PRICES include / exclude VAT
Homepage>BS Standards>03 SOCIOLOGY. SERVICES. COMPANY ORGANIZATION AND MANAGEMENT. ADMINISTRATION. TRANSPORT>03.060 Finances. Banking. Monetary systems. Insurance>20/30382311 DC BS ISO 23195. Security objectives of information systems of third-party payment services
Sponsored link
immediate downloadReleased: 2020-04-28
20/30382311 DC BS ISO 23195. Security objectives of information systems of third-party payment services

20/30382311 DC

BS ISO 23195. Security objectives of information systems of third-party payment services

CURRENCY
LANGUAGE
English
Standard number:20/30382311 DC
Pages:51
Released:2020-04-28
Status:Draft for Comment
DESCRIPTION
This standard 20/30382311 DC BS ISO 23195. Security objectives of information systems of third-party payment services is classified in these ICS categories:
  • 35.240.40 IT applications in banking
  • 03.060 Finances. Banking. Monetary systems. Insurance

This standard defines terms used in the context of discussing payments by using a third-party payment (TPP), establishes a logical structural model in which assets to be protected are clarified, specifies security objectives where the logical structure model is the basis of analysis and the information security objectives are derived by analysing the interaction on the assets affected by threats, organizational security policies and assumptions. These security objectives are set out to counter the threats resulting from the TPP intermediation compared with simpler payment models where the payer and the beneficiary (payee) directly interact with their respective account servicing banks.

NOTE In the standard, some security objectives required by an information system designed to provide TPP payment services are deemed assumptions according to the methodology specified in ISO/IEC 15408 because those matters are able to be considered as the precondition of the application system. At the same time, some security objectives for the communication channels to be created between the entities participating in a TPP-intermediated transaction (e.g., to be established between the TPP-BIS and bank accounting systems) are deemed assumptions according to the methodology specified in ISO/IEC 15408 because the bank accounting systems are out of the TOE.


This product includes: