Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISO/IEC JTC 1/SC 27 – IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH.

Published byArnold Stevenson Modified over 7 years ago

Similar presentations

Presentation on theme: "ISO/IEC JTC 1/SC 27 – IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH."— Presentation transcript:

1 ISO/IEC JTC 1/SC 27 – IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH

2 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 2 ISO – International Organization for Standardization Worldwide federation of national standards bodies from 157 countries, one from each country, e.g.,  CYS – Cyprus Organization for Standardization (www.cys.org.cy)www.cys.org.cy ISO was established in 1947 (www.iso.org)www.iso.org 3.093 technical bodies  201 technical committees (TCs)  542 subcommittees (SCs)  2.287 working groups (WGs) ISO's work results in international agreements which are published as International Standards (IS)  17.041 standards and standards-type documents  1.105 (57.477 pages) published in 2007

3 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 3 ISO/IEC JTC 1 – Information Technology Security Related Sub-committees  SC 6Telecommunications and information exchange between systems  SC 7 Software and systems engineering  SC 17 Cards and personal identification  SC 25 Interconnection of information technology equipment  SC 27IT Security techniques  SC 29Coding of audio, picture, multimedia and hypermedia information  SC 31Automatic identification and data capture techniques  SC 32Data management and interchange  SC 36Information technology for learning, education and training  SC 37Biometrics

4 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 4 SC 27 – IT Security Techniques Scope The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as  Security requirements capture methodology;  Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services;  Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;  Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;  Security aspects of identity management, biometrics and privacy;  Conformance assessment, accreditation and auditing requirements in the area of information security;  Security evaluation criteria and methodology.

5 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 5 SC 27 – IT Security Techniques Organization Working Group 5 Identity management and privacy technologies Convener Mr. K. Rannenberg Working Group 4 Security controls and services Convener Mr. M.-C. Kang Working Group 3 Security evaluation criteria Convener Mr. M. Ohlin Working Group 2 Cryptography and security mechanisms Convener Mr. K. Naemura Working Group 1 Information security management systems Convener Mr. T. Humphreys ISO/IEC JTC 1/SC 27 IT Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia http://www.jtc1sc27.din.de/en

6 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 6 27003 ISMS Implementation Guidance SC 27/WG 1 ISMS Family of Standards 27001 ISMS Requirements 27004 Information Security Mgt Measurements 27005 Information Security Risk Management 27000 ISMS Overview and Vocabulary 27002 (pka 17799) Code of Practice 27006 Accreditation Requirements 27007 ISMS Auditing Guidance Supporting Guidelines Accreditation Requirements and Auditing Guidelines Sector Specific Requirements and Guidelines 27011 Telecom Sector ISMS Requirements 27012 ISMS for e-Government 27010 ISMS for Inter-sector communications 27015 Financial and Insurance Sector ISMS Requirements 27008 ISMS Guide for auditors on ISMS controls

7 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 7 ICT Readiness for Business Continuity (WD 27031)Cybersecurity (WD 27032)Network Security (CD 27033-1, WD 27033-2/3/4) Application Security (WD 27034-1) Security Info-Objects for Access Control (TR 15816) Security of Outsourcing (NP) TTP Services Security (TR 14516; 15945) Time Stamping Services (TR 29149) Information security incident management (27035)ICT Disaster Recovery Services (24762) Identification, collection and/or acquisition, and preservation of digital evidence (NP) Unknown or emerging security issues Known security issues Security breaches and compromises SC 27/WG 4 Security Controls and Services

8 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 8 Cryptographic Protocols Message AuthenticationDigital Signatures Encryption & Modes of Operation Parameter Generation SC 27/WG 2 Cryptography and Security Mechanisms Entity Authentica tion (IS 9798) Key Mgt (IS 11770) Encryption (IS 18033) Modes of Operation (IS 10116) Hash Functions (IS 10118) Message Authentica tion Codes (IS 9797) Signatures giving Msg Recovery (IS 9796) Non- Repudiatio n (IS 13888) Signatures with Appendix (IS 14888) Check Character Systems (IS 7064) Cryptographic Techniques based on Elliptic Curves (IS 15946) Time Stamping Services (IS 18014) Random Bit Generation (IS 18031) Prime Number Generation (IS 18032) Authentica ted Encryption (IS 19772) Biometric Template Protection (NP 24745)

9 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 9 SC 27/WG 3 Security Evaluation Criteria IT Security Evaluation Criteria (CC) (IS 15408) Evaluation Methodology (CEM) (IS 18045) PP/ ST Guide (TR 15446) Protection Profile Registration Procedures (IS 15292) A Framework for IT Security Assurance (TR 15443) Security Assessment of Operational Systems (TR 19791) Security Evaluation of Biometrics (FDIS 19792) Verification of Cryptographic Protocols (WD 29128) SSE-CMM (IS 21827) Secure System Engineering Principles and Techniques (NWIP) Responsible Vulnerability Disclosure (WD 29147) Test Requirements for Cryptographic Modules (IS 24759) Security Requirements for Cryptographic Modules (IS 19790)

10 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 10 SC 27/WG 5 Identity Management & Privacy Technologies WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data. This includes:  Frameworks & Architectures  A Framework for Identity Management (ISO/IEC 24760, WD)  Privacy Framework (ISO/IEC 29100, CD)  Privacy Reference Architecture (ISO/IEC 29101, WD)  A Framework for Access Management (ISO/IEC 29146, WD)  Protection Concepts  Biometric template protection (ISO/IEC 24745, WD)  Requirements on relative anonymity with identity escrow – model for authentication and authorization using group signatures (NWIP)  Guidance on Context and Assessment  Authentication Context for Biometrics (ISO/IEC 24761, FDIS)  Entity Authentication Assurance (ISO/IEC 29115, WD)  Privacy Capability Maturity Model (NWIP)

11 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 11 11 Identity Management & Privacy Technologies Roadmap

12 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 12 ISO/IEC PAS 11889 Trusted Platform Module  The Trusted Computing Group (TCG) submitted the TPM 1.2 specification to JTC 1 for PAS TranspositionTrusted Computing Group  ISO/IEC PAS DIS 11889  Trusted Platform Module - Part 1: Overview  Trusted Platform Module - Part 2: Design principles  Trusted Platform Module - Part 3: Structures  Trusted Platform Module - Part 4: Commands  6 month NB ballot closed 2008-07-24  Ballot resolution meeting 2008-10-11, Limassol, Cyprus  Final text for ISO/IEC 11889 submitted for publication

13 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 13 SC 27 – IT Security Techniques Approved New Projects  NP 27008: Guidance for auditors on ISMS controls.  NP 27010: Information security management for inter-sector communications.  NP 27012: Information security management guidelines for e-government services.  NP 27035: Information security incident management.  NP 29128: Verification of cryptographic protocols.  NP 29146: A framework for access management.  NP 29147: Responsible vulnerability disclosure.  NP 29149: Best practice on the provision of time-stamping services.  NP 29150: Signcryption.

14 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 14 SC 27 – IT Security Techniques Proposed New Projects – Approval Pending  NP 27013: Guidance for the integrated implementation of 20000-1 with 27001 (collaborative with JTC 1/SC7).Guidance for the integrated implementation of 20000-1 with 27001  NP 27014: Information security governance framework.Information security governance framework  NP 27015: Information security management systems (ISMS) for the financial and insurance services sector.  Guidelines for the security of outsourcing.  Guidelines for identification, collection, and/or acquisition and preservation of digital evidence.  Requirements on relative anonymity with identity escrow - Model for authentication and authorization using group signatures. Requirements on relative anonymity with identity escrow  Privacy Capability Maturity Model. Privacy Capability Maturity Model  Secure System Engineering principles and techniques.  Lightweight cryptography. Lightweight cryptography

15 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 15 SC 27 – IT Security Techniques Achievements & New Projects Summary Between November 2007 and October 2008  14 International Standards and Technical Reports have been published (total number of pages: 1331)  2 International Standards are awaiting publication  9 New Projects have been approved  9 Proposed Projects are awaiting approval Average # of ISO standards published in 2008  2.32 per SC  0.52 per WG Average # of pages published in 2008  130 per SC  29 per WG

16 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 16 Selected Liaisons SC37 banking biometrics telecoms IC cards sw & system engineering information security safety healthcare TC204 SC7 Visa MasterCard TC215 transport ISACA audit

17 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 17 Conclusion  The good news about (security) standards is … … there are so many to choose from :-)  Given the limited availability of resources for the development of security standards, we must avoid duplication of effort and make use of effective cooperation and collaboration.  Given the vast number of activities in the area of security standards, we must bring together information about existing standards, standards under development, and key organizations that are working on these standards.  ICT Security Standards Roadmap ICT Security Standards Roadmap

18 11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February 2009 18 SD 11: Information and ICT Security Standards – An invitation to the past, present, and future work of SC27  Provides an high-level overview of the work of SC27.  Includes a number of the SC27 articles that have been published by ISO in the publications ISO Focus, ISO Journal and ISO Management System.  Freely available  http://www.jtc1sc27.din.de/sce/sd11http://www.jtc1sc27.din.de/sce/sd11  Version 2.0, September 2008 (100 pages). More Information & Contact  http://www.jtc1sc27.din.de/en http://www.jtc1sc27.din.de/en  SC 27 Secretariat:Krystyna.Passia@din.de  SC 27 Chairman:Walter.Fumy@bdr.de  SC 27 Vice Chair: Marijke.DeSoete@pandora.be

19 Thank You Contact: Walter.Fumy@bdr.de http://www.jtc1sc27.din.de/en

20 ID documents ► Passports and ID cards ► Driving licences ► Employee and access cards ► eServices ID documents ► Passports and ID cards ► Driving licences ► Employee and access cards ► eServices Border management ► Biometric systems ► Authentication terminals ► Secure database systems Border management ► Biometric systems ► Authentication terminals ► Secure database systems Trust Center ► Electronic signatures ► PKI products and services Trust Center ► Electronic signatures ► PKI products and services Banknotes ► Euro banknotes ► International banknotes ► Security features Banknotes ► Euro banknotes ► International banknotes ► Security features Value and security printing ► Postage stamps ► Revenue stamps Value and security printing ► Postage stamps ► Revenue stamps Publication systems ► Automated document production ► Publication platforms for patent information Publication systems ► Automated document production ► Publication platforms for patent information 130_0010e_1/07 www.bundesdruckerei.de Copyright 2009 Bundesdruckerei GmbH. All rights reserved. Products and Solutions

Download ppt "ISO/IEC JTC 1/SC 27 – IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH."

Similar presentations

ISO/IEC JTC 1/SC 27 IT Security Techniques

ISO/IEC JTC 1/SC 27 IT Security Techniques
ISO/IEC JTC 1/SC 27 – IT Security Techniques

ISO/IEC JTC 1/SC 27 – IT Security Techniques
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.

JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
© 2012 Security Compass inc. 1 Application Security ISO Tak Chijiiwa, CISSP, CSSLP Principal Consultant, Security Compass Copyright 2012.

© 2012 Security Compass inc. 1 Application Security ISO Tak Chijiiwa, CISSP, CSSLP Principal Consultant, Security Compass Copyright 2012.
ISO/IEC JTC1 SC37 Overview

ISO/IEC JTC1 SC37 Overview
26.10.2004 Walter siemens.com SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives.

Walter siemens.com SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives.
Security Controls – What Works

Security Controls – What Works
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
GSC16-OBS-03 ITU-T GSC – 16 Observer Presentation Karen Higginbottom, JTC 1 Chair.

GSC16-OBS-03 ITU-T GSC – 16 Observer Presentation Karen Higginbottom, JTC 1 Chair.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Geneva, Switzerland, 14 November 2014 Cloud Computing - Overview and Vocabulary (Y.3500) Eric A. Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data.

Geneva, Switzerland, 14 November 2014 Cloud Computing - Overview and Vocabulary (Y.3500) Eric A. Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data.
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
DOCUMENT #:GSC15-PLEN-47r1 FOR:Presentation or Information SOURCE:CCSA AGENDA ITEM:6.9 CCSA Standardization activities on.

DOCUMENT #:GSC15-PLEN-47r1 FOR:Presentation or Information SOURCE:CCSA AGENDA ITEM:6.9 CCSA Standardization activities on.
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Similar presentations

Ads by Google