ETSI SR 002 298-2003 Response from CEN and ETSI to the Communication from the Commission to the Council the European Parliament the European Economic and Social Committee and the .pdf
《ETSI SR 002 298-2003 Response from CEN and ETSI to the Communication from the Commission to the Council the European Parliament the European Economic and Social Committee and the .pdf》由会员分享,可在线阅读,更多相关《ETSI SR 002 298-2003 Response from CEN and ETSI to the Communication from the Commission to the Council the European Parliament the European Economic and Social Committee and the .pdf(75页珍藏版)》请在麦多课文档分享上搜索。
1、 ETSI SR 002 298 V1.1.1 (2003-12)Special Report Response from CEN and ETSI to the“Communication from the Commission to the Council,the European Parliament, the European Economic andSocial Committee and the Committee of the Regions:Network and Information Security:Proposal for a European Policy Appro
2、ach“ETSI ETSI SR 002 298 V1.1.1 (2003-12) 2 Reference DSR/BOARD-00004 Keywords security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture d
3、e Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions,
4、 the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revisi
5、on or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized
6、 by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON
7、 logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI SR 002 298 V1.1.1 (2003-12) 3 Contents Intellectual Property Rights7 Foreword.7 1 Scope
8、 8 2 References 8 3 Definitions and abbreviations.9 3.1 Definitions9 3.2 Abbreviations .9 4 Introduction 10 5 Network and information security11 5.1 Definition used in the present document 11 5.2 Other “real world“ issues not covered 12 5.2.1 Legal issues.12 5.2.2 Vetting of personnel12 5.2.3 Inform
9、ation security professional qualifications.12 5.2.4 Longevity of archiving12 6 Electronic business and other contexts.13 7 The structure of the present document .13 8 CEN and ETSI response to proposed actions.14 8.1 Awareness raising.14 8.2 Technology support14 8.3 Support for market oriented standa
10、rdization and certification .14 8.3.1 Interoperability .14 8.3.2 EU initiatives 15 8.3.3 Certification and accreditation15 8.3.4 Participation in standardization activities .15 8.3.5 Stimulation of standardization activities.16 8.3.6 Proposed European Network and Information Security Agency16 8.4 In
11、ternational co-operation 16 9 User requirements 16 9.1 Home users.16 9.1.1 Home working 16 9.1.2 Personal business 17 9.1.3 Microprocessor control of domestic equipment17 9.1.4 General security requirements 17 9.2 Small and medium enterprises18 9.2.1 The SME as a user of e-business services.18 9.2.2
12、 The SME as a supplier of e-business services 18 9.2.3 General security requirements 18 9.3 Large organizations and industries.19 9.3.1 General security requirements 19 9.4 Recommendations 19 10 General threats to network and information security .20 11 Registration and authentication services 21 11
13、.1 Security measures.22 11.1.1 Effective user registration.22 11.1.2 Effective user identification and authentication22 11.1.3 Effective access control 22 11.1.4 Effective user management.22 11.2 Passwords.22 11.3 Biometrics 23 ETSI ETSI SR 002 298 V1.1.1 (2003-12) 4 11.4 Digital certificates 23 11.
14、5 Smart cards.23 11.6 Recommendations 24 11.6.1 Registration.24 11.6.2 Authentication.24 11.6.3 Interoperability and framework considerations 24 11.6.4 Biometrics.24 11.6.5 Other mechanisms 25 12 Confidentiality and privacy services 25 12.1 Security measures.25 12.2 Encryption of stored information
15、.26 12.3 Electronic mail encryption .26 12.4 Network encryption26 12.5 Cryptographic algorithms.27 12.6 Object re-use policy27 12.7 Recommendations 28 12.7.1 Encryption of stored information28 12.7.2 Network and electronic mail encryption.28 12.7.3 Object re-use policy28 13 Trust services28 13.1 Sec
16、urity measures.28 13.1.1 Key management 29 13.1.2 Non-repudiation29 13.1.3 Evidence of receipt .29 13.1.4 Trusted commitment service.30 13.1.5 Integrity 30 13.2 Electronic signatures 30 13.3 Hash functions31 13.4 Time-stamping .31 13.5 Non-repudiation .31 13.6 Public Key Infrastructures (PKI)31 13.7
17、 Harmonization of trust services32 13.8 Recommendations 32 14 Business services32 14.1 Security measures.33 14.1.1 Service availability .33 14.1.2 Information availability 33 14.1.3 Effective accounting and audit33 14.2 Failure impact analysis.34 14.3 Capacity planning.34 14.4 Business continuity pl
18、anning34 14.5 Configuration management 34 14.6 Checksums and cyclic redundancy checks.34 14.7 Recommendations 34 15 Network defence services.35 15.1 Security measures.35 15.1.1 Preventative measures.35 15.1.2 Detection measures.35 15.2 Recommendations 35 16 Assurance services .36 16.1 Security measu
19、res.36 16.2 Risk assessment36 16.3 Evaluation.37 16.4 Certification37 16.5 Information security management standards37 16.6 Accreditation bodies.38 16.7 Recommendations 38 Annex A: Standards for registration and authentication services.39 ETSI ETSI SR 002 298 V1.1.1 (2003-12) 5 A.1 General authentic
20、ation standards39 A.1.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 39 A.1.2 European Telecommunications and Standards Institute (ETSI).39 A.1.3 US National Institute of Standards and Technology 41 A.1.4 Internet Engineering Task Force (IETF) 41 A.1.5 Ins
21、titute of Electrical Engineers .42 A.2 Passwords.42 A.2.1 Internet Engineering Task Force (IETF) 42 A.2.2 US National Institute of Standards and Technology 42 A.2.3 US National Computer Centre42 A.3 Biometrics 42 A.3.1 International Organization for Standardization and Electrotechnical Commission (I
22、SO/IEC) 42 A.3.2 ANSI/NIST.43 A.3.3 Other Organizations/Activities.43 A.4 Digital certificates 43 A.4.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 43 A.4.2 European Standards Committee (CEN)44 A.4.3 European Telecommunications and Standards Institute (ET
23、SI).44 A.4.4 Internet Engineering Task Force (IETF) 44 A.4.5 ANSI 44 A.4.6 US National Institute of Standards and Technology 44 A.4.7 RSA Public Key Cryptography Standards44 A.5 Smart Cards45 A.5.1 International Organization for Standardization and Electrotechnical Commission (ISO/IEC) 45 A.5.2 Euro
24、pean Standards Committee - Information Society Standardization System (CEN/ISSS).45 A.5.3 European Telecommunications and Standards Institute (ETSI).48 A.5.4 Personal Computer Smart Card Workgroup.51 A.5.5 Smart Card alliance 51 A.5.6 e-Europe Smart Card (eESC) Initiative 51 A.5.6 US National Instit
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ETSISR0022982003RESPONSEFROMCENANDETSITOTHECOMMUNICATIONFROMTHECOMMISSIONTOTHECOUNCILTHEEUROPEANPARLIAMENTTHEEUROPEANECONOMICANDSOCIALCOMMITTEEANDTHEPDF

链接地址:http://www.mydoc123.com/p-734968.html