Cybersecurity

This document specifies entity authentication mechanisms using digital signatures based on asymmetric techniques. A digital signature is used to verify the identity of an entity.
Ten mechanisms are specified in this document. The first five mechanisms do not involve an on-line trusted third party and the last five make use of on-line trusted third parties. In both of these two categories, two mechanisms achieve unilateral authentication and the remaining three achieve mutual authentication.

Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:9798:-3:ed-3:v1:en
 

This International Standard provides guidance for improving the state of Cybersecurity.
It provides:

— an overview of Cybersecurity,

— an explanation of the relationship between Cybersecurity and other types of security (information, network, and internet security)

— a definition of stakeholders and a description of their roles in Cybersecurity.

— guidance for addressing common Cybersecurity issues.

— a framework to enable stakeholders to collaborate on resolving Cybersecurity issues.

Source: https://www.iso.org/standard/44375.html

This International Standard is aimed at organizations that provide services to communities in cities, and manage the resulting data, as well as decision-makers and policy developers in cities
This International Standard describes, and gives guidance on, a smart city concept model (SCCM) that can provide the basis of interoperability between component systems of a smart city, by aligning the ontologies in use across different sectors. It includes:

• concepts (e.g. ORGANIZATION, PLACE, COMMUNITY, ITEM, METRIC, SERVICE, RESOURCE).

• relationships between concepts (e.g. ORGANIZATION has RESOURCEs, EVENT at a PLACE).

Source: https://www.iso.org/standard/53302.html

The purpose of the OASIS WS-SX TC is to define extensions to OASIS Web Services Security to enable trusted SOAP message exchanges involving multiple message exchanges and to define security policies that govern the formats and tokens of such messages. This work will be carried out through continued refinement of the Web Services SecureConversation, SecurityPolicy and Trust specifications submitted to the TC as referenced in the charter.

This standard defines requirements for a systems/software engineering process for privacy-oriented considerations regarding products, services, and systems utilizing employee, customer or other external user's personal data. It extends across the life cycle from policy through development, quality assurance, and value realization. It includes a use case and data model (including metadata). It applies to organizations and projects that are developing and deploying products, systems, processes, and applications that involve personal information. By providing specific procedures, diagrams, and checklists, users of this standard will be able to perform a conformity assessment on their specific privacy practices. Privacy impact assessments (PIAs) are described as a tool for both identifying where privacy controls and measures are needed and for confirming they are in place.
You can look here for a preview of the Standard Document

Development Status: Under development

The standard defines specific methodologies to help users certify how they approach accessing, collecting, storing, utilizing, sharing, and destroying child and student data. The standard provides specific metrics and conformance criteria regarding these types of uses from trusted global partners and how vendors and educational institutions can meet them.
You can look here for a preview of the Standard Document

Development Status: Under development
 

This document provides guidelines for information security risk management in an organization. However, this document does not provide any specific method for information security risk management. It is up to the organization to define their approach to risk management, depending for example on the scope of an information security management system (ISMS), context of risk management, or industry sector. A number of existing methodologies can be used under the framework described in this document to implement the requirements of an ISMS. This document is based on the asset, threat and vulnerability risk identification method that is no longer required by ISO/IEC 27001. There are some other approaches that can be used.

This document does not contain direct guidance on the implementation of the ISMS requirements given in ISO/IEC 27001.

This document is relevant to managers and staff concerned with information security risk management within an organization and, where appropriate, external parties supporting such activities.

The Focus Group on Cybersecurity (CSCG) will support CEN and CENELEC to explore ways and means for supporting the growth of the Digital Single market. To this end, the CSCG will analyse technology developments and develop a set of recommendations to its parent bodies for international standards setting ensuring a proper level playing field for businesses and public authorities.

The Group will preparing a European roadmap on cybersecurity standardization and will actively support global initiatives on cybersecurity standards that are compliant with EU requirements in view of development of trustworthy ICT products, systems and services.

In 2016, the Focus Group looked into the different usages/ meanings of the 'cybersecurity' word by various stakeholders in different standards and finalized a document Definition of Cybersecurity consisting of an overview of overlaps and gaps of those definitions with a view of moving towards a common understanding of the cyber security domain.

TC CYBER is recognized as a major trusted centre of expertise offering market-driven cyber security standardization solutions, advice and guidance to users, manufacturers, network, infrastructure and service operators and regulators. ETSI TC CYBER works closely with stakeholders to develop standards that increase privacy and security for organizations and citizens across Europe and worldwide. We provide standards that are applicable across different domains, for the security of infrastructures, devices, services, protocols, and to create security tools and techniques.

Some of our latest standards have been in network security (implementing the NIS Directive TR 103 456, the Middlebox Security Protocol TS 103 523 series, a survey of network gateways TR 103 421), cryptography for access control and personally identifying information (Attribute-Based Encryption TS 103 458 and TS 103 532), Critical Security Controls (the TR 103 305 series), protecting PII in line with GDPR (TR 103 370), Quantum-Safe Key Exchanges (TR 103 570), and more. You can see a full list on our standards page.

In addition to TC CYBER, other ETSI groups also work on standards for cross-domain cybersecurity, the security of infrastructures, devices, services and protocols and security tools and techniques. They address the following areas and more information can be found in the related technologies pages:

• Cross-domain cybersecurity
  • Information Security Indicators
• Securing technologies and systems
  • Mobile/Wireless systems (3G/4G, TETRA, DECT, RRS, RFID...)
  • IoT and Machine-to-Machine (M2M)
  • Network Functions Virtualisation
  • Intelligent Transport Systems, Maritime
  • Broadcasting
• Security tools and techniques
  • Lawful Interception and Retained Data
  • Digital Signatures and trust service providers
  • Smart cards / Secure elements
  • Exchangeable CA/DRM solutions
  • Security algorithms

With the advent and rise of AI there is a risk that machine-to-machine decisions will be made with black-box inputs determined without input transparency to humans. In order to enable ethics-based AI, individuals will require the means to influence and determine the values, rules and inputs that guide the development of personalized algorithms and Artificial Intelligence. They will need an agent that can negotiate their individual rights and agency in a system of shared social norms, ethics and human rights that also foresee and helps the individual mitigate ethical implications of data processing. This approach will enable individuals to safely organize and share their personal information at a machine-readable level and enable a personalized AI to act as a proxy for machine-to-machine decisions. A key goal for the creation of this standard is to educate government and commercial actors why it is in their best interests to create the mechanisms for individuals to train Personal AI Agents to move beyond asymmetry and harmonize personal data usage for the future.

Standard: P7006 - Standard for Personal Data Artificial Intelligence (AI) Agent

Description: This standard describes the technical elements required to create and grant access to a personalized Artificial Intelligence (AI) that will comprise inputs, learning, ethics, rules and values controlled by individuals.

Development Status: Under development

This document provides guidelines for adopting cyber insurance as a risk treatment option to manage the impact of a cyber incident within the organization’s information security risk management framework.

Source: https://www.iso.org/standard/72436.html

This document gives machine manufacturers guidance on potential security aspects in relation to safety of machinery when putting a machine into service or placing on the market for the first time. It provides essential information to identify and address IT-security threats which can influence safety of machinery.

Source: https://www.iso.org/standard/73335.html