SR 002 298 : 1.1.1
Current
The latest, up-to-date edition.
RESPONSE FROM CEN AND ETSI TO THE "COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS: NETWORK AND INFORMATION SECURITY: PROPOSAL FOR A EUROPEAN POLICY APPROACH"
Hardcopy , PDF
English
Intellectual Property Rights
Foreword
1 Scope
2 References
3 Definitions and abbreviations
3.1 Definitions
3.2 Abbreviations
4 Introduction
5 Network and information security
5.1 Definition used in the present document
5.2 Other "real world" issues not covered
6 Electronic business and other contexts
7 The structure of the present document
8 CEN and ETSI response to proposed actions
8.1 Awareness raising
8.2 Technology support
8.3 Support for market oriented standardization and
certification
8.4 International co-operation
9 User requirements
9.1 Home users
9.2 Small and medium enterprises
9.3 Large organizations and industries
9.4 Recommendations
10 General threats to network and information security
11 Registration and authentication services
11.1 Security measures
11.2 Passwords
11.3 Biometrics
11.4 Digital certificates
11.5 Smart cards
11.6 Recommendations
12 Confidentiality and privacy services
12.1 Security measures
12.2 Encryption of stored information
12.3 Electronic mail encryption
12.4 Network encryption
12.5 Cryptographic algorithms
12.6 Object re-use policy
12.7 Recommendations
13 Trust services
13.1 Security measures
13.2 Electronic signatures
13.3 Hash functions
13.4 Time-stamping
13.5 Non-repudiation
13.6 Public Key Infrastructures (PKI)
13.7 Harmonization of trust services
13.8 Recommendations
14 Business services
14.1 Security measures
14.2 Failure impact analysis
14.3 Capacity planning
14.4 Business continuity planning
14.5 Configuration management
14.6 Checksums and cyclic redundancy checks
14.7 Recommendations
15 Network defence services
15.1 Security measures
15.2 Recommendations
16 Assurance services
16.1 Security measures
16.2 Risk assessment
16.3 Evaluation
16.4 Certification
16.5 Information security management standards
16.6 Accreditation bodies
16.7 Recommendations
Annex A: Standards for registration and authentication services
A.1 General authentication standards
A.2 Passwords
A.3 Biometrics
A.4 Digital certificates
A.5 Smart Cards
Annex B: Standards for Confidentiality and privacy services
B.1 Encryption
B.2 Public Key Infrastructure
Annex C: Standards for Trust Services
C.1 Electronic signatures
C.2 Public Key Infrastructure
C.3 Hash functions
C.4 Time-stamping
C.5 Non-repudiation
C.6 Key management
Annex D: Standards for Business Services
Annex E: Standards for Network Defence Services
E.1 Anti-virus
E.2 Firewalls
E.3 Intrusion detection
E.4 General Network Security
Annex F: Standards for Assurance services
F.1 Information security management and risk assessment
F.2 Accreditation and certification
F.3 Evaluation
Annex G: Standards for Microprocessor Control of Domestic Equipment
G.1 International Organization for Standardization and
Electrotechnical Commission (ISO/IEC)
G.2 Other work
History
Suggests actions on both the ESOs and on industry standards bodies that when undertaken will improve the availability of secure electronic communication, including e-commerce and the exchange of information within a European environment and beyond.
Committee |
BOARD
|
DocumentType |
Standard
|
Pages |
75
|
PublisherName |
European Telecommunications Standards Institute
|
Status |
Current
|
SR 002 211 : 2.1.2 | ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES; CANDIDATE LIST OF STANDARDS AND/OR SPECIFICATIONS IN ACCORDANCE WITH ARTICLE 17 OF DIRECTIVE 2002/21/EC |
ISO/IEC 18014-2:2009 | Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens |
ETR 336 : 20001 | TELECOMMUNICATION MANAGEMENT NETWORK (TMN) |
ISO/IEC TR 13335-2:1997 | Information technology Guidelines for the management of IT Security Part 2: Managing and planning IT Security |
ISO Guide 72:2001 | Guidelines for the justification and development of management system standards |
ISO/IEC TR 13335-3:1998 | Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security |
TS 102 023 : 1.2.2 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR TIME-STAMPING AUTHORITIES |
ISO/IEC TR 13335-4:2000 | Information technology Guidelines for the management of IT Security Part 4: Selection of safeguards |
ISO/IEC 18014-1:2008 | Information technology Security techniques Time-stamping services Part 1: Framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.