Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISO/IEC JTC 1/SC 27 IT Security Techniques Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany.

Similar presentations


Presentation on theme: "ISO/IEC JTC 1/SC 27 IT Security Techniques Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany."— Presentation transcript:

1 ISO/IEC JTC 1/SC 27 IT Security Techniques Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany

2 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale SC 27 – IT Security Techniques Scope The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as Security requirements capture methodology; Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services; Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information; Security management support documentation including terminology, guidelines as well as procedures for the registration of security components; Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the area of information security; Security evaluation criteria and methodology.

3 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale SC 27 – IT Security Techniques Organization Working Group 5 Identity management and privacy technologies Convener Mr. K. Rannenberg Working Group 4 Security controls and services Convener Mr. M.-C. Kang Working Group 3 Security evaluation criteria Convener Mr. M. Bañón Working Group 2 Cryptography and security mechanisms Convener Mr. T. Chikazawa Working Group 1 Information security management systems Convener Mr. T. Humphreys ISO/IEC JTC 1/SC 27 IT Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia

4 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale ISMS Implementation Guidance SC 27/WG 1 ISMS Family of Standards ISMS Requirements Information Security Mgt Measurements Information Security Risk Management ISMS Overview and Vocabulary (pka 17799) Code of Practice Accreditation Requirements ISMS Auditing Guidance Supporting Guidelines Accreditation Requirements and Auditing Guidelines Sector Specific Requirements and Guidelines / ITU-T X.1051 Telecom Sector ISMS Requirements ISMS for Inter-sector communications Financial and Insurance Sector ISMS Requirements TR ISMS Guide for auditors on ISMS controls TR Information Security Mgt - Organizational economics

5 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale ICT Readiness for Business Continuity (WD 27031)Cybersecurity (WD 27032)Network Security (CD , WD /3/4) Application Security (WD ) Security Info-Objects for Access Control (TR 15816) Security of Outsourcing (NP) TTP Services Security (TR 14516; 15945) Time Stamping Services (TR 29149) Information security incident management (27035)ICT Disaster Recovery Services (24762) Identification, collection and/or acquisition, and preservation of digital evidence (NP) Unknown or emerging security issues Known security issues Security breaches and compromises SC 27/WG 4 Security Controls and Services

6 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale Cryptographic Protocols Message AuthenticationDigital Signatures Encryption & Modes of Operation Parameter Generation SC 27/WG 2 Cryptography and Security Mechanisms Entity Authentica tion (IS 9798) Key Mgt (IS 11770) Encryption (IS 18033) Modes of Operation (IS 10116) Hash Functions (IS 10118) Message Authentica tion Codes (IS 9797) Signatures giving Msg Recovery (IS 9796) Non- Repudiatio n (IS 13888) Signatures with Appendix (IS 14888) Check Character Systems (IS 7064) Cryptographic Techniques based on Elliptic Curves (IS 15946) Time Stamping Services (IS 18014) Random Bit Generation (IS 18031) Prime Number Generation (IS 18032) Authentica ted Encryption (IS 19772) Biometric Template Protection (NP 24745)

7 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale SC 27/WG 3 Security Evaluation Criteria IT Security Evaluation Criteria (CC) (IS 15408) Evaluation Methodology (CEM) (IS 18045) PP/ ST Guide (TR 15446) Protection Profile Registration Procedures (IS 15292) A Framework for IT Security Assurance (TR 15443) Security Assessment of Operational Systems (TR 19791) Security Evaluation of Biometrics (FDIS 19792) SSE-CMM (IS 21827) Test Requirements for Cryptographic Modules (IS 24759) Security Requirements for Cryptographic Modules (IS 19790) Verification of Cryptographic Protocols (WD 29128) Secure System Engineering Principles and Techniques (NWIP) Responsible Vulnerability Disclosure (WD 29147) Trusted Platform Module (IS 11889)

8 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale SC 27/WG 5 Identity Management & Privacy Technologies WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data. This includes: Frameworks & Architectures A framework for identity management (ISO/IEC 24760, FCD/WD/WD) Privacy framework (ISO/IEC 29100, FCD) Privacy reference architecture (ISO/IEC 29101, CD) Entity authentication assurance framework (ISO/IEC / ITU-T Xeaa, CD) A framework for access management (ISO/IEC 29146, WD) Protection Concepts Biometric information protection (ISO/IEC 24745, FDIS) Requirements for partially anonymous, partially unlinkable authentication (ISO/IEC 29191, CD) Guidance on Context and Assessment Authentication context for biometrics (ISO/IEC 24761, 2009) Privacy capability assessment framework (ISO/IEC 29190, WD)

9 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale SC 27 – IT Security Techniques Recent Achievements Summary between November 2009 and October International Standards and Technical Reports have been published (total number of publications: 98) 13 new projects have been approved (total number of projects: 160) 5 additional O-members (total 18) (total number of P-members: 41) 9 additional liaisons 5liaisons terminated (total number of liaisons: 54)

10 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale 20 Years of SC 27 Information Security Standardisation Platinum Book available from Next SC 27 meetings Apr 11-19, 2011Singapore (WGs and Plenary) Oct 10-14, 2011Nairobi, Kenya (WGs) May 7-15, 2012Sweden (WGs and Plenary)

11 Thank You!

12 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale Areas of Collaboration include ISO/IEC 15816: Security information objects for access control (= ITU-T X.841) ISO/IEC 14516: Guidelines on the use and management of TTP services (= ITU-T X.842) ISO/IEC 15945: Specification of TTP services to support the application of digital signatures (= ITU-T X.843) ISO/IEC 18028: IT network security ISO/IEC 27011: Information security management guidelines for telecommunications (= ITU-T X.1051) ISO/IEC 27010: Information security management for inter-sector communications ISO/IEC 27014: Information security governance framework ISO/IEC 27032: Guidelines for cybersecurity ISO/IEC 24760: A framework for identity management ISO/IEC 29115: Entity authentication assurance (= ITU-T X.eaa)

13 Dr. Walter Fumy I I ITU-T Workhop on Addressing security challenges on a global scale Approved New Projects ISO/IEC – Software development and evaluation under ISO/IEC ISO/IEC – Anonymous digital signatures (2 Parts) ISO/IEC – Anonymous entity authentication (2 Parts) ISO/IEC TR – Information security management – Organizational economics ISO/IEC – Specification for digital redaction ISO/IEC – Physical security attacks, mitigation techniques and security requirements


Download ppt "ISO/IEC JTC 1/SC 27 IT Security Techniques Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany."

Similar presentations


Ads by Google