Difference between revisions of "IoTSec:Security and Privacy Functionality"

From its-wiki.no

Jump to: navigation, search
m (Security, Privacy and Dependability Functionality)
 
(11 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
The starting point for the security listing is the representation of [[System of Systems]] through the [[Multi-Metrics analysis]]. Applications running on the systems typically have functional and non-functional requirements, which also addresses security and privacy requirements.   
 
The starting point for the security listing is the representation of [[System of Systems]] through the [[Multi-Metrics analysis]]. Applications running on the systems typically have functional and non-functional requirements, which also addresses security and privacy requirements.   
  
The page is exported from see [[File:SPD_Functionality.doc]]  
+
The security functionality is available:
 +
* as [https://webprotege.stanford.edu/#projects/f3ce3328-fe4a-406b-a3ea-7908666c7642 ontology through WebProtege (login required)] in
 +
*  [[Media:IoT_SecPrivFunc_LifeMap_v2.pdf|IoT Security and Privacy Functionality Life Map (.pdf)]]
 +
[[File:IoT_Security_and_Privacy_Functionality.png|600px|Security, privacy and dependability functionality (Orig:Owncloud)]]<br/>
 +
Link: owncloud = IoTSec-IKTPluss =  IoT_SecPrivFunc_LifeMap_v2.xmind
  
[[File:Security-Privacy-Dependability_Functionality.png|900px|Security, privacy and dependability functionality (Orig:Owncloud)]]<br/>
+
[[File:Operations_Security.png|800px]]
Link: https://owncloud.unik.no/index.php/apps/files/ajax/download.php?dir=%2F1-Projects%2FIoTSec-IKTPluss&files=SPD-Functionality.xmind
+
  
== Security and Privacy Functionality paragraphs ==
+
[[File:Dev_Maint_Audit_Security.png|800px]]
1. security management
+
:1.1. Intrusion detection system
+
::1.1.1. Intrusion prevention
+
::1.1.2. Monitoring, Log handling
+
:: 1.1.3. Auditing
+
  
:1.2. Policy
+
[[File:Decommissioning_Security.png|600px]]
:: 1.2.1. Time-out
+
:: 1.2.2. Data-rate
+
::1.2.3. Backup
+
::1.2.4. Update
+
::1.2.5. Encryption
+
:1.3. user data protection
+
  
:1.4. physical security
+
[[File:Security_Mechanisms.png|800px]]
::1.4.1. Physical authentication
+
::1.4.2. Physical DoS protection
+
  
:1.5. certificate handling
+
[[File:Human_Resource_Security.png|800px]]
:: 1.5.1. digital signature
+
  
:1.6. accountability
+
[[File:Physical_Environmental_Security.png|800px]]
::1.6.1. non-repudiation
+
  
2. hardening
+
[[File:Privacy_Protection.png|800px]]
:2.1. PC hardening
+
 
:: 2.1.1. Patch Windows/Mac automatically
+
 
::2.1.2. Strong passwords/ pass phrases
+
== Security and Privacy Functionality paragraphs ==
:::disable unused
+
*  [[Media:IoT_SecPrivFunc_LifeMap_v2.pdf|IoT Security and Privacy Functionality Life Map (.pdf)]]
:::user accounts
+
::2.1.3. Anti virus/Anit spyware
+
::2.1.4. Firewall
+
::2.1.5. Do not open
+
:::suspicious email
+
:::free software (handle with care)
+
::2.1.6. Disable file/ printer sharing
+
::2.1.7. Lock PC when away
+
  
:2.2. IoT hardening
+
== Related Standards ==
  
:2.3. Protection against
+
* ISO 27000: Overview and Vocabulary (2014)
::2.3.1. Electromagnetic interference (EMI)
+
* ''Seraj'' ISO 27001: ISMS Requirements (2013)  
::2.3.2. Electromagnetic Pulse (EMP)
+
* ''Toktam'' ISO 27002: Code of Practice (2013)
 +
* ''Elahe'' ISO 27003: ISMS Implementation Guidance (2010)
  
3. access control
+
:3.1. remote access
+
* ''Seraj'' ISO 27004: ISM Measurement (2009)
:3.2. Service access control (Firewall)
+
* ''Toktam'' ISO 27005: InfoSec Risk Management (2011)
:3.3. identification
+
* ''Elahe'' ISO 27006: Requirements for Bodies Providing Audit and Certification of ISMS (2011)
:3.4. authentication
+
::3.4.1. Password-based  authentication
+
:: 3.4.2. Biometric authentication
+
::3.4.3. Card or Device authentication
+
::3.4.4. Digital signature authentication
+
:: 3.5. authorization
+
  
4. secured communication
+
* ''Seraj'' ISO 27007 – 27008: Guidelines for Auditing InfoSec Controls (2011)
:4.1. trusted path (tunnel, VPN)
+
* ''Toktam'' ISO 27014: Governance of InfoSec (2013)
:4.2. session encryption
+
* ''Elahe'' ISO 27015: ISM Guidelines for Financial Services (2012) ‐ http://www.iso.org
:4.3. mutual authentication
+
  
5. resource management
+
* ISO 31000 - Risk management
:5.1. upgradability
+
::5.1.1. security updates
+
:5.2. resource utilisation
+
::5.2.1. least privilege
+
:5.3. sec/priv configurability
+
::5.3.1. transparency
+
:5.4. redundancy
+
:: 5.4.1. continuity
+
:5.5. Secure boot
+
:5.6. Protection
+
::5.6.1. Memory
+
::5.6.2. Integrity
+
:5.7. Root of trust
+
:5.8. Protection against
+
::5.8.1. Denial of Service (DoS)
+
::5.8.2. Anti-reply
+
::5.8.3. Traffic analysis
+

Latest revision as of 00:39, 6 February 2020

Security in IoT for Smart Grids
Home Research Security Centre Publications Student corner About
English-Language-icon.png

Security, Privacy and Dependability Functionality

Keywords: Security, Privacy, Dependability, Security Functionality

The starting point for the security listing is the representation of System of Systems through the Multi-Metrics analysis. Applications running on the systems typically have functional and non-functional requirements, which also addresses security and privacy requirements.

The security functionality is available:

Security, privacy and dependability functionality (Orig:Owncloud)
Link: owncloud = IoTSec-IKTPluss = IoT_SecPrivFunc_LifeMap_v2.xmind

Operations Security.png

Dev Maint Audit Security.png

Decommissioning Security.png

Security Mechanisms.png

Human Resource Security.png

Physical Environmental Security.png

Privacy Protection.png


Security and Privacy Functionality paragraphs

Related Standards

  • ISO 27000: Overview and Vocabulary (2014)
  • Seraj ISO 27001: ISMS Requirements (2013)
  • Toktam ISO 27002: Code of Practice (2013)
  • Elahe ISO 27003: ISMS Implementation Guidance (2010)


  • Seraj ISO 27004: ISM Measurement (2009)
  • Toktam ISO 27005: InfoSec Risk Management (2011)
  • Elahe ISO 27006: Requirements for Bodies Providing Audit and Certification of ISMS (2011)
  • Seraj ISO 27007 – 27008: Guidelines for Auditing InfoSec Controls (2011)
  • Toktam ISO 27014: Governance of InfoSec (2013)
  • Elahe ISO 27015: ISM Guidelines for Financial Services (2012) ‐ http://www.iso.org
  • ISO 31000 - Risk management
Retrieved from "https://its-wiki.no/index.php?title=IoTSec:Security_and_Privacy_Functionality&oldid=43606"