1 / 10

Security SIG in MTS 05 th November 2013 Meeting Report

This report discusses the progress and updates on security testing terminology and concepts, case study experiences, a life cycle guide, and risk-based security testing methodologies. It also includes the schedule and action points for future meetings.

sullins
Download Presentation

Security SIG in MTS 05 th November 2013 Meeting Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security SIG in MTS05th November 2013Meeting Report Fraunhofer FOKUS

  2. Agenda SIG#9 • Meeting: November 5th, 11:00 – 14:00 • Participants: Jürgen Großmann (JGR), Ari Takanen (ATA), Emmanuelle Chaulot-Talmon (EMM), Ian Bryant (IBR), Jorge Cuellar (JCU), Milan Zoric (MZO), Jan de Meer (JDM) • Review/discussion APs and WI status • ISO Liaison • Security Testing Terminology and Concepts • Case Study Experiences • Life Cycle Guide • Risk-based Security Testing Methodologies • Schedule

  3. Schedule & APs • Next versionofDTS/MTS-101583 SecTest_Terms to be delivered for January MTS • AP (JGR, IBR, JCU): WI authors should provide major terms from their documents (until mid of October) • Next version of DTS/MTS-101582 SecTest_Cases to be provided for RC in October • AP (JGR): Minor editorial issues -> check with EMM • AP (JGR,JCU) provide list of terms from the case studies (until mid of October) • AP (JGR,EMM) after 1 is finished • Work plan and initial version of • WI: Verification and Validation Life Cycle part (Sections 1-5 and Annexes A, B from original document), • AP (IBR): Work plan and terms • WI: Security Testing Methodologies (Section 6 with methodologies for risk based security testing based on standards like ISO 31000 and IEEE 829/29119), Resp: JGR • AP (JGR): Work plan and terms • Next MTS Security SIG November 5th

  4. ETSI/ISO Liaison • ETSI ISI&MTS liaisons has been confirmed by the SC27 plenary meeting inlast week. • Participation at 9th ETSI Security Workshop with a session “ISO-ETSI Collaboration” (probably a short one, around 10 minutes given the number of participants to that session) • Juergen will be the speaker for MTS security, within the ETSI/ISO SC27 collaboration session. • ETSI/ISO SC27 coordination meeting, 18:00-19:30 at ETSI premises, in which Juergen is therefore definitely invited to participate (12-15 people at that meeting) • Action points: • AP (EMM): Clarify responsibilities within ETSI • AP (JGR): Set EMM and JDM in CC for all correspondence with respect to ETSI/ISO liaison Security SIG in MTS, 4-5 October 2011

  5. Security Testing Terminology • DTS/MTS-101583 SecTest_Terms in v0.4 • Document will be a TR not a TS • ATA have received input (terms) from the other Wis • Decision: Terms should be used as described in SecTestTerms. The other WIs should prevent using conflicting definitions. Meaningfull paraphrases should be used instead. • Action points: • AP (ATA): Use TR-Template for the document • AP (ATA): Provide updated document within this week (week 45) • AP (JGR): Deliver section on Risk-based Security Testing (2 weeks) • AP (JGR) : Deliver additional input for MBST for introduction (2 weeks) • AP (ATA): Identify conflicting terms (December 19th) • AP (ATA): Check terms with ISO and ETSI definitions (December 19th) • AP (ALL): Discuss the terms, conflicts and the sources of terms next meeting (Dec 19th)

  6. Cases Study Experiences • DTS/MTS-101582 SecTest_casesin v0.3 • Stable draft with 6 cases studies • Document in currently edited by ETSI to resolve minor issues editorial issues • Terms for SecTestTermshve been identified and sent to ATA • Main remaining issues • AP (JGR, JCU) provide final draft of the doument • AP (JGR,EMM) inititate RC when document is ready Security SIG in MTS, 4-5 October 2011

  7. Security Assurance Lifecycle • Document status (Resp: IBR) • Draft document available at • Work plan will be provided after IBR got feedback from JGR and ATA • Open Issues • AP (JGR, ATA) provide feedback to the draft document until end of November • AP (IBR) establish work plan and initial contribution until next Security SIG meeting (Dec 19th) Security SIG in MTS, 4-5 October 2011

  8. Risk-based Security Testing Methodologies I • Document status (Resp: JGR) • WI: Risk-based Security Testing Methodologies (Section 6 with methodologies for risk based security testing based on standards like ISO 31000 and IEEE 829/29119), • Draft work plan for WI • Draft document with input from RASEN/DIAMONDS • Resolution • AP (JGR): provide early draft of RBST document until November 15th. • AP (JCU) provide feedback to the draft document until end of November • AP (JGR) establish work plan and initial contribution until next Security SIG meeting (Dec 19th) Security SIG in MTS, 4-5 October 2011

  9. Risk-based Security Testing Methodologies II Security SIG in MTS, 4-5 October 2011

  10. Summary and Action Points • Next Meeting: December 19th, 14:00 – 16:00 • AP Summary • AP (EMM): Clarify responsibilities for ISO/ETSI liaison within ETSI • AP (JGR): Set EMM and JDM in CC for all correspondence with respect to ETSI/ISO liaison • AP (ATA): Use TR-Template for the SecTestTerm document • AP (ATA): Provide updated SecTestTerm document within this week (week 45) • AP (JGR): Deliver section on Risk-based Security Testing (2 weeks) • AP (JGR) : Deliver additional input for MBST for introduction of SecTestTerm document (2 weeks) • AP (ATA): Identify conflicting terms in SecTestTerm(December 19th) • AP (ATA): Check terms with ISO and ETSI definitions (December 19th) • AP (ALL): Discuss the terms, conflicts and the sources of terms next meeting (Dec 19th) • AP (JGR, JCU): provide final draft of the SecTestCasesdoument • AP (JGR,EMM): inititate RC when SecTestCases document is ready • AP (JGR, ATA): provide feedback to the draft SecAssusrance document until end of November • AP (IBR): establish work plan and initial contribution for SecAssusranc doc until next Security SIG meeting (Dec 19th) • AP (JGR): provide early draft of RBST document until November 15th. • AP (JCU): provide feedback to the draft RBST document until end of November • AP (JGR): establish work plan for RBST document until next Security SIG meeting (Dec 19th) Security SIG in MTS, 4-5 October 2011

More Related