all parts) and ISO/IEC
18045.

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 11337:2023(Main)
Plastics - Polyamides - Determination of ε-caprolactam and ω-laurolactam by gas chromatography (ISO 11337:2023)
EN ISO 11337:2023

ISO 11337:2010 specifies a method for determining epsilon‑caprolactam and omega‑laurolactam in polyamides by gas chromatography. It is suitable particularly for the determination of epsilon‑caprolactam in polyamide 6 and omega‑laurolactam in polyamide 12. Bearing in mind that gas chromatography offers a wide range of possible conditions, the method specified is that shown to have been suitable in practice.
Two variants of the basic method are specified:
Method A is an extraction method with boiling methanol, and the extract is injected into a gas chromatograph.
Method B is a method using a solvent, and the solution is injected into a gas chromatograph.

  • Standard
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ISO 2834-2:2023(Main)
Graphic technology - Laboratory preparation of test prints - Part 2: Liquid printing inks
ISO 2834-2:2022

This document specifies a test method for preparation of test prints produced with liquid printing inks, either water-based, solvent-based or radiation cured printing inks as used in flexography and gravure printing. Such test prints are intended to be used for reflection-based measurements, such as colorimetry and optical density as well as for testing light fastness, and the resistance of printing inks to mechanical and chemical attack regarding either printing ink and/or substrate. This document is not applicable to inks for ink jet printing.

  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    10 pages
    English language
    sale 15% off
SIST
SIST EN IEC 60318-7:2023(Main)
Electroacoustics - Simulators of human head and ear - Part 7: Head and torso simulator for the measurement of sound sources close to the ear (IEC 60318-7:2022)
EN IEC 60318-7:2022

This part of IEC 60318 describes a head and torso simulator, or manikin, intended for the measurement of sound sources placed close to the ear in the frequency range from 100 Hz to 16 000 Hz.
The manikin described in this part of IEC 60318 is intended for airborne acoustic measurements only. It is not suitable for measurements which depend upon vibration transmission paths such as bone conduction, or for measurements requiring the simulation of bone or tissue.
This document specifies the manikin in terms of both its geometrical dimensions and its acoustical properties. For conformance with this document, a manikin shall be compliant with both sets of specifications.

  • Standard
    36 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 23674:2023(Main)
Cosmetics - Analytical methods - Direct determination of traces of mercury in cosmetics by thermal decomposition and atomic absorption spectrometry (mercury analyser) (ISO 23674:2022)
EN ISO 23674:2022

This International Standard specifies the determination of mercury in cosmetics by integrated mercury analytical systems. The purpose of this standard is :
•   Description of the analytical procedure
•   Validation and characterization of the method by its accuracy profile

  • Standard
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day