CIS 3350 Chapter 12
Request for Comment (RFC)
-Created by IETF -Series of documents that range form simple memos to standards documents produced by the IETF
World Wide Web Consortium (W3C)
-Develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth
Standard on Business
-Ensure that products and services are consistent -Standard enable different products from organization to work well together.
National Institute of Standards and Technology (NIST)
-Federal agency within the U.S. department of commerce -Maintains a list of standards and publication for computer security -First federal physical science research laboratory
Internet Engineering Task Force (IETF)
-Focuses on the engineering aspect of internet communication and attempts to avoid policy and business questions
International Organization for Standardization (ISO)
-Goal is to develop and publish international standards -Made ISBN
2 parts of ISO 17799
-ISO 17799 code practice -BS 17799-2 specification for an information security management system
Payment Card Industry Data Security Standard (PCI DSS)
-International set of standards for handling payment card transaction -Helps organizations that process card payment prevent fraud by having increased control over data and its exposure. -Requires a security assessment by a Qualified Security Assessor (QSA) to check compliance
ISO 17799 replaced by 27002
-International standard -Document comprehensive set of controls that represent best practices in information system -Main purpose is to identify security controls needed for information system in todays environment.
Institute of Electrical and Electronics Engineering (IEEE)
-Nonprofit organization that focuses on developing and distributing standards relate to electricity and electronics
ISO/IEC 27002
-Provides organization with best-practice recommendations on information security management -Appeared in 2005 as an update to the ISO 17799 standard
International Electrotechnical Commission (IEC)
-Standard that works with ISO -Is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
Internet Architecture Board (IAB)
-Subcommittee of IETF -Serves as an advisory body to the Internet Society (ISOC)