Cybersecurity Ch 12 Set

Ace your homework & exams now with Quizwiz!

World Wide Web Consortium (W3C)

is the main international standards organization for the World Wide Web​ Develops protocols and guidelines that unify the Web and ensure its long-term growth​ Standards developed or endorsed include:​ Cascading Style Sheets (CSS)​ HyperText Markup Language (HTML)​ Simple Object Access Protocol (SOAP)​ Extensible Markup Language (XML)​

RFCs that define formal standards have four stages:

• Proposed Standard (PS): The initial official stage of a standard.​ • Draft Standard (DS): The second stage of a standard, after participants have demonstrated that the standard has been deployed in working environments. ​ • Standard (STD): The final stage of a standard, after it has been shown to be widely adopted and deployed. ​ • Best Current Practice (BCP): The alternative method used to document operational specifications that are not formal standards.

Common IEEE 802 Standard Working Groups

802.1​ Higher Layer LAN Protocols​ 802.3​ Ethernet​ 802.11​ Wireless LAN (802.11a, 802.11b, 802.11g, 802.11n, 802.11ad, etc.)​ 802.15​ Wireless Personal Area Network (WPAN)​ 802.16​ Broadband Wireless Access (WiMAX)​ 802.18​ Radio Regulatory TAG​ 802.19​ Wireless Coexistence​ 802.20​ Mobile Broadband Wireless Access​

Requests for Comments (RFC)

A document that ranges from a simple memo to several standards documents​ RFC model allows input from many sources; encourages collaboration and peer review​ Only some RFCs specify standards​ RFCs never change​ RFCs may originate with other organizations​ RFCs that define formal standards have four stages: Proposed Standard (PS), Draft Standard (DS), Standard (STD), and Best Current Practice (BCP)​

ISO 17799 (Withdrawn)

A former international security standard that has been withdrawn​ Is a comprehensive set of controls that represent best practices in information systems​ The ISO 17799 code of practice​ The BS 17799-2 specification for an information security management system ​ Identifies security controls needed for information systems in business environments​ Enables potential customers to evaluate organizations on their efforts toward securing data​ Security Policy​ Security Organization​ Asset Classification and Control ​ Personnel Security​ Physical and Environmental Security​ Communications and Operations Management​ Access Control​ System Development and Maintenance​ Business Continuity Management​ Compliance​

Internet Engineering Task Force (IETF)

Develops and promotes Internet standards​ Focuses on the engineering aspects of Internet communication​ Works closely with the W3C and ISO/IEC​ Is a collection of working groups (WGs), with each group addressing a specific topic

ESTI Cyber Security Technial Committe (TC Cyber)

Develops standards for information and communications technologies (ICT) that are commonly adopted by member countries in the European Union (EU)​ Standards cover both wired and various wireless communication technologies​ Cybersecurity Technical Committee, called TC CYBER, centralizes all cybersecurity standards within ETSI committees​ Standards focus on security issues related to the Internet and the business communications it transports ​

National Institute of Standards and Technology (NIST)

Federal agency within the U.S. Department of Commerce​ Mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life"​ Provides standards for measurement and technology on which nearly all computing devices rely​ Maintains the atomic clock that keeps the United States' official time​ Maintains a list of standards and publications of general interest to the computer security community​

International Telecommunication Union Telecommunication Sector (ITU-T)

Is a United Nations agency responsible for managing and promoting information and technology issues​ Performs all ITU standards work and is responsible for ensuring the efficient and effective production of standards covering all fields of telecommunications for all nations​ Divides its recommendations into 26 separate series, each bearing a unique letter of the alphabet​

Internet Architecture Board (IAB)

Is a subcommittee of the IETF​ Serves as an advisory body to the Internet Society (ISOC)​ Is composed of independent researchers and professionals who have a technical interest in the well-being of the Internet​ Provides oversight for the following:​ Architecture for Internet protocols and procedures​ Processes used to create standards​ Editorial and publication procedures for RFCs​ Confirmation of IETF chair and technical area directors​

Insitute of Electrial and Electronics Engineers (IEEE)

Is an international nonprofit organization that focuses on developing and distributing standards that relate to electricity and electronics​ Has the largest number of members of any technical professional organization in the world​ Supports 39 societies that focus activities on specific technical areas, including magnetics, photonics, and computers​ Provides training and educational opportunities covering a wide number of engineering topics​ Standards are managed by the IEEE Standards Association (IEEE-SA) ​​

Payment Card Industry Data Security Standard (PCI DSS)

Is an international standard for handling transactions involving payment cards​ Payment Card Industry Security Standards Council (PCI SSC) developed, publishes, and maintains the standard​ Formed by some of the largest payment card vendors who created PCI DSS to protect payment card users from fraud and to preempt legislative requirements on the industry​ Requires layers of controls to protect all payment card-related information as it is processed, transmitted, and stored​ Applies to all organizations that participate in any of the processes surrounding payment card processing ​​

Standards Organizations

National Institute of Standards and Technology (NIST)​ International Organization for Standardization (ISO)​ International Electrotechnical Commission (IEC)​ World Wide Web Consortium (W3C)​ Internet Engineering Task Force (IETF)​ Institute of Electrical and Electronics Engineers (IEEE)​ International Telecommunication Union Telecommunication Sector (ITU-T)​ American National Standards Institute (ANSI)​ ETSI Cyber Security Technical Committee (TC CYBER)​

Information Security Standards

Necessary to create and maintain a competitive market for hardware and software vendors ​ Guarantee compatibility between products from different countries​ Provide guidelines to ensure that products in today's computing environments work together

Internation Organization for StandardizationI

Nongovernmental international organization​ Its goal is to develop and publish international standards for nearly all industries​ Is a network of 161 national standards institutes​ Serves as a bridge between the public and private sectors​ Best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model

New standard has 12 major sections

Risk Assessment: Formal methods of identifying and classifying risks.​ • Security Policy: A statement of management direction.​ Organization of Information Security: Governance of information security or how information security should be enforced.​ ​ Asset Management: Procedures to acquire, classify, and manage information assets.​ ​ Human Resources Security: Security guidelines for personnel joining, leaving, or moving within an organization.​ ​ Physical and Environmental Security: Protection of computer facilities. ​ ​ Communications and Operations Management: Managing technical security controls in systems and networks.​ ​ Access Control: Controls that limit access rights to network resources, applications, functions, and data.​ ​ Information Systems Acquisition Development and Maintenance: Guidelines for designing and incorporating security into applications.​ ​ Information Security Incident Management: Anticipating and responding appropriately to information security breaches.​ ​ Business Continuity Management: Protecting, maintaining, and recovering business-critical processes and systems.​ ​ Compliance: Ensuring conformance with information security policies, standards, laws, and regulations.​

The ISO divides the standard into 10 major sections:​

Security Policy: A statement of management direction.​ ​ Security Organization: Governance of information security, or how information security should be enforced.​ ​ Asset Classification and Control: Procedures to classify and manage information assets.​ ​ Personnel Security: Guidance for security controls that protect and limit personnel.​ ​ Physical and Environmental Security: Protection of computer facilities.​ ​ Communications and Operations Management: Managing technical security controls in systems and networks.​ ​ Access Control: Controls that limit access rights to network resources, applications, functions, and data.​ ​ System Development and Maintenance: Guidelines for designing and incorporating security into applications.​ ​ Business Continuity Management: Protecting, maintaining, and recovering business-critical processes and systems.​ ​ Compliance: Ensuring conformance with information security policies, standards, laws, and regulations.

American National Standards Institute (ANSI)

Strives to ensure the safety and health of consumers and the protection of the environment​ Oversees the creation, publication, and management of many standards and guidelines that directly affect businesses in nearly every sector​ Is composed of government agencies, organizations, educational institutions, and individuals​ Produces standards that affect nearly all aspects of IT but primarily software development and computer system operation

ISO/IEC 27002

Supersedes ISO 17799​ Directs its recommendations to management and security personnel responsible for information security management systems​ Expands on its predecessor by adding two new sections and reorganizing several others​

International Electrotechnical Commision (IEC)

Works with the ISO​ Is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes​ Standards address a wide variety of areas​ Power generation​ Semiconductors​ Telecommunications​ Physical computer and networking hardware

ITU-T Information Security Recommendations

X.800 - X.849: Security​ Recommendations in this series address security issues as they relate to different networking layers​ X.1000 - X.1099: Information and network security​ General network security​ X.1100 - X.1199: Secure applications and services​ Ensuring that applications and services are developed and deployed in a secure manner​ X.1200 - X.1299: Cyberspace security​ Overall cybersecurity, identity management, and countering spam​ X.1300 - X.1399: Secure applications and services​ Different from X.1100 - X.1199, this series focuses on emergency communications and sensor network security​ X.1500 - X.1599: Cybersecurity information exchange​ Focused on exchanging information between actors in a secure manner​ X.1600 - X.1699: Cloud computing security​ Security topics specifically related to cloud environments​


Related study sets

Chapter 14: DNA: The Genetic Material (bio 1510) 3/23/21

View Set

Chapter 21: The Child with Respiratory Dysfunction

View Set

Hosea 1 - Flashcard MC questions - Ted Hildebrandt

View Set

Chapter 56: Management of Patients with Dermatologic Disorders and Wounds

View Set

RN Adult Medical Surgical Online Practice 2023 B

View Set

psyc 2140 Dr. Freida final CH 10 & 11

View Set

Pharm Ch20: Anxiolytic/Hypnotics

View Set