ISO/IEC

Information technology security techniques — Security requirements, test and evaluation methods for quantum key distribution — Part 2: Evaluation and testing methods

Information technology security techniques — Security requirements, test and evaluation methods for quantum key distribution — Part 1: Requirements

ISO/IEC 24745:2011 provides guidance for the protection of biometric information under various requirements for confidentiality, integrity and renewability/revocability during storage and transfer. Additionally, ISO/IEC 24745:2011 provides requirements and guidelines for the secure and privacy-compliant management and processing of biometric information.
 

ISO/IEC 24745:2011 specifies the following:

- analysis of the threats to and countermeasures inherent in a biometric and biometric system application models;
- security requirements for secure binding between a biometric reference and an identity reference;
biometric system application models with different scenarios for the storage of biometric references and comparison; and
- guidance on the protection of an individual's privacy during the processing of biometric information.
 

ISO/IEC 24745:2011 does not include general management issues related to physical security, environmental security and key management for cryptographic techniques.

This document specifies

—    generic extensible data interchange formats for the representation of vascular image data: a tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information,

—    examples of data record contents,

—    application specific requirements, recommendations, and best practices in data acquisition, and

—    conformance test assertions and conformance test procedures applicable to this document.

This document specifies the security requirements for physically unclonable functions (PUFs). Specified security requirements concern the output properties, tamper-resistance and unclonability of a single and a batch of PUFs. Since it depends on the application which security requirements a PUF needs to meet, this documents also describes the typical use cases of a PUF.
Amongst PUF use cases, random number generation is out of scope in this document.

ISO/IEC 25024:2015 defines data quality measures for quantitatively measuring the data quality in terms of characteristics defined in ISO/IEC 25012.

ISO/IEC 25024:2015 contains the following:

- a basic set of data quality measures for each characteristic;

- a basic set of target entities to which the quality measures are applied during the data-life-cycle;

- an explanation of how to apply data quality measures;

- a guidance for organizations defining their own measures for data quality requirements and evaluation.

It includes, as informative annexes, a synoptic table of quality measure elements defined in this International standard (Annex A), a table of quality measures associated to each quality measure element and target entitiy (Annex B), considerations about specific quality measure elements (Annex C), a list of quality measures in alphabetic order (Annex D), and a table of quality measures grouped by characteristics and target entities (Annex E).

This International Standard does not define ranges of values of these quality measures to rate levels or grades because these values are defined for each system by its nature depending on the system context and users' needs.

This International Standard can be applied to any kind of data retained in a structured format within a computer system used for any kinds of applications.

People managing data and services including data are the primary beneficiaries of the quality measures.

This International Standard is intended to be used by people who need to produce and/or use data quality measures while pursuing their responsibilities.

- Acquirer (an individual or organization that acquires or procures data from a supplier).

- Evaluator (an individual or organization that performs an evaluation, which can, for example, be a testing laboratory, the quality department of an organization, a government organization, or a user).

- Developer (an individual or organization that performs development activities including requirements, analysis, design, implementation, and testing data during the data-life-cycle).

- Maintainer (an individual or organization that performs operation and maintenance activities of data).

- Supplier (an individual or organization that enters into a contract with the acquirer for the supply of data or service under the terms of the contract).

- User (an individual or organization that uses data to perform a specific function).

- Quality manager (an individual or organization that performs a systematic examination of the data).

- Owner (an individual or organization that takes responsibility for the management and financial value of the data with the legal authority and responsibility to establish for them evaluation, collections, access, dissemination, storage, security, and cancellation).

ISO/IEC 25024:2015 takes into account a large range of data of target entities.

It can be applied in many types of information systems, for example, such as follows:

- legacy information system;

- data warehouse;

- distributed information system;

- cooperative information system;

- world wide web.

The scope does not include the following:

- knowledge representation;

- data mining techniques;

- statistical significance for random sample.