Secure Computing Chapter 12
The IEEE is an international nonprofit organization that focuses on ___________
developing and distributing standards that relate to electricity and electronics.
Internet Engineering Task Force (IETF)
develops and promotes Internet standards and is an open organization.
To ensure international acceptance and maximum usage of its standards, the IEC _____________
encourages participation from as many countries as possible.
Internet Architecture Board (IAB)
is a subcommittee of the IETF. Is composed of independent researchers and professionals who have a technical interest in the well-being of the Internet
ISO 17799
is an international security standard. This standard documents a comprehensive set of controls that represent best practices in information systems.
National Institute of Standards and Technology (NIST)
maintains the atomic clock that keeps the United States' official tim
ANSI's goal is to _______________
strengthen the U.S. marketplace within the global economy
the Institute of Electrical and Electronics Engineers (IEEE)
"the world's largest professional association for the advancement of technology"
National Institute of Standards and Technology (NIST)
A federal agency within the U.S. Department of Commerce.
Baldrige National Quality Program
A national program that empowers and encourages excellence among U.S. organizations, including manufacturers, service organizations, educational institutions, health care providers, and nonprofit organizations. It also strives to increase quality and recognize organizations that achieve quality goals
Which standards organization publishes American Standard FORTRAN?
ANSI
One of the leading standards agencies on the United States is the _________________
American National Standards Institute (ANSI)
Internet Architecture Board (IAB)
Architecture for Internet protocols and procedures, Processes used to create standards, Editorial and publication procedures for RFCs, Confirmation of IETF chair and technical area directors
A-I-C Triad
Availability, Integrity, and Confidentiality.
The earliest digital computers were the result of experimental standards.
False
Which standards organization formed in 1906 and handles standards for batteries?
IEC
The _______________ is the world's largest professional association for the advancement of technology.
IEEE
The best-known standard that relates to information security is the ____________
IEEE 802 LAN/MAN standard family
RFCs may originate with other organizations
IETF creates only some RFCs. Others may come from independent sources, the IAB. or the Internet Research Task Force (IRTF).
Which standards organization's name derives from the Greek word for "equal"?
ISO
NIST Laboratories
Laboratories that conduct research to advance the United States' technology infrastructure. The nation's industry uses this infrastructure to improve the quality of products and services.
Which of the following is the most well-known ISO standard?
OSI reference model
Only some RFCs are standards
Only RFCs that open with phrases like "This document specifies ..." or "This memo documents ..." should be considered standards or normative documents.
What is the best-known ISO standard?
Open Systems Interconnection (OSI)
RFCs that define formal standards have four stages:
Proposed Standard (PS), Draft Standard (DS), Standard (STD), Best Current Practice (BCP).
National Institute of Standards and Technology (NIST)
Provides standards for measurement and technology on which nearly all computing devices rely
ANSI C
Published by ANSI, this is a standard version of the programming language C in 1989.
switching and signaling recommendations are in the _________ series
Q
IS0 17799 consists of two separate parts:
The ISO 17799 code of practice and the BS 17799-2 specification for an information security management system.
Best Current Practice (BCP)
The alternative method used to document operational specifications that are not formal standards
Standard (STD)
The final stage of a standard, after it has been shown to be widely adopted and deployed
American Standard FORTRAN
The first standard programming language.
Proposed Standard (PS)
The initial official stage of a standard
World Wide Web Consortium (W3C)
The main international standards organization for the World Wide Web.
Draft Standard (DS)
The second stage of a standard, after participants have demonstrated that the standard has been deployed in working environments
ISO/IEC 27002
The standard directs its recommendations to management and security personnel responsible for information security management systems.
ITU-T Recommendation X.509
X.509 is a recommendation for a public key infrastructure (PKI) that addresses single sign-on (SSO) capability and Privilege management infrastructure (PMI). The recommendation defines standard formats for public key certificates, certificate-management capabilities, attribute certificates, and a certification path validation algorithm.
ITU-T divides its recommendations into _________ separate series.
26
International Telecommunication Union (ITU)
A United Nations agency. It is responsible for managing and promoting information and technology issues.
Technology Innovation Program
Another national program that offers awards to organizations and universities to support potentially revolutionary technologies that apply to critical needs of national interest.
RFCs never change
Any changes to an RFC get a new number and become a new RFC. Always look for the latest RFC, because previous documents may be out of date.
Standards the W3C has developed or endorsed include the following:
Cascading Style Sheets (CSS), Common Gateway Interface (CGI), Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Extensible Markup Language (XML)
International Organization for Standardization (ISO)
It is a nongovernmental international organization. Its goal is to develop and publish international standards. ISO, based in Geneva. Switzerland, is a network of 163 national standards institutes. ISO serves as a bridge between the public and private sectors. Its goals are to develop standards that do not cater to either group exclusively, but reach consensus.
National Institute of Standards and Technology (NIST)
Maintains a list of standards and publications of general interest to the computer- security community.
NIST executes its primary mission through four cooperative programs
NIST Laboratories, Baldrigde National Quality Program, Hollings Manufacturing Extension Partnership, and Technology Innovation Program.
The IETF produces documents called ________.
Request for Comments (RFCs)
ISO/IEC 27007 expands on ISO 17799 by adding two new sections, dividing the new standard into 12 major sections.
Risk Assessment, Security Policy, Organization of Information Security, Asset Management, Human Resources Security, Physical and Environmental Security, Communications and Operations Management, Access Control, Information Systems Acquisition Development and Maintenance, Information Security Incident Management, Business Continuity Management, and Compliance.
The ISO divides the 17799 standard into 10 major sections:
Security policy, Security Organization, Asset Classification and Control, Personnel Security, Physical and Environmental Security, Communications and Operations Management, Access Control, System Development and Maintenance, Business Continuity Management, and Compliance
The IETF primarily focuses on standards of the________Internet protocol suite.
TCP/IP
The IETF works closely with the W3C and ISO/IEC, focusing primarily on standards of the ____________
TCP/IP or Internet protocol suite
Hollings Manufacturing Extension Partnership
This partnership is a network of centers around the nation that offer technical and business assistance to small and medium-sized manufacturers.
Which standards organization publishes standards such as CGI. HTML, and XML
W3C
Data networks, open systems communications, and security recommendations are in the ________ series
X
ITU-T Recommendation X.25
X.25 describes a protocol suite for a packet-switched wide area network communication. X.25 is a Layer 3 (Network layer) protocol that provides a resilient w id e area network. Although X.25 is still in use today, most wide area networks use the IP protocol
Three recommendations of particular interest in information security are:
X.25, X.75, and X.509
ITU-T Recommendation X.75
X.75 describes the protocol for connecting two X.25 networks. It defines the requirements for the interface between data communication equipment (DCE) units in a network.
Requests for Com m ents (RFCs)
a series of documents that range from simple memos to standards documents.
ANSI standards cover such business sectors as
acoustical devices, construction equipment, dairy and livestock production, and energy distribution.
ANSI code
code is a standard that defines a set of values used to represent characters in computers. A standard is necessary to enable multiple computers to share data and communicate with each other.
The NIST Special Publications 800 series
contains many standards that provide guidance for information systems security activities.
Today, ANSI is composed of
government agencies, organizations, educational institutions, and individuals.
Internet Architecture Board (IAB) provides much of the ____________
high-level management and validation of the processes of conducting IETF business.
The main purpose of ISO 17799 is to:
is an international security standard. This standard documents a comprehensive set of controls that represent best practices in information systems.
PCI DSS
is an international standard for handling transactions involving payment cards
The stated purpose of the W3C is to ____________
is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth.
The oldest and most recognizable activity of the ITU is ____________
its work developing standards.
IEEE is also one of the _________ standards-producing organizations.
largest
ITU Telecommunication Sector (ITU-T) performs
performs all ITU standards work.
Transport layer (Layer 4)
provides error-free communications across a network. It also provides the connections needed by software functions in the Session layer (Layer 3). In addition, it calls functions in the Network layer (Layer 3), the next layer down, to send and receive packets that make up the contents of the network communication.
ITU-T calls the international standards it produces
recommendations
IEC is active in developing standards that support _____________
safety, performance, environmental responsibility, energy efficiency, and renewable energy sources and use.
Because the ITU-T is a United Nations agency, its standards carry
significant international weight
ANSI primarily addresses standards that support:
software development and computer system operation
Even though ITU-T calls its standards recommendations, they tend to carry
substantial authority
ITIJ-T also defines ____________
tariff and accounting principles for international telecommunication services.
ANSI oversees ______________
the creation, publication, and management of many standards and guidelines that directly affect businesses in nearly every sector.
The ITU-T is responsible for ensuring ____________
the efficient and effective production of standards covering all fields of telecommunications for all nations.
IETF focuses on _________
the engineering aspects of Internet communication and attempts to avoid policy and business questions.
International Electrotechnical Commission (IEC)
the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
