This document provides guidelines for adopting cyber insurance as a risk treatment option to manage the impact of a cyber incident within the organization’s information security risk management framework.
This document provides guidelines for information security risk management in an organization. However, this document does not provide any specific method for information security risk management. It is up to the organization to define their approach to risk management, depending for example on the scope of an information security management system (ISMS), context of risk management, or industry sector. A number of existing methodologies can be used under the framework described in this document to implement the requirements of an ISMS. This document is based on the asset, threat and vulnerability risk identification method that is no longer required by ISO/IEC 27001. There are some other approaches that can be used.
This document does not contain direct guidance on the implementation of the ISMS requirements given in ISO/IEC 27001.
This document is relevant to managers and staff concerned with information security risk management within an organization and, where appropriate, external parties supporting such activities.
Information technology -- Big data reference architecture -- Part 1: Framework and application process
Currently Under Development
Interoperability for internet of things systems -- Part 1: Framework
Currently Under Development
This International Standard provides a definition of Internet of Things along with a set of terms and 5 definitions.
Still under development
This document provides a standardized IoT Reference Architecture using a common vocabulary, reusable designs and industry best practices. It uses a top down approach, beginning with collecting the most important characteristics of IoT, abstracting those into a generic IoT Conceptual Model, deriving a high level system based reference with subsequent dissection of that model into five architecture views from different perspectives.
You can look here for a preview of the Standard Document.
This International Standard is aimed at organizations that provide services to communities in cities, and manage the resulting data, as well as decision-makers and policy developers in cities
This International Standard describes, and gives guidance on, a smart city concept model (SCCM) that can provide the basis of interoperability between component systems of a smart city, by aligning the ontologies in use across different sectors. It includes:
• concepts (e.g. ORGANIZATION, PLACE, COMMUNITY, ITEM, METRIC, SERVICE, RESOURCE).
• relationships between concepts (e.g. ORGANIZATION has RESOURCEs, EVENT at a PLACE).
This International Standard provides guidance for improving the state of Cybersecurity.
It provides:
— an overview of Cybersecurity,
— an explanation of the relationship between Cybersecurity and other types of security (information, network, and internet security)
— a definition of stakeholders and a description of their roles in Cybersecurity.
— guidance for addressing common Cybersecurity issues.
— a framework to enable stakeholders to collaborate on resolving Cybersecurity issues.
This part of ISO/IEC 9798 specifies entity authentication mechanisms using symmetric encipherment algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require a trusted third party for the establishment of a common secret key, and realize mutual or unilateral entity authentication.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:9798:-2:ed-3:v1:en
This part of ISO/IEC 9798 specifies an authentication model and general requirements and constraints for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities and, where required, exchanges with a trusted third party.
This part of ISO/IEC 9797 specifies the following MAC algorithms that use a secret key and a universal hash-function with an n-bit result to calculate an m-bit MAC based on the block ciphers specified in ISO/IEC 18033-3 and the stream ciphers specified in ISO/IEC 18033-4:
a) UMAC;
b) Badger;
c) Poly1305-AES;
d) GMAC.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:9797:-3:ed-1:v1:en
