CSA Standards

Information technology - Security techniques - A framework for IT security assurance - Part 2: Assurance methods
 N CAN/CSA-ISO/IEC TR 15443-2:06

Annotation

Purpose

This part of ISO/IEC TR 15443 provides a collection of assurance methods including those not unique to ICT security as long as they contribute to overall ICT security. It gives an overview as to their aim and describes their features, reference and standardization aspects.

In principle, the resultant ICT security assurance is the assurance of the product, system or service in operation. The resultant assurance is therefore the sum of the assurance increments obtained by each of the assurance methods applied to the product, system or service during its life cycle stages. The large number of available assurance methods makes guidance necessary as to which method to apply to a given ICT field to gain recognized assurance.

Each item of the collection presented in this part of ISO/IEC TR 15443 is classified in an overview fashion using the basic assurance concepts and terms developed in ISO/IEC TR 15443-1.

Using this categorization, this part of ISO/IEC TR 15443 guides the ICT professional in the selection, and possible combination, of the assurance method(s) suitable for a given ICT security product, system, or service and its specific environment.

Field of Application

This part of ISO/IEC TR 15443 gives guidance in a summary and overview fashion. It is suitable to obtain from the presented collection a reduced set of applicable methods to choose from, by way of exclusion of inappropriate methods.

The summaries are informative to provide the basics to facilitate the understanding of the analysis without requiring the source standards.