Issue IV


Standardization for ICT Security

Volume: 2005, No.IV

Date: August 2005

Guest Editors: Paloma García-López, Stefanos Gritzalis and Javier López-Muñoz

Contents: Download full issue (PDF 1.8MB)

Jump to: Monograph | UPgrade European NETwork

Standardization for ICT Security

More often than we might think, we work with documents known as international standards or with documents directly based on those standards. In fact, a considerable percentage of the research carried out in national and international universities, companies and research centres, is founded on the existence of such standards. Far from being simply documents ‘discovered’ by chance and signed by an anonymous author whose identity will never be known, they are actually produced under the auspices of officially recognised standardization bodies.

The increasingly multi-sectoral nature of voluntary standards is evident by the fact that an ever growing number of sectors are seeing standardization as a basis for providing users and customers with higher quality services and products.

With regard to the international framework concerning Information Technologies (IT) related aspects, there is a joint committee formed by two standardisation bodies: ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission, focusing on the electrical areas of each field). The joint technical committee is known as JTC1 (Joint Technical Committee 1).

Standardisation and Certification (S&C) activities in the field of Information Technologies are increasingly more relevant to organisations and the general public. This is particularly true of everything related to information security, and not only concerning product manufacturing and marketing requirements but also information management standardisation carried out by organisations in order to protect the information they are handling.

The UPgrade European NETwork section of this issue includes a paper from the Spanish Member society, Asociación de Técnicos de Informática from their publication Novática. This paper focuses on the topic of software patents. 


The following papers are included in this issue:

  • Where Do the Voluntary Standards and Recommendations Regarding Information Security Come From? by Paloma García-López
  • CEN/ISSS and Its Contribution to European Standardization in Security of Information Technologies by Luc Van den Berghe
  • International Standardization of Information and IT Security - Current and Future SC27 Activities by Ted Humphreys
  • Common Criteria International Standards by Miguel Bañón
  • Security Metrics and Measurements for IT by José A. Mañas-Argemí
  • IT Security Audits from A Standardization Viewpoint by Marina Touriño-Troitiño
  • Legislation, Standards and Recommendations Regarding Electronic Signature by Josep-Lluís Ferrer-Gomila and Apol·lònia Martínez-Nadal
  • The X.509 Privilege Management Standard by David Chadwick
  • ICT Security Standards for Healthcare Applications by Spyros Kokolakis and Costas Lambrinoudakis