ISO/IEC JTC 1/SC 27 – IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH.

Slides:



Advertisements
Similar presentations
ISO/IEC JTC 1/SC 27 IT Security Techniques
Advertisements

ISO/IEC JTC 1/SC 27 – IT Security Techniques
Cloud computing security related works in ITU-T SG17
JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
© 2012 Security Compass inc. 1 Application Security ISO Tak Chijiiwa, CISSP, CSSLP Principal Consultant, Security Compass Copyright 2012.
ISO/IEC JTC1 SC37 Overview
Walter siemens.com SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives.
Security Controls – What Works
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
GSC16-OBS-03 ITU-T GSC – 16 Observer Presentation Karen Higginbottom, JTC 1 Chair.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Geneva, Switzerland, 14 November 2014 Cloud Computing - Overview and Vocabulary (Y.3500) Eric A. Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data.
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
First Practice - Information Security Management System Implementation and ISO Certification.
DOCUMENT #:GSC15-PLEN-47r1 FOR:Presentation or Information SOURCE:CCSA AGENDA ITEM:6.9 CCSA Standardization activities on.
Fraud Prevention and Risk Management
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Gurpreet Dhillon Virginia Commonwealth University
ISO turbehalduse standardid Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös)
SEC835 Database and Web application security Information Security Architecture.
Defence and Security Division SC37 Paris status report CEN Biometric Focus Group Brussels January 26th 2005.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ICT Accessibility Standardization Dr. Jim Carter, ISACC Document No: GSC16-PLEN-57r2 Source: ISACC.
European Electronic Identity Practices CEN TC224 WG15 European Citizen Card Standard Speaker: L. Gaston AXALTO Date: 26 May 05.
1 ISO/IEC JTC1/SC37 Standards A presentation of the family of biometric standards October 2008.
SC 37 “Biometrics” and correlations with JTC1 Special Working Group on Accessibility Ing. Mario Savastano IBB (CNR) and DIEL (Federico II University of.
Overview of SC 32/WG 2 Standards Projects Supporting Semantics Management Open Forum 2005 on Metadata Registries 14:45 to 15:30 13 April 2005 Larry Fitzwater.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.
Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.
ISO’s standardization approach to security, privacy and trust
Jürgen Großmann, Fraunhofer FOKUS
ISO/IEC JTC 1/SC 7 Working Group 42 - Architecture Johan Bendz
ISO/IEC Joint Technical Committee 1 ISO/IEC JTC 1
ISO Smart and Sustainable Cities developments
Learn Your Information Security Management System
ISO/IEC Software Testing
ISO Update and Priorities
ISO Security Standardization News
Cyber-security and IEC International Standards
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
ISO/IEC Joint Technical Committee 1 ISO/IEC JTC 1
Introduction to ISO/IEC JTC 1 SC7
County HIPAA Review All Rights Reserved 2002.
ISO Update and Priorities
HIMSS National Conference New Orleans Convention Center
Introduction of ISO/IEC Identity Proofing
Dashboard eHealth services: actual mockup
ISO Smart and Sustainable Cities developments
ITU-T SG17 Q.3 Telecommunication information security management
Martin Euchner, Advisor, ITU-T Study Group 17
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Neopay Practical Guides #2 PSD2 (Should I be worried?)
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.
ITU-T activity in ICT security
Recent Standardization Activities on Cloud Computing
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

ISO/IEC JTC 1/SC 27 – IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February ISO – International Organization for Standardization Worldwide federation of national standards bodies from 157 countries, one from each country, e.g.,  CYS – Cyprus Organization for Standardization ( ISO was established in 1947 ( technical bodies  201 technical committees (TCs)  542 subcommittees (SCs)  working groups (WGs) ISO's work results in international agreements which are published as International Standards (IS)  standards and standards-type documents  ( pages) published in 2007

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February ISO/IEC JTC 1 – Information Technology Security Related Sub-committees  SC 6Telecommunications and information exchange between systems  SC 7 Software and systems engineering  SC 17 Cards and personal identification  SC 25 Interconnection of information technology equipment  SC 27IT Security techniques  SC 29Coding of audio, picture, multimedia and hypermedia information  SC 31Automatic identification and data capture techniques  SC 32Data management and interchange  SC 36Information technology for learning, education and training  SC 37Biometrics

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SC 27 – IT Security Techniques Scope The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as  Security requirements capture methodology;  Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services;  Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;  Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;  Security aspects of identity management, biometrics and privacy;  Conformance assessment, accreditation and auditing requirements in the area of information security;  Security evaluation criteria and methodology.

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SC 27 – IT Security Techniques Organization Working Group 5 Identity management and privacy technologies Convener Mr. K. Rannenberg Working Group 4 Security controls and services Convener Mr. M.-C. Kang Working Group 3 Security evaluation criteria Convener Mr. M. Ohlin Working Group 2 Cryptography and security mechanisms Convener Mr. K. Naemura Working Group 1 Information security management systems Convener Mr. T. Humphreys ISO/IEC JTC 1/SC 27 IT Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February ISMS Implementation Guidance SC 27/WG 1 ISMS Family of Standards ISMS Requirements Information Security Mgt Measurements Information Security Risk Management ISMS Overview and Vocabulary (pka 17799) Code of Practice Accreditation Requirements ISMS Auditing Guidance Supporting Guidelines Accreditation Requirements and Auditing Guidelines Sector Specific Requirements and Guidelines Telecom Sector ISMS Requirements ISMS for e-Government ISMS for Inter-sector communications Financial and Insurance Sector ISMS Requirements ISMS Guide for auditors on ISMS controls

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February ICT Readiness for Business Continuity (WD 27031)Cybersecurity (WD 27032)Network Security (CD , WD /3/4) Application Security (WD ) Security Info-Objects for Access Control (TR 15816) Security of Outsourcing (NP) TTP Services Security (TR 14516; 15945) Time Stamping Services (TR 29149) Information security incident management (27035)ICT Disaster Recovery Services (24762) Identification, collection and/or acquisition, and preservation of digital evidence (NP) Unknown or emerging security issues Known security issues Security breaches and compromises SC 27/WG 4 Security Controls and Services

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February Cryptographic Protocols Message AuthenticationDigital Signatures Encryption & Modes of Operation Parameter Generation SC 27/WG 2 Cryptography and Security Mechanisms Entity Authentica tion (IS 9798) Key Mgt (IS 11770) Encryption (IS 18033) Modes of Operation (IS 10116) Hash Functions (IS 10118) Message Authentica tion Codes (IS 9797) Signatures giving Msg Recovery (IS 9796) Non- Repudiatio n (IS 13888) Signatures with Appendix (IS 14888) Check Character Systems (IS 7064) Cryptographic Techniques based on Elliptic Curves (IS 15946) Time Stamping Services (IS 18014) Random Bit Generation (IS 18031) Prime Number Generation (IS 18032) Authentica ted Encryption (IS 19772) Biometric Template Protection (NP 24745)

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SC 27/WG 3 Security Evaluation Criteria IT Security Evaluation Criteria (CC) (IS 15408) Evaluation Methodology (CEM) (IS 18045) PP/ ST Guide (TR 15446) Protection Profile Registration Procedures (IS 15292) A Framework for IT Security Assurance (TR 15443) Security Assessment of Operational Systems (TR 19791) Security Evaluation of Biometrics (FDIS 19792) Verification of Cryptographic Protocols (WD 29128) SSE-CMM (IS 21827) Secure System Engineering Principles and Techniques (NWIP) Responsible Vulnerability Disclosure (WD 29147) Test Requirements for Cryptographic Modules (IS 24759) Security Requirements for Cryptographic Modules (IS 19790)

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SC 27/WG 5 Identity Management & Privacy Technologies WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data. This includes:  Frameworks & Architectures  A Framework for Identity Management (ISO/IEC 24760, WD)  Privacy Framework (ISO/IEC 29100, CD)  Privacy Reference Architecture (ISO/IEC 29101, WD)  A Framework for Access Management (ISO/IEC 29146, WD)  Protection Concepts  Biometric template protection (ISO/IEC 24745, WD)  Requirements on relative anonymity with identity escrow – model for authentication and authorization using group signatures (NWIP)  Guidance on Context and Assessment  Authentication Context for Biometrics (ISO/IEC 24761, FDIS)  Entity Authentication Assurance (ISO/IEC 29115, WD)  Privacy Capability Maturity Model (NWIP)

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February Identity Management & Privacy Technologies Roadmap

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February ISO/IEC PAS Trusted Platform Module  The Trusted Computing Group (TCG) submitted the TPM 1.2 specification to JTC 1 for PAS TranspositionTrusted Computing Group  ISO/IEC PAS DIS  Trusted Platform Module - Part 1: Overview  Trusted Platform Module - Part 2: Design principles  Trusted Platform Module - Part 3: Structures  Trusted Platform Module - Part 4: Commands  6 month NB ballot closed  Ballot resolution meeting , Limassol, Cyprus  Final text for ISO/IEC submitted for publication

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SC 27 – IT Security Techniques Approved New Projects  NP 27008: Guidance for auditors on ISMS controls.  NP 27010: Information security management for inter-sector communications.  NP 27012: Information security management guidelines for e-government services.  NP 27035: Information security incident management.  NP 29128: Verification of cryptographic protocols.  NP 29146: A framework for access management.  NP 29147: Responsible vulnerability disclosure.  NP 29149: Best practice on the provision of time-stamping services.  NP 29150: Signcryption.

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SC 27 – IT Security Techniques Proposed New Projects – Approval Pending  NP 27013: Guidance for the integrated implementation of with (collaborative with JTC 1/SC7).Guidance for the integrated implementation of with  NP 27014: Information security governance framework.Information security governance framework  NP 27015: Information security management systems (ISMS) for the financial and insurance services sector.  Guidelines for the security of outsourcing.  Guidelines for identification, collection, and/or acquisition and preservation of digital evidence.  Requirements on relative anonymity with identity escrow - Model for authentication and authorization using group signatures. Requirements on relative anonymity with identity escrow  Privacy Capability Maturity Model. Privacy Capability Maturity Model  Secure System Engineering principles and techniques.  Lightweight cryptography. Lightweight cryptography

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SC 27 – IT Security Techniques Achievements & New Projects Summary Between November 2007 and October 2008  14 International Standards and Technical Reports have been published (total number of pages: 1331)  2 International Standards are awaiting publication  9 New Projects have been approved  9 Proposed Projects are awaiting approval Average # of ISO standards published in 2008  2.32 per SC  0.52 per WG Average # of pages published in 2008  130 per SC  29 per WG

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February Selected Liaisons SC37 banking biometrics telecoms IC cards sw & system engineering information security safety healthcare TC204 SC7 Visa MasterCard TC215 transport ISACA audit

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February Conclusion  The good news about (security) standards is … … there are so many to choose from :-)  Given the limited availability of resources for the development of security standards, we must avoid duplication of effort and make use of effective cooperation and collaboration.  Given the vast number of activities in the area of security standards, we must bring together information about existing standards, standards under development, and key organizations that are working on these standards.  ICT Security Standards Roadmap ICT Security Standards Roadmap

11,5512,258,407,707,356,6511,5512,25 6,65 6,30 5,60 1,75 1,40 3,15 7,00 7,70 ITU-T Workshop - Geneva - February SD 11: Information and ICT Security Standards – An invitation to the past, present, and future work of SC27  Provides an high-level overview of the work of SC27.  Includes a number of the SC27 articles that have been published by ISO in the publications ISO Focus, ISO Journal and ISO Management System.  Freely available   Version 2.0, September 2008 (100 pages). More Information & Contact   SC 27  SC 27  SC 27 Vice Chair:

Thank You Contact:

ID documents ► Passports and ID cards ► Driving licences ► Employee and access cards ► eServices ID documents ► Passports and ID cards ► Driving licences ► Employee and access cards ► eServices Border management ► Biometric systems ► Authentication terminals ► Secure database systems Border management ► Biometric systems ► Authentication terminals ► Secure database systems Trust Center ► Electronic signatures ► PKI products and services Trust Center ► Electronic signatures ► PKI products and services Banknotes ► Euro banknotes ► International banknotes ► Security features Banknotes ► Euro banknotes ► International banknotes ► Security features Value and security printing ► Postage stamps ► Revenue stamps Value and security printing ► Postage stamps ► Revenue stamps Publication systems ► Automated document production ► Publication platforms for patent information Publication systems ► Automated document production ► Publication platforms for patent information 130_0010e_1/07 Copyright 2009 Bundesdruckerei GmbH. All rights reserved. Products and Solutions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.