BSI 23/30450875 DC 2023

$13.70

BS 10754-0. Information technology. Systems trustworthiness – Part 0. Overview and concepts

Published By	Publication Date	Number of Pages
BSI	2023	87

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

PDF Catalog

PDF Pages	PDF Title
1	30450875 Form 36
3	30450875 Text
8	0 Introduction 0.1 General
9	0.2 Purpose of BS 10754 0.3 Intended audiences 0.4 Structure of BS 10754 series 0.4.1 Part 0 – Overview and concepts
10	0.4.2 Part 2 – Implementation and management 0.4.3 Part 3 – Validation, verification and certification 0.4.4 Relationship to other standards
11	1 Scope……
12	2 Normative references 3 Terms, definitions and abbreviated terms 3.1 Terms and definitions 3.1.1 Trustworthiness related definitions 3.1.1.1 entity 3.1.1.2 entity of interest 3.1.1.3 interest in the entity
13	3.1.1.4 environment 3.1.1.5 stakeholder’s trustworthiness expectations 3.1.1.6 entity trustworthiness/system trustworthiness/software trustworthiness 3.1.1.7 trust 3.1.1.8 trustworthiness 3.1.1.9 trustworthiness assumption 3.1.1.10 trustworthiness assurance
14	3.1.1.11 trustworthiness control (TC) 3.1.1.12 trustworthiness ecosystem 3.1.1.13 trustworthiness requirement 3.1.1.14 trustworthiness risk 3.1.1.15 trustworthy entity 3.1.1.16 level of trust/level of trustworthiness (LoT)
15	3.1.1.17 target level of trust/target level of trustworthiness (TLoT) 3.1.1.18 actual level of trust/actual level of trustworthiness (ALoT) 3.1.1.19 organization normative framework (ONF) 3.1.1.20 entity normative framework (ENF) 3.1.1.21 verification normative framework (VNF) 3.1.2 Trustworthiness characteristics 3.1.2.1 accessibility 3.1.2.2 accountability 3.1.2.3 accuracy/measurement accuracy/accuracy of measurement
16	3.1.2.4 adaptability 3.1.2.5 analysability 3.1.2.6 appropriateness recognizability 3.1.2.7 authenticity 3.1.2.8 availability 3.1.2.9 business continuity
17	3.1.2.10 capacity 3.1.2.11 changeability 3.1.2.12 co-existence 3.1.2.13 compatibility 3.1.2.14 confidentiality 3.1.2.15 conformity 3.1.2.16 consent traceability 3.1.2.17 continuity
18	3.1.2.18 controllability 3.1.2.19 dependability 3.1.2.20 discoverability 3.1.2.21 diversity 3.1.2.22 durability 3.1.2.23 entity availability 3.1.2.24 entity confidentiality
19	3.1.2.25 entity continuity 3.1.2.26 entity integrity 3.1.2.27 entity security 3.1.2.28 environmental safety 3.1.2.29 ethical 3.1.2.30 fairness 3.1.2.31 fault tolerance
20	3.1.2.32 faultlessness 3.1.2.33 flexibility 3.1.2.34 functional appropriateness 3.1.2.35 functional completeness 3.1.2.36 functional correctness (correctness) 3.1.2.37 functional suitability
21	3.1.2.38 human governance 3.1.2.39 information availability 3.1.2.40 information confidentiality 3.1.2.41 information integrity 3.1.2.42 information security 3.1.2.43 installability 3.1.2.44 integrity
22	3.1.2.45 interaction capability/usability 3.1.2.46 interoperability 3.1.2.47 intervenability 3.1.2.48 learnability 3.1.2.49 maintainability 3.1.2.50 maintenance support performance
23	3.1.2.51 maturity 3.1.2.52 modifiability 3.1.2.53 modularity 3.1.2.54 non-discrimination 3.1.2.55 non-repudiation 3.1.2.56 operability
24	3.1.2.57 operational safety 3.1.2.58 oversight 3.1.2.59 performance efficiency 3.1.2.60 personal information confidentiality/personal data confidentiality 3.1.2.61 portability 3.1.2.62 predictability 3.1.2.63 privacy/data privacy/information privacy
25	3.1.2.64 provenance 3.1.2.65 quality 3.1.2.66 recoverability/reversibility 3.1.2.67 reliability 3.1.2.68 replaceability 3.1.2.69 resilience
26	3.1.2.70 resource utilization 3.1.2.71 reusability 3.1.2.72 robustness/error tolerance 3.1.2.73 safety/living entity safety 3.1.2.74 scalability 3.1.2.75 security 3.1.2.76 self-descriptiveness
27	3.1.2.77 service continuity 3.1.2.78 societal safety 3.1.2.79 stability 3.1.2.80 testability 3.1.2.81 time behaviour 3.1.2.82 understandability 3.1.2.83 unlinkability 3.1.2.84 user assistance
28	3.1.2.85 user engagement 3.1.2.86 user error protection 3.1.2.87 user interface aesthetics 3.1.2.88 wellbeing 3.1.3 Supporting definitions 3.1.3.1 accountable 3.1.3.2 authority/supervisory authority 3.1.3.3 capability 3.1.3.4 compliance 3.1.3.5 concern
29	3.1.3.6 constituent system 3.1.3.7 control 3.1.3.8 data 3.1.3.9 dependability 3.1.3.10 evidence/objective evidence 3.1.3.11 information
30	3.1.3.12 information item/information part 3.1.3.13 information resource/information asset/information record 3.1.3.14 information subject/data subject 3.1.3.15 international norms of behaviour 3.1.3.16 management system 3.1.3.17 measurable
31	3.1.3.18 metric 3.1.3.19 organization 3.1.3.20 personal information/personal data 3.1.3.21 personal information subject’s consent/data subject’s consent 3.1.3.22 personally identifiable information (PII) 3.1.3.23 personally identifiable information controller (PII controller) 3.1.3.24 personally identifiable information principal (PII principal)
32	3.1.3.25 personally identifiable information processor (PII processor) 3.1.3.26 requirement 3.1.3.27 service 3.1.3.28 social health 3.1.3.29 specification 3.1.3.30 stakeholder 3.1.3.31 stakeholder concerns (concern)
33	3.1.3.32 stakeholder expectations (expectation) 3.1.3.33 stakeholder perspective 3.1.3.34 system 3.1.3.35 system of system 3.1.3.36 threat 3.1.3.37 trustworthiness requirement 3.1.3.38 user 3.1.3.39 validation 3.1.3.40 verifiable
34	3.1.3.41 verification 3.1.3.42 vulnerability 3.2 Abbreviated terms 4 Introduction to system and software trustworthiness 4.1 General 4.2 Context
35	4.3 What is a trustworthy entity? 4.4 Identification of trustworthiness characteristics by domains 4.5 Not all entity requires the same level of trustworthiness
36	4.6 Demonstrating trustworthiness 5 Trustworthiness overview 5.1 Trustworthiness principles 5.1.1 Trustworthiness characteristics should be assessed holistically
37	5.1.2 Trustworthiness should be applicable to any entity 5.1.3 Trustworthiness should be domains and technology agnostic 5.1.4 Trustworthiness requirements should be clear and unambiguous 5.1.5 Trustworthiness should be context-dependent
38	5.1.6 Trustworthiness should be delivered through risk management 5.1.7 Trustworthiness should be managed throughout the entire entity life cycle 5.1.8 Appropriate investment should be provided for trustworthiness 5.1.9 Trustworthiness should be demonstrable 5.1.10 Trustworthiness should be transparent
39	5.2 Concepts 5.2.1 The ecosystem of trustworthiness 5.2.2 Entity and interest in the entity 5.2.3 Entity specifications 5.2.4 Entity life cycle 5.2.5 Entity’s environments
41	5.2.6 Entity information items reference model
44	5.2.7 Trustworthiness characteristics 5.2.7.1 General 5.2.7.2 Baseline characteristics
49	5.2.7.3 Non-baseline trustworthiness characteristics
56	5.2.8 Trustworthiness scope 5.2.9 Trustworthiness risk management
57	5.2.10 Sources of trustworthiness risks
58	5.2.11 Use of entity’s characteristics to determine trustworthiness characteristics 5.2.12 From trustworthiness expectations, concerns and risks to requirements
59	5.2.13 Trustworthiness requirements
61	5.2.14 Trustworthiness controls 5.2.14.1 Purpose 5.2.14.2 Description
62	5.2.14.3 Trustworthiness and verification-measurement activities 5.2.14.4 Trustworthiness control as a graph
63	5.2.14.5 Benefits
64	5.2.14.6 Trustworthiness controls library 5.2.14.6.1 Purpose 5.2.14.6.2 Description
65	5.2.14.6.3 Organization TC library content 5.2.14.6.4 The TCs “Trusworthy online payments” example
66	5.2.14.6.5 The TCs “Privacy law compliance” example 5.2.14.7 Benefits 5.2.14.8 Trustworthiness entity’s life cycle reference model 5.2.14.8.1 Purpose 5.2.14.8.2 Description
67	5.2.15 Trustworthiness demonstrable by evidence 5.2.16 Trustworthiness assurance and level of trustworthiness 5.2.16.1 General
69	5.2.16.2 Trustworthiness assurance level 5.2.16.3 Level of trustworthiness 5.2.17 Trustworthy entity 5.2.18 Trustworthiness and capability maturity model
70	5.3 Trustworthiness frameworks 5.3.1 General 5.3.2 The organization normative framework 5.3.2.1 General
72	5.3.2.2 Purpose 5.3.2.3 Benefits 5.3.2.4 Components
74	5.3.2.5 Processes 5.3.3 Entity normative framework 5.3.3.1 General
75	5.3.3.2 Purpose
76	5.3.3.3 Components 5.3.3.4 Relationship of the ENF to the ONF 5.3.3.5 Benefits
77	5.3.4 Verification normative framework 5.3.4.1 General 5.3.4.2 Purpose 5.3.4.3 Components
78	5.3.4.4 Processes 5.3.4.5 Benefits 6 Trustworthiness overall approach 6.1 General
79	6.2 Processes 6.2.1 Organization normative framework management process 6.2.1.1 General 6.2.1.2 Purpose 6.2.1.3 Process
80	6.2.1.4 Benefits 6.2.2 Entity trustworthiness management process (ETMP) 6.2.2.1 General
81	6.2.2.2 Purpose 6.2.2.3 Process
82	6.2.2.4 Benefits 6.2.3 Trustworthiness verification scheme management process 6.2.3.1 General 6.2.3.2 Purpose
84	6.2.3.3 Benefits
85	Annex A (informative) Complete list of trustworthiness characteristics

Additional information

Status	Definitive
Pages	87
Publication Date	2023-05-01
Standard Number	23/30450875 DC
Title	BS 10754-0. Information technology. Systems trustworthiness – Part 0. Overview and concepts
Publisher	BSI
Committee	ICT/3

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BSI 23/30450875 DC 2023

PDF Catalog

Related products