1、 INCITS/ISO/IEC TR 13335-4-2000 (R2007) (ISO/IEC TR 13335-4:2000, IDT) Information Technology - Guidelines for the Management of IT Security - Part 4: Selection of Safeguards (TECHNICAL REPORT) INCITS/ISO/IEC TR 13335-4-2000 (R2007) PDF disclaimer This PDF file may contain embedded typefaces. In acc
2、ordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes
3、licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for pri
4、nting. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Registered by INCITS (InterNational Committee for Information Technology
5、Standards) as an American National Standard. Date of Registration: 12/31/2006 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2006 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyrig
6、ht claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an ele
7、ctronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1101 K Street NW, Suite 610, Washington DC 20005. Printed in the United States of America ii ITIC 2006 All rights reserved Reference numberISO/IEC TR 13335-4:20
8、00(E)ISO/IEC 2000TECHNICALREPORTISO/IECTR13335-4First edition2000-03-01Information technology Guidelines forthe management of IT Security Part 4:Selection of safeguardsTechnologies de linformation Lignes directrices pour la gestion descurit IT Partie 4: Slection de sauvegardesISO/IEC TR 13335-4:2000
9、(E)PDF disclaimerThis PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall notbe edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading thisfile,
10、parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in thisarea.Adobe is a trademark of Adobe Systems Incorporated.Details of the software products used to create this PDF file can be found in the General Info relative
11、 to the file; the PDF-creation parameterswere optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely eventthat a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 200
12、0All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronicor mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member bodyin the country
13、 of the requester.ISO copyright officeCase postale 56 Gb7 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 734 10 79E-mail copyrightiso.chWeb www.iso.chPrinted in Switzerlandii ISO/IEC 2000 All rights reservedISO/IEC TR 13335-4:2000(E) ISO/IEC 2000 All rights reservediiiTable of ContentsFOREWORDvi
14、INTRODUCTION.vii1 SCOPE.12 REFERENCES.13 DEFINITIONS14 AIM15 OVERVIEW26 INTRODUCTION TO SAFEGUARD SELECTION AND THE CONCEPT OF BASELINESECURITY47 BASIC ASSESSMENTS 87.1 IDENTIFICATION OF THE TYPE OF IT SYSTEM .87.2 IDENTIFICATION OF PHYSICAL/ENVIRONMENTALCONDITIONS 87.3 ASSESSMENT OF EXISTING/PLANNE
15、D SAFEGUARDS .98 SAFEGUARDS.98.1 ORGANIZATIONAL AND PHYSICALSAFEGUARDS108.1.1 IT Security Management and Policies.108.1.2 Security Compliance Checking .108.1.3 Incident Handling118.1.4 Personnel. 118.1.5 Operational Issues.128.1.6 Business Continuity Planning .138.1.7 Physical Security.138.2 IT SYST
16、EM SPECIFIC SAFEGUARDS.188.2.1 Identification and Authentication (I ISO is currently developing several otherdocuments on network security.5OverviewClause 6 provides an introduction to safeguard selection and to the concept of baseline security.Clauses 7 to 10 deal with the establishment of baseline
17、 security for an IT system. In order to select theappropriate safeguards, it is necessary to make some basic assessments, no matter whether moredetailed risk analyses will follow later. These assessments are described in clause 7 which includes theconsideration of:Gb7 what type of IT system is invol
18、ved (e.g. a standalone PC, or connected to a network),Gb7 what are the IT systems location(s) and surrounding environmental conditions like,Gb7 what safeguards are already in place and/or planned, andGb7 whether the assessments made provide enough information to select baseline safeguards for the IT
19、system?Clause 8 provides an overview of safeguards to be selected, divided into organizational and physicalsafeguards (which are selected according to security relevant needs, concerns and constraints) and ITsystem specific safeguards, both grouped into safeguard categories. For each safeguard categ
20、ory, themost typical types of safeguards are described, including a brief explanation about the protection theyare aimed at providing. Specific safeguards within these categories, and their detailed description, canbe found in baseline security documents which are referenced in annexes A to H of thi
21、s document. Inorder to facilitate the use of these documents, a cross-reference between the safeguard categories ofthis document and the chapters of the various documents in the annexes is provided in a table for eachsafeguard category.If it is decided that the type of assessment described in clause
22、 7 is detailed enough for the selection ofsafeguards, clause 9 provides a list of applicable safeguards for each of the typical IT systemsdescribed in 7.1. If safeguards are selected based on the type of IT system, separate baselines might benecessary for standalone workstations, networked workstati
23、ons or servers. To achieve the requiredlevel of security, all that is necessary to select the safeguards applicable under the specificcircumstances, is to compare these with the safeguards already existing (or planned), and to implementthose which are not already implemented.If it is decided that a
24、more in-depth assessment is necessary for the selection of effective and suitablesafeguards, clause 10 provides support for that selection taking into account the high level view ofsecurity concerns (according to the importance of the information) and likely threats. Hence, in thissection, the safeg
25、uards are suggested according to the security concerns identified, taking into accountthe relevant threats, and finally the type of IT system is considered. The Figure 1 gives an overview ofthe ways to select safeguards described in clauses 7, 9, and 10.ISO/IEC TR 13335-4:2000(E) ISO/IEC 2000 All ri
26、ghts reserved3Figure 1 Selection of Safeguards According to the Type of IT Systemor According to Security Concerns and ThreatsClauses 9 and 10 both describe a way to select safeguards from baseline security safeguard documents,which can be applied either for an IT system, or to form a set of safegua
27、rds applicable to a range of ITsystems in defined circumstances. By focusing on the type of IT system considered, the approachproposed in clause 9 yields the possibility that some risks are not adequately managed, and that somesafeguards are selected which are not necessary or not appropriate. The a
28、pproach suggested inclause 10 to focus on security concerns and associated threats is likely to produce a more optimised setof safeguards. Clauses 9 and 10 can be used to support safeguard selection without more detailedassessments in all instances that fall within the scope of baseline protection.
29、However, if a moredetailed assessment, i.e. detailed risk analysis, is used, clauses 9 and 10 can still support the safeguardselection.Clause 11 deals with the situation where it is decided that detailed risk analysis is necessary because ofhigh security concerns and needs. Guidance on risk analysis
30、 is provided in ISO/IEC TR 13335-3.Clause 11 describes the relationships between parts 3 and 4 of ISO/IEC TR 13335 and how the resultsBasic Assessments(Clause 7)Identification of the Type ofIT System (Clause 7.1)Identification of Physical/EnvironmentalConditions (Clause 7.2)Assessment of Existing/Pl
31、anned Safeguards(Clause 7.3)Simple or MoreAdvanced BaselineApproach?MoreAdvancedApproachSimpleApproachIT System Specific Safeguards(Clause 9.2)Baseline Approach: Selection of SafeguardsAccording to the Type of IT System(Clause 9)Generally Applicable Safeguards(Clause 9.1)Safeguards for Confidentiali
32、ty(Clause 10.2)Selection of SafeguardsAccording to Security Concerns and Threats(Clause 10)Assessment of Security Concerns(Clause 10.1)Safeguards for Integrity(Clause 10.3)Safeguards for Availability(Clause 10.4)Safeguards for Accountability, Authenticityand Reliability (Clause 10.5)ISO/IEC TR 13335
33、-4:2000(E)4 ISO/IEC 2000 All rights reservedof the techniques described in part 3 can be used to support safeguard selection. It also describes otherfactors which might influence the safeguard selection, like any constraints that have to be considered,any legal or other requirements which have to be
34、 fulfilled, etc. The approach considered in clause 11 isdifferent from the approaches described in clauses 9 and 10 in that it gives guidance for selecting a setof safeguards that is optimised to a particular situation. This approach is not a baseline approach, butmight nevertheless be used to selec
35、t safeguards to complement (i.e. add to) baseline safeguards insome circumstances. Alternatively, this approach might be used without any relation to baselineprotection.Clause 12 deals with the establishment of a baseline security manual (or catalogue) for the wholeorganization or for parts of the o
36、rganization. For the establishment of a baseline security manual (orcatalogue), the safeguards previously identified for IT systems or groups of IT systems are consideredand a common set of safeguards is identified. Depending on security needs, concerns, and constraints,different levels of baseline
37、security can be chosen. The advantages and disadvantages are discussed inorder to facilitate a suitable decision for each organization.Finally, this part of ISO/IEC TR 13335 is summarized in clause 13 and a bibliography and annexes Ato H give an overview of the safeguard manuals referenced in clause
38、 8.6 Introduction to Safeguard Selection and the Concept of BaselineSecurityThe following clause gives a brief overview of the topic of safeguard selection, and how and when theconcept of baseline security can be used in that process. There are two main approaches to safeguardselection, i.e. using a
39、 baseline approach and carrying out detailed risk analyses. There are severaldifferent ways of conducting detailed risk analyses, one of which is described in detail inISO/IEC TR 13335-3 and is called detailed risk analysis. Part 3 also discusses the advantages anddisadvantages of the different appr
40、oaches to risk analysis, and thus safeguard selection.Conducting a detailed risk analysis has the advantage that a comprehensive view of the risks isachieved. This can be used to select safeguards which are justified by the risks, and thus should beimplemented. This avoids the provision of too much
41、or too little protection. As this can require aconsiderable amount of time, effort and expertise, it may be most suitable for IT systems at high risk,whereas a simpler approach can be considered to be sufficient for lower risk systems. Using a highlevel risk analysis can identify the lower risk syst
42、ems. This high level risk analysis does not need to bea formalized or complex process. Safeguards for low risk systems can be selected by applying baselinesecurity. Baseline security is at least the minimum level of security defined by an organization for eachtype of IT system. This level of baselin
43、e security is achieved by implementing a minimum set ofsafeguards known as baseline safeguards.Because of differences in the safeguard selection process, two different ways of applying the baselineapproach are considered in this document:Gb7 using a baseline approach where safeguards are recommended
44、 according to the type andcharacteristics of the IT system considered, andGb7 using a baseline approach where safeguards are recommended according to security concerns andthreats, as well as taking into account the IT system considered.In order to have an overview of the different parallel ways of s
45、afeguard selection this documentprovides, it helps to view Figure 1 as part of a bigger picture (shown in Figure 2) which also gives anidea of the relation between parts 3 and 4 of ISO IEC TR 13335.ISO/IEC TR 13335-4:2000(E) ISO/IEC 2000 All rights reserved5Figure 2 Ways of Safeguard SelectionThe ba
46、seline approach to be used should be chosen depending on the resources which can be spent onthe selection process, the perceived security concerns, and the type and characteristics of the IT systemconsidered. If an organization does not wish to spend a lot of time and effort on the selection ofsafeg
47、uards (for whatever reason), a baseline approach suggesting safeguards without furtherassessments may be suitable. However, if the organizations business operations are moderatelydependent on the IT system or service, and/or the information handled is sensitive, it is very likely thatadditional safe
48、guards will be required. In this case, it is highly recommended that at least a high levelview is taken of the importance of the information and likely threats to gain a better focus of thesafeguards needed to protect the IT system most effectively. If the organizations business operationsare heavil
49、y dependent on the IT system or service, and/or the information handled is very sensitive, therisks may be high, and a detailed risk analysis is the best way to identify appropriate safeguards.Specific safeguards should be identified based on detailed risk analysis whereGb7 the type of IT system considered is not represented appropriately by the types considered in thisreport,Gb7 it is felt that the business or the security needs are not commensurate with the solutions
