15

Standards

15.1 X.800 and RFC 2828

ITU-T Recommendation X.800 (Security Architecture for OSI) and IETF RFC 2828 (Internet Security Glossary) are used as references to systematically evaluate and define security requirements. Though coming from different standardization bodies, the two standards have many points in common. X.800 is used to define general security-related architectural elements needed when protection of communication between open systems is required. X.800 establishes guidelines and constraints to improve existing recommendations and/or to develop new recommendations in the context of OSI. Similarly, RFC 2828 provides abbreviations, explanations and recommendations for information system security terminology.

Both X.800 and RFC 2828 are designed to assist security managers in defining security requirements and possible approaches to meeting those requirements. They also help hardware and software manufacturers to develop security features for their products and services that follow certain standards. X.800 and RFC 2828 both mention several aspects of security systems, namely security threat and attack, security services and mechanisms and security management. This section gives a brief introduction to these standards. We urge readers to read the original standard documents for more information.

15.1.1 Security Threats and Attacks

According to X.800, ‘A threat to a system security includes any of the following: destruction of information and/or other resources; ...