Progress Report on Security Testing Case Studies and Terminology

To assemble case study experiences related to security testing, collect basic terminology and ontology for security testing, and provide guidance on risk-based security testing. The document also discusses security assurance lifecycle activities, methods for testing and specification, and progress updates on the security assurance lifecycle. It includes details on aligning with relevant standards, restructuring documents, and introducing new features for each workstream. Potential next steps and open issues are outlined for final review and approval.

• Security Testing
• Case Studies
• Risk-based Testing
• Security Assurance
• Terminology

meil_9 Follow

Uploaded on Mar 11, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. SECURITY SIG IN MTS 10TH MAY 2016 PROGRESS REPORT MTS #68 Fraunhofer FOKUS

2. MTS SECURITY SIG Work Items Case Studies: To assemble case study experiences related to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication Terminology: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. TR 101 583 Terminology Security Assurance Life Cycle: Guidance to the application system designers in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the system's security measures. Risk-based Security Testing: Describes a set of methodologies that combine risk assessment and testing. The methodologies are based on standards like ISO 31000 and IEEE 829/29119 TR 101 582 Case Studies EG 203 250 EG 203 251 Security Assurance Lifecycle Risk-based Security Testing TC MTS Security SIG Update 2016-01-27

3. EG 203 250: Security Assurance Lifecycle Document Reference DEG 203 250 Document Title Methods for Testing and Specification (MTS); Security Assurance Activities in the System Lifecycle Document Purpose The present document gives guidance to the product and/or system development and deployment communities as to activities required to achieve appropriate security assurance. It provides an high level guidance as to how security assurance fits into a system lifecycle in such a way as to maximise the overall product and/or system s security. Document Status Draft v0.0.16 (2016-05) 3 TC MTS Security SIG Update 2016-01-27

4. EG 203 250: Security Assurance Lifecycle -- Progress Document Progress 1. Design section of Life Cycle drafted 2. TVRA parts reduced 3. Aligned with TR 101583 4. Restructuring of document after review 5. Introduced Demonstration of Fulfillment for each Sections 6-9 6. Alignment of diagrams and processing of comments from J rgen/Milan 7. Amplifying guidance in Security Activities section for each of the workstreams 8. Introducing the SFDs for each of the workstreams 9. Simplification of language Next steps/open issues Final review TB approval planned for Summer 2016 4 TC MTS Security SIG Update 2016-01-27

5. Linking with ITU-T SG17 Approva l process Agreem ent Liaison relationshi p Questio n Status Timing Version Subject / Title Priority Work item Technical Report on the successful use of security standards Security reference architecture for lifecycle management of e-commerce business data Information technology - Security techniques - Code of practice for Personally Identifiable Information protection Information security management guidelines for small and medium telecommunication organizations Security assessment techniques in telecommunication/ICT networks X.TRsuss Q1/17 Under study 2016-09 New - ISO/IEC JTC 1/SC 27 High X.salcm Q2/17 Under study 2017-10 AAP New Low ISO/IEC JTC 1/SC 27 X.gpim Q3/17 Under study 2016-09 TAP New High X.sgsm Q3/17 Under study 2017-03 AAP New - Low X.samtn X.iotsec-2 Q4/17 Under study 2017-10 TAP New - Low Q6/17 Under study 2018-02 TAP New - Security framework for Internet of Things Security guidelines for V2X communication systems Security framework and requirements for open capabilities of telecommunication services Low X.itssec-2 Q6/17 Under study 2017-03 TAP New - Low X.websec-6 X.1641 (ex X.CSCDataSec) Q8/17 Q7/17 Under study 2017-10 AAP New - Low Determined 2016-03-23 2016-09 Guidelines for cloud service customer data security Security requirements of public infrastructure as a service (IaaS) in cloud computing Mediu m TAP New - X.SRIaaS Q8/17 Under study 2018-10 TAP New - Low 5 Security SIG in MTS, 4-5 October 2011

6. Group status/outlook Current active Security SIG members: J rgen and Ian, both with limited resources Study Period Report Automation of Security Testing (Doc#21) with no progress Finalize EG 203250 in the next month Suspend Security SIG (after publication of EG 203250) Long term: find a way to attract people to join 6 TC MTS Security SIG Update 2016-01-27