IT Security

ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. It (a) defines one basic concept for pseudonymization, (b) defines one basic methodology for pseudonymization services including organizational, as well as technical aspects, (c) specifies a policy framework and minimal requirements for controlled re-identification,(d) gives an overview of different use cases for pseudonymization that can be both reversible and irreversible,(e) gives a guide to risk assessment for re-identification, (f) provides an example of a system that uses de-identification, (g) provides informative requirements to an interoperability to pseudonymization services, and (h) specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service

This Recommendation addresses a transportation safety management model that describes disaster management steps based on Internet of things (IoT) technologies in order to reduce damage from disasters. An architectural model for transportation safety services is described based on [ITU-T Y.4116] and on requirements according to the IoT reference model [ITU-T Y.4000].
The scope and characteristics of transportation disasters from various transportations (e.g., road, railway, maritime and air transportation) are based on [ITU-T Y.4116]. Transportation safety management parameters (e.g., safety index and driver tiredness) are presented respectively in Annex A and Annex B and sensing data pre-processing procedure and characteristics of transportation application services are described in the appendices of this Recommendation.
NOTE – In this Recommendation, some capabilities (e.g., driver condition monitoring, infrastructure monitoring) and some applications (e.g., road/train/maritime/air safety management services) may be related to regulation in some countries. In this case, non-functional aspects related to regulation are out of scope and functional aspects cannot supersede existing regulation. Regulatory issues may be subject to laws (e.g., intelligent transportation system (ITS) related regulation).

Cryptographic transform for protection of data in sector-level storage devices is specified in this standard.

This standard defines a cryptographic protocol to provide integrity, and optional confidentiality, for cybersecurity of Electrical Power System (EPS) serial links. It does not address specific applications or hardware implementations, and is independent of the underlying communications protocol.

This standard defines a privacy scale that shall be applied to data that is defined as personal identifiable information that is being collected, retained, processed or shared by or among applications implemented on networked edge, fog, or cloud computing devices. This privacy scale data provides input to assessment tools that developers or users of these applications use to develop, discover, recognize, or implement appropriate privacy settings for types or levels of personal data resident on these devices.

The enhanced security management function for the protocol defined in IEEE 1888(TM), “Ubiquitous Green Community Control Network Protocol,” is described in this standard. Security requirements, system security architecture definitions, and a standardized description of authentication and authorization, along with security procedures and protocols, are specified. This standard can help avoid unintended data disclosure to the public and unauthorized access to resources, while providing enhanced integrity and confidentiality of transmitted data in the ubiquitous green community control network.