1 / 6

Security SIG in MTS 27 th January 2016 Progress Report

This progress report outlines case studies and methodologies related to security testing in various domains, providing guidance and terminology for the MTS and related committees.

juanitab
Download Presentation

Security SIG in MTS 27 th January 2016 Progress Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security SIG in MTS27th January 2016Progress Report Fraunhofer FOKUS

  2. MTS SECURITY SIG Work Items Case Studies:To assemble case study experiencesrelated to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication • Terminology: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testingin order to have a common understanding in MTS and related committees. Published Security Assurance Life Cycle: Guidance to the application system designers in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the system's security measures. Risk-based Security Testing: Describes a set of methodologies that combine risk assessment and testing. The methodologies are based on standards like ISO 31000 and IEEE 829/29119 Published Draft Published TC MTS – Security SIG – Update 2016-01-27

  3. EG 203 250: Security Assurance Lifecycle • Document Reference • DEG 203 250 • Document Title • Methods for Testing and Specification (MTS); • Security Assurance Activities in the System Lifecycle • Document Purpose The present document gives guidance to the product and/or system development and deployment communities as to activities required to achieve appropriate security assurance. It provides an high level guidance as to how security assurance fits into a system lifecycle in such a way as to maximise the overall product and/or system’s security. • Document Status Draft v0.0.14 (2015-12) TC MTS – Security SIG – Update 2016-01-27

  4. EG 203 250: Security Assurance Lifecycle-- Progress • Document Progress • Design section of Life Cycle drafted • TVRA parts reduced • Aligned with TR 101583 • Restructuring of document after review • Introduced “Demonstration of Fulfillment” for each Sections 6-9 • Alignment of diagrams • Processing of comments from Jürgen/Milan • Next steps/open issues • Amplifying guidance in Security Activities section for each of the workstreams • Introducing the SFDs for each of the workstreams • Final shouldification and simplification of language • TB approval planned for May 2016 TC MTS – Security SIG – Update 2016-01-27

  5. Group status/members • Ari has left Codenmicon and has canceled his activities in ETSI MTS Security SIG (he might come back in future) • Current active Security SIG members: Jürgen and Ian • Either stop/suspend Security SIG (after publication of EG 203250) or find a way to attract people to join TC MTS – Security SIG – Update 2016-01-27

  6. Outlook Future topics/issues/cooperation: Automated security testing: See proposal Study Period Report – Automation of Security Testing (Doc#21) • Document timeline: • TR 101 582 (Case Studies) has been approved in May 2014 • TR 101 583 Terminology has been approved in January 2015 • DEG 203 251 (Security Risk Assessment and Testing) has been approved in October 2015 • DEG 203 250 (Security Assurance Lifecycle) to be approved in May 2016 TC MTS – Security SIG – Update 2016-01-27

More Related