Introduction to security standards

Let’s look at the concept of standards and standardisation in the system development process.

Standards

Standards have been established to ensure that system development follows the technical requirements. Generally, when it comes to system development or technology, we could give the following informal definition to the term ‘standard’:

A standard is a norm/rule that points out the technical criteria, methods and practices that should be used for the development of a system.

Throughout the years, several different standards have been introduced for the development of particular systems. The choice of which one to use typically depends on the type and scope of the system to be developed.

Standardisation

Having defined standards as being the rule, we could define standardisation as the process of creating new technical standards. But why do we really need to follow standards or have a standardisation process for the development of computer systems? The answer to this question is relatively easy as the use of standards and standardisation can thoroughly define the technical and security features that a system should have in order to meet some basic requirements that improve the system’s compatibility, interoperability, functioning, testing, quality and security.

Standards organisations or bodies

In the 20th century, the first standards (in the form of common trade or specification rules) appeared in several countries around the world in order to handle the technical discrepancies that existed at a local, national or international level with regard to the development and trade of products. For that reason, standard organisations or bodies were established with their core responsibilities being the development, coordination, revision and amendment of technical standards.

Most countries now have their own national organisations that implement standards to comply with the regulations and legislation of the country that they belong to. Examples include the European Committee for Standardization (CEN) and the British Standards Institution (BSI) in the European Union and United Kingdom respectively.

ISO and IEC

In 1947, the International Organization for Standardization (ISO) was founded, constituting a global standard body responsible for the promotion of worldwide industrial and commercial standards. ISO consists of 168 members that participate in decisions about the standards issued and published. These members usually make up the national standard bodies of the participating countries.

Finally, ISO and the International Electrotechnical Commission (IEC) have formed two main committees that decide the development of the standards. These committees are:

  • The ISO/IEC Joint Technical Committee 1 for information technology standards
  • ISO/IEC Joint Technical Committee 2 for energy efficiency and renewable energy sources standards

Your task

Share and discuss your thoughts on the following:

How can standards and standardisation improve the functioning and security of a system?

Take a look at the links below in the See Also section if you wish to explore some standards further.


Share this article:

This article is from the free online course:

Cyber Security in the Software Development Life Cycle

Coventry University