IT security procedures
IT security procedures are a term used in technical standardization and are closely linked to technical information security and IT security . For the area of information and communication technology they are of considerable importance.
standardization
The DIN NIA-01-27 IT security procedure is a working committee in the so-called standards committee for information technology and applications (DIN NIA) in the DIN German Institute for Standardization , based in Berlin . It emerged from the previous DIN NI-27 committee.
In this case, the results of the international standardization work are published as so-called ISO / IEC standards. Individual international standards are also adopted as so-called DIN ISO / IEC standards in the German set of standards and translated as a whole or only in part.
Work area
The work area of DIN NIA-01-27 IT security procedure is the development of standards for generally applicable methods and techniques for IT security , i. H. security in information technology. Internationally, this area is handled by the ISO / IEC JTC 1 / SC 27 Information Technology - Security Techniques standardization committee in cooperation with ISO and IEC .
In accordance with the work area of ISO / IEC JTC 1 / SC 27 , both the protection of information and the protection of information and communication technology (ICT) are relevant for work in DIN NIA-01-27. Here you can find u. a. General methods, techniques and guidelines for IT security as well as technical aspects for protecting privacy, such as:
- Methods for recording requirements for IT security;
- Management aspects in information security, including the information security management systems (ISMS) ;
- Cryptographic procedures and other mechanisms;
- Security aspects for identity management , biometric procedures and technical data protection ;
- Information security compliance test requirements ;
- Common criteria for evaluating IT security (or Common Criteria) and related methods.
The working committee DIN NIA-01-27 wants to support the liaison offices to other domestic and foreign committees and the cooperation in the international standardization work of ISO / IEC JTC 1 / SC 27 proportionately according to its own national interests. He wants to make a contribution to the development and implementation of standards in this area.
Sub-bodies in the working committee
The standardization work in the committee is led by the plenary session chaired by a chairman. The work of the technical experts is divided into the following sub-committees or working groups (AK) on a project basis.
| Working group | Title and subject |
|---|---|
| NIA 01-27-01 AK | IT security management systems (ISMS) |
| NIA 01-27-02 AK | IT security techniques and mechanisms (including cryptography ) |
| NIA 01-27-03 AK | Evaluation criteria for IT security (including Common Criteria ) |
| NIA 01-27-04 AK | IT security measures and services |
| NIA 01-27-05 AK | Identity Management and Data Protection Technologies |
IT security procedure standards
In addition to the well-known series of standards ISO / IEC 2700x for information security management systems (ISMS) and the three parts of ISO / IEC 15408 or common criteria for evaluating IT security (or Common Criteria), there is a whole series of other standards for IT security procedures . A complete list of the standards supported by the ISO / IEC JTC 1 / SC 27 or the DIN NIA-01-27 IT security procedure can be found in Standing Document No 7 - SC27 Projects & Standards (SD7) as a ZIP file in Web freely available.
Obtaining standards
The standards from the area of ISO and IEC are open standards and, in contrast to various free standards, are mostly not available free of charge and usually have to be purchased. In Germany, both standard research and the purchase of standard prints or electronic standard editions for this area via Beuth Verlag at DIN are recommended.
Participation in standardization
The work in the working committee DIN NIA-01-27 IT security procedures is largely carried out electronically. In addition, working meetings with personal participation take place at least twice a year at different locations in Germany. As in all DIN standards committees, participation in standardization activities is subject to rules of procedure and requires delegation by an authorizing body. Under certain circumstances, guests can register for a limited participation at the responsible office at DIN .
Compass of IT security standards
The BITKOM and DIN compass of IT security standards should help to enable clear and easier access to relevant IT security standards. This guideline is published in cooperation with the BITKOM AK Security Management and the DIN NIA-01-27 IT security procedure and is regularly revised.
After a long break, the compass of IT security standards can now be found as an interactive online version on its own website.