Working Group 1 – Information security management systems

Convenor: Dr. Edward HUMPHREYS, BSI, United Kingdom
Convener support: Pablo CORONA, DGN, Mexico
Convenor support team: Zhigao FU, SAC, China

The scope of WG 1 covers aspects of information security management system (ISMS) standards and management system issues related to the protection of information.

Projects include:
•    ISO/IEC 27001 – Information security management system - Requirements
•    ISO/IEC 27002 – Information security controls 
•    ISO/IEC 27005 – Information security risk management
•    ISO/IEC 27006–1 – Requirements for bodies providing audit and certification of information security management systems — Part 1: General
•    ISO/IEC 27007 – Guidelines for information security management systems auditing

 

Working Group 2 - Cryptography and Security Mechanisms


Convenor: Hirotaka YOSHIDA, JISC, Japan
Convenor support: Takeshi CHIKAZAWA, JISC, Japan

The scope of WG 2 covers cryptographic and non-cryptographic security techniques and mechanisms for confidentiality, entity authentication, non-repudiation, key management and data integrity.

Projects include:
•    ISO/IEC 9796 multi-part series – Digital signature schemes giving message recovery
•    ISO/IEC 9798 multi-part series – Entity authentication
•    ISO/IEC 18033 multi-part series – Encryption algorithms
•    ISO/IEC 19772 – Authenticated encryption
•    ISO/IEC 29192 – Lightweight cryptography

 

Working Group 3 - Security Evaluation, Testing and Specification


Convenor: Miguel BAÑÓN, UNE, Spain
Convenor support: Naruki KAI, JISC, Japan

The scope of WG 3 covers aspects related to security engineering with particular emphasis on, but not limited to, standards for IT security specification, evaluation, testing and certification of IT systems, components, and products. This includes consideration of computer networks, distributed systems, associated application services, biometrics.

Projects include:
•    ISO/IEC 15408 – Evaluation criteria for IT security
•    ISO/IEC 18045 – Methodology for IT security evaluation
•    ISO/IEC 19790 – Competence requirements for information security testers and evaluators
•    ISO/IEC 24759 – Test requirements for cryptographic modules 
•    ISO/IEC 30111 – Vulnerability handling processes

 

Working Group 4 - Security Controls and Services


Convenor: Johann AMSENGA, ILNAS, Luxembourg 
Convenor support: François LOREK, AFNOR, France

The scope of WG 4 covers aspects related to security controls and services, emphasizing standards for IT security and its application to the security of products and systems in information systems, as well as the security in the lifecycle of such products and systems.

Projects include:
•    ISO/IEC 27031 – Information and communication technology readiness for business continuity
•    ISO/IEC 27035 multi-part series – Information security incident management 
•    ISO/IEC 27036 multi-part series – Cybersecurity – Supplier relationships
•    ISO/IEC 27099 multi-part series – Public key infrastructure
•    ISO/IEC 27400 multi-part series – IoT security and privacy

 

Working Group 5 - Identity Management and Privacy Technologies


Convenor: Prof. Dr. Kai RANNENBERG, DIN, Germany
Convenor support: Dr. Jan SCHALLABÖCK, DIN, Germany

The scope of SC 27/WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data.

Projects include:
•    ISO/IEC 24760 multi-part series – A framework for identity management
•    ISO/IEC 27006–2 – Requirements for bodies providing audit and certification of information security management systems – Part 2: Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001
•    ISO/IEC 27701 – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines
•    ISO/IEC 29100 – Privacy framework
•    ISO/IEC 29184 – Online privacy notices and consent


JWG 4 - Joint working group ISO/TC 307-JTC 1 and SC 27; Security, privacy and identity for Blockchain and DLT


Co-Convenor: Julien BRINGER (ISO/TC 307) 
Co-Convenor: Sal FRANCOMACARO ANSI, USA (JTC 1/SC 27)

This Joint WG was created to leverage different expertise and competences from the two parents’ committees to create a synergy among Blockchain experts and Security, Identity and Privacy experts to produce specialized standards in the intersection of the two parent committees while avoiding duplications and possible inconstancies. 

Publications 
•    ISO/TR 23244 Blockchain and distributed ledger technologies — Privacy and personally identifiable information protection considerations
•    ISO/TR 23576 Blockchain and distributed ledger technologies — Security management of digital asset custodians
 

JWG 6 - Joint working group ISO/IEC JTC1/SC 27 - ISO/TC 22/SC 32 WG : Cybersecurity requirements and evaluation activities for connected vehicle devices

Convenor: Di TANG, SAC, China