fbpx
Wikipedia

ISO/IEC JTC 1/SC 27

October 17, 2023

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote.[1] The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.[2]

History Edit

ISO/IEC JTC 1/SC 27 was founded by ISO/IEC JTC 1 in 1990. The subcommittee was formed when ISO/IEC JTC 1/SC 20, which covered standardization within the field of security techniques, covering "secret-key techniques" (ISO/IEC JTC 1/SC 20/WG 1), "public-key techniques" (ISO/IEC JTC 1/SC 20/WG 2), and "data encryption protocols" (ISO/IEC JTC 1/SC 20/WG 3) was disbanded. This allowed for ISO/IEC JTC 1/SC 27 to take over the work of ISO/IEC JTC 1/SC 20 (specifically that of its first two working groups) as well as to extend its scope to other areas within the field of IT security techniques.[3] Since 1990, the subcommittee has extended or altered its scope and working groups to meet the current standardization demands. ISO/IEC JTC 1/SC 27, which started with three working groups, eventually expanded its structure to contain five.[4] The two new working groups were added in April 2006, at the 17th Plenary Meeting in Madrid, Spain.[5]

Scope Edit

The scope of ISO/IEC JTC 1/SC 27 is "The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:[6]

  • Security requirements capture methodology;
  • Management of information and ICT security; in particular information security management systems, security processes, security controls and services;
  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
  • Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
  • Security aspects of identity management, biometrics and privacy;
  • Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
  • Security evaluation criteria and methodology.

SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas."

Structure Edit

ISO/IEC JTC 1/SC 27 is made up of five working groups (WG), each of which is responsible for the technical development of information and IT security standards within the programme of work of ISO/IEC JTC 1/SC 27. In addition, ISO/IEC JTC 1/SC 27 has two special working groups (SWG): (i) SWG-M, which operates under the direction of ISO/IEC JTC 1/SC 27 with the primary task of reviewing and evaluating the organizational effectiveness of ISO/IEC JTC 1/SC 27 processes and mode of operations; and (ii) SWG-T, which operates under the direction of ISO/IEC JTC 1/SC 27 to address topics beyond the scope of the respective existing WGs or that can affect directly or indirectly multiple WGs. ISO/IEC JTC 1/SC 27 also has a Communications Officer whose role is to promote the work of ISO/IEC JTC 1/SC 27 through different channels: press releases and articles, conferences and workshops, interactive ISO chat forums and other media channels.

The focus of each working group is described in the group's terms of reference. Working groups of ISO/IEC JTC 1/SC 27 are:[7]

Working Group Working Area
ISO/IEC JTC 1/SC 27/SWG-M Management
ISO/IEC JTC 1/SC 27/SWG-T Transversal items
ISO/IEC JTC 1/SC 27/WG 1 Information security management systems
ISO/IEC JTC 1/SC 27/WG 2 Cryptography and security mechanisms
ISO/IEC JTC 1/SC 27/WG 3 Security evaluation, testing and specification
ISO/IEC JTC 1/SC 27/WG 4 Security controls and services
ISO/IEC JTC 1/SC 27/WG 5 Identity management and privacy technologies

Collaborations Edit

ISO/IEC JTC 1/SC 27 works in close collaboration with a number of other organizations or subcommittees, both internal and external to ISO or IEC, in order to avoid conflicting or duplicative work. Organizations internal to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 27 include:[6][8]

  • ISO/IEC JTC 1/SWG 6, Management
  • ISO/IEC JTC 1/WG 7, Sensor networks
  • ISO/IEC JTC 1/WG 9, Big Data
  • ISO/IEC JTC 1/WG 10, Internet of Things (IoT)
  • ISO/IEC JTC 1/SC 6, Telecommunications and information exchange between systems
  • ISO/IEC JTC 1/SC 7, Software and systems engineering
  • ISO/IEC JTC 1/SC 17, Cards and personal identification
  • ISO/IEC JTC 1/SC 22, Programming languages, their environments and system software interfaces
  • ISO/IEC JTC 1/SC 25, Interconnection of information technology equipment
  • ISO/IEC JTC 1/SC 31, Automatic identification and data capture techniques
  • ISO/IEC JTC 1/SC 36, Information technology for learning, education and training
  • ISO/IEC JTC 1/SC 37, Biometrics
  • ISO/IEC JTC 1/SC 38, Cloud computing and distributed platforms
  • ISO/IEC JTC 1/SC 40, IT Service Management and IT Governance
  • ISO/TC 8, Ships and marine technology
  • ISO/TC 46, Information and documentation
  • ISO/TC 46/SC 11, Archives/records management
  • ISO/TC 68, Financial services
  • ISO/TC 68/SC 2, Financial Services, security
  • ISO/TC 68/SC 7, Core banking
  • ISO/TC 171, Document management applications
  • ISO/TC 176, Quality management and quality assurance
  • ISO/TC 176/SC 3, Supporting technologies
  • ISO/TC 204, Intelligent transport systems
  • ISO/TC 215, Health informatics
  • ISO/TC 251, Asset management
  • ISO/TC 259, Outsourcing
  • ISO/TC 262, Risk management
  • ISO/TC 272, Forensic sciences
  • ISO/TC 292, Security and resilience
  • ISO/CASCO, Committee on Conformity Assessments
  • ISO/TMB/JTCG, Joint technical Coordination Group on MSS
  • ISO/TMB/SAG EE 1, Strategic Advisory Group on Energy Efficiency
  • IEC/SC 45A, Instrumentation, control and electrical systems of nuclear facilities
  • IEC/TC 57, Power systems management and associated information exchange
  • IEC/TC 65, Industrial-process measurement, control and automation
  • IEC Advisory Committee on Information security and data privacy (ACSEC)

Some organizations external to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 27 include:[6][9]

Member countries Edit

Countries pay a fee to ISO to be members of subcommittees.[10]

The 51 "P" (participating) members of ISO/IEC JTC 1/SC 27 are: Algeria, Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Cyprus, Czech Republic, Côte d'Ivoire, Denmark, Finland, France, Germany, India, Ireland, Israel, Italy, Jamaica, Japan, Kazakhstan, Kenya, Republic of Korea, Luxembourg, Malaysia, Mauritius, Mexico, Netherlands, New Zealand, Norway, Peru, Poland, Romania, Russian Federation, Rwanda, Singapore, Slovakia, South Africa, Spain, Sri Lanka, Sweden, Switzerland, Thailand, the Republic of Macedonia, Ukraine, United Arab Emirates, United Kingdom, United States of America, and Uruguay.

The 20 "O" (observing) members of ISO/IEC JTC 1/SC 27 are: Belarus, Bosnia and Herzegovina, Costa Rica, El Salvador, Estonia, Ghana, Hong Kong, Hungary, Iceland, Indonesia, Islamic Republic of Iran, Lithuania, Morocco, State of Palestine, Portugal, Saudi Arabia, Serbia, Slovenia, Swaziland, and Turkey.[11]

As of August 2014, the spread of meeting locations since Spring 1990 has been as shown below:

 
Meeting Locations

Published standards Edit

ISO/IEC JTC 1/SC 27 currently has 147 published standards within the field of IT security techniques, including:[4][12][13][14]

ISO/IEC Standard Title Status Description WG
ISO/IEC 27000 free Information technology – Security techniques – Information security management systems – Overview and vocabulary Published (2018) Describes the overview and vocabulary of ISMS[15] 1
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements Published (2013) Specifies the requirements for establishing, implementing, monitoring, and maintaining documented a documented ISMS within an organization.[16] "Transition mapping" ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard 1
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls Published (2013) Provides guidelines for information security management practices for use by those selecting, implementing, or maintaining ISMS[17] "Transition mapping" ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard 1
ISO/IEC 27006 Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems Published (2015) Specifies general requirements for a third-party body operating ISMS (in accordance with ISO/IEC 27001:2005) certification/registration has to meet, if it is to be recognized as competent and reliable in the operation of ISMS certification / registration[18] 1
ITU-T X.1051 / ISO/IEC 27011 Information technology -- Security techniques -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 Published (2008) This recommendation/international standard: a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of Information Security Management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services[19] 1
ISO/IEC 18033-1 Information technology – Security techniques – Encryption algorithms – Part 1: General Published (2015) Specifies encryption systems for the purpose of data confidentiality[20] 2
ISO/IEC 19772 Information technology – Security techniques – Authenticated encryption Published (2009) Specifies six methods for authenticated encryption with the security objectives of:[21] 2
ISO/IEC 15408-1 free Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model Published (2009, corrected and reprinted 2014) Establishes the general concepts and principles of IT security evaluation, and specifies the general model of evaluation given by various other parts of ISO/IEC 15408.[22] 3
ISO/IEC 19792 Information technology – Security techniques – Security evaluation of biometrics Published (2009) Specifies the subjects to be addressed during the security evaluation of a biometric system[23] 3
ISO/IEC 27031 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity Published (2011) Describes the concepts and principles of ICT readiness for business continuity and the method and framework needed to identify aspects in which to improve it.[24] 4
ISO/IEC 27034-1 Information technology – Security techniques – Application security – Part 1: Overview and concepts Published (2011) Addresses the management needs for ensuring the security of applications[5] and presents an overview of application security through the introduction of definitions, concepts, principles and processes[25] 4
ISO/IEC 27035 Information technology -- Security techniques -- Information security incident management Published (2011) Provides a structured and planned approach to:[26]
  • Detect, report, and assess information security incidents
  • Respond to and manage information security incidents
  • Detect, assess, and manage information security vulnerabilities
 4
ISO/IEC 27037 Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence Published (2012) Provides guidance for the handling of digital evidence that could be of evidential value[27] 4
ISO/IEC 24760-1 free Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts Published (2011) Provides a framework for the secure and reliable management of identities by:[28]
  • Defining the terms for identity management
  • Specifying the core concepts of identity and identity management[29]
 5
ISO/IEC 24760-2 Information technology - Security techniques - A framework for identity management - Part 2: Reference architecture and requirements Published (2015) Provides guidelines for the implementation of systems for the management of identity information and specifies requirements for the implementation and operation of a framework for identity management.[30] 5
ISO/IEC 24761 Information technology – Security techniques – Authentication context for biometrics Published (2009) Specifies the structure and data elements of Authentication Context for Biometrics (ACBio), which checks the validity of biometric verification process results[31] 5
ISO/IEC 29100 free Information technology – Security techniques – Privacy framework Published (2011) Provides a privacy framework that:[32]
  • Specifies a common privacy terminology
  • Describes privacy safeguarding considerations
  • Provides references to known privacy principles for IT
 5
ISO/IEC 29101 Information technology – Security techniques – Privacy architecture framework Published (2013) Defines a privacy architecture framework that:[33]
  • Specifies concerns for ICT systems that process PII
  • Lists components for the implementation of such systems
  • Provides architectural views contextualizing these components

Applicable to entities involved in specifying, procuring, designing, testing, maintaining, administering and operating ICT systems that process PII. Focuses primarily on ICT systems that are designed to interact with PII principals.

5

See also Edit

References Edit

  1. ^ DIN (2015-08-12). "ISO/IEC JTC 1/SC 27 – IT Security techniques Home". Retrieved 2013-09-26.
  2. ^ ISO. "ISO/IEC JTC 1/SC 27 – Secretariat". Retrieved 2013-08-22.
  3. ^ ISO (2012), "ISO/IEC JTC 1/SC 27 Security techniques", ISO/IEC JTC1 Standing Document N 2
  4. ^ a b Humphreys, Edward, ed. (2010). SC 27 Platinum Book (PDF). Suffolk, UK: Gripping Press Ltd. Retrieved 2013-08-22.
  5. ^ a b Meng-Chow, Kang (2008). "Getting Ready to the Changing Risk Situation" (PDF). Synthesis Journal. Retrieved 2013-08-22.
  6. ^ a b c Fumy, Walter (2012-10-10). SC 27 Business Plan October 2014 – September 2015 (PDF) (Business Plan). Retrieved 2013-08-22.
  7. ^ ISO. "ISO/IEC JTC 1/SC 27 IT Security techniques". p. Structure. Retrieved 2013-08-22.
  8. ^ "ISO/IEC JTC 1/SC 27 Liaisons". ISO. Retrieved 2015-07-14.
  9. ^ DIN (2015-08-12). "ISO/IEC JTC 1/SC 27 Membership". Retrieved 2013-08-22.
  10. ^ ISO (June 2012). "III. What Help Can I Get from the ISO Central Secretariat?". ISO Membership Manual (PDF). ISO. pp. 17–18. Retrieved 2013-07-12.
  11. ^ ISO. "ISO/IEC JTC 1/SC 27 - IT Security techniques". Retrieved 2013-08-23.
  12. ^ ISO. "Standards Catalogue: ISO/IEC JTC 1/SC 27 – IT Security techniques". Retrieved 2015-08-20.
  13. ^ "Freely Available Standards". ISO. Retrieved 2015-08-20.
  14. ^ "ISO/IEC JTC 1/SC 27". ISO. Retrieved 2015-07-14.
  15. ^ ISO (2014-01-15). "ISO/IEC 27000:2014". Retrieved 2015-08-20.
  16. ^ ISO (2013-09-25). "ISO/IEC 27001:2013". Retrieved 2013-09-26.
  17. ^ ISO (2013-09-25). "ISO/IEC 27002:2013". Retrieved 2013-09-26.
  18. ^ "ISO/IEC 27006:2011". ISO. Retrieved 2015-09-02.
  19. ^ "ISO/IEC 27011:2008". ISO. Retrieved 2015-09-02.
  20. ^ ISO/IEC (2015-07-24). "ISO/IEC 18033-1:2015". Retrieved 2015-08-20.
  21. ^ ISO/IEC (2009-02-12). "ISO/IEC 19772:2009". Retrieved 2013-08-23.
  22. ^ ISO (2015-03-18). "ISO/IEC 15408-1:2009". Retrieved 2015-08-20.
  23. ^ ISO/IEC (2009-07-30). "ISO/IEC 19792:2009". Retrieved 2013-08-23.
  24. ^ ISO/IEC (2011-03-01). "ISO/IEC 27031:2011". Retrieved 2013-08-22.
  25. ^ ISO/IEC (2011-11-21). "ISO/IEC 27034-1:2011". Retrieved 2013-08-22.
  26. ^ ISO/IEC (2011-08-17). "ISO/IEC 27035:2011". Retrieved 2013-08-22.
  27. ^ ISO (2012-10-15). "ISO/IEC 27037:2012". Retrieved 2013-09-26.
  28. ^ Brackney, Dick (2006-12-05). Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities (PDF) (Presentation). Retrieved 2013-08-22.
  29. ^ ISO/IEC (2011-12-07). "ISO/IEC 24760-1:2011". Retrieved 2013-08-22.
  30. ^ "ISO/IEC 24760-2". ISO. Retrieved 2015-08-20.
  31. ^ ISO/IEC (2009-05-11). "ISO/IEC 24761:2009". Retrieved 2013-08-23.
  32. ^ ISO (2011-12-05). "ISO/IEC 29100:2011". Retrieved 2013-09-26.
  33. ^ ISO (2013-10-16). "ISO/IEC 29101:2013" (1 ed.). Retrieved 2013-12-12.

External links Edit

  • ISO/IEC JTC 1/SC 27 home page
  • ISO/IEC JTC 1/SC 27 page at ISO
  • ISO/IEC Joint Technical Committee 1 - Information Technology (public website)
  • ISO/IEC Joint Technical Committee 1 (Livelink password-protected available documents)
  • ISO/IEC Joint Technical Committee 1 (freely available documents), JTC 1 Supplement, Standing Documents and Templates
  • ISO and IEC procedural documentation
  • ISO DB Patents (including JTC 1 patents)
  • ITU-T Study Group 17 (SG17)
  • ISO International Organization for Standardization
  • IEC International Electrotechnical Commission
  • Access to ISO/IEC JTC 1/SC 27 Freely Available Standards

October 17, 2023
information, security, cybersecurity, privacy, protection, standardization, subcommittee, joint, technical, committee, international, organization, standardization, international, electrotechnical, commission, develops, international, standards, technical, rep. ISO IEC JTC 1 SC 27 Information security cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO IEC JTC 1 of the International Organization for Standardization ISO and the International Electrotechnical Commission IEC ISO IEC JTC 1 SC 27 develops International Standards Technical Reports and Technical Specifications within the field of information security Standardization activity by this subcommittee includes general methods management system requirements techniques and guidelines to address information security cybersecurity and privacy Drafts of International Standards by ISO IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot comments and contributions Publication as an ISO IEC International Standard requires approval by a minimum of 75 of the national bodies casting a vote 1 The international secretariat of ISO IEC JTC 1 SC 27 is the Deutsches Institut fur Normung DIN located in Germany 2 Contents 1 History 2 Scope 3 Structure 4 Collaborations 5 Member countries 6 Published standards 7 See also 8 References 9 External linksHistory EditISO IEC JTC 1 SC 27 was founded by ISO IEC JTC 1 in 1990 The subcommittee was formed when ISO IEC JTC 1 SC 20 which covered standardization within the field of security techniques covering secret key techniques ISO IEC JTC 1 SC 20 WG 1 public key techniques ISO IEC JTC 1 SC 20 WG 2 and data encryption protocols ISO IEC JTC 1 SC 20 WG 3 was disbanded This allowed for ISO IEC JTC 1 SC 27 to take over the work of ISO IEC JTC 1 SC 20 specifically that of its first two working groups as well as to extend its scope to other areas within the field of IT security techniques 3 Since 1990 the subcommittee has extended or altered its scope and working groups to meet the current standardization demands ISO IEC JTC 1 SC 27 which started with three working groups eventually expanded its structure to contain five 4 The two new working groups were added in April 2006 at the 17th Plenary Meeting in Madrid Spain 5 Scope EditThe scope of ISO IEC JTC 1 SC 27 is The development of standards for the protection of information and ICT This includes generic methods techniques and guidelines to address both security and privacy aspects such as 6 Security requirements capture methodology Management of information and ICT security in particular information security management systems security processes security controls and services Cryptographic and other security mechanisms including but not limited to mechanisms for protecting the accountability availability integrity and confidentiality of information Security management support documentation including terminology guidelines as well as procedures for the registration of security components Security aspects of identity management biometrics and privacy Conformance assessment accreditation and auditing requirements in the area of information security management systems Security evaluation criteria and methodology SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas Structure EditISO IEC JTC 1 SC 27 is made up of five working groups WG each of which is responsible for the technical development of information and IT security standards within the programme of work of ISO IEC JTC 1 SC 27 In addition ISO IEC JTC 1 SC 27 has two special working groups SWG i SWG M which operates under the direction of ISO IEC JTC 1 SC 27 with the primary task of reviewing and evaluating the organizational effectiveness of ISO IEC JTC 1 SC 27 processes and mode of operations and ii SWG T which operates under the direction of ISO IEC JTC 1 SC 27 to address topics beyond the scope of the respective existing WGs or that can affect directly or indirectly multiple WGs ISO IEC JTC 1 SC 27 also has a Communications Officer whose role is to promote the work of ISO IEC JTC 1 SC 27 through different channels press releases and articles conferences and workshops interactive ISO chat forums and other media channels The focus of each working group is described in the group s terms of reference Working groups of ISO IEC JTC 1 SC 27 are 7 Working Group Working AreaISO IEC JTC 1 SC 27 SWG M ManagementISO IEC JTC 1 SC 27 SWG T Transversal itemsISO IEC JTC 1 SC 27 WG 1 Information security management systemsISO IEC JTC 1 SC 27 WG 2 Cryptography and security mechanismsISO IEC JTC 1 SC 27 WG 3 Security evaluation testing and specificationISO IEC JTC 1 SC 27 WG 4 Security controls and servicesISO IEC JTC 1 SC 27 WG 5 Identity management and privacy technologiesCollaborations EditISO IEC JTC 1 SC 27 works in close collaboration with a number of other organizations or subcommittees both internal and external to ISO or IEC in order to avoid conflicting or duplicative work Organizations internal to ISO or IEC that collaborate with or are in liaison to ISO IEC JTC 1 SC 27 include 6 8 ISO IEC JTC 1 SWG 6 Management ISO IEC JTC 1 WG 7 Sensor networks ISO IEC JTC 1 WG 9 Big Data ISO IEC JTC 1 WG 10 Internet of Things IoT ISO IEC JTC 1 SC 6 Telecommunications and information exchange between systems ISO IEC JTC 1 SC 7 Software and systems engineering ISO IEC JTC 1 SC 17 Cards and personal identification ISO IEC JTC 1 SC 22 Programming languages their environments and system software interfaces ISO IEC JTC 1 SC 25 Interconnection of information technology equipment ISO IEC JTC 1 SC 31 Automatic identification and data capture techniques ISO IEC JTC 1 SC 36 Information technology for learning education and training ISO IEC JTC 1 SC 37 Biometrics ISO IEC JTC 1 SC 38 Cloud computing and distributed platforms ISO IEC JTC 1 SC 40 IT Service Management and IT Governance ISO TC 8 Ships and marine technology ISO TC 46 Information and documentation ISO TC 46 SC 11 Archives records management ISO TC 68 Financial services ISO TC 68 SC 2 Financial Services security ISO TC 68 SC 7 Core banking ISO TC 171 Document management applications ISO TC 176 Quality management and quality assurance ISO TC 176 SC 3 Supporting technologies ISO TC 204 Intelligent transport systems ISO TC 215 Health informatics ISO TC 251 Asset management ISO TC 259 Outsourcing ISO TC 262 Risk management ISO TC 272 Forensic sciences ISO TC 292 Security and resilience ISO CASCO Committee on Conformity Assessments ISO TMB JTCG Joint technical Coordination Group on MSS ISO TMB SAG EE 1 Strategic Advisory Group on Energy Efficiency IEC SC 45A Instrumentation control and electrical systems of nuclear facilities IEC TC 57 Power systems management and associated information exchange IEC TC 65 Industrial process measurement control and automation IEC Advisory Committee on Information security and data privacy ACSEC Some organizations external to ISO or IEC that collaborate with or are in liaison to ISO IEC JTC 1 SC 27 include 6 9 Attribute based Credentials for Trust ABC4Trust Article 29 Data Protection Working Party Common Criteria Development Board CCDB Consortium of Digital Forensic Specialists CDFS CEN TC 377 CEN PC 428 e Competence and ICT professionalism Cloud Security Alliance CSA Cloud Standards Customer Council CSCC Common Study Center of Telediffusion and Telecommunication CCETT The Cyber Security Naming amp Information Structure Groups Cyber Security Ecma International European Committee for Banking Standards ECBS European Network and Information Security Agency ENISA European Payments Council EPC European Telecommunications Standards Institute ETSI European Data Centre Association EUDCA Eurocloud Future of Identity in the Information Society FIDIS Forum of Incident Response and Security Teams FIRST Information Security Forum ISF Latinoamerican Institute for Quality Assurance INLAC Institute of Electrical and Electronics Engineers IEEE International Conference of Data Protection and Privacy Commissioners International Information Systems Security Certification Consortium ISC 2 International Smart Card Certification Initiatives ISCI The International Society of Automation ISA INTERPOL ISACA International Standardized Commercial Identifier ISCI Information Security Forum ISF ITU T Kantara Initiative MasterCard PReparing Industry to Privacy by design by supporting its Application in REsearch PRIPARE Technology supported Risk Estimation by Predictive Assessment of Socio technical Security TREsPASS Privacy and Identity Management for Community Services PICOS Privacy Preserving Computation in the Cloud PRACTICE The Open Group The OpenID Foundation OIDF TeleManagement Forum TMForum Trusted Computing Group TCG VisaMember countries EditCountries pay a fee to ISO to be members of subcommittees 10 The 51 P participating members of ISO IEC JTC 1 SC 27 are Algeria Argentina Australia Austria Belgium Brazil Canada Chile China Cyprus Czech Republic Cote d Ivoire Denmark Finland France Germany India Ireland Israel Italy Jamaica Japan Kazakhstan Kenya Republic of Korea Luxembourg Malaysia Mauritius Mexico Netherlands New Zealand Norway Peru Poland Romania Russian Federation Rwanda Singapore Slovakia South Africa Spain Sri Lanka Sweden Switzerland Thailand the Republic of Macedonia Ukraine United Arab Emirates United Kingdom United States of America and Uruguay The 20 O observing members of ISO IEC JTC 1 SC 27 are Belarus Bosnia and Herzegovina Costa Rica El Salvador Estonia Ghana Hong Kong Hungary Iceland Indonesia Islamic Republic of Iran Lithuania Morocco State of Palestine Portugal Saudi Arabia Serbia Slovenia Swaziland and Turkey 11 As of August 2014 the spread of meeting locations since Spring 1990 has been as shown below nbsp Meeting LocationsPublished standards EditISO IEC JTC 1 SC 27 currently has 147 published standards within the field of IT security techniques including 4 12 13 14 ISO IEC Standard Title Status Description WGISO IEC 27000 free Information technology Security techniques Information security management systems Overview and vocabulary Published 2018 Describes the overview and vocabulary of ISMS 15 1ISO IEC 27001 Information technology Security techniques Information security management systems Requirements Published 2013 Specifies the requirements for establishing implementing monitoring and maintaining documented a documented ISMS within an organization 16 Transition mapping ISO IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard 1ISO IEC 27002 Information technology Security techniques Code of practice for information security controls Published 2013 Provides guidelines for information security management practices for use by those selecting implementing or maintaining ISMS 17 Transition mapping ISO IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard 1ISO IEC 27006 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems Published 2015 Specifies general requirements for a third party body operating ISMS in accordance with ISO IEC 27001 2005 certification registration has to meet if it is to be recognized as competent and reliable in the operation of ISMS certification registration 18 1ITU T X 1051 ISO IEC 27011 Information technology Security techniques Information security management guidelines for telecommunications organizations based on ISO IEC 27002 Published 2008 This recommendation international standard a establishes guidelines and general principles for initiating implementing maintaining and improving information security management in telecommunications organizations based on ISO IEC 27002 b provides an implementation baseline of Information Security Management within telecommunications organizations to ensure the confidentiality integrity and availability of telecommunications facilities and services 19 1ISO IEC 18033 1 Information technology Security techniques Encryption algorithms Part 1 General Published 2015 Specifies encryption systems for the purpose of data confidentiality 20 2ISO IEC 19772 Information technology Security techniques Authenticated encryption Published 2009 Specifies six methods for authenticated encryption with the security objectives of 21 Data confidentiality Data integrity Data origin authentication 2ISO IEC 15408 1 free Information technology Security techniques Evaluation criteria for IT security Part 1 Introduction and general model Published 2009 corrected and reprinted 2014 Establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various other parts of ISO IEC 15408 22 3ISO IEC 19792 Information technology Security techniques Security evaluation of biometrics Published 2009 Specifies the subjects to be addressed during the security evaluation of a biometric system 23 3ISO IEC 27031 Information technology Security techniques Guidelines for information and communication technology readiness for business continuity Published 2011 Describes the concepts and principles of ICT readiness for business continuity and the method and framework needed to identify aspects in which to improve it 24 4ISO IEC 27034 1 Information technology Security techniques Application security Part 1 Overview and concepts Published 2011 Addresses the management needs for ensuring the security of applications 5 and presents an overview of application security through the introduction of definitions concepts principles and processes 25 4ISO IEC 27035 Information technology Security techniques Information security incident management Published 2011 Provides a structured and planned approach to 26 Detect report and assess information security incidents Respond to and manage information security incidents Detect assess and manage information security vulnerabilities 4ISO IEC 27037 Information technology Security techniques Guidelines for identification collection acquisition and preservation of digital evidence Published 2012 Provides guidance for the handling of digital evidence that could be of evidential value 27 4ISO IEC 24760 1 free Information technology Security techniques A framework for identity management Part 1 Terminology and concepts Published 2011 Provides a framework for the secure and reliable management of identities by 28 Defining the terms for identity management Specifying the core concepts of identity and identity management 29 5ISO IEC 24760 2 Information technology Security techniques A framework for identity management Part 2 Reference architecture and requirements Published 2015 Provides guidelines for the implementation of systems for the management of identity information and specifies requirements for the implementation and operation of a framework for identity management 30 5ISO IEC 24761 Information technology Security techniques Authentication context for biometrics Published 2009 Specifies the structure and data elements of Authentication Context for Biometrics ACBio which checks the validity of biometric verification process results 31 5ISO IEC 29100 free Information technology Security techniques Privacy framework Published 2011 Provides a privacy framework that 32 Specifies a common privacy terminology Describes privacy safeguarding considerations Provides references to known privacy principles for IT 5ISO IEC 29101 Information technology Security techniques Privacy architecture framework Published 2013 Defines a privacy architecture framework that 33 Specifies concerns for ICT systems that process PII Lists components for the implementation of such systems Provides architectural views contextualizing these componentsApplicable to entities involved in specifying procuring designing testing maintaining administering and operating ICT systems that process PII Focuses primarily on ICT systems that are designed to interact with PII principals 5See also EditISO IEC JTC 1 List of ISO standards Deutsches Institut fur Normung International Organization for Standardization International Electrotechnical CommissionReferences Edit DIN 2015 08 12 ISO IEC JTC 1 SC 27 IT Security techniques Home Retrieved 2013 09 26 ISO ISO IEC JTC 1 SC 27 Secretariat Retrieved 2013 08 22 ISO 2012 ISO IEC JTC 1 SC 27 Security techniques ISO IEC JTC1 Standing Document N 2 a b Humphreys Edward ed 2010 SC 27 Platinum Book PDF Suffolk UK Gripping Press Ltd Retrieved 2013 08 22 a b Meng Chow Kang 2008 Getting Ready to the Changing Risk Situation PDF Synthesis Journal Retrieved 2013 08 22 a b c Fumy Walter 2012 10 10 SC 27 Business Plan October 2014 September 2015 PDF Business Plan Retrieved 2013 08 22 ISO ISO IEC JTC 1 SC 27 IT Security techniques p Structure Retrieved 2013 08 22 ISO IEC JTC 1 SC 27 Liaisons ISO Retrieved 2015 07 14 DIN 2015 08 12 ISO IEC JTC 1 SC 27 Membership Retrieved 2013 08 22 ISO June 2012 III What Help Can I Get from the ISO Central Secretariat ISO Membership Manual PDF ISO pp 17 18 Retrieved 2013 07 12 ISO ISO IEC JTC 1 SC 27 IT Security techniques Retrieved 2013 08 23 ISO Standards Catalogue ISO IEC JTC 1 SC 27 IT Security techniques Retrieved 2015 08 20 Freely Available Standards ISO Retrieved 2015 08 20 ISO IEC JTC 1 SC 27 ISO Retrieved 2015 07 14 ISO 2014 01 15 ISO IEC 27000 2014 Retrieved 2015 08 20 ISO 2013 09 25 ISO IEC 27001 2013 Retrieved 2013 09 26 ISO 2013 09 25 ISO IEC 27002 2013 Retrieved 2013 09 26 ISO IEC 27006 2011 ISO Retrieved 2015 09 02 ISO IEC 27011 2008 ISO Retrieved 2015 09 02 ISO IEC 2015 07 24 ISO IEC 18033 1 2015 Retrieved 2015 08 20 ISO IEC 2009 02 12 ISO IEC 19772 2009 Retrieved 2013 08 23 ISO 2015 03 18 ISO IEC 15408 1 2009 Retrieved 2015 08 20 ISO IEC 2009 07 30 ISO IEC 19792 2009 Retrieved 2013 08 23 ISO IEC 2011 03 01 ISO IEC 27031 2011 Retrieved 2013 08 22 ISO IEC 2011 11 21 ISO IEC 27034 1 2011 Retrieved 2013 08 22 ISO IEC 2011 08 17 ISO IEC 27035 2011 Retrieved 2013 08 22 ISO 2012 10 15 ISO IEC 27037 2012 Retrieved 2013 09 26 Brackney Dick 2006 12 05 Report on ISO IEC JTC1 SC27 Activities in Digital Identities PDF Presentation Retrieved 2013 08 22 ISO IEC 2011 12 07 ISO IEC 24760 1 2011 Retrieved 2013 08 22 ISO IEC 24760 2 ISO Retrieved 2015 08 20 ISO IEC 2009 05 11 ISO IEC 24761 2009 Retrieved 2013 08 23 ISO 2011 12 05 ISO IEC 29100 2011 Retrieved 2013 09 26 ISO 2013 10 16 ISO IEC 29101 2013 1 ed Retrieved 2013 12 12 External links EditISO IEC JTC 1 SC 27 home page ISO IEC JTC 1 SC 27 page at ISO ISO IEC Joint Technical Committee 1 Information Technology public website ISO IEC Joint Technical Committee 1 Livelink password protected available documents ISO IEC Joint Technical Committee 1 freely available documents JTC 1 Supplement Standing Documents and Templates ISO and IEC procedural documentation ISO DB Patents including JTC 1 patents ITU T Study Group 17 SG17 ISO International Organization for Standardization IEC International Electrotechnical Commission Access to ISO IEC JTC 1 SC 27 Freely Available Standards Retrieved from https en wikipedia org w index php title ISO IEC JTC 1 SC 27 amp oldid 1134115516, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.