ISO/IEC JTC 1/SC 27 IT Security Techniques

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.

Network and Information Security Report – ICTSB/NISSG Dr. Angelika Plate.

University of Duisburg-Essen Information Systems for Production and Operations Research Dr. Jan M. Pawlowski E-Learning Quality E-Learning Quality.

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

ISO/IEC JTC 1/SC 27 – IT Security Techniques

International Telecommunication Union Geneva, 9(pm)-10 February 2009 Trend in User-Centric Identity Management Technology and its Standards Sangrae

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

Committed to Connecting the World 1 February 2010 SG 17 input for a joint ITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010) Chairman: Arkadiy.

ITU-T activity in ICT security

Geneva, Switzerland, 11 June 2012 Standardization activities on Future Network in JTC 1/SC 6 Shin-Gak Kang Convenor, SC 6/WG 7 Joint.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Security Frameworks Robert M. Slade, MSc, CISSP

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

EMS Checklist (ISO model)

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya

Agenda What is Compliance? Risk and Compliance Management

1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Checking & Corrective Action

Environmental Management Systems Refresher

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.

Introduction to ISO and the 27x extended range standards

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Registry system data exchange General design requirements Pre-sessional Consultations on Registries 19 October 2002 New Delhi, India UNFCCC secretariat.

Cloud computing security related works in ITU-T SG17

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

© 2012 Security Compass inc. 1 Application Security ISO Tak Chijiiwa, CISSP, CSSLP Principal Consultant, Security Compass Copyright 2012.

ISO/IEC JTC1 SC37 Overview

Walter siemens.com SC 27 IT Security Techniques Business Plan & Report on Marketing Initiatives.

Security Controls – What Works

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Information Security Management – Management System Requirements, Code of Practice for Controls, and Risk Management supervision Assistant Professor Dr.

Gurpreet Dhillon Virginia Commonwealth University

ISO turbehalduse standardid Monika Oit Cybernetica Eesti esindaja ISO/IEC JTC1 SC27s (osalenud põhiliselt WG1 töös)

SEC835 Database and Web application security Information Security Architecture.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

1 1 Update: ISO/IEC Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12:

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Engineering Essential Characteristics Security Engineering Process Overview.

TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.

SC 37 “Biometrics” and correlations with JTC1 Special Working Group on Accessibility Ing. Mario Savastano IBB (CNR) and DIEL (Federico II University of.

Overview of SC 32/WG 2 Standards Projects Supporting Semantics Management Open Forum 2005 on Metadata Registries 14:45 to 15:30 13 April 2005 Larry Fitzwater.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.

ISO/IEC JTC 1/SC 27 – IT Security Techniques Dr. Walter Fumy, Chief Scientist, Bundesdruckerei GmbH.

ISO’s standardization approach to security, privacy and trust

Jürgen Großmann, Fraunhofer FOKUS

ISO/IEC JTC 1/SC 7 Working Group 42 - Architecture Johan Bendz

ISO Smart and Sustainable Cities developments

ISO Security Standardization News

ISO Smart and Sustainable Cities developments

ITU-T SG17 Q.3 Telecommunication information security management

What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.

ITU-T activity in ICT security

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

ISO/IEC JTC 1/SC 27 IT Security Techniques Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany 1

SC 27 – IT Security Techniques Scope The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as Security requirements capture methodology; Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services; Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information; Security management support documentation including terminology, guidelines as well as procedures for the registration of security components; Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the area of information security; Security evaluation criteria and methodology. 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27 – IT Security Techniques Organization ISO/IEC JTC 1/SC 27 IT Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia Working Group 1 Information security management systems Convener Mr. T. Humphreys Working Group 2 Cryptography and security mechanisms Convener Mr. T. Chikazawa Working Group 3 Security evaluation criteria Convener Mr. M. Bañón Working Group 4 Security controls and services Convener Mr. M.-C. Kang Working Group 5 Identity management and privacy technologies Convener Mr. K. Rannenberg http://www.jtc1sc27.din.de/en 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27/WG 1 ISMS Family of Standards 27001 ISMS Requirements 27000 ISMS Overview and Vocabulary 27006 Accreditation Requirements 27010 ISMS for Inter-sector communications 27002 (pka 17799) Code of Practice 27007 ISMS Auditing Guidance 27011 / ITU-T X.1051 Telecom Sector ISMS Requirements 27003 ISMS Implementation Guidance TR 27008 ISMS Guide for auditors on ISMS controls 27015 Financial and Insurance Sector ISMS Requirements 27004 Information Security Mgt Measurements TR 27016 Information Security Mgt - Organizational economics 27005 Information Security Risk Management Supporting Guidelines Accreditation Requirements and Auditing Guidelines Sector Specific Requirements and Guidelines 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27/WG 4 Security Controls and Services ICT Readiness for Business Continuity (WD 27031) Cybersecurity (WD 27032) Network Security (CD 27033-1, WD 27033-2/3/4) Application Security (WD 27034-1) Security Info-Objects for Access Control (TR 15816) Security of Outsourcing (NP) TTP Services Security (TR 14516; 15945) Time Stamping Services (TR 29149) Information security incident management (27035) ICT Disaster Recovery Services (24762) Identification, collection and/or acquisition, and preservation of digital evidence (NP) Unknown or emerging security issues Known security issues Security breaches and compromises 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27/WG 2 Cryptography and Security Mechanisms Cryptographic Protocols Message Authentication Digital Signatures Encryption & Modes of Operation Parameter Generation Entity Authentication (IS 9798) Key Mgt (IS 11770) Non-Repudiation (IS 13888) Time Stamping Services (IS 18014) Cryptographic Techniques based on Elliptic Curves (IS 15946) Hash Functions (IS 10118) Message Authentication Codes (IS 9797) Check Character Systems (IS 7064) Signatures giving Msg Recovery (IS 9796) Signatures with Appendix (IS 14888) Biometric Template Protection (NP 24745) Authenticated Encryption (IS 19772) Modes of Operation (IS 10116) Encryption (IS 18033) Random Bit Generation (IS 18031) Prime Number Generation (IS 18032) This provides an introduction to SC27’s portfolio with respect to cryptographic techniques, covering the whole range from encryption and key generation to complex protocols, e.g. for key establishment or for secure time stamping. 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27/WG 3 Security Evaluation Criteria Verification of Cryptographic Protocols (WD 29128) Secure System Engineering Principles and Techniques (NWIP) Responsible Vulnerability Disclosure (WD 29147) Trusted Platform Module (IS 11889) SSE-CMM (IS 21827) A Framework for IT Security Assurance (TR 15443) Test Requirements for Cryptographic Modules (IS 24759) Security Requirements for Cryptographic Modules (IS 19790) Security Assessment of Operational Systems (TR 19791) IT Security Evaluation Criteria (CC) (IS 15408) Evaluation Methodology (CEM) (IS 18045) PP/ ST Guide (TR 15446) Protection Profile Registration Procedures (IS 15292) Security Evaluation of Biometrics (FDIS 19792) 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27/WG 5 Identity Management & Privacy Technologies WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data. This includes: Frameworks & Architectures A framework for identity management (ISO/IEC 24760, FCD/WD/WD) Privacy framework (ISO/IEC 29100, FCD) Privacy reference architecture (ISO/IEC 29101, CD) Entity authentication assurance framework (ISO/IEC 29115 / ITU-T Xeaa, CD) A framework for access management (ISO/IEC 29146, WD) Protection Concepts Biometric information protection (ISO/IEC 24745, FDIS) Requirements for partially anonymous, partially unlinkable authentication (ISO/IEC 29191, CD) Guidance on Context and Assessment Authentication context for biometrics (ISO/IEC 24761, 2009) Privacy capability assessment framework (ISO/IEC 29190, WD) 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27 – IT Security Techniques Recent Achievements Summary between November 2009 and October 2010 11 International Standards and Technical Reports have been published (total number of publications: 98) 13 new projects have been approved (total number of projects: 160) 5 additional O-members (total 18) (total number of P-members: 41) 9 additional liaisons 5 liaisons terminated (total number of liaisons: 54) 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

20 Years of SC 27 Information Security Standardisation Platinum Book available from http://www.jtc1sc27.din.de/sbe/sc27berlin Next SC 27 meetings Apr 11-19, 2011 Singapore (WGs and Plenary) Oct 10-14, 2011 Nairobi, Kenya (WGs) May 7-15, 2012 Sweden (WGs and Plenary) 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

Thank You! Walter.Fumy@bdr.de

Areas of Collaboration include ISO/IEC 15816: Security information objects for access control (= ITU-T X.841) ISO/IEC 14516: Guidelines on the use and management of TTP services (= ITU-T X.842) ISO/IEC 15945: Specification of TTP services to support the application of digital signatures (= ITU-T X.843) ISO/IEC 18028: IT network security ISO/IEC 27011: Information security management guidelines for telecommunications (= ITU-T X.1051) ISO/IEC 27010: Information security management for inter-sector communications ISO/IEC 27014: Information security governance framework ISO/IEC 27032: Guidelines for cybersecurity ISO/IEC 24760: A framework for identity management ISO/IEC 29115: Entity authentication assurance (= ITU-T X.eaa) 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale

Approved New Projects ISO/IEC 20004 – Software development and evaluation under ISO/IEC 15408 ISO/IEC 20008 – Anonymous digital signatures (2 Parts) ISO/IEC 20009 – Anonymous entity authentication (2 Parts) ISO/IEC TR 27016 – Information security management – Organizational economics ISO/IEC 27038 – Specification for digital redaction ISO/IEC 30104 – Physical security attacks, mitigation techniques and security requirements 28.03.2017 I ITU-T Workhop on Addressing security challenges on a global scale