[BLP:1976]
Bell, D. E. and LaPadula, L.
J., Secure Computer Systems: Unified Exposition and Multics Interpretation,
MTR-2997 Rev. 1, MITRE Corp., Bedford, Mass., March 1976.
[BS25999-1:2006]
Business continuity
management - Part 1: Code of practice. British Standard BS 25999-1:2006.
[CC:2006]
Common Criteria for
Information Technology Security Evaluation, version 3.1, revision 1, September
2006.
Part 1 - Introduction and
general model
Part 2 - Security functional
requirements
Part 3 - Security assurance
requirements
Also published as [ISO/IEC
15408].
[CCN-STIC-001:2006]
Políticas: Seguridad de las TIC en la
Administración. Centro Criptológico Nacional, Guía STIC 001, 2006.
[CCN-STIC-002:2006]
Políticas: Definición de Criptología Nacional.
Centro Criptológico Nacional, Guía STIC 002, 2006.
[CCN-STIC-003:2006]
Políticas: Uso Cifradores Certificados. Centro
Criptológico Nacional, Guía STIC 003, 2006.
[CCN-STIC-101:2005]
Procedimientos: Procedimiento de Acreditación
Nacional. Centro Criptológico Nacional, Guía STIC 101, 2005.
[CCN-STIC-103:2006]
Procedimientos: Catálogo de Productos con
Certificación Criptológica Centro Criptológico Nacional, Guía STIC 103, 2006.
[CCN-STIC-150:2006]
Procedimientos: Evaluación y Clasificación Tempest
de Cifradores con Certificación Criptológica. Centro Criptológico Nacional,
Guía STIC 150 2006.
[CCN-STIC-151:2006]
Procedimientos: Evaluación y Clasificación Tempest
de Equipos. Centro Criptológico Nacional, Guía STIC 151 2006.
[CCN-STIC-152:2006]
Procedimientos: Evaluación y Clasificación Zoning de
Locales. Centro Criptológico Nacional, Guía STIC 152 2006.
[CCN-STIC-201:2006]
Normas: Organización y Gestión STIC. Centro
Criptológico Nacional, Guía STIC 201 2006.
[CCN-STIC-202:2006]
Normas: Estructura y Contenido DRS. Centro
Criptológico Nacional, Guía STIC 202 2006.
[CCN-STIC-203:2006]
Normas: Estructura y Contenido POS. Centro
Criptológico Nacional, Guía STIC 203 2006.
[CCN-STIC-204:2006]
Normas: CO-DRS-POS Formulario Centro Criptológico
Nacional, Guía STIC 204 2006.
[CCN-STIC-207:2006]
Normas: Estructura y Contenido del Concepto de
Operación de Seguridad (COS). Centro Criptológico Nacional, Guía STIC 207 2006.
[CCN-STIC-301:2006]
Instrucciones Técnicas: Requisitos STIC. Centro
Criptológico Nacional, Guía STIC 301 2006.
[CCN-STIC-302:2012]
Instrucciones Técnicas: Interconexión de CIS. Centro
Criptológico Nacional, Guía STIC 302 2012.
[CCN-STIC-303:2006]
Instrucciones Técnicas: Inspección STIC. Centro Criptológico
Nacional, Guía STIC 303 2006.
[CCN-STIC-400:2006]
Guías Generales: Manual de Seguridad de las TIC.
Centro Criptológico Nacional, Guía STIC 400 2006.
[CCN-STIC-401:2007]
Guías Generales: Glosario y Abreviaturas. Centro
Criptológico Nacional, Guía STIC 401 2007.
[CCN-STIC-403:2006]
Guías Generales: Gestión de Incidentes de Seguridad.
Centro Criptológico Nacional, Guía STIC 403 2006.
[CCN-STIC-404:2006]
Guías Generales: Control de Soportes Informáticos.
Centro Criptológico Nacional, Guía STIC 404 2006.
[CCN-STIC-405:2006]
Guías Generales: Algoritmos y Parmetros de Firma
Electrnica Centro Criptológico Nacional, Guía STIC 405 2006.
[CCN-STIC-406:2006]
Guías Generales: Seguridad de Redes Inalámbricas.
Centro Criptológico Nacional, Guía STIC 406 2006.
[CCN-STIC-407:2006]
Guías Generales: Seguridad de Telefonía Móvil.
Centro Criptológico Nacional, Guía STIC 407 2006.
[CCN-STIC-408:2006]
Guías Generales: Seguridad Perimetral - Cortafuegos.
Centro Criptológico Nacional, Guía STIC 408 2006.
[CCN-STIC-414:2006]
Guías Generales: Seguridad en Voz sobre IP. Centro
Criptológico Nacional, Guía STIC 414 2006.
[CCN-STIC-430:2006]
Guías Generales: Herramientas de Seguridad. Centro
Criptológico Nacional, Guía STIC 430 2006.
[CCN-STIC-431:2006]
Guías Generales: Herramientas de Análisis de
Vulnerabilidades. Centro Criptológico Nacional, Guía STIC 431 2006.
[CCN-STIC-432:2006]
Guías Generales: Seguridad Perimetral - Detección de
Intrusos. Centro Criptológico Nacional, Guía STIC 432 2006.
[CCN-STIC-435:2006]
Guías Generales: Herramientas de Monitorización de
Tráfico en Red. Centro Criptológico Nacional, Guía STIC 435 2006.
[CCN-STIC-512:2006]
Guías para Entornos Windows: Gestin de
Actualizaciones de Seguridad en Sistemas Windows. Centro Criptológico Nacional,
Guía STIC 512 2006.
[CCN-STIC-611:2006]
Guías para otros entornos: Configuración Segura
(SuSE Linux). Centro Criptológico Nacional, Guía STIC 611 2006.
[CCN-STIC-612:2006]
Guías para otros entornos: Configuración Segura
(Debian). Centro Criptológico Nacional, Guía STIC 612 2006.
[CCN-STIC-614:2006]
Guías para otros entornos: Configuración Segura
(RedHat Enterprise AS 4 y Fedora). Centro Criptológico Nacional, Guía STIC 614
2006.
[CCN-STIC-641:2006]
Guías para otros entornos: Plantilla configuración
segura Routers CISCO. Centro Criptológico Nacional, Guía STIC 641 2006.
[CCN-STIC-642:2006]
Guías para otros entornos: Configuración Segura
(Switches Enterasys). Centro Criptológico Nacional, Guía STIC 642 2006.
[CCN-STIC-671:2006]
Guías para otros entornos: Configuración Segura
(Servidor Web Apache). Centro Criptológico Nacional, Guía STIC 671 2006.
[CCN-STIC-801:2010]
Esquema Nacional de Seguridad. Responsables y
Funciones. 2010.
[CCN-STIC-903:2006]
Informes Técnicos: Centro Criptológico Nacional,
Guía STIC 903 2006.
[CCN-STIC-951:2006]
Informes Técnicos: Centro Criptológico Nacional,
Guía STIC 951 2006.
[CCN-STIC-952:2006]
Informes Técnicos: Centro Criptológico Nacional,
Guía STIC 952 2006.
[CEM:2006]
Common Evaluation
Methodology, version 3.1, revision 1, September 2006. Also
published as [ISO/IEC 18405].
[CESID:1997]
Centro Superior de Información de la Defensa,
Glosario de Términos de Criptología, Ministerio de Defensa, 3ª edición, 1997.
[CIAO:2000]
Critical Infrastructure
Assurance Office, Practices for Securing Critical Information Assets, January
2000.
[CNSSI_4009:2010]
NATIONAL INFORMATION
ASSURANCE (IA) GLOSSARY. Committee on National Security Systems. CNSS
Instruction No. 4009. April 2010.
[COBIT:2006]
CobiT - Control Objectives,
Management Guidelines, Maturity Models. IT Governance Institute. Version 4.0,
2006.
[CRAMM:2003]
CCTA Risk Analysis and
Management Method (CRAMM), Version 5.0, 2003.
[CSS CA:2010]
Canada’s Cyber Security
Strategy: For a Stronger and More Prosperous Canada, Public Safety
Canada/Sécurité publique Canada, Ottawa, Canada. 2010.
[CSS DE:2011]
Cyber Security Strategy for
Germanu. Feb. 2011.
[CSS EU:2013]
Cybersecurity Strategy of
the European Union: An Open, Safe and Secure Cyberspace, 2013.
[CSS NZ:2011]
New Zealand Cyber Security
Strategy. June 2011.
[Directive-1999/93/EC:1999]
Directive 1999/93/EC of the
European Parliament and the Council of 13 December 1999 on a Community
framework for electronic signatures.
[DoD 5220:2006]
DoD 5220.22-M - NATIONAL
INDUSTRIAL SECURITY PROGRAM, OPERATING MANUAL, February 2006
[EBIOS:2005]
EBIOS - Expression des
Besoins et Identification des Objectifs de Sécurité
[ENS:2010]
Esquema Nacional de Seguridad. Real Decreto 3/2010,
de 8 de enero, por el que se regula el Esquema Nacional de Seguridad en el
ámbito de la Administración Electrónica. BOE de 29 de enero de 2010.
[ES EES:2011]
Estrategia
Española de Seguridad. Una responsabilidad de todos. Gobierno de España. Madrid, 2011.
[FIPS-43-3:1999]
FIPS 43-3, Data Encryption Standard
(DES), October 1999 (withdrawn May 19, 2005).
[FIPS-81:1980]
FIPS 81, DES Modes of
Operation, December 1980 (withdrawn May 19, 2005).
[FIPS-140-2:2001]
FIPS 140-2, Security
Requirements for Cryptographic Modules, May 2001.
[FIPS-186-2:2000]
FIPS 186-2, Digital
Signature Standard (DSS), January, 2000.
[FIPS-199:2004]
FIPS PUB 199, Standards for
Security Categorization of Federal Information and Information Systems,
February 2004..
[FIPS-200:2006]
FIPS 200, Minimum Security
Requirements for Federal Information and Information Systems, March 2006.
[H.235:2005]
ITU-T H.235, Implementors
Guide for H.235 V3: Security and encryption for H-series (H.323 and other
H.245- based) multimedia terminals. (5 August 2005).
[H.530:2002]
ITU-H H.530, Symmetric
security procedures for H.323 mobility in H.510. (03/02).
[IRM-5239-8:1995]
IRM-5239-08A, U.S. Marine
Corps, Compuer Security Procedures, 1995.
[ISDEFE-6:2009]
Seguridad
Nacional y Ciberdefensa. Cuadernos Cátedra ISDEFE-UPM Nº 6. 2009.
[ISO Guide 73:2009]
Risk management --
Vocabulary, 2009.
[ISO-7498-2:1989]
ISO 7498-2:1989, ITU-T
X.800, Information processing systems -- Open Systems Interconnection -- Basic
Reference Model -- Part 2: Security Architecture, 1989.
[ISO-8732:1999]
ISO 8732:1988/Cor 1:1999,
Banking - Key management (wholesale), 1999.
[ISO-8825-1:2002]
ISO/IEC 8825-1:2002,
Information technology -- ASN.1 encoding rules: Specification of Basic Encoding
Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules
(DER), 2002.
[ISO-9000_es:2000]
Sistemas de gestión de la calidad -- Conceptos y
vocabulario, 2000.
[ISO-9594-8:2005]
ISO/IEC 9594-8:2005,
Information technology -- Open Systems Interconnection -- The Directory:
Public-key and attribute certificate frameworks, 2005.
[ISO-9796-2:2002]
ISO/IEC 9796-2:2002,
Information technology -- Security techniques -- Digital signature schemes
giving message recovery -- Part 2: Integer factorization based mechanisms,
2002.
[ISO-9797-1:1999]
ISO/IEC 9797-1:1999,
Information technology -- Security techniques -- Message Authentication Codes
(MACs) -- Part 1: Mechanisms using a block cipher, 1999.
[ISO-9798-1:1997]
ISO/IEC 9798-1:1997,
Information technology -- Security techniques -- Entity authentication -- Part
1: General, 1997.
[ISO-9798-5:2004]
ISO/IEC 9798-5:2004,
Information technology -- Security techniques -- Entity authentication -- Part
5: Mechanisms using zero-knowledge techniques, 2004.
[ISO-10118-1:2000]
ISO/IEC 10118-1:2000,
Information technology -- Security techniques -- Hash-functions -- Part 1:
General, 2000.
[ISO-10118-3:2004]
ISO/IEC 10118-3:2004
Information technology -- Security techniques -- Hash-functions -- Part 3:
Dedicated hash-functions, 2004.
[ISO-10181-1:1996]
ISO/IEC 10181-1:1996, ITU-T
X.810, Information technology - Open Systems Interconnection - Security
frameworks for open systems: Overview, 1996.
[ISO-10181-2:1996]
ISO/IEC 10181-2:1996, ITU-T
X.811, Information technology -- Open Systems Interconnection -- Security
frameworks for open systems: Authentication framework, 1996.
[ISO-11568:2005]
ISO 11568-1:2005, Banking --
Key management (retail) -- Part 1: Principles, 2005.
[ISO-11568-2:2005]
ISO 11568-2:2005, Banking --
Key management (retail) -- Part 2: Symmetric ciphers, their key management and
life cycle, 2005.
[ISO-11568-4:2007]
ISO 11568-4:2007, Banking --
Key management (retail) -- Part 4: Asymmetric cryptosystems -- Key management
and life cycle, 2007.
[ISO-11770-1:1996]
ISO/IEC 11770-1:1996,
Information technology -- Security techniques -- Key management -- Part 1:
Framework, 1996.
[ISO-11770-2:1996]
ISO/IEC 11770-2:1996,
Information technology -- Security techniques -- Key management -- Part 2:
Mechanisms using symmetric techniques, 1996.
[ISO-11770-3:2008]
ISO/IEC 11770-3:2008,
Information technology -- Security techniques -- Key management -- Part 3:
Mechanisms using asymmetric techniques, 2008.
[ISO-11770-4:2006]
ISO/IEC 11770-4:2006,
Information technology -- Security techniques -- Key management -- Part 4:
Mechanisms based on weak secrets, 2006.
[ISO-13335-1:2004]
ISO/IEC 13335-1:2004,
Information technology -- Security techniques -- Management of information and
communications technology security -- Part 1: Concepts and models for
information and communications technology security management, 2004.
[ISO-13335-4:2000]
ISO/IEC 13335-4:2000,
Information technology -- Guidelines for the management of IT Security -- Part
4: Selection of safeguards, 2000.
[ISO-13888-1:2004]
ISO/IEC 13888-1:2004, IT
security techniques -- Non-repudiation -- Part 1: General, 2004.
[ISO-14516:2002]
ISO/IEC TR 14516:2002,
Information technology -- Security techniques -- Guidelines for the use and
management of Trusted Third Party services, 2002.
[ISO-14888-1:1998]
ISO/IEC 14888-1:1998, Information
technology -- Security techniques -- Digital signatures with appendix -- Part
1: General, 1998.
[ISO-14888-3:2006]
ISO/IEC 14888-3:2006,
Information technology -- Security techniques -- Digital signatures with
appendix -- Part 3: Discrete logarithm based mechanisms, 2006.
[ISO-15292:2001]
ISO/IEC 15292:2001,
Information technology - Security techniques - Protection Profile registration
procedures, 2001.
[ISO-15443-1:2005]
ISO/IEC TR 15443:2005,
Information technology -- Security techniques -- A framework for IT security
assurance -- Part 1: Overview and framework, 2005.
[ISO-15782-1:2003]
ISO 15782-1:2003,
Certificate management for financial services -- Part 1: Public key
certificates, 2003.
[ISO-15816:2002]
ISO/IEC 15816:2002,
Information technology -- Security techniques -- Security information objects
for access control, 2002.
[ISO-15939:2002]
ISO/IEC 15939:2002, Software
engineering -- Software measurement process, 2002.
[ISO-15945:2002]
ISO/IEC 15945:2002,
Information technology -- Security techniques -- Specification of TTP services
to support the application of digital signatures, 2002.
[ISO-15946-1:2002]
ISO/IEC 15946-1:2002,
Information technology -- Security techniques -- Cryptographic techniques based
on elliptic curves -- Part 1: General, 2002.
[ISO-15946-2:2002]
ISO/IEC 15946-2:2002,
Information technology -- Security techniques -- Cryptographic techniques based
on elliptic curves -- Part 2: Digital signatures, 2002.
[ISO-15946-3:2002]
ISO/IEC 15946-3:2002,
Information technology -- Security techniques -- Cryptographic techniques based
on elliptic curves -- Part 3: Key establishment, 2002.
[ISO-15946-4:2004]
ISO/IEC 15946-4:2004
Information technology -- Security techniques -- Cryptographic techniques based
on elliptic curves -- Part 4: Digital signatures giving message recovery, 2004.
[ISO-15947:2002]
ISO/IEC TR 15947:2002,
Information technology -- Security techniques -- IT intrusion detection
framework, 2002.
[ISO-17799:2005]
ISO/IEC 17799:2005,
Information technology -- Code of practice for information security management,
2005.
[ISO-18014-1:2002]
ISO/IEC IS 18014-2:2002,
Information technology -- Security techniques -- Time-stamping services -- Part
1: Framework 2002.
[ISO-18014-2:2002]
ISO/IEC IS 18014-2:2002,
Information technology -- Security techniques -- Time-stamping services -- Part
2: Mechanisms producing independent tokens 2002.
[ISO-18028-1:2006]
ISO/IEC 18028-1:2006,
Information technology -- Security techniques -- IT network security -- Part 1:
Network security management, 2006.
[ISO-18028-2:2006]
ISO/IEC 18028-2:2006,
Information technology -- Security techniques -- IT network security -- Part 1:
Network security architecture, 2006.
[ISO-18028-3:2005]
ISO/IEC 18028-3:2005,
Information technology -- Security techniques -- IT network security -- Part 3:
Securing communications between networks using security gateways , 2005.
[ISO-18028-4:2005]
ISO/IEC 18028-4:2005,
Information technology -- Security techniques -- IT network security -- Part 4:
Securing remote access, 2005.
[ISO-18028-5:2006]
ISO/IEC 18028-5:2006,
Information technology -- Security techniques -- IT network security -- Part 5:
Securing communications across networks using virtual private networks, 2006.
[ISO-18031:2005]
ISO/IEC 18031:2005,
Information technology -- Security techniques -- Random bit generation, 2005.
[ISO-18033-1:2005]
ISO/IEC 18033-1:2005,
Information technology -- Security techniques -- Encryption algorithms -- Part
1: General, 2005.
[ISO-18033-2:2006]
ISO/IEC 18033-2:2006,
Information technology -- Security techniques -- Encryption algorithms -- Part
2: Asymmetric ciphers 2006.
[ISO-18033-3:2005]
ISO/IEC 18033-3:2005,
Information technology -- Security techniques -- Encryption algorithms -- Part
3: Block ciphers 2005.
[ISO-18033-4:2005]
ISO/IEC 18033-4:2005,
Information technology -- Security techniques -- Encryption algorithms -- Part
3: Stream ciphers 2005.
[ISO-18043:2006]
ISO/IEC 18043:2006,
Information technology -- Security techniques -- Selection, deployment and
operations of intrusion detection systems. 2006.
[ISO-18044:2004]
ISO/IEC TR 18044:2004,
Information technology -- Security techniques -- Information security incident
management, 2004.
[ISO-19790:2006]
ISO/IEC 19790:2006,
Information technology -- Security techniques -- Security requirements for
cryptographic modules. 2006.
[ISO-21827:2007]
ISO/IEC 21827:2002,
Information technology -- Systems Security Engineering -- Capability Maturity
Model (SSE-CMM), 2007.
[ISO-2382-8:1998]
ISO/IEC 2382-8:1998,
Information technology -- Vocabulary -- Part 8: Security, 1998.
[ISO/IEC 27000:2014]
ISO/IEC 27000:2014,
Information technology -- Security techniques -- Information security
management systems – Overview and vocabulary, 2014.
[ISO-27032:2012]
ISO/IEC 27032:2012, Information technology – Security
techniques – Guidelines for cybersecurity, 2012.
[ISO-27034-1:2011]
ISO/IEC 27034-1:2011, Information technology – Security
techniques – Application security, 2011.
[ISO-27050:2015]
ISO/IEC CD 27050:2015,
Information technology -- Security techniques -- Electronic discovery, 2015
[ITIL:2007]
ITIL V3 Glossary, 30 May
2007
[ITSEC:1991]
ITSEC - Information
Technology Security Evaluation Criteria - Harmonized Criteria of France, Germany,
the Netherlands, and the United Kingdom, Version 1.1, Published by Dept. of
Trade and Industry, London, 1991.
[ITSEM:1993]
ITSEM - Information
Technology Security Evaluation Manual. Commission of the European Communities. 1993.
[JP2-0:2013]
Joint Publication 2-0. Joint
Intelligence. 22 October 2013.
[knapp:2014]
Knapp, Eric D.; Langill, Joel Thomas (2014-12-22). Industrial Network
Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and
Other Industrial Control Systems (Kindle Locations 9173-9175). Elsevier Science.
[Ley 8/2011]
Ley 8/2011, de 28 de abril, por la que se establecen
medidas para la protección de las infraestructuras críticas.
[Ley-59:2003]
Ley 59/2003, de 19 de diciembre, de firma
electrónica.
[Magerit:1997]
Ministerio de Administraciones Públicas, Metodología
de Análisis y Gestión de Riesgos de los Sistemas de Información, MAP, versión
1.0, 1997.
[Magerit:2006]
Ministerio de Administraciones Públicas, Metodología
de Análisis y Gestión de Riesgos de los Sistemas de Información, MAP, versión
2.1, 2006.
[Magerit:2012]
Ministerio de Administraciones Públicas, Metodología
de Análisis y Gestión de Riesgos de los Sistemas de Información, MAP, versión
3.0, 2012.
[NATO
AC/35-WP(2012)0007(IA)]
Glossary, 15 June, 2012.
[NERC:2014]
Glossary of Terms Used in NERC Reliability Standards, North American
Electric Reliability Corporation, Updated October 1, 2014
[NIST-SP800-18:2006]
Guide for Developing
Security Plans for Federal Information Systems. NIST Special Publication 800-18
Rev. 1, February 2006.
[NIST-SP800-27:2004]
Engineering Principles for
Information Technology Security (A Baseline for Achieving Security), NIST
Special Publication 800-27 Rev. A, June 2004.
[NIST-SP800-33:2001]
Underlying Technical Models
for Information Technology Security, NIST Special Publication 800-33, December
2001.
[NIST-SP800-34:2002]
Contingency Planning Guide
for Information Technology Systems, NIST Special Publication 800-34, June 2002.
[NIST-SP800-37:2004]
Guide for the Security
Certification and Accreditation of Federal Information Systems, NIST Special
Publication 800-37, May 2004.
[NIST-SP800-38A:2001]
Recommendation for Block
Cipher Modes of Operation - Methods and Techniques, NIST Special Publication
800-38A, Dec 2001.
[NIST-SP800-38B:2005]
Recommendation for Block
Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special
Publication 800-38B, May 2005.
[NIST-SP800-38C:2004]
Recommendation for Block
Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality,
NIST Special Publication 800-38C, May 2004.
[NIST-SP800-38D:2007]
Recommendation for Block
Cipher Modes of Operation: Galois/Counter, NIST Special Publication 800-38D,
Nov 2007.
[NIST-SP800-53:2013]
Recommended Security
Controls for Federal Information Systems, NIST Special Publication 800-53,
Rev.4 April 2013.
[NIST-SP800-55:2003]
Security Metrics Guide for
Information Technology Systems, NIST Special Publication 800-55, July 2003.
[NIST-SP800-57:2007]
Recommendation for Key
Management - Part 1: General, NIST Special Publication 800-57, March 2007.
[NIST-SP800-60V2:2004]
Volume II: Appendixes to
Guide for Mapping Types of Information and Information Systems to Security
Categories, NIST Special Publication 800-60, June 2004.
[NIST-SP800-61:2004]
Computer Security Incident
Handling Guide, NIST Special Publication 800-61, January 2004.
[NIST-SP800-63:2013]
Electronic Authentication
Guideline, NIST Special Publication 800-63, Rev.2, 2013.
[NIST-SP800-77:2005]
Guide to IPsec VPNs NIST
Special Publication 800-77, December 2005.
[NIST-SP800-83:2005]
Guide to Malware Incident
Prevention and Handling, NIST Special Publication 800-83, November 2005.
[NIST-SP800-88:2006]
Guidelines for Media Sanitization,
NIST Special Publication 800-88, September 2006.
[NIST-SP800-94:2007]
Guide to Intrusion Detection
and Prevention Systems (IDPS) NIST Special Publication 800-94, February 2007.
[NIST-SP800-100:2006]
Information Security
Handbook: A Guide for Managers, NIST Special Publication 800-100, October 2006.
[NIST7298:2011]
NIST IR 7298 Glossary of Key
Information Security Terms, Revision 1, February, 2011.
[Octave:2003]
C. Alberts and A. Dorofee,
Managing information Security Risks. The OCTAVE Approach, Addison Wesley, 2003.
[PE-CONS 60/14]
REGLAMENTO
DEL PARLAMENTO EUROPEO Y DEL CONSEJO relativo a la identificación electrónica y
los servicios de confianza para las transacciones electrónicas en el mercado
interior y por la que se deroga la Directiva 1999/93 CE, Bruselas, 16 de julio
de 2014
REGULATION OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services
for electronic transactions in the internal market and repealing Directive
1999/93/EC, Brussels, 16 July 2014
RÈGLEMENT DU PARLEMENT
EUROPÉEN ET DU CONSEIL sur l'identification électronique et les services de
confiance pour les transactions électroniques au sein du marché intérieur et
abrogeant la directive 1999/93/CE, Bruxelles, le 16 juillet 2014
[RFC4949:2007]
RFC4949, Internet Security
Glossary, Version 2, August 2007
Each entry is preceded by a
character -- I, N, O, or D -- enclosed in parentheses, to indicate the type of
definition (as is explained further in Section 3):
"I" for a
RECOMMENDED term or definition of Internet origin.
"N" if RECOMMENDED
but not of Internet origin.
"O" for a term or
definition that is NOT recommended for use in IDOCs but is something that
authors of Internet documents should know about.
"D" for a term or
definition that is deprecated and SHOULD NOT be used in Internet documents.
[Ribagorda:1997]
A. Ribagorda, Glosario de Términos de Seguridad de
las T.I., Ediciones CODA, 1997.
[RiskIT-PG:2009]
The Risk IT Practitioner
Guide. November 2009.
[TCSEC:1985]
TCSEC - Trusted Computer
Systems Evaluation Criteria, DoD 5200.28-STD, Department of Defense, United
States of America, 1985
[TDIR:2003]
Texas Department of
Information Resources, Practices for Protecting Information Resources Assets,
Revised September 2003.
[UNE Guía 73:2010]
Gestión del riesgo -- Vocabulario, 2010.
[UNE-71502:2004]
UNE 71502:2004, Especificaciones para los Sistemas
de Gestión de la Seguridad de la Información (SGSI), 2004.
[UNE-71504:2008]
UNE 71504:2008 - Metodología de análisis y gestión
de riesgos de los sistemas de información, 2008.
[US-ESC:2012]
US ESC:2012, ELECTRICITY
SUBSECTOR CYBERSECURITY. RISK MANAGEMENT PROCESS. U.S. Department of Energy.
March 2012.
[US MSCO:2006]
US MSCO, The National
Military Strategy for Cyberspace Operations. Dec. 2006.
[X.509:2005]
ITU-T X.509, ISI/IEC 9594-8,
Information technology - Open Systems Interconnection - The Directory:
Public-key and attribute certificate frameworks. 08/2005.
[X.790:1995]
ITU-T X.790, X.790
Trouble management function for ITU-T applications. (11/95).
[X.805:2003]
ITU-T X.805, Security
architecture for systems providing end-to-end communications, (10/03).
[X.810:1995]
ITU-T X.810, ISO/IEC
10181-1:1996, Information technology - Open Systems Interconnection - Security
frameworks for open systems: Overview. (11/95).