ISO 19791:2010
ISO 19791:2010 Information technology – Security techniques – Security assessment of operational systems
CDN $390.00
Description
ISO/IEC TR 19791:2010 provides guidance and criteria for the security evaluation of operational systems. It provides an extension to the scope of ISO/IEC 15408 by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required address evaluation of the operational environment surrounding the target of evaluation, and the decomposition of complex operational systems into security domains that can be separately evaluated.
ISO/IEC TR 19791:2010 provides:
- a definition and model for operational systems;
- a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such operational systems;
- a methodology and process for performing the security evaluation of operational systems;
- additional security evaluation criteria to address those aspects of operational systems not covered by the ISO/IEC 15408 evaluation criteria.
ISO/IEC TR 19791:2010 permits the incorporation of security products evaluated against ISO/IEC 15408 into operational systems evaluated as a whole using ISO/IEC TR 19791:2010.
ISO/IEC TR 19791:2010 is limited to the security evaluation of operational systems and does not consider other forms of system assessment. It does not define techniques for the identification, assessment and acceptance of operational risk.
Edition
2
Published Date
2010-03-22
Status
PUBLISHED
Pages
235
Language
English
Format
Secure PDF
Secure – PDF details
- Save your file locally or view it via a web viewer
- Viewing permissions are restricted exclusively to the purchaser
- Device limits - 3
- Printing – Enabled only to print (1) copy
See more about our Environmental Commitment
Abstract
ISO/IEC TR 19791:2010 provides guidance and criteria for the security evaluation of operational systems. It provides an extension to the scope of ISO/IEC 15408 by taking into account a number of critical aspects of operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required address evaluation of the operational environment surrounding the target of evaluation, and the decomposition of complex operational systems into security domains that can be separately evaluated.
ISO/IEC TR 19791:2010 provides:
- a definition and model for operational systems;
- a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such operational systems;
- a methodology and process for performing the security evaluation of operational systems;
- additional security evaluation criteria to address those aspects of operational systems not covered by the ISO/IEC 15408 evaluation criteria.
ISO/IEC TR 19791:2010 permits the incorporation of security products evaluated against ISO/IEC 15408 into operational systems evaluated as a whole using ISO/IEC TR 19791:2010.
ISO/IEC TR 19791:2010 is limited to the security evaluation of operational systems and does not consider other forms of system assessment. It does not define techniques for the identification, assessment and acceptance of operational risk.
Previous Editions
Can’t find what you are looking for?
Please contact us at:
Related Documents
-
ISO 27006:2021 Requirements for bodies providing audit and certification of information security management systems – Part 2: Privacy information management systems
CDN $115.00 Add to cart -
ISO 27013:2024 Information security, cybersecurity and privacy protection – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 – Amendment 1
CDN $32.00 Add to cart -
ISO 20243:2023 Information technology – Open Trusted Technology ProviderTM Standard (O-TTPS) – Part 2: Assessment procedures for the O-TTPS
CDN $312.00 Add to cart -
ISO 27554:2024 Information security, cybersecurity and privacy protection – Application of ISO 31000 for assessment of identity-related risk
CDN $173.00 Add to cart
