Skip to content
Please enter a keyword to search

  • ISO/IEC TR 19791:2010

    Current The latest, up-to-date edition.

    Information technology Security techniques Security assessment of operational systems

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  22-03-2010

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO/IEC TR 19791:2010 provides guidance and criteria for the security evaluation of operational systems. It provides an extension to the scope of ISO/IEC 15408 by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required address evaluation of the operational environment surrounding the target of evaluation, and the decomposition of complex operational systems into security domains that can be separately evaluated.

    ISO/IEC TR 19791:2010 provides:

    1. a definition and model for operational systems;
    2. a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such operational systems;
    3. a methodology and process for performing the security evaluation of operational systems;
    4. additional security evaluation criteria to address those aspects of operational systems not covered by the ISO/IEC 15408 evaluation criteria.

    ISO/IEC TR 19791:2010 permits the incorporation of security products evaluated against ISO/IEC 15408 into operational systems evaluated as a whole using ISO/IEC TR 19791:2010.

    ISO/IEC TR 19791:2010 is limited to the security evaluation of operational systems and does not consider other forms of system assessment. It does not define techniques for the identification, assessment and acceptance of operational risk.

    General Product Information - (Show below) - (Hide below)

    Document Type Standard
    Publisher International Organization for Standardization
    Status Current
    Supersedes

    Standards Referenced By This Book - (Show below) - (Hide below)

    18/30361485 DC : 0 BS ISO/IEC 19896-3 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - COMPETENCE REQUIREMENTS FOR INFORMATION SECURITY TESTERS AND EVALUATORS - PART 3: KNOWLEDGE, SKILLS AND EFFECTIVENESS REQUIREMENTS FOR ISO/IEC 15408 EVALUATORS
    12/30204847 DC : 0 BS ISO/IEC 29147 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - VULNERABILITY DISCLOSURE
    CSA TELECOM ORGANIZATIONS PACKAGE : 2018 CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR
    PD ISO/IEC TR 15443-1:2012 Information technology. Security techniques. Security assurance framework Introduction and concepts
    PD ISO/IEC/TR 15026-1:2010 Systems and software engineering. Systems and software assurance Concepts and vocabulary
    UNE-EN 61508-1:2011 Functional safety of electrical/electronic/programmable electronic safety-related systems -- Part 1: General requirements
    BS EN 61508-1:2010 Functional safety of electrical/electronic/ programmable electronic safety-related systems General requirements
    BS ISO/IEC 15408-1:2009 Information technology. Security techniques. Evaluation criteria for IT security Introduction and general model
    11/30168516 DC : 0 BS ISO/IEC 27032 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR CYBERSECURITY
    08/30133461 DC : 0 ISO/IEC 27003 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE
    CEI EN 61508-1 : 2011 FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS - PART 1: GENERAL REQUIREMENTS
    CSA ISO/IEC 15408-1 : 2010 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - EVALUATION CRITERIA FOR IT SECURITY - PART 1: INTRODUCTION AND GENERAL MODEL
    INCITS/ISO/IEC 15408-1 : 2012 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - EVALUATION CRITERIA FOR IT SECURITY - PART 1: INTRODUCTION AND GENERAL MODEL
    BS ISO/IEC 29147:2014 Information technology. Security techniques. Vulnerability disclosure
    CSA ISO/IEC TR 15026-1 : 2013 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
    ISO/IEC TR 15026-1:2010 Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary
    CSA ISO/IEC 15026-1 : 2015 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
    08/30193508 DC : DRAFT NOV 2008 BS EN 61508-1 - FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS - PART 1: GENERAL REQUIREMENTS
    EN 50657:2017 Railways Applications - Rolling stock applications - Software on Board Rolling Stock
    BS EN 50657:2017 Railways Applications. Rolling stock applications. Software on Board Rolling Stock
    BS ISO/IEC 27032:2012 Information technology. Security techniques. Guidelines for cybersecurity
    CSA ISO/IEC 27003 : 2010 : R2015 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE
    ISO/IEC 15026-1:2013 Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary
    ISO/IEC TR 15443-3:2007 Information technology Security techniques A framework for IT security assurance Part 3: Analysis of assurance methods
    ISO/IEC 20248:2018 Information technology Automatic identification and data capture techniques Data structures Digital signature meta structure
    ISO/IEC TR 15443-1:2012 Information technology Security techniques Security assurance framework Part 1: Introduction and concepts
    ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cybersecurity
    CSA INFORMATION SECURITY PACKAGE : 2018 CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION
    BS ISO/IEC 15026-1:2013 Systems and software engineering. Systems and software assurance Concepts and vocabulary
    13/30268559 DC : 0 BS ISO/IEC 15026-1 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
    CSA ISO/IEC 15408-1 : 2010 : R2015 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - EVALUATION CRITERIA FOR IT SECURITY - PART 1: INTRODUCTION AND GENERAL MODEL
    CSA ISO/IEC 27003 : 2010 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE
    I.S. EN 61508-1:2010 FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS - PART 1: GENERAL REQUIREMENTS
    GS ISI 001-2 : 1.1.2 INFORMATION SECURITY INDICATORS (ISI); INDICATORS (INC); PART 2: GUIDE TO SELECT OPERATIONAL INDICATORS BASED ON THE FULL SET GIVEN IN PART 1
    CSA ISO/IEC TR 15443-1 : 2015 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY ASSURANCE FRAMEWORK - PART 1: INTRODUCTION AND CONCEPTS
    ISO/IEC 29147:2014 Information technology Security techniques Vulnerability disclosure
    IEC 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements (see Functional Safety and IEC 61508)
    PD ISO/IEC TR 15443-3:2007 Information technology. Security techniques. A framework for IT security assurance Analysis of assurance methods
    I.S. EN 50657:2017 RAILWAYS APPLICATIONS - ROLLING STOCK APPLICATIONS - SOFTWARE ON BOARD ROLLING STOCK
    CAN/CSA-C22.2 NO. 61508-1:17 Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 1: General requirements (Adopted IEC 61508-1:2010, second edition, 2010-04, with Canadian deviations) | Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques programmables relatifs à la sécurité — Partie 1 : Exigences générales (norme IEC 61508-1:2010 adoptée, deuxième édition, 2010-04, avec exigences propres au Canada)
    ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
    IEEE/ISO/IEC 15026-1-2014 IEEE Standard Adoption of ISO/IEC 15026-1--Systems and Software Engineering--Systems and Software Assurance--Part 1: Concepts and Vocabulary
    EN 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
    ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    ISO/IEC 21827:2008 Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM)
    ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
    ISO/IEC TR 15446:2017 Information technology Security techniques Guidance for the production of protection profiles and security targets
    ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
    ISO/IEC 18045:2008 Information technology — Security techniques — Methodology for IT security evaluation
    ISO Guide 73:2009 Risk management — Vocabulary
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective