ISO/IEC TR 19791:2010
Current
The latest, up-to-date edition.
Information technology Security techniques Security assessment of operational systems
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
22-03-2010
ISO/IEC TR 19791:2010 provides guidance and criteria for the security evaluation of operational systems. It provides an extension to the scope of ISO/IEC 15408 by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required address evaluation of the operational environment surrounding the target of evaluation, and the decomposition of complex operational systems into security domains that can be separately evaluated.
ISO/IEC TR 19791:2010 provides:
- a definition and model for operational systems;
- a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such operational systems;
- a methodology and process for performing the security evaluation of operational systems;
- additional security evaluation criteria to address those aspects of operational systems not covered by the ISO/IEC 15408 evaluation criteria.
ISO/IEC TR 19791:2010 permits the incorporation of security products evaluated against ISO/IEC 15408 into operational systems evaluated as a whole using ISO/IEC TR 19791:2010.
ISO/IEC TR 19791:2010 is limited to the security evaluation of operational systems and does not consider other forms of system assessment. It does not define techniques for the identification, assessment and acceptance of operational risk.
DocumentType |
Standard
|
Pages |
235
|
PublisherName |
International Organization for Standardization
|
Status |
Current
|
Supersedes |
Standards | Relationship |
NEN NPR ISO/IEC TR 19791 : 2010 | Identical |
UNE-ISO/IEC TR 19791:2013 IN | Identical |
INCITS/ISO/IEC TR 19791 : 2015 | Identical |
INCITS/ISO/IEC TR 19791:2010(R2020) | Identical |
PD ISO/IEC TR 19791:2006 | Identical |
PD ISO/IEC TR 19791:2010 | Identical |
18/30361485 DC : 0 | BS ISO/IEC 19896-3 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - COMPETENCE REQUIREMENTS FOR INFORMATION SECURITY TESTERS AND EVALUATORS - PART 3: KNOWLEDGE, SKILLS AND EFFECTIVENESS REQUIREMENTS FOR ISO/IEC 15408 EVALUATORS |
12/30204847 DC : 0 | BS ISO/IEC 29147 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - VULNERABILITY DISCLOSURE |
CSA TELECOM ORGANIZATIONS PACKAGE : 2018 | CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR |
PD ISO/IEC TR 15443-1:2012 | Information technology. Security techniques. Security assurance framework Introduction and concepts |
PD ISO/IEC/TR 15026-1:2010 | Systems and software engineering. Systems and software assurance Concepts and vocabulary |
UNE-EN 61508-1:2011 | Functional safety of electrical/electronic/programmable electronic safety-related systems -- Part 1: General requirements |
BS EN 61508-1:2010 | Functional safety of electrical/electronic/ programmable electronic safety-related systems General requirements |
BS ISO/IEC 15408-1:2009 | Information technology. Security techniques. Evaluation criteria for IT Security Part 1: Introduction and general model |
11/30168516 DC : 0 | BS ISO/IEC 27032 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR CYBERSECURITY |
08/30133461 DC : 0 | ISO/IEC 27003 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE |
CEI EN 61508-1 : 2011 | FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS - PART 1: GENERAL REQUIREMENTS |
CSA ISO/IEC 15408-1 : 2010 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - EVALUATION CRITERIA FOR IT SECURITY - PART 1: INTRODUCTION AND GENERAL MODEL |
INCITS/ISO/IEC 15408-1 : 2012 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - EVALUATION CRITERIA FOR IT SECURITY - PART 1: INTRODUCTION AND GENERAL MODEL |
BS ISO/IEC 29147:2014 | Information technology. Security techniques. Vulnerability disclosure |
CSA ISO/IEC TR 15026-1 : 2013 | SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
ISO/IEC TR 15026-1:2010 | Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary |
CSA ISO/IEC 15026-1 : 2015 | SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
08/30193508 DC : DRAFT NOV 2008 | BS EN 61508-1 - FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS - PART 1: GENERAL REQUIREMENTS |
EN 50657:2017 | Railways Applications - Rolling stock applications - Software on Board Rolling Stock |
BS EN 50657:2017 | Railways Applications. Rolling stock applications. Software on Board Rolling Stock |
BS ISO/IEC 27032:2012 | Information technology. Security techniques. Guidelines for cybersecurity |
ISO/IEC 15026-1:2013 | Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary |
ISO/IEC TR 15443-3:2007 | Information technology Security techniques A framework for IT security assurance Part 3: Analysis of assurance methods |
ISO/IEC 20248:2018 | Information technology Automatic identification and data capture techniques Data structures Digital signature meta structure |
ISO/IEC TR 15443-1:2012 | Information technology Security techniques Security assurance framework Part 1: Introduction and concepts |
ISO/IEC 27032:2012 | Information technology — Security techniques — Guidelines for cybersecurity |
CSA INFORMATION SECURITY PACKAGE : 2018 | CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION |
BS ISO/IEC 15026-1:2013 | Systems and software engineering. Systems and software assurance Concepts and vocabulary |
13/30268559 DC : 0 | BS ISO/IEC 15026-1 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
CSA ISO/IEC 15408-1 : 2010 : R2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - EVALUATION CRITERIA FOR IT SECURITY - PART 1: INTRODUCTION AND GENERAL MODEL |
I.S. EN 61508-1:2010 | FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS - PART 1: GENERAL REQUIREMENTS |
GS ISI 001-2 : 1.1.2 | INFORMATION SECURITY INDICATORS (ISI); INDICATORS (INC); PART 2: GUIDE TO SELECT OPERATIONAL INDICATORS BASED ON THE FULL SET GIVEN IN PART 1 |
CSA ISO/IEC TR 15443-1 : 2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY ASSURANCE FRAMEWORK - PART 1: INTRODUCTION AND CONCEPTS |
ISO/IEC 29147:2014 | Information technology Security techniques Vulnerability disclosure |
IEC 61508-1:2010 | Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements (see Functional Safety and IEC 61508) |
PD ISO/IEC TR 15443-3:2007 | Information technology. Security techniques. A framework for IT security assurance Analysis of assurance methods |
I.S. EN 50657:2017 | RAILWAYS APPLICATIONS - ROLLING STOCK APPLICATIONS - SOFTWARE ON BOARD ROLLING STOCK |
CAN/CSA-C22.2 NO. 61508-1:17 | Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 1: General requirements (Adopted IEC 61508-1:2010, second edition, 2010-04, with Canadian deviations) | Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques programmables relatifs à la sécurité — Partie 1 : Exigences générales (norme IEC 61508-1:2010 adoptée, deuxième édition, 2010-04, avec exigences propres au Canada) |
ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
IEEE/ISO/IEC 15026-1-2014 | IEEE Standard Adoption of ISO/IEC 15026-1--Systems and Software Engineering--Systems and Software Assurance--Part 1: Concepts and Vocabulary |
EN 61508-1:2010 | Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements |
CSA ISO/IEC 27003 : 2010 : R2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE |
CSA ISO/IEC 27003 : 2010 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE |
ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/IEC 21827:2008 | Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®) |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
ISO/IEC TR 15446:2017 | Information technology Security techniques Guidance for the production of protection profiles and security targets |
ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
ISO/IEC 18045:2008 | Information technology — Security techniques — Methodology for IT security evaluation |
ISO Guide 73:2009 | Risk management — Vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.