ISO/IEC JTC 1/SC 27 N7769

Similar documents
Security Standardization

Recent Developments in ISO Security Standardization

ISO/IEC ISO/IEC

John Snare Chair Standards Australia Committee IT/12/4

Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities

standards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in

International Standardisation on IT Security

ISO/IEC JTC 1/SC 27 N17XXX ISO/IEC JTC 1/SC 27/WG 1 N9XX

SC27 WG4 Mission. Security controls and services

ISO/IEC JTC 1 Study Group on Smart Cities

Predstavenie štandardu ISO/IEC 27005

ISO/IEC JTC 1/SC 22 N Replaces

ISO/IEC JTC 1 N 13145

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary

International standardization activities in SC 27 regarding Security Assurance and Evaluation

TITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in Lillehammer, Norway

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

Work and Projects in ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy technologies

STATUS: For NP ballot for development as a Type 2 Technical Report.

NSAI s ICT standardization participation and consultation system and operation as ETSI/NSO. Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC

Information Systems Security Management: A Review and a Classification of the ISO Standards

BRUCON BISI Norm track

This document is a preview generated by EVS

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC JTC1/SC7 /N3040

ISO/IEC JTC 1/SWG 5 N 11

Information technology Security techniques Information security controls for the energy utility industry

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

JTC 1 SC 37 Biometrics International Standards

This document is a preview generated by EVS

ISO/IEC Information technology Security techniques Code of practice for information security management

ISO/IEC JTC 1/SC 35 N 1664

ISO/IEC INTERNATIONAL STANDARD

Reported by Jim Moore, The MITRE Corporation, ,

Electronic Commerce Working Group report

ISO/IEC JTC 1 N 13538

An Overview of ISO/IEC family of Information Security Management System Standards

ISO/IEC TR TECHNICAL REPORT

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Entity authentication assurance framework

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

SMART ICT STANDARDS ANALYSIS

ISO/IEC INTERNATIONAL STANDARD

Information technology Security techniques Cryptographic algorithms and security mechanisms conformance testing

ISO/IEC JTC1/SC7 /N4314

ISO/IEC JTC 1/SC 32 N 1257

ISO/IEC JTC 1/SC 25 N 4Chi008 Date:

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

ISO/IEC JTC1/SC7 /N3037

ISO/IEC JTC 1 N 11274

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

GUIDE FOR ITU-T AND ISO/IEC JTC 1 COOPERATION

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

3(Geneva/Secretary)2B

ISO/IEC INTERNATIONAL STANDARD

The main objective is to respond to an increasing need for coordination since there is a close relationship among multiple ISO security standards proj

ISO/IEC JTC 1/SC 32 N 2150 Date: Replaces: --

ISO/IEC Status Report to T10

ISO/IEC JTC 1 N 11326

Policies and Procedures Date: February 28, 2012

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

ISO/IEC JTC 1 N Replaces: JTC 1 N ISO/IEC JTC 1 Information Technology

ISO/IEC JTC 1 N 11298

Volume I, Appendix B References Table of Contents

ISO/IEC INTERNATIONAL STANDARD. Information technology JPEG 2000 image coding system: Motion JPEG 2000

IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

Network and Information Security Directive

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques A framework for IT security assurance Part 2: Assurance methods

ETSI TC MTS, SECURITY SIG IN MTS (METHODS FOR TESTING AND SPECIFICATION) Jürgen Großmann, Fraunhofer FOKUS

Internet of Things Security standards

Introduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing. Junfeng ZHAO

Role of I&C Conceptual Design in NPP Licensing

_isms_27001_fnd_en_sample_set01_v2, Group A

ISO/IEC JTC 1 N Replaces: ISO/IEC JTC 1 Information Technology

Information technology Security techniques Code of practice for personally identifiable information protection

ISO/IEC INTERNATIONAL STANDARD

Introducing the JTC 1 Strategic Advisory Committee. October 2013

ISO/IEC JTC 1/SC 32 N 2490

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Frequently Asked Questions

This document is a preview generated by EVS

Introduction to Conformity Assessment and ISO/CASCO Tool Box

The NIS Directive and Cybersecurity in

ISO & ISO & ISO Cloud Documentation Toolkit

ISO/IEC JTC 1 N

Information technology Security techniques Information security controls for the energy utility industry

ISO/IEC JTC 1/SC 2 N 3840 DATE:

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

ISO/IEC JTC 1/SC 35 User Interfaces Secretariat: AFNOR

INTERNATIONAL STANDARD

Information technology Security techniques Blind digital signatures. Part 1: General

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

ISO/IEC JTC 1/SC 32 N 2602

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

ISO/IEC JTC1/SC7 3810

Legal Regulations and Vulnerability Analysis

ISA99 - Industrial Automation and Controls Systems Security

ISO Implementation

ISO/IEC Information technology Multimedia content description interface Part 7: Conformance testing

ISO/IEC JTC 1 Information Technology

Information technology Security techniques Telebiometric authentication framework using biometric hardware security module

Transcription:

ISO/IEC JTC 1/SC 27 N7769 REPLACES: N ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany DOC TYPE: officer's contribution TITLE: SC 27 Presentation to ITU-T Workshop in Geneva, February 2009 SOURCE: Walter Fumy, SC 27 Chairman DATE: 2009-02-01 PROJECT: STATUS: ACTION ID: This document is being circulated for information. FYI DUE DATE: DISTRIBUTION: P, O, L Members L. Rajchel, JTC 1 Secretariat K. Brannon, ITTF W. Fumy, SC 27 Chairman M. De Soete, SC 27 Vice Chair T. Humphreys, M.-C. Kang, K. Naemura, M. Ohlin, K. Rannenberg, WG- Conveners MEDIUM: Livelink-server NO. OF PAGES: 1 + 17 Secretariat ISO/IEC JTC 1/SC 27 - DIN Deutsches Institut für Normung e. V., Burggrafenstr. 6, 10772 Berlin, Germany Telephone: + 49 30 2601-2652; Facsimile:+ 49 30 2601-1723; e-mail: krystyna.passia@din.de HTTP://www.jtc1sc27.din.de/en

ISO/IEC JTC 1/SC 27 IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH

ISO/IEC JTC 1 Information Technology Security Related Sub-committees SC 6 Telecommunications and information exchange between systems SC 7 Software and systems engineering SC 17 Cards and personal identification SC 25 Interconnection of information technology equipment SC 27 IT Security techniques SC 29 Coding of audio, picture, multimedia and hypermedia information SC 31 Automatic identification and data capture techniques SC 32 Data management and interchange SC 36 Information technology for learning, education and training SC 37 Biometrics ITU-T Workshop - Geneva - February 2009 2

SC 27 IT Security Techniques Scope The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as Security requirements capture methodology; Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services; Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information; Security management support documentation including terminology, guidelines as well as procedures for the registration of security components; Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the area of information security; Security evaluation criteria and methodology. ITU-T Workshop - Geneva - February 2009 3

SC 27 IT Security Techniques Organization ISO/IEC JTC 1/SC 27 IT Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia Working Group 1 Working Group 2 Working Group 3 Working Group 4 Working Group 5 Information security management systems Cryptography and security mechanisms Security evaluation criteria Security controls and services Identity management and privacy technologies Convener Convener Convener Convener Convener Mr. T. Humphreys Mr. K. Naemura Mr. M. Ohlin Mr. M.-C. Kang Mr. K. Rannenberg http://www.jtc1sc27.din.de/en ITU-T Workshop - Geneva - February 2009 4

SC 27/WG 1 ISMS Family of Standards 27001 ISMS Requirements 27000 ISMS Overview and Vocabulary 27002 (pka 17799) Code of Practice 27003 ISMS Implementation Guidance 27004 Information Security Mgt Measurements 27005 Information Security Risk Management Supporting Guidelines 27006 Accreditation Requirements 27007 ISMS Auditing Guidance 27008 ISMS Guide for auditors on ISMS controls Accreditation Requirements and Auditing Guidelines 27010 ISMS for Inter-sector communications 27011 Telecom Sector ISMS Requirements 27012 ISMS for e-government 27015 Financial and Insurance Sector ISMS Requirements Sector Specific Requirements and Guidelines ITU-T Workshop - Geneva - February 2009 5

SC 27/WG 4 Security Controls and Services Unknown or emerging security issues Known security issues Security breaches and compromises ITU-T Workshop - Geneva - February 2009 6

SC 27/WG 2 Cryptography and Security Mechanisms Entity Authentica tion (IS 9798) Key Mgt (IS 11770) Non- Repudiatio n (IS 13888) Cryptographic Protocols Time Stamping Services (IS 18014) Hash Functions (IS 10118) Message Authentica tion Codes (IS 9797) Check Character Systems (IS 7064) Message Authentication Cryptographic Techniques based on Elliptic Curves (IS 15946) Signatures giving Msg Recovery (IS 9796) Digital Signatures Signatures with Appendix (IS 14888) Biometric Template Protection (NP 24745) Authentica Encryption Modes & of ted Operation Modes Encryption of Operation (IS 19772) (IS 10116) Encryption (IS 18033) Random Bit Parameter Generation Generation (IS 18031) Prime Number Generation (IS 18032) ITU-T Workshop - Geneva - February 2009 7

SC 27/WG 3 Security Evaluation Criteria Secure System Engineering Principles and Techniques (NWIP) SSE-CMM (IS 21827) Security Assessment of Operational Systems (TR 19791) Responsible Vulnerability Disclosure (WD 29147) A Framework for IT Security Assurance (TR 15443) Security Requirements for Cryptographic Modules (IS 19790) Test Requirements for Cryptographic Modules (IS 24759) IT Security Evaluation Criteria (CC) (IS 15408) Evaluation Methodology (CEM) (IS 18045) PP/ ST Guide (TR 15446) Protection Profile Registration Procedures (IS 15292) Verification of Cryptographic Protocols (WD 29128) Security Evaluation of Biometrics (FDIS 19792) ITU-T Workshop - Geneva - February 2009 8

SC 27/WG 5 Identity Management & Privacy Technologies WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data. This includes: Frameworks & Architectures A Framework for Identity Management (ISO/IEC 24760, WD) Privacy Framework (ISO/IEC 29100, CD) Privacy Reference Architecture (ISO/IEC 29101, WD) A Framework for Access Management (ISO/IEC 29146, WD) Protection Concepts Biometric template protection (ISO/IEC 24745, WD) Requirements on relative anonymity with identity escrow model for authentication and authorization using group signatures (NWIP) Guidance on Context and Assessment Authentication Context for Biometrics (ISO/IEC 24761, FDIS) Entity Authentication Assurance (ISO/IEC 29115, WD) Privacy Capability Maturity Model (NWIP) ITU-T Workshop - Geneva - February 2009 9

Identity Management & Privacy Technologies Roadmap ITU-T Workshop - Geneva - February 2009 10 10

ISO/IEC PAS 11889 Trusted Platform Module The Trusted Computing Group (TCG) submitted the TPM 1.2 specification to JTC 1 for PAS Transposition ISO/IEC PAS DIS 11889 Trusted Platform Module - Part 1: Overview Trusted Platform Module - Part 2: Design principles Trusted Platform Module - Part 3: Structures Trusted Platform Module - Part 4: Commands 6 month NB ballot closed 2008-07-24 Ballot resolution meeting 2008-10-11, Limassol, Cyprus Final text for ISO/IEC 11889 submitted for publication ITU-T Workshop - Geneva - February 2009 11

SC 27 IT Security Techniques Approved New Projects NP 27008: Guidance for auditors on ISMS controls. NP 27010: Information security management for inter-sector communications. NP 27012: Information security management guidelines for e-government services. NP 27035: Information security incident management. NP 29128: Verification of cryptographic protocols. NP 29146: A framework for access management. NP 29147: Responsible vulnerability disclosure. NP 29149: Best practice on the provision of time-stamping services. NP 29150: Signcryption. ITU-T Workshop - Geneva - February 2009 12

SC 27 IT Security Techniques Proposed New Projects Approval Pending NP 27013: Guidance for the integrated implementation of 20000-1 with 27001 (collaborative with JTC 1/SC7). NP 27014: Information security governance framework. NP 27015: Information security management systems (ISMS) for the financial and insurance services sector. Guidelines for the security of outsourcing. Guidelines for identification, collection, and/or acquisition and preservation of digital evidence. Requirements on relative anonymity with identity escrow - Model for authentication and authorization using group signatures. Privacy Capability Maturity Model. Secure System Engineering principles and techniques. Lightweight cryptography. ITU-T Workshop - Geneva - February 2009 13

SC 27 IT Security Techniques Achievements & New Projects Summary Between November 2007 and October 2008 14 International Standards and Technical Reports have been published (total number of pages: 1331) 2 International Standards are awaiting publication 9 New Projects have been approved 9 Proposed Projects are awaiting approval Average # of ISO standards published in 2007 2.04 per SC 0.48 per WG Average # of pages published in 2007 106 per SC 25 per WG ITU-T Workshop - Geneva - February 2009 14

Selected Liaisons biometrics SC7 IC cards sw & system engineering ISACA audit SC37 SC17 ISSA information security telecoms ITU-T SC27 Liaisons ISSEA TC68 TC65 banking safety MasterCard Visa TC215 healthcare TC204 transport ITU-T Workshop - Geneva - February 2009 15

Conclusion The good news about (security) standards is there are so many to choose from :-) Given the limited availability of resources for the development of security standards, we must avoid duplication of effort and make use of effective cooperation and collaboration. Given the vast number of activities in the area of security standards, we must bring together information about existing standards, standards under development, and key organizations that are working on these standards. ICT Security Standards Roadmap ITU-T Workshop - Geneva - February 2009 16

SD 11: Information and ICT Security Standards An invitation to the past, present, and future work of SC27 Provides an high-level overview of the work of SC27. Includes a number of the SC27 articles that have been published by ISO in the publications ISO Focus, ISO Journal and ISO Management System. Freely available http://www.jtc1sc27.din.de/sce/sd11 Version 2.0, September 2008 (100 pages). More Information & Contact http://www.jtc1sc27.din.de/en SC 27 Secretariat: Krystyna.Passia@din.de SC 27 Chairman: Walter.Fumy@bdr.de SC 27 Vice Chair: Marijke.DeSoete@pandora.be ITU-T Workshop - Geneva - February 2009 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback