ImageVerifierCode 换一换
格式:PDF , 页数:75 ,大小:367.37KB ,
资源ID:734969      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-734969.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI SR 002 298-2003 Response from CEN and ETSI to the Communication from the Commission to the Council the European Parliament the European Economic and Social Committee and the _1.pdf)为本站会员(jobexamine331)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI SR 002 298-2003 Response from CEN and ETSI to the Communication from the Commission to the Council the European Parliament the European Economic and Social Committee and the _1.pdf

1、 ETSI SR 002 298 V1.1.1 (2003-12)Special Report Response from CEN and ETSI to the“Communication from the Commission to the Council,the European Parliament, the European Economic andSocial Committee and the Committee of the Regions:Network and Information Security:Proposal for a European Policy Appro

2、ach“ETSI ETSI SR 002 298 V1.1.1 (2003-12) 2 Reference DSR/BOARD-00004 Keywords security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture d

3、e Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions,

4、 the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revisi

5、on or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized

6、 by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON

7、 logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI SR 002 298 V1.1.1 (2003-12) 3 Contents Intellectual Property Rights7 Foreword.7 1 Scope

8、 8 2 References 8 3 Definitions and abbreviations.9 3.1 Definitions9 3.2 Abbreviations .9 4 Introduction 10 5 Network and information security11 5.1 Definition used in the present document 11 5.2 Other “real world“ issues not covered 12 5.2.1 Legal issues.12 5.2.2 Vetting of personnel12 5.2.3 Inform

9、ation security professional qualifications.12 5.2.4 Longevity of archiving12 6 Electronic business and other contexts.13 7 The structure of the present document .13 8 CEN and ETSI response to proposed actions.14 8.1 Awareness raising.14 8.2 Technology support14 8.3 Support for market oriented standa

10、rdization and certification .14 8.3.1 Interoperability .14 8.3.2 EU initiatives 15 8.3.3 Certification and accreditation15 8.3.4 Participation in standardization activities .15 8.3.5 Stimulation of standardization activities.16 8.3.6 Proposed European Network and Information Security Agency16 8.4 In

11、ternational co-operation 16 9 User requirements 16 9.1 Home users.16 9.1.1 Home working 16 9.1.2 Personal business 17 9.1.3 Microprocessor control of domestic equipment17 9.1.4 General security requirements 17 9.2 Small and medium enterprises18 9.2.1 The SME as a user of e-business services.18 9.2.2

12、 The SME as a supplier of e-business services 18 9.2.3 General security requirements 18 9.3 Large organizations and industries.19 9.3.1 General security requirements 19 9.4 Recommendations 19 10 General threats to network and information security .20 11 Registration and authentication services 21 11

13、.1 Security measures.22 11.1.1 Effective user registration.22 11.1.2 Effective user identification and authentication22 11.1.3 Effective access control 22 11.1.4 Effective user management.22 11.2 Passwords.22 11.3 Biometrics 23 ETSI ETSI SR 002 298 V1.1.1 (2003-12) 4 11.4 Digital certificates 23 11.

14、5 Smart cards.23 11.6 Recommendations 24 11.6.1 Registration.24 11.6.2 Authentication.24 11.6.3 Interoperability and framework considerations 24 11.6.4 Biometrics.24 11.6.5 Other mechanisms 25 12 Confidentiality and privacy services 25 12.1 Security measures.25 12.2 Encryption of stored information

15、.26 12.3 Electronic mail encryption .26 12.4 Network encryption26 12.5 Cryptographic algorithms.27 12.6 Object re-use policy27 12.7 Recommendations 28 12.7.1 Encryption of stored information28 12.7.2 Network and electronic mail encryption.28 12.7.3 Object re-use policy28 13 Trust services28 13.1 Sec

16、urity measures.28 13.1.1 Key management 29 13.1.2 Non-repudiation29 13.1.3 Evidence of receipt .29 13.1.4 Trusted commitment service.30 13.1.5 Integrity 30 13.2 Electronic signatures 30 13.3 Hash functions31 13.4 Time-stamping .31 13.5 Non-repudiation .31 13.6 Public Key Infrastructures (PKI)31 13.7

17、 Harmonization of trust services32 13.8 Recommendations 32 14 Business services32 14.1 Security measures.33 14.1.1 Service availability .33 14.1.2 Information availability 33 14.1.3 Effective accounting and audit33 14.2 Failure impact analysis.34 14.3 Capacity planning.34 14.4 Business continuity pl

18、anning34 14.5 Configuration management 34 14.6 Checksums and cyclic redundancy checks.34 14.7 Recommendations 34 15 Network defence services.35 15.1 Security measures.35 15.1.1 Preventative measures.35 15.1.2 Detection measures.35 15.2 Recommendations 35 16 Assurance services .36 16.1 Security measu

19、res.36 16.2 Risk assessment36 16.3 Evaluation.37 16.4 Certification37 16.5 Information security management standards37 16.6 Accreditation bodies.38 16.7 Recommendations 38 Annex A: Standards for registration and authentication services.39 ETSI ETSI SR 002 298 V1.1.1 (2003-12) 5 A.1 General authentic

20、ation standards39 A.1.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 39 A.1.2 European Telecommunications and Standards Institute (ETSI).39 A.1.3 US National Institute of Standards and Technology 41 A.1.4 Internet Engineering Task Force (IETF) 41 A.1.5 Ins

21、titute of Electrical Engineers .42 A.2 Passwords.42 A.2.1 Internet Engineering Task Force (IETF) 42 A.2.2 US National Institute of Standards and Technology 42 A.2.3 US National Computer Centre42 A.3 Biometrics 42 A.3.1 International Organization for Standardization and Electrotechnical Commission (I

22、SO/IEC) 42 A.3.2 ANSI/NIST.43 A.3.3 Other Organizations/Activities.43 A.4 Digital certificates 43 A.4.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 43 A.4.2 European Standards Committee (CEN)44 A.4.3 European Telecommunications and Standards Institute (ET

23、SI).44 A.4.4 Internet Engineering Task Force (IETF) 44 A.4.5 ANSI 44 A.4.6 US National Institute of Standards and Technology 44 A.4.7 RSA Public Key Cryptography Standards44 A.5 Smart Cards45 A.5.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 45 A.5.2 Euro

24、pean Standards Committee - Information Society Standardization System (CEN/ISSS).45 A.5.3 European Telecommunications and Standards Institute (ETSI).48 A.5.4 Personal Computer Smart Card Workgroup.51 A.5.5 Smart Card alliance 51 A.5.6 e-Europe Smart Card (eESC) Initiative 51 A.5.6 US National Instit

25、ute of Standards and Technology.54 A.5.7 RSA Public key Cryptography Standards.54 A.5.8 Internet Engineering Task Force.54 Annex B: Standards for Confidentiality and privacy services.55 B.1 Encryption 55 B.1.1 Organization for Economic Co-operation and Development (OECD).55 B.1.2 International Organ

26、ization for Standardization and Electrotechnical Commission (ISO/IEC) 55 B.1.3 European Telecommunications Standards Institute (ETSI)56 B.1.4 Internet Engineering Task Force (IETF) 58 B.1.5 American National Standards Institute.58 B.1.6 US National Institute of Standards and Technology.58 B.1.7 RSA

27、Public Key Cryptography Standards59 B.2 Public Key Infrastructure .59 Annex C: Standards for Trust Services .60 C.1 Electronic signatures 60 C.1.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 60 C.1.2 European Standards Committee- Information Society Stand

28、ardization System (CEN/ISSS)60 C.1.3 European Telecommunications Standards Institute (ETSI)61 C.1.4 International Telegraph and Telephone Consultative Committee (CCITT) of the International Telecommunications Union (ITU) .61 C.1.5 Internet Engineering Task Force (IETF) 62 C.1.6 RSA - Public Key Cryp

29、tography Standards .62 C.1.7 American National Standards Institute.62 C.1.8 US National Institute of Standards and Technology 62 C.2 Public Key Infrastructure .62 C.2.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 62 ETSI ETSI SR 002 298 V1.1.1 (2003-12) 6

30、 C.2.2 European Telecommunications Standards Institute (ETSI)62 C.2.3 US National Institute of Standards and Technology 62 C.2.4 Internet Engineering Task Force (IETF) 62 C.3 Hash functions63 C.3.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 63 C.3.2 Inte

31、rnet Engineering Task Force (IETF) 63 C.3.3 American National Standards Institute.63 C.3.4 US National Institute of Standards and Technology 64 C.4 Time-stamping .64 C.4.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 64 C.4.2 European Standards Committee-

32、Information Society Standardization System (CEN/ISSS)64 C.4.3 European Telecommunications Standards Institute (ETSI)64 C.5 Non-repudiation .64 C.5.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 64 C.6 Key management65 C.6.1 International Organization for S

33、tandardization and Electrotechnical Commission (ISO/IEC) 65 Annex D: Standards for Business Services 66 Annex E: Standards for Network Defence Services67 E.1 Anti-virus .67 E.1.1 US National Institute of Standards and Technology 67 E.2 Firewalls.67 E.2.1 International Organization for Standardizatio

34、n and Electrotechnical Commission (ISO/IEC) 67 E.2.2 Internet Engineering Task Force 67 E.2.3 US National Institute of Standards and Technology 67 E.3 Intrusion detection68 E.3.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 68 E.3.2 US National Institute o

35、f Standards and Technology 68 E.4 General Network Security68 E.4.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 68 Annex F: Standards for Assurance services69 F.1 Information security management and risk assessment .69 F.2 Accreditation and certification .

36、70 F.2.1 European Committee for Standardization (CEN) and International Organization for Standardization and Electrotechnical Commission (ISO/IEC) .70 F.3 Evaluation.72 F.3.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) and European Committee for Standardi

37、zation (CEN).72 F.3.2 US National Institute of Standards and Technology 73 F.3.3 US National Computer Security Centre .73 F.3.4 US National Computer Security Centre .73 Annex G: Standards for Microprocessor Control of Domestic Equipment74 G.1 International Organization for Standardization and Electr

38、otechnical Commission (ISO/IEC)74 G.2 Other work74 History 75 ETSI ETSI SR 002 298 V1.1.1 (2003-12) 7 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly a

39、vailable for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web s

40、erver (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may

41、 be, or may become, essential to the present document. Foreword This Special Report (SR) has been produced by a joint CEN-ETSI Network and Information Security standardization group in response to the European Commissions call for “a comprehensive strategy on security of electronic networks includin

42、g practical implementing action“. CEN and ETSI share the aims set forward in the Communication from the Commission. It is agreed that there are comprehensive standards available for secure electronic networks. However, the report notes that there are few security frameworks to guarantee multi-vendor

43、 systems will operate securely together. Also it is noted that there is a lack of appropriate certification in some areas. The result is fragmentation and uneven implementation in real networks and insecurities remain despite some parts being very secure. In support of the Commissions aims, certain

44、key issues are central to the reports recommendations: Interoperability: There are many security standards available. This often leads to problems of interoperability - with potentially annoying consequences for the consumer and perhaps business consequences for the provider of electronic services.

45、A number of mechanisms exist to improve this situation including the use of standards frameworks which can help to identify and incorporate interoperable standards in such a way that users become unaware of interoperability issues. Also interoperability testing can help to ensure equipment conformin

46、g to standards and frameworks does really interoperate. The reports recommendations encourage interoperability testing and the incorporation of “overlapping“ standards within suitable frameworks which unify as far as possible the different technical means of doing certain tasks. Upgradeability: Secu

47、rity is not a static problem: the implementation of a standard in a product may need to be updated as weaknesses are discovered; and new standards will be needed whenever existing ones become ineffective in countering threats to security. Several of the reports recommendations are aimed at ensuring

48、this need is recognized and dealt with in a manner that is as simple as possible for the end user, through the use of frameworks that can handle updates in a transparent manner. Home users and Small and Medium Enterprises: In the near future it is very clear that many home users and many Small and M

49、edium Enterprises will be making new, permanent connections to the Internet for the purposes of e-commerce, information and entertainment. These users will naturally have neither the expertise nor the inclination to apply obscure security measures to consistently prevent security breaches. The report makes recommendations to deal with this issue before it becomes a major problem. It is hoped that the awareness of these issues generated within the European Standards Organizations will encourage the development of high quality security standards and frameworks in close

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1