INCITS/ISO/IEC TR 15443-1:2005 Information technology - Security techniques - Framework for IT security assurance - Part 1: Overview and Framework (Technical Report)
Purpose The purpose of this part of ISO/IEC TR 15443 is to introduce@ relate and categorise security assurance methods to a generic life cycle model in a manner enabling an increased level of confidence to be obtained in the security functionality of a deliverable. Approach The approach adopted throughout this part of ISO/IEC TR 15443 presents an overview of the basic assurance concepts and terms required for understanding and applying assurance methods through a framework of identifying various assurance approaches and assurance stages. Application Using the categorisation obtained through this part of ISO/IEC TR 15443@ Part 2 and the future Part 3 will guide the reader in the selection@ and possible combination@ of the assurance method(s) suitable for application to a given deliverable. Field of Application This part of ISO/IEC TR 15443 provides guidance for the categorisation of assurance methods including those not unique to IT security. It may be used in areas outside of IT security where criticality warrants assurance. Limitations This part of ISO/IEC TR 15443 applies to deliverables (refer to Clause 4.3) and their related organisational security issues only.
INCITS/ISO/IEC TR 15443-1:2005 history
2005INCITS/ISO/IEC TR 15443-1:2005 Information technology - Security techniques - Framework for IT security assurance - Part 1: Overview and Framework (Technical Report)