Purpose This part of ISO/IEC TR 15443 provides a collection of assurance methods including those not unique to ICT security as long as they contribute to overall ICT security. It gives an overview as to their aim and describes their features@ reference and standardization aspects. In principle@ the resultant ICT security assurance is the assurance of the product@ system or service in operation. The resultant assurance is therefore the sum of the assurance increments obtained by each of the assurance methods applied to the product@ system or service during its life cycle stages. The large number of available assurance methods makes guidance necessary as to which method to apply to a given ICT field to gain recognized assurance. Each item of the collection presented in this part of ISO/IEC TR 15443 is classified in an overview fashion using the basic assurance concepts and terms developed in ISO/IEC TR 15443-1. Using this categorization@ this part of ISO/IEC TR 15443 guides the ICT professional in the selection@ and possible combination@ of the assurance method(s) suitable for a given ICT security product@ system@ or service and its specific environment.
INCITS/ISO/IEC TR 15443-2:2005 history
2005INCITS/ISO/IEC TR 15443-2:2005 Information technology - Security techniques - Security assurance framework - Part 2: Analysis (Technical Report)