ISO/IEC JTC 1/SC 27

beansproutscompleteΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

400 εμφανίσεις


ISO/IEC JTC 1/SC 27

IT Security Techniques

Dr. Walter Fumy


Chairman ISO/IEC JTC 1/SC 27

Chief Scientist, Bundesdruckerei GmbH, Germany


Dr. Walter Fumy
I

2

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


SC 27


IT Security Techniques

Scope


The development of standards for the protection of information and ICT.

This includes
generic methods, techniques and guidelines

to address

both
security and privacy

aspects, such as


Security requirements capture methodology;


Management of information and ICT security; in particular information
security management systems (ISMS), security processes, security
controls and services;


Cryptographic and other security mechanisms, including but not limited to
mechanisms for protecting the accountability, availability, integrity and
confidentiality of information;


Security management support documentation including terminology,
guidelines as well as procedures for the registration of security
components;


Security aspects of identity management, biometrics and privacy;


Conformance assessment, accreditation and auditing requirements in the
area of information security;


Security evaluation criteria and methodology.


Dr. Walter Fumy
I

3

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


SC 27


IT Security Techniques

Organization

Working Group 5

Identity
management

and privacy
technologies


Convener

Mr. K. Rannenberg

Working Group 4

Security
controls
and services



Convener

Mr. M.
-
C. Kang

Working Group 3

Security
evaluation

criteria


Convener

Mr. M. Bañón

Working Group 2

Cryptography
and security
mechanisms


Convener

Mr.
T. Chikazawa

Working Group 1

Information
security
management
systems

Convener

Mr. T. Humphreys

ISO/IEC JTC 1/SC 27

IT Security techniques

Chair: Mr. W. Fumy

Vice
-
Chair: Ms. M. De Soete

SC 27
Secretariat

DIN

Ms. K. Passia


http://www.jtc1sc27.din.de/en


Dr. Walter Fumy
I

4

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


27003

ISMS Implementation
Guidance

SC 27/WG 1


ISMS Family of Standards

27001

ISMS Requirements

27004


Information Security Mgt
Measurements

27005

Information Security

Risk Management

27000

ISMS Overview and
Vocabulary

27002 (pka 17799)

Code of Practice

27006

Accreditation Requirements

27007

ISMS Auditing Guidance

Supporting Guidelines

Accreditation Requirements and
Auditing Guidelines

Sector Specific Requirements and
Guidelines

27011
/ ITU
-
T X.1051


Telecom Sector ISMS
Requirements

27010

ISMS for Inter
-
sector
communications

27015

Financial and Insurance Sector
ISMS Requirements

TR 27008

ISMS Guide for auditors on
ISMS controls

TR 27016

Information Security Mgt
-

Organizational economics


Dr. Walter Fumy
I

5

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


ICT Readiness for Business Continuity (WD 27031)

Cybersecurity (WD 27032)

Network Security (CD 27033
-
1, WD 27033
-
2/3/4)

Application Security (WD 27034
-
1)

Security Info
-
Objects for Access Control (TR
15816)

Security of Outsourcing (NP)

TTP Services Security (TR 14516; 15945)

Time Stamping Services (TR 29149)

Information security incident management (27035)

ICT Disaster Recovery Services (24762)

Identification, collection and/or acquisition, and
preservation of digital evidence (NP)

Unknown or emerging
security issues

Known security issues

Security breaches and
compromises

SC 27/WG 4

Security
Controls and Services


Dr. Walter Fumy
I

6

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


Cryptographic Protocols

Message Authentication

Digital Signatures

Encryption &

Modes of Operation

Parameter
Generation

SC 27/WG 2

Cryptography and Security Mechanisms

Entity
Authentica
tion

(IS 9798)

Key Mgt

(IS 11770)

Encryption

(IS 18033)

Modes of
Operation

(IS 10116)

Hash
Functions

(IS 10118)

Message
Authentica
tion Codes

(IS 9797)

Signatures
giving Msg
Recovery

(IS 9796)

Non
-
Repudiatio
n

(IS 13888)

Signatures
with
Appendix

(IS 14888)

Check
Character
Systems

(IS 7064)

Cryptographic
Techniques
based on
Elliptic Curves

(IS 15946)

Time
Stamping
Services

(IS 18014)

Random
Bit
Generation

(IS 18031)

Prime
Number
Generation

(IS 18032)

Authentica
ted
Encryption

(IS 19772)

Biometric
Template
Protection

(NP 24745)


Dr. Walter Fumy
I

7

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


SC 27/WG 3

Security Evaluation Criteria

IT Security Evaluation Criteria (CC)

(IS 15408)

Evaluation Methodology
(CEM) (IS 18045)

PP/ ST

Guide

(TR 15446)

Protection Profile
Registration Procedures

(IS 15292)

A Framework for

IT Security

Assurance

(TR 15443)

Security Assessment of

Operational Systems

(TR 19791)

Security Evaluation of
Biometrics

(FDIS 19792)

SSE
-
CMM

(IS 21827)

Test Requirements for
Cryptographic Modules

(IS 24759)

Security Requirements for
Cryptographic Modules

(IS 19790)

Verification of
Cryptographic Protocols

(WD 29128)

Secure System
Engineering Principles
and Techniques
(NWIP)

Responsible Vulnerability

Disclosure

(WD 29147)

Trusted Platform Module

(IS 11889)


Dr. Walter Fumy
I

8

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


SC 27/WG 5

Identity Management & Privacy Technologies

WG 5 covers the development and maintenance of standards and guidelines
addressing security aspects of identity management, biometrics and the protection
of personal data. This includes:


Frameworks & Architectures


A framework for identity management (ISO/IEC 24760, FCD/WD/WD)


Privacy framework (ISO/IEC 29100, FCD)


Privacy reference architecture (ISO/IEC 29101, CD)


Entity authentication assurance framework (ISO/IEC 29115 / ITU
-
T Xeaa, CD)


A framework for access management (ISO/IEC 29146, WD)


Protection Concepts


Biometric information protection (ISO/IEC 24745, FDIS)


Requirements
for partially anonymous, partially unlinkable authentication


(ISO/IEC 29191, CD)


Guidance on Context and Assessment


Authentication context for biometrics (ISO/IEC 24761, 2009)


Privacy capability assessment framework (ISO/IEC 29190, WD)



Dr. Walter Fumy
I

9

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


SC 27


IT Security Techniques

Recent Achievements

Summary

between November 2009 and October 2010


11

International Standards and Technical Reports


have been published (total number of publications: 98)


13

new projects have been approved


(total number of projects: 160)


5

additional O
-
members (total 18)


(total number of P
-
members: 41)


9

additional liaisons

5

liaisons terminated


(total number of liaisons: 54)



Dr. Walter Fumy
I

10

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


20 Years of

SC 27 Information Security Standardisation


Platinum Book


available from

http://www.jtc1sc27.din.de/sbe/sc27berlin




Next SC 27 meetings


Apr 11
-
19, 2011

Singapore

(WGs and Plenary)


Oct 10
-
14, 2011

Nairobi, Kenya

(WGs)


May 7
-
15, 2012

Sweden

(WGs and Plenary)


Thank You!


Walter.Fumy@bdr.de


Dr. Walter Fumy
I

12

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


Areas of Collaboration

include


ISO/IEC 15816: Security information objects for access control


(= ITU
-
T X.841)


ISO/IEC 14516: Guidelines on the use and management of TTP services


(= ITU
-
T X.842)


ISO/IEC 15945: Specification of TTP services to support the application of

digital signatures (= ITU
-
T X.843)


ISO/IEC 18028: IT network security


ISO/IEC 27011: Information security management guidelines for

telecommunications (= ITU
-
T X.1051)



ISO/IEC 27010: Information security management for inter
-
sector

communications


ISO/IEC 27014: Information security governance framework


ISO/IEC 27032: Guidelines for cybersecurity


ISO/IEC 24760: A framework for identity management


ISO/IEC 29115: Entity authentication assurance (= ITU
-
T X.eaa)


Dr. Walter Fumy
I

13

13.12.2013

I ITU
-
T Workhop on Addressing security challenges on a global scale


Approved New Projects


ISO/IEC 20004


Software development and evaluation under


ISO/IEC 15408


ISO/IEC 20008


Anonymous digital signatures (2 Parts)


ISO/IEC 20009


Anonymous entity authentication (2 Parts)


ISO/IEC TR 27016


Information security management



Organizational economics


ISO/IEC 27038


Specification for digital redaction


ISO/IEC 30104


Physical security attacks, mitigation techniques and

security requirements