ImageVerifierCode 换一换
格式:PDF , 页数:20 ,大小:953.10KB ,
资源ID:588456      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-588456.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 27038-2014 Information technology Security techniques Specification for digital redaction《信息技术 安全技术 数字编辑规范》.pdf)为本站会员(eveningprove235)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 27038-2014 Information technology Security techniques Specification for digital redaction《信息技术 安全技术 数字编辑规范》.pdf

1、BSI Standards PublicationBS ISO/IEC 27038:2014Information technology Security techniques Specification for digitalredactionCopyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS

2、BS ISO/IEC 27038:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO/IEC27038:2014.The UK participation in its preparation was entrusted to TechnicalCommittee IST/33, IT - Security techniques.A list of organizations represented on this committee can beobtained

3、 on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 71489 4ICS 35.040Compliance with a Briti

4、sh Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 31 March 2014.Amendments issued since publicationDate Text affectedCopyright British Standards Institution Provided by IHS under license w

5、ith BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHSBS ISO/IEC 27038:2014Information technology Security techniques Specification for digital redactionTechnologies de linformation Techniques de scurit Spcifications pour la rdaction numrique ISO/I

6、EC 2014INTERNATIONAL STANDARDISO/IEC27038First edition2014-03-15Reference numberISO/IEC 27038:2014(E)Copyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for Resale-,-,-BS ISO/IEC 27038:2014ISO/IEC 27038:2014(E)ii ISO/IEC 2014 All rights reservedCOPY

7、RIGHT PROTECTED DOCUMENT ISO/IEC 2014All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written pe

8、rmission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in SwitzerlandCopyright Briti

9、sh Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for Resale-,-,-BS ISO/IEC 27038:2014ISO/IEC 27038:2014(E) ISO/IEC 2014 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope . 12 Terms and definitions . 13 Symbols and abbreviated terms . 24 Gener

10、al principles of digital redaction . 24.1 Introduction 24.2 Anonymization 25 Requirements 25.1 Overview 25.2 Redaction principles 36 Redaction processes . 46.1 Introduction 46.2 Paper intermediaries . 46.3 Digital image intermediaries 46.4 Simple digital redaction 46.5 Complex digital redaction 56.6

11、 Contextual information 57 Keeping records of redaction work. 68 Characteristics of software redaction tools 69 Requirements for redaction testing . 7Annex A (informative) Redacting of PDF documents 9Copyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy N

12、ot for ResaleNo reproduction or networking permitted without license from IHSBS ISO/IEC 27038:2014ISO/IEC 27038:2014(E)ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. N

13、ational bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual inter

14、est. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.International Standards are drafted in accordance with t

15、he rules given in the ISO/IEC Directives, Part 2.The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard require

16、s approval by at least 75 % of the national bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.ISO/IEC 27038 was prepared b

17、y Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques.iv ISO/IEC 2014 All rights reservedCopyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for Resale-,-,-BS ISO/IEC 27038:2014ISO/IEC 27038:20

18、14(E)IntroductionSome documents can contain information that must not be disclosed to some communities. Modified documents can be released to these communities after an appropriate processing of the original document. This processing can include the removal of sections, paragraphs or sentences with,

19、 where appropriate, the mention that they have been removed. This process is called the “redaction” of the document.The digital redaction of documents is a relatively new area of document management practice, raising unique issues and potential risks. Where digital documents are redacted, removed in

20、formation must not be recoverable. Hence, care needs to be taken so that redacted information is permanently removed from the digital document (e.g. it must not be simply hidden within nondisplayable portions of the document).This International Standard specifies methods for digital redaction of dig

21、ital documents.Redaction can also involve the removal of document metadata or the removal of some information (e.g. an image) imported into the document.It can be possible to identify redacted information in a redacted digital document by context. For example, the length of the redaction replacement

22、 text can indicate the length of the redacted information, and thus the information itself. This International Standard introduces two levels of redaction: BASIC redaction where context is not taken into consideration; ENHANCED redaction where context is taken into consideration.Redaction techniques

23、 can be used for the anonymization of the information in a document, for example by the removal of some names within sentences. It can also involve the removal of numbers within sentences and their replacement by “XXX”. ISO/IEC 2014 All rights reserved vCopyright British Standards Institution Provid

24、ed by IHS under license with BSI - Uncontrolled Copy Not for Resale-,-,-BS ISO/IEC 27038:2014Copyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for Resale-,-,-BS ISO/IEC 27038:2014Information technology Security techniques Specification for digital

25、 redaction1 ScopeThis International Standard specifies characteristics of techniques for performing digital redaction on digital documents. This International Standard also specifies requirements for software redaction tools and methods of testing that digital redaction has been securely completed.T

26、his International Standard does not include the redaction of information from databases.2 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.2.1anonymizationprocess by which personally identifiable information (PII) is irreversibly altered in such a way

27、 that a PII principal can no longer be identified directly or indirectly, either by the PII controller alone or in collaboration with any other partySOURCE: ISO/IEC 29100:2011, definition 2.22.2documentrecorded information which can be treated as a unitNote 1 to entry: Documents can contain text, pi

28、ctures, video and audio content, metadata and other associated content.2.3personally identifiable informationPIIany information that (a) can be used to identify the PII principal to whom such information relates, or (b) is or might be directly or indirectly linked to a PII principalNote 1 to entry:

29、To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to identify that natural person.SOURCE: ISO/IEC 29100:2011, definition 2.92.4redactionpermanent removal of i

30、nformation within a document2.5reviewerindividual(s) who assesses a document for redaction requirementsNote 1 to entry: There could be a series of individuals who assess a particular document.INTERNATIONAL STANDARD ISO/IEC 27038:2014(E) ISO/IEC 2014 All rights reserved 1Copyright British Standards I

31、nstitution Provided by IHS under license with BSI - Uncontrolled Copy Not for Resale-,-,-BS ISO/IEC 27038:2014ISO/IEC 27038:2014(E)3 Symbols and abbreviated termsFor the purposes of this document, the following abbreviations apply.PII Personally Identifiable InformationPDF Portable Document FormatOC

32、R Optical Character RecognitionXML Extensible Markup Language4 General principles of digital redaction4.1 IntroductionRedaction is carried out in order to permanently remove particular information from a copy of a document. It should be used when, for example, one or two individual words, a sentence

33、 or paragraph, an image, a name, address and/or signature needs to be removed from a document prior to it being disclosed to individuals who are not authorized to view the removed information.The process of digital redaction is not simply to remove information but also to indicate where necessary th

34、at some information has been removed, so that the reader knows that the document has been redacted. For example, there can be a need to know that some words or some paragraphs have been deleted in order to maintain the semantics of the non-redacted information.4.2 AnonymizationAs an example, one of

35、the purposes of redaction is to remove personally identifiable information (PII) from a document (anonymization). Where such a purpose is applicable, then redaction processes shall be so designed such that the identity of the individual about whose information is being redacted is protected.It can b

36、e, for example, that even though a name has been redacted from a document, the identity of the individual is evident from the remaining information. Where anonymization is required, all information that could be used to identify the individual shall be redacted. This shall include all information th

37、at could be used in conjunction with other information (which can be obtained from other sources) to identify the individual.5 Requirements5.1 OverviewOrganizations should have the capability to identify documents that need to be redacted prior to their release to other parts of the organization or

38、to others (such as the public).Redaction should be performed or overseen by reviewers that are knowledgeable about the documents and can determine what information is to be redacted. If reviewers identifying such information do not carry out redaction themselves, their instructions shall be specific

39、 e.g. Memo dated , paragraph no, line starting and ending etc.Redaction shall be carried out on copies of the digital document. The redaction process shall result in the creation of a new digital document where complete and irreversible removal of the redacted information is achieved. This new digit

40、al document shall be managed and disposed of in the same manner as the original document.2 ISO/IEC 2014 All rights reservedCopyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for Resale-,-,-BS ISO/IEC 27038:2014ISO/IEC 27038:2014(E)When identifying

41、information that needs to be redacted prior to release, whole sentences or paragraphs should not be identified if only one or two words in that sentence or paragraph are to be redacted, unless the release would enable the identification of the redacted information by context.Where necessary, informa

42、tion relating to the effect that a digital document has been redacted shall be linked with the digital document. To identify the fact that a redaction process has been undertaken, redacted information may be replaced by a sentence stating that some information has been redacted.When redaction is per

43、formed on a digital document, any metadata included within the digital document shall be reviewed for redaction requirements and appropriate redactions undertaken.Where redaction is performed on a digital document that contains images, video and/or voice information, redaction techniques that remove

44、 the necessary information shall be used.5.2 Redaction principlesThe redaction of digital documents shall be carried out in accordance with the following principles: Retention of digital original documentThe original or master version of a digital document shall not be redacted redaction shall be ca

45、rried out on a copy of the digital document. Original digital documents (e.g. the un-redacted document) shall be retained and be accessible only to those authorized. Complete removal of redacted informationRedaction shall irreversibly remove the required information from the redacted version of the

46、document. The information shall be completely removed from the digital document, not simply from the displayable content. Security evaluated redactionRedaction shall always be carried out using methods approved by the organization. Controlled environmentElectronic redaction shall be carried out in a

47、n environment that provides access only to those trained and authorized to carry out redaction. Intermediary stagesAll the redacted documents in intermediary stages of the redaction process should be deleted. Only the original digital document and the appropriately redacted version should be retaine

48、d. Where a particular digital document is to be redacted in different ways (for example for different audiences), then it may be appropriate to temporarily retain intermediate stages until all redaction processes have been completed.If there are many digital documents that can have many redactions f

49、or different reasons, and if over time some of the reasons for redaction expire, it may be necessary to create and retain over time an intermediary copy that indicates the text or objects that should be redacted and the reasons for the redaction. The information is actually redacted when the redacted copy is produced. This provi

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1