1 / 15

SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives

SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives. ISO/IEC JTC 1/SC 27: Information technology - Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete. SC 27 Secretariat DIN Ms. K. Passia. Working Group 1 Requirements, services, guidelines

tala
Download Presentation

SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SC 27 IT Security TechniquesBusiness Plan & Report on Marketing Initiatives

  2. ISO/IEC JTC 1/SC 27: Information technology - Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia Working Group 1 Requirements, services, guidelines Convener Mr. T. Humphreys Working Group 2 Security techniques and mechanisms Convener Mr. K. Naemura Working Group 3 Security evaluation criteria Convener Mr. M. Ohlin SC 27 “IT Security Techniques” • Standardization of generic IT security services and techniques, including • identification of generic requirements for IT system security services, • development of security techniques and mechanisms (cryptographic and non-cryptographic), • development of security guidelines, • development of management support documentation and standards, • development of criteria for IT security evaluation and certification of IT systems, components, and products.

  3. Brazil Belgium France Netherlands Sweden USSR Canada Denmark Germany Norway Switzerland China USA Finland Italy Spain UK Japan founding P-Members (in 1990) Russian Federation South Africa Kenya Korea Ukraine Malaysia Austria New Zealand Australia Poland Czech Republic India Luxembourg Singapore 1994 1996 1999 2001 2002 2003 additional P-Members Membership of SC 27 • O-members: • Argentina, Indonesia, Estonia, Hungary, Ireland, Israel, Lithuania, Serbia and Montenegro, Romania, Slovakia, Turkey

  4. SC 27 Collaboration (I) • ITU-T Q10/SG17 • Collaboration in order to progress common or twin text documents and to publish common standards • Security information objects • Guidelines on the use and management of Trusted Third Party services • Specification of TTP services to support the application of digital signatures • IT Network Security (new) • Code of practice for information security (new) • The International Common Criteria Project (ICCP) • long-standing technical liaison • SC 27 published the Common Criteria as IS 15408-1, -2, -3 • close cooperation with CCIMB (and CCEB) has allowed the NBs of those countries not represented on the CCIMB to review, comment and contribute to the project

  5. SC 27 Collaboration (II) • ISO/IEC JTC 1/SC 37 ‘Biometrics’ • ISO TC 68 ‘Banking and Related Financial Services’ • Joint Coordination Committee on Security Work • TC 68 and SC 27 collaborate on IT security standards of mutual interest, including • Message authentication • Protection Profiles • Security guidelines • Biometrics • Fruitful liaisons with many other organizations within ISO/IEC JTC 1 including SC 6, SC 7, SC 17, and SC 36, within ISO including TC 215, and to several external organizations including the European Committee for Banking Standards (ECBS), ETSI, and ISSEA.

  6. Recent SC 27 Publications • IS10118: Hash-functions – • Part 3: Dedicated hash-functions (2nd edition) • IS 13888: Non-repudiation – • Part 1: General (2nd edition) • TR 15446: Guide on the production of protection profiles and security targets • IS 18014: Time stamping services – • Part 3: Mechanisms producing linked tokens

  7. Approved for Publication • IS 13335: Management of information and communications technology security • Part 1: Concepts and models for information and communications technology security management • TR 15433: A framework for IT security assurance – • Part 1: Overview and framework • Part 2: Assurance methods • IS 15946: Cryptographic techniques based on elliptic curves – • Part 4: Digital signatures with message recovery • IS 18028: IT network security – • Part 4: Remote access • TR 18044: Information security incident management

  8. New Projects and Study Periods Recently approved • NP 18043: Deployment and operation of Intrusion Detection Systems (Oct 2004) • NP 24742: Information security management and measurements (Oct 2004) • NP 24743: Information Security Management Systems (Oct 2004) • NP 24745: Biometric template protection (Oct 2004) Study Periods • Information security management systems (ISMS). • Security management and biometrics. • Authentication of biometric data. • Object identifiers and ASN.1 syntax.

  9. SC 27 & Privacy Technology • IT Security Technology is related to Privacy Technology • SC 27 does have some expertise in Privacy • SC 27 is developing standards related to Privacy Technology • PAS DIS 20886: “Privacy Framework” was assigned to SC 27 • PTSG has recognized SC 27 as one option for moving forward • SC 27 would welcome such assignment, and in this case probably form a WG dedicated to Privacy Technology

  10. 6 FDIS ballots 15 FCD ballots 13 CD ballots 4 NP Ballots 3 DTR ballots 1 PDTR ballot Progress Report42Ballots November 2003 – October 2004

  11. Marketing Initiatives • Position of a PR officer established in 2002 • Press Releases • Publications • ISO Focus, January 2004 • ISMS Journal, April 2004 • ISO Focus, July 2004 • Presentations & Panels • ITU-T Cybersecurity Symposium,Florianopolis, October 2004 • ICC Roundtable: Technology for security & safety, Paris, Oct 25 • “Roadmap”

  12. Principles provide generally accepted high-level basic rules used as a foundation to guidance Frameworks provide a simplified description of interrelationships used to organize concepts, methods and technologies Element Standards provide specific requirements that apply to a defined area of security management Application Guides and Supplements provide detailed descriptions offering guidance on how element standards may be applied in specific situations Hierarchical Security Management Model(SC 27 View) Terminology Toolbox of Techniques

  13. Hierarchical Security Management Model(SC 27 View) ISO Guide 73 SC 27 SD 6 Updated and harmonized Terminology Principles Information Security Management Principles Frameworks Information Security Mgt Framework MICTS-1: Models and concepts Element Standards Information Security Mgt System(NP 24743) Code of Practice for ISM (IS 17799 /ITU-T X.???) MICTS-2: Risk management ISM Metrics & Measurements(NP 24742) Application Guides and Supplements IS 19011 Auditing Financial ISMS Guide (TC 68) T-ISMS: Telecom ISMS Guide (ITU-TX.1051) Healthcare ISMS Guide (TC 215) Toolbox of Techniques Info Security Incident Management(TR 18044) IT Intrusion Detection Framework(TR 15947) Guidelines for TTP Services(IS 14516 /ITU-T X.842) IT Network Security (IS 18028 /ITU-T X.???)

  14. Summary • SC 27 is responsible for • 74 projects, including 38 active projects • More Information & Contact • SC 27 web-page: scope, organization, work items, etc.http://www.din.de/ni/sc27/ • Catalogue of SC 27 Projects & Standardshttp://www.din.de/ni/sc27/doc7.html • SC 27 Secretariat: Krystyna.Passia@din.de • SC 27 Chairman: Walter.Fumy@siemens.com

  15. SC 27 - Meeting Calendar 2003 • April 28–May 6 Québec, Canada WGs & Plenary • Oct 20-24 Paris, France WGs 2004 • April 19-27 Singapore WGs & Plenary • Oct 18-22 Fortaleza, Brazil WGs 2005 • April 11-19 Vienna, Austria WGs & Plenary • Nov 7-11 Kuala Lumpur, Malaysia WGs

More Related