Deutsches Institut für Normung e. V.

Direktlink:
Inhalt; Accesskey: 2 |  Hauptnavigation; Accesskey: 3 |  Servicenavigation; Accesskey: 4

Structure

Current activities of SC 27 are divided into five working groups:

  • Working Group 1: Information security management systems
  • Working Group 2: Cryptography and security mechanisms
  • Working Group 3: Security Evaluation, Testing and Specification
  • Working Group 4: Security controls and services
  • Working Group 5: Identity management and privacy technologies

To obtain the International Standards developed by JTC 1/SC 27 or further information, please contact your National Body of ISO/IEC JTC 1/SC 27.


ISO/IEC JTC1/SC 27/WG 1

Information security management systems

Convener:
Edward Humphreys, BSI, United Kingdom
(8th three-year term, May 2012 - May 2015)

Vice-Convener: Dale Johnstone, SA, Australia
(2nd three-year term, May 2012 - May 2015)

The Terms of Reference of this working group are:

The scope of WG 1 covers the development of ISMS (Information Security Management System) standards and guidelines (see SC 27 N5114).  This includes:

  1. Development and maintenance of the ISO/IEC 27000 ISMS standards family
  2. Identification of requirements for future ISMS standards and guidelines
  3. On-going maintenance of WG1 standing document SD WG 1/1 (WG 1 Roadmap)
  4. Collaboration with other Working Groups in SC 27, in particular with WG 4 on standards addressing the implementation of control objectives and controls as defined in ISO/IEC 27001.

Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for ISMS, for example:

  • ITU-T Telecoms
  • ISO/TC 215 Healthcare
  • ISO/TC 68 Banking
  • ISO/TC 204 Intelligent transport systems
  • ISO/TC 223 Civil defense
  • ISSEA
  • Aerospace
  • Automotive industry
  • Standards bodies, such as IETF, IEEE
  • International institutions, e.g. OECD, APEC, EU
  • IAF and CASCO, and other relevant groups regarding the development of accreditation and certification standards and guidelines

ISO/IEC JTC1/SC 27/WG 2

Cryptography and security mechanisms

Convener: Takeshi Chikazawa, JISC, Japan
(2nd three-year term, April 2013 - April 2016)

Vice-Convener: Toshio Tatsuta, JISC, Japan
(2nd three-year term, April 2013 - April 2016)

The terms of reference of this working group are:

WG 2 provides a center of expertise for the standardization of IT Security techniques and mechanisms within JTC 1.
Terms of Reference:

  • identify the need and requirements for these techniques and mechanisms in IT systems and applications;
  • develop terminology, general models and standards for these techniques and mechanisms for use in security services.

The scope covers both cryptographic and non-cryptographic techniques and mechanisms including:

  • confidentiality;
  • entity authentication;
  • non-repudation;
  • key management;
  • data integrity such as
    • message authentication;
    • hash-functions;
    • digital signatures.

The mechanisms in general include several options with respect to the techniques used including symmetric cryptographic, asymmetric cryptographic and non-cryptographic.


ISO/IEC JTC 1/SC 27/WG 3

Security Evaluation, Testing and Specification

Convener:
Miguel Bañón, AENOR, Spain
(2nd three-year term, May 2012 - May 2015)


The terms of reference of this working group are:

The scope covers aspects related to security engineering, with particular emphasis on, but not limited to standards for IT security specification, evaluation, testing and certification of IT systems, components, and products. This will include consideration of computer networks, distributed systems, associated application services, biometrics, etc.
The following aspects may be distinguished:

  • security evaluation criteria;
  • methodology for application of the criteria;
  • security functional and assurance specification of IT systems, components and products;
  • testing methodology for determination of security functional and assurance conformance;
  • administrative procedures for testing, evaluation, certification, and accreditation schemes.

This work will reflect the needs of relevant sectors in society, as represented through ISO/IEC National Bodies and other organizations in liaison, expressed in standards for security functionality and assurance.
Account will be taken of related ISO/IEC and ISO standards for quality management and testing so as not to duplicate these efforts.


ISO/IEC JTC 1/SC 27/WG 4

Security controls and services

Convener: Johann Amsenga, SABS, South Africa
(1st term of office May 2012 - May 2015)

Vice-Convener: Lionel Vodzislawsky, AFNOR, France
(1st term of office May 2012 - May 2015)

The terms of reference of this working group are:

The scope of WG 4 covers the development and maintenance of standards and guidelines addressing services and applications supporting the implementation of control objectives and controls as defined in ISO/IEC 27001. This includes:

1.    Current SC 27 projects:

  • IT Network security (ISO/IEC 18028)
  • Information security incident management (ISO/IEC TR 18044)
  • Guidelines for information and communications technology disaster recovery services (ISO/IEC 24762)
  • Selection, deployment and operation of Intrusion Detection Systems (IDS) (ISO/IEC 18043)
  • Guidelines on use and management of Trusted Third Party services (ITU-T X.842 I  ISO/IEC TR 14516)
  • Specification of TTP services to support the application of digital signatures (ITU-T X.843 I ISO/IEC 15945)
  • Security information objects for access control (ITU-T X.841 I ISO/IEC 15816)

2.    Identification of requirements for and development of future service and applications standards and guidelines, for example in the areas of

  • Business Continuity
  • Cyber Security
  • Outsourcing

3.    On-going maintenance of WG4 standing document SD WG 4/1 (WG 4 Road Map)

4.    Collaboration with other Working Groups in SC 27, in particular with WG1 on ISMS standards and guidelines

5.    Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for services and applications, for example:

  • ITU-T Telecoms
  • ISO/TC 215 Health informatics
  • ISO/TC 68 Banking
  • ISSEA
  • Aerospace
  • Automotive industry
  • Standards bodies, such as IETF, IEEE
  • International institutions, e.g. OECD, APEC, EU
  • IAF and CASCO, and other relevant groups regarding the development of accreditation and certification standards and guidelines

ISO/IEC JTC 1/SC 27/WG 5

Identity management and privacy technologies

Convener: Kai Rannenberg, DIN, Germany
(3rd three-year term, April 2013 - April 2016)

Vice-Convener: Jan Schallaböck, DIN, Germany
(2nd three-year term, April 2013 - April 2016)

The terms of reference of this working group are:

The scope of SC 27/WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data.
This includes:

1.    Current SC 27 projects:

  • Framework for Identity Management (ISO/IEC 24760)
  • Biometric template protection (ISO/IEC 24745)
  • Authentication context for biometrics (ISO/IEC 24761)

2.    Identification of requirements for and development of future standards and guidelines in these areas.  For example in the area of Identity Management, topics such as

  • Role based access control
  • Provisioning
  • Identifiers
  • Single sign-on

In the area of Privacy, topics such as

  • A Privacy Framework
  • A Privacy Reference Architecture
  • Privacy infrastructures
  • Anonymity and credentials
  • Specific Privacy Enhancing Technologies (PETs)
  • Privacy Engineering

In the area of Biometrics, topics such as

  • Protection of biometric data
  • Authentication techniques

3.    Collaboration with other Working Groups in SC 27,  e.g., WG 1 on management aspects, WG 2 on specific cryptographic techniques and WG 3 on evaluation aspects.

4.    Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for services and applications in this area, for example:

  • ISO/IEC SC 37 Biometrics
  • ECRYPT
  • ISO/TC68/SC2 Financial Services Security
  • ISO/TC68/SC6/WG10 Financial Services-Retail Financial Services-Privacy
  • ITU-T SG17 Security, languages and telecommunication software
  • Future of Identity in the Information Society (FIDIS)
  • The International Conference of Data Protection and Privacy Commissioners
  • The Open Group (IdM Forum and Jericho Forum)

JTC 1/SC 27 Chairman: DIN, Germany, Walter Fumy (5th three-year term, November 2010 - November 2013)
JTC 1/SC 27 Vice-chair: NBN, Belgium, Marijke De Soete (4th three-year term, April 2013 - April 2016)
JTC 1/SC 27 Secretariat: DIN, Germany, Krystyna Passia


Last update: 2013-06-08

Contact

Frau  Krystyna Passia
Burggrafenstr. 6
10787 Berlin
Send message