MTS(13 - Docbox

Report
SECURITY SIG IN MTS
05TH NOVEMBER 2013
MEETING REPORT
Fraunhofer FOKUS
Agenda SIG#9
Meeting: November 5th, 11:00 – 14:00
Participants:
Jürgen Großmann (JGR), Ari Takanen (ATA), Emmanuelle Chaulot-Talmon
(EMM), Ian Bryant (IBR), Jorge Cuellar (JCU), Milan Zoric (MZO), Jan de
Meer (JDM)
1)
2)
3)
4)
5)
6)
7)
2
Review/discussion APs and WI status
ISO Liaison
Security Testing Terminology and Concepts
Case Study Experiences
Life Cycle Guide
Risk-based Security Testing Methodologies
Schedule
Schedule & APs
Next version of DTS/MTS-101583 SecTest_Terms to be delivered for January MTS
1. AP (JGR, IBR, JCU): WI authors should provide major terms from their documents
(until mid of October)
Next version of DTS/MTS-101582 SecTest_Cases to be provided for RC in October
1. AP (JGR): Minor editorial issues -> check with EMM
2. AP (JGR,JCU) provide list of terms from the case studies (until mid of October)
3. AP (JGR,EMM) after 1 is finished
Work plan and initial version of
• WI: Verification and Validation Life Cycle part (Sections 1-5 and Annexes A, B from original
document),
1. AP (IBR): Work plan and terms
• WI: Security Testing Methodologies (Section 6 with methodologies for risk based security testing
based on standards like ISO 31000 and IEEE 829/29119), Resp: JGR
1. AP (JGR): Work plan and terms
Next MTS Security SIG November 5th
3
ETSI/ISO Liaison
ETSI ISI&MTS liaisons has been confirmed by the SC27 plenary
meeting in last week.
Participation at 9th ETSI Security Workshop with a session
“ISO-ETSI Collaboration” (probably a short one, around 10
minutes given the number of participants to that session)
• Juergen will be the speaker for MTS security, within the ETSI/ISO SC27
collaboration session.
• ETSI/ISO SC27 coordination meeting, 18:00-19:30 at ETSI premises, in
which Juergen is therefore definitely invited to participate (12-15
people at that meeting)
Action points:
• AP (EMM): Clarify responsibilities within ETSI
• AP (JGR): Set EMM and JDM in CC for all correspondence with respect to ETSI/ISO
liaison
4
Security SIG in MTS, 4-5 October 2011
Security Testing Terminology
DTS/MTS-101583 SecTest_Terms in v0.4
• Document will be a TR not a TS
• ATA have received input (terms) from the other Wis
• Decision: Terms should be used as described in SecTestTerms. The
other WIs should prevent using conflicting definitions. Meaningfull
paraphrases should be used instead.
Action points:
•
•
•
•
•
•
•
5
AP (ATA): Use TR-Template for the document
AP (ATA): Provide updated document within this week (week 45)
AP (JGR): Deliver section on Risk-based Security Testing (2 weeks)
AP (JGR) : Deliver additional input for MBST for introduction (2 weeks)
AP (ATA): Identify conflicting terms (December 19th)
AP (ATA): Check terms with ISO and ETSI definitions (December 19th)
AP (ALL): Discuss the terms, conflicts and the sources of terms next meeting (Dec 19th)
Cases Study Experiences
DTS/MTS-101582 SecTest_cases in v0.3
• Stable draft with 6 cases studies
• Document in currently edited by ETSI to resolve minor issues editorial
issues
• Terms for SecTestTerms hve been identified and sent to ATA
Main remaining issues
• AP (JGR, JCU) provide final draft of the doument
• AP (JGR,EMM) inititate RC when document is ready
6
Security SIG in MTS, 4-5 October 2011
Security Assurance Lifecycle
Document status (Resp: IBR)
• Draft document available at
• Work plan will be provided after IBR got feedback from JGR and ATA
Open Issues
• AP (JGR, ATA) provide feedback to the draft document until end of November
• AP (IBR) establish work plan and initial contribution until next Security SIG
meeting (Dec 19th)
7
Security SIG in MTS, 4-5 October 2011
Risk-based Security Testing
Methodologies I
Document status (Resp: JGR)
• WI: Risk-based Security Testing Methodologies (Section 6 with methodologies
•
•
for risk based security testing based on standards like ISO 31000 and IEEE
829/29119),
Draft work plan for WI
Draft document with input from RASEN/DIAMONDS
Resolution
• AP (JGR): provide early draft of RBST document until November 15th.
• AP (JCU) provide feedback to the draft document until end of November
• AP (JGR) establish work plan and initial contribution until next Security SIG
meeting (Dec 19th)
8
Security SIG in MTS, 4-5 October 2011
Risk-based Security Testing
Methodologies II
ETSI Milestone
· TB adoption of WI
Target date
·
2013/10/03
· First version with initial
content from
RASEN/DIAMONDS
· First alignment with V&V
(concept & terms) and
SecTestTerms
2013/11/15
·
2014/01/27
· Further content from
RASEN (consolidation of
ongoging work)
· Second alignment with V&V
(concept & terms)
· Further content from
RASEN (Deliverable)
2014/06/01
· Stable Draft
·
2014/10/01
· Draft for approval
·
· WG approval (delete if no WG)
·
· TB approval
·
· Early Draft
To be published as version:
9
Internal Milestone
Security SIG in MTS, 4-5 October 2011
2013/12/15
2013/12/15
2014/09/30
2015/03/31
V 1.1.1
Summary and Action Points
Next Meeting: December 19th, 14:00 – 16:00
AP Summary
10
•
•
•
•
•
•
•
•
•
•
•
•
•
•
AP (EMM): Clarify responsibilities for ISO/ETSI liaison within ETSI
AP (JGR): Set EMM and JDM in CC for all correspondence with respect to ETSI/ISO liaison
AP (ATA): Use TR-Template for the SecTestTerm document
AP (ATA): Provide updated SecTestTerm document within this week (week 45)
AP (JGR): Deliver section on Risk-based Security Testing (2 weeks)
AP (JGR) : Deliver additional input for MBST for introduction of SecTestTerm document (2 weeks)
AP (ATA): Identify conflicting terms in SecTestTerm (December 19th)
AP (ATA): Check terms with ISO and ETSI definitions (December 19th)
AP (ALL): Discuss the terms, conflicts and the sources of terms next meeting (Dec 19th)
AP (JGR, JCU): provide final draft of the SecTestCases doument
AP (JGR,EMM): inititate RC when SecTestCases document is ready
AP (JGR, ATA): provide feedback to the draft SecAssusrance document until end of November
AP (IBR): establish work plan and initial contribution for SecAssusranc doc until next Security SIG meeting (Dec 19th)
AP (JGR): provide early draft of RBST document until November 15th.
•
•
AP (JCU): provide feedback to the draft RBST document until end of November
AP (JGR): establish work plan for RBST document until next Security SIG meeting (Dec 19th)
Security SIG in MTS, 4-5 October 2011

similar documents