ISO/IEC JTC 1/SC 27 IT Security Techniques - PowerPoint PPT Presentation

About This Presentation
Title:

ISO/IEC JTC 1/SC 27 IT Security Techniques

Description:

IT Security Techniques Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany * I ITU-T Workhop on Addressing security challenges ... – PowerPoint PPT presentation

Number of Views:107
Avg rating:3.0/5.0
Slides: 14
Provided by: ituIntdm
Category:
Tags: iec | iso | jtc | security | techniques

less

Transcript and Presenter's Notes

Title: ISO/IEC JTC 1/SC 27 IT Security Techniques


1
ISO/IEC JTC 1/SC 27IT Security Techniques
  • Dr. Walter FumyChairman ISO/IEC JTC 1/SC 27
  • Chief Scientist, Bundesdruckerei GmbH, Germany

2
SC 27 IT Security Techniques Scope
  • The development of standards for the protection
    of information and ICT. This includes generic
    methods, techniques and guidelines to address
    both security and privacy aspects, such as
  • Security requirements capture methodology
  • Management of information and ICT security in
    particular information security management
    systems (ISMS), security processes, security
    controls and services
  • Cryptographic and other security mechanisms,
    including but not limited to mechanisms for
    protecting the accountability, availability,
    integrity and confidentiality of information
  • Security management support documentation
    including terminology, guidelines as well as
    procedures for the registration of security
    components
  • Security aspects of identity management,
    biometrics and privacy
  • Conformance assessment, accreditation and
    auditing requirements in the area of information
    security
  • Security evaluation criteria and methodology.

3
SC 27 IT Security Techniques Organization
  • ISO/IEC JTC 1/SC 27
  • IT Security techniques
  • Chair Mr. W. Fumy Vice-Chair Ms. M. De Soete

SC 27 Secretariat DIN Ms. K. Passia
Working Group 5 Identity management and privacy
technologies Convener Mr. K. Rannenberg
Working Group 4 Security controls and
services Convener Mr. M.-C. Kang
Working Group 3 Security evaluation
criteria Convener Mr. M. Bañón
Working Group 2 Cryptography and security
mechanisms Convener Mr. T. Chikazawa
Working Group 1 Information security management
systems Convener Mr. T. Humphreys
http//www.jtc1sc27.din.de/en
4
SC 27/WG 1 ISMS Family of Standards
27001ISMS Requirements
27000 ISMS Overview and Vocabulary
27006 Accreditation Requirements
27010 ISMS for Inter-sector communications
27002 (pka 17799)Code of Practice
27007 ISMS Auditing Guidance
27011 / ITU-T X.1051 Telecom Sector ISMS
Requirements
27003 ISMS Implementation Guidance
TR 27008 ISMS Guide for auditors on ISMS controls
27015 Financial and Insurance Sector ISMS
Requirements
27004 Information Security Mgt Measurements
TR 27016 Information Security Mgt -
Organizational economics
27005 Information SecurityRisk Management
Supporting Guidelines
Accreditation Requirements and Auditing Guidelines
Sector Specific Requirements and Guidelines
5
SC 27/WG 4Security Controls and Services
Unknown or emerging security issues
Known security issues
Security breaches and compromises
6
SC 27/WG 2Cryptography and Security Mechanisms
Entity Authentication (IS 9798)
Key Mgt(IS 11770)
Non-Repudiation(IS 13888)
Time Stamping Services(IS 18014)
Cryptographic Techniques based on Elliptic Curves
(IS 15946)
Hash Functions(IS 10118)
Message Authentication Codes(IS 9797)
Signatures giving Msg Recovery(IS 9796)
Signatures with Appendix(IS 14888)
Check Character Systems(IS 7064)
Encryption(IS 18033)
Modes of Operation(IS 10116)
Random Bit Generation(IS 18031)
Prime Number Generation(IS 18032)
Authenticated Encryption(IS 19772)
Biometric Template Protection(NP 24745)
7
SC 27/WG 3Security Evaluation Criteria
SSE-CMM(IS 21827)
A Framework forIT SecurityAssurance(TR 15443)
Security Assessment ofOperational Systems(TR
19791)
IT Security Evaluation Criteria (CC) (IS 15408)
Evaluation Methodology (CEM) (IS 18045)
PP/ STGuide(TR 15446)
Protection Profile Registration Procedures(IS
15292)
Security Evaluation of Biometrics (FDIS 19792)
8
SC 27/WG 5Identity Management Privacy
Technologies
  • WG 5 covers the development and maintenance of
    standards and guidelines addressing security
    aspects of identity management, biometrics and
    the protection of personal data. This includes
  • Frameworks Architectures
  • A framework for identity management (ISO/IEC
    24760, FCD/WD/WD)
  • Privacy framework (ISO/IEC 29100, FCD)
  • Privacy reference architecture (ISO/IEC 29101,
    CD)
  • Entity authentication assurance framework
    (ISO/IEC 29115 / ITU-T Xeaa, CD)
  • A framework for access management (ISO/IEC 29146,
    WD)
  • Protection Concepts
  • Biometric information protection (ISO/IEC 24745,
    FDIS)
  • Requirements for partially anonymous, partially
    unlinkable authentication (ISO/IEC 29191, CD)
  • Guidance on Context and Assessment
  • Authentication context for biometrics (ISO/IEC
    24761, 2009)
  • Privacy capability assessment framework (ISO/IEC
    29190, WD)

9
SC 27 IT Security Techniques Recent
Achievements
  • Summary
  • between November 2009 and October 2010
  • 11 International Standards and Technical Reports
    have been published (total number of
    publications 98)
  • 13 new projects have been approved (total
    number of projects 160)
  • 5 additional O-members (total 18) (total number
    of P-members 41)
  • 9 additional liaisons 5 liaisons terminated
    (total number of liaisons 54)

10
20 Years of SC 27 Information Security
Standardisation
  • Platinum Bookavailable from http//www.jtc1sc27
    .din.de/sbe/sc27berlin
  • Next SC 27 meetings
  • Apr 11-19, 2011 Singapore(WGs and Plenary)
  • Oct 10-14, 2011 Nairobi, Kenya(WGs)
  • May 7-15, 2012 Sweden(WGs and Plenary)

11
Thank You!
  • Walter.Fumy_at_bdr.de

12
Areas of Collaborationinclude
  • ISO/IEC 15816 Security information objects for
    access control ( ITU-T X.841)
  • ISO/IEC 14516 Guidelines on the use and
    management of TTP services ( ITU-T X.842)
  • ISO/IEC 15945 Specification of TTP services to
    support the application of digital signatures (
    ITU-T X.843)
  • ISO/IEC 18028 IT network security
  • ISO/IEC 27011 Information security management
    guidelines for telecommunications ( ITU-T
    X.1051)
  • ISO/IEC 27010 Information security management
    for inter-sector communications
  • ISO/IEC 27014 Information security governance
    framework
  • ISO/IEC 27032 Guidelines for cybersecurity
  • ISO/IEC 24760 A framework for identity
    management
  • ISO/IEC 29115 Entity authentication assurance (
    ITU-T X.eaa)

13
Approved New Projects
  • ISO/IEC 20004 Software development and
    evaluation under ISO/IEC 15408
  • ISO/IEC 20008 Anonymous digital signatures (2
    Parts)
  • ISO/IEC 20009 Anonymous entity authentication
    (2 Parts)
  • ISO/IEC TR 27016 Information security
    management Organizational economics
  • ISO/IEC 27038 Specification for digital
    redaction
  • ISO/IEC 30104 Physical security attacks,
    mitigation techniques and security requirements
Write a Comment
User Comments (0)
About PowerShow.com