ISO/IEC JTC 1/SC 27 IT Security Techniques Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany.

ISO/IEC JTC 1/SC 27IT Security Techniques

Dr. Walter Fumy

Chairman ISO/IEC JTC 1/SC 27

Chief Scientist, Bundesdruckerei GmbH, Germany

Dr. Walter Fumy I 210.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27 – IT Security Techniques Scope

The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as Security requirements capture methodology; Management of information and ICT security; in particular information

security management systems (ISMS), security processes, security controls and services;

Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;

Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;

Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the

area of information security; Security evaluation criteria and methodology.

Dr. Walter Fumy I 310.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27 – IT Security Techniques Organization

Working Group 5

Identity management and privacy

technologies

Convener

Mr. K. Rannenberg

Working Group 4

Security controls and services

Convener

Mr. M.-C. Kang

Working Group 3

Security evaluation

criteria

Convener

Mr. M. Bañón

Working Group 2

Cryptography and security mechanisms

Convener

Mr. T. Chikazawa

Working Group 1

Information security

management systems

Convener

Mr. T. Humphreys

ISO/IEC JTC 1/SC 27

IT Security techniques

Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete

SC 27 Secretariat

DINMs. K. Passia

http://www.jtc1sc27.din.de/en

Dr. Walter Fumy I 410.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

27003 ISMS Implementation

Guidance

SC 27/WG 1 ISMS Family of Standards

27001ISMS Requirements

27004 Information Security Mgt

Measurements

27005 Information SecurityRisk Management

27000 ISMS Overview and

Vocabulary

27002 (pka 17799)Code of Practice

27006 Accreditation Requirements

27007 ISMS Auditing Guidance

Supporting GuidelinesAccreditation Requirements and

Auditing GuidelinesSector Specific Requirements and

Guidelines

27011 / ITU-T X.1051 Telecom Sector ISMS

Requirements

27010 ISMS for Inter-sector

communications

27015 Financial and Insurance Sector

ISMS Requirements

TR 27008 ISMS Guide for auditors on

ISMS controls

TR 27016Information Security Mgt - Organizational economics

Dr. Walter Fumy I 510.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

Unknown or emerging security issues

Known security issues

Security breaches and compromises

SC 27/WG 4Security Controls and Services

Dr. Walter Fumy I 610.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

Cryptographic Protocols

Message Authentication Digital Signatures

Encryption & Modes of Operation

Parameter Generation

SC 27/WG 2Cryptography and Security Mechanisms

Entity Authentica

tion (IS 9798)

Key Mgt(IS 11770)

Encryption(IS 18033)

Modes of Operation(IS 10116)

Hash Functions(IS 10118)

Message Authentication Codes(IS 9797)

Signatures giving Msg Recovery(IS 9796)

Non-Repudiatio

n(IS 13888)

Signatures with

Appendix(IS 14888)

Check Character Systems(IS 7064)

Cryptographic Techniques

based on Elliptic Curves

(IS 15946)

Time Stamping Services

(IS 18014)

Random Bit

Generation

(IS 18031)

Prime Number

Generation

(IS 18032)

Authenticated

Encryption(IS 19772)

Biometric Template

Protection(NP 24745)

Dr. Walter Fumy I 710.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27/WG 3Security Evaluation Criteria

IT Security Evaluation Criteria (CC) (IS 15408)

Evaluation Methodology (CEM) (IS 18045)

PP/ STGuide

(TR 15446)

Protection Profile Registration Procedures

(IS 15292)

A Framework forIT SecurityAssurance(TR 15443)

Security Assessment ofOperational Systems

(TR 19791)

Security Evaluation of Biometrics (FDIS 19792)

SSE-CMM(IS 21827)

Test Requirements for Cryptographic Modules

(IS 24759)

Security Requirements for Cryptographic Modules

(IS 19790)

Verification of Cryptographic Protocols

(WD 29128)

Secure System Engineering Principles and Techniques (NWIP)

Responsible VulnerabilityDisclosure(WD 29147)

Trusted Platform Module(IS 11889)

Dr. Walter Fumy I 810.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27/WG 5Identity Management & Privacy Technologies

WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data. This includes: Frameworks & Architectures

A framework for identity management (ISO/IEC 24760, FCD/WD/WD) Privacy framework (ISO/IEC 29100, FCD) Privacy reference architecture (ISO/IEC 29101, CD) Entity authentication assurance framework (ISO/IEC 29115 / ITU-T Xeaa, CD) A framework for access management (ISO/IEC 29146, WD)

Protection Concepts Biometric information protection (ISO/IEC 24745, FDIS) Requirements for partially anonymous, partially unlinkable authentication

(ISO/IEC 29191, CD) Guidance on Context and Assessment

Authentication context for biometrics (ISO/IEC 24761, 2009) Privacy capability assessment framework (ISO/IEC 29190, WD)

Dr. Walter Fumy I 910.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

SC 27 – IT Security Techniques Recent Achievements

Summary

between November 2009 and October 2010

11 International Standards and Technical Reports have been published (total number of publications: 98)

13 new projects have been approved(total number of projects: 160)

5 additional O-members (total 18)(total number of P-members: 41)

9 additional liaisons 5 liaisons terminated

(total number of liaisons: 54)

Dr. Walter Fumy I 1010.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

20 Years of SC 27 Information Security Standardisation

Platinum Book

available from http://www.jtc1sc27.din.de/sbe/sc27berlin

Next SC 27 meetings Apr 11-19, 2011 Singapore

(WGs and Plenary) Oct 10-14, 2011 Nairobi, Kenya

(WGs) May 7-15, 2012 Sweden

(WGs and Plenary)

Thank You!

[email protected]

Dr. Walter Fumy I 1210.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

Areas of Collaborationinclude

ISO/IEC 15816: Security information objects for access control (= ITU-T X.841)

ISO/IEC 14516: Guidelines on the use and management of TTP services (= ITU-T X.842)

ISO/IEC 15945: Specification of TTP services to support the application of digital signatures (= ITU-T X.843)

ISO/IEC 18028: IT network security ISO/IEC 27011: Information security management guidelines for

telecommunications (= ITU-T X.1051)

ISO/IEC 27010: Information security management for inter-sector communications

ISO/IEC 27014: Information security governance framework ISO/IEC 27032: Guidelines for cybersecurity ISO/IEC 24760: A framework for identity management ISO/IEC 29115: Entity authentication assurance (= ITU-T X.eaa)

Dr. Walter Fumy I 1310.04.23 I ITU-T Workhop on Addressing security challenges on a global scale

Approved New Projects

ISO/IEC 20004 – Software development and evaluation under ISO/IEC 15408

ISO/IEC 20008 – Anonymous digital signatures (2 Parts)

ISO/IEC 20009 – Anonymous entity authentication (2 Parts)

ISO/IEC TR 27016 – Information security management – Organizational economics

ISO/IEC 27038 – Specification for digital redaction

ISO/IEC 30104 – Physical security attacks, mitigation techniques and security requirements