International Federation for Information Processing

WG 11.4 Mission

Introduction

Management in any organization is responsible for the reliable and secure operation of the information systems that support the organization. As inter and intra-organization networking between information systems become the rule as well as the daily operational environment, the scope of concern takes on new aspects and new technical details come into play. Management must not only address the security issues of wholly internal systems together with any networks to which they might be connected, but also must assure that the protective mechanisms installed in them are not accidentally or intentionally thwarted or subverted by other systems with which data exchange connections are established. 

The range of subjects includes local area networks, regional and wide area networks, homogeneous and heterogeneous networks, and the networks which can arise for varying periods of time as a result of operational requirements for temporary or semi-permanent interconnections which can exist for varying periods of time. 

Such networks will include connections which permit an organization's employees to work from their homes, and those external connections enabling organizations to transact mutually linked business activities e.g. such as will take place under Electronic Data Interchange (EDI) agreements. 

Aims and scope

  • To study and promote internationally accepted processes which will enable management and technicians to fully understand their responsibility in respect of the reliable and secure operation of the information networks which support their organizations, their customers or the general public.
  • To study and promote education and training in the application of security principles, methods, and technologies to networking.

The scope of the working group is:

  • To promote the awareness and understanding of the network aspect of information systems security.
  • To provide a forum for the discussion, understanding and illumination of network security matters.
  • To study and identify the managerial, procedural and technical aspects of network security; and hence to define the network security issues.
  • To study and describe the risks that arise from embedding an information system in a network environment.
  • To advance technologies and practices that support network security controls, make possible the statement of requirements for network security, and in general, advance the foundation for effective network security.
  • To contribute, as feasible and appropriate, to international standards for network security.

History

Working group 11.4 was established in 1985 as working group on Crypto Management, revised in 1992 and 1997 and renamed into working group on Network & Distributed Systems Security in 2003.