SR 002 298 : 1.1.1

Intellectual Property Rights
Foreword
1 Scope
2 References
3 Definitions and abbreviations
   3.1 Definitions
   3.2 Abbreviations
4 Introduction
5 Network and information security
   5.1 Definition used in the present document
   5.2 Other "real world" issues not covered
6 Electronic business and other contexts
7 The structure of the present document
8 CEN and ETSI response to proposed actions
   8.1 Awareness raising
   8.2 Technology support
   8.3 Support for market oriented standardization and
        certification
   8.4 International co-operation
9 User requirements
   9.1 Home users
   9.2 Small and medium enterprises
   9.3 Large organizations and industries
   9.4 Recommendations
10 General threats to network and information security
11 Registration and authentication services
   11.1 Security measures
   11.2 Passwords
   11.3 Biometrics
   11.4 Digital certificates
   11.5 Smart cards
   11.6 Recommendations
12 Confidentiality and privacy services
   12.1 Security measures
   12.2 Encryption of stored information
   12.3 Electronic mail encryption
   12.4 Network encryption
   12.5 Cryptographic algorithms
   12.6 Object re-use policy
   12.7 Recommendations
13 Trust services
   13.1 Security measures
   13.2 Electronic signatures
   13.3 Hash functions
   13.4 Time-stamping
   13.5 Non-repudiation
   13.6 Public Key Infrastructures (PKI)
   13.7 Harmonization of trust services
   13.8 Recommendations
14 Business services
   14.1 Security measures
   14.2 Failure impact analysis
   14.3 Capacity planning
   14.4 Business continuity planning
   14.5 Configuration management
   14.6 Checksums and cyclic redundancy checks
   14.7 Recommendations
15 Network defence services
   15.1 Security measures
   15.2 Recommendations
16 Assurance services
   16.1 Security measures
   16.2 Risk assessment
   16.3 Evaluation
   16.4 Certification
   16.5 Information security management standards
   16.6 Accreditation bodies
   16.7 Recommendations
Annex A: Standards for registration and authentication services
      A.1 General authentication standards
      A.2 Passwords
      A.3 Biometrics
      A.4 Digital certificates
      A.5 Smart Cards
Annex B: Standards for Confidentiality and privacy services
      B.1 Encryption
      B.2 Public Key Infrastructure
Annex C: Standards for Trust Services
      C.1 Electronic signatures
      C.2 Public Key Infrastructure
      C.3 Hash functions
      C.4 Time-stamping
      C.5 Non-repudiation
      C.6 Key management
Annex D: Standards for Business Services
Annex E: Standards for Network Defence Services
      E.1 Anti-virus
      E.2 Firewalls
      E.3 Intrusion detection
      E.4 General Network Security
Annex F: Standards for Assurance services
      F.1 Information security management and risk assessment
      F.2 Accreditation and certification
      F.3 Evaluation
Annex G: Standards for Microprocessor Control of Domestic Equipment
      G.1 International Organization for Standardization and
          Electrotechnical Commission (ISO/IEC)
      G.2 Other work
History

Suggests actions on both the ESOs and on industry standards bodies that when undertaken will improve the availability of secure electronic communication, including e-commerce and the exchange of information within a European environment and beyond.