Kenya Bureau of Standards
navbar_corner_left
About Us seprator Standards seprator Metrology seprator Quality Assuarance and Inspection seprator Testing seprator Certification seprator NQI Training
navbar_corner_right
About Standards
Technical committees
Kenya Standards
East African Standards
WTO/TBT National enquiry point
Workshop & Seminar Reports
 
 
 
 
 
spacer

ISO/IEC JTC1 SC 27 (INFORMATION TECHOLOGY SECURITY TECHNIQUES) STANDARDIZATION MEETING; 10-14th 0ctober 2011
  • Background information
  • ISO/IEC JTC 1 SC 27 & Structure
  • Delegates Registration Forms
  • Sponsorship Opportunities

1.0  INTRODUCTION

Joint Technical Committee 1 of ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) which is commonly known as JTC 1 is the standards development environment where experts come together to develop worldwide Information and Communication Technologies (ICT) standards for business and consumer applications.

JTC1 SC27 is the subcommittee under JTC1 which develops standards for the protection of information and ICT including generic methods, techniques and guidelines to address both security and privacy aspects, such as

  • Security requirements capture methodology;
  • Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services;
  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
  • Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
  • Security aspects of identity management, biometrics and privacy;
  • Conformance assessment, accreditation and auditing requirements in the area of information security;
  • Security evaluation criteria and methodology.
All these aspects are of importance to any organization that values its information assets.

2.0   BENEFITS OF HOSTING THE SC27 MEETING

Standardized security techniques are becoming mandatory requirements for e- and m-commerce, e-government, health-care, and many other application areas. The use of security techniques and in particular of identification, authentication and electronic signatures constitutes a core element in e-business, e-government and other on-line activities.

SC 27 has experts drawn from at least sixty countries and also maintains liaison with other organizations including CCDB (Common Criteria Development Board), CCETT (Common Study Centre for Telediffusion and Telecommunicaiton), ECBS (European Committee for Banking Standards), ENISA (European Network and Information Security Agency), EPC (European Payment Council), ETSI (European Telecommunication Standards Institute), Ecma (European Computer Manufacturers Association) International, ISSEA (international Systems Security Engineering Association), ITU (International Telecommunications Union), MasterCard Opengroup, United Kingdom and Visa.

Looking at the membership of the committee together with the liaison organizations, the experts expected to attend the meeting are diverse in terms of economic background, specialization and even exposure to the implementation of Information Security Management Standards (ISMS).

Interaction with these experts will be an opportunity for our TC (Technical Committee) members to get exposed to international standardization and establish contacts which could lead to business openings for both local and international entrepreneurs.

It is also expected that this interaction will lead to enhanced local and international TC work by our local experts by having both employees and employers change their perception towards standardization after this exposure. It is worth noting that most of the experts are drawn from outside the National Standards Bodies which is expected to be an eye opener to our companies.

3.0   FINANCING

The bulk of the finances towards the meeting is expected to come from the Kenya Bureau of Standards (KEBS) with support from private industry through sponsorship. It is expected that success of this meeting will lead to more sponsorship in future in case Kenya decides to host others Technical Committees dealing with Information Technology such as the subcommittee on Information Technology for learning, Education and Training which has expressed the desire to hold its meetings in Kenya in the year 2013.
Untitled Document

ISO/IEC JTC 1 SC 27 - IT SECURITY TECHNIQUES

ISO (the International Organization for Standardization) and IEC (International Electrotechnical Commission) form the specialized system for worldwide standardization. National Bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, government and non-governmental, in liaison with ISO and IEC, also take part in the work.
In the field of information technology, ISO and IEC have established a Joint Technical Committee 1: ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committees are circulated to the national bodies for voting. Publication as an International Standard requires approval by at least 75% of the national bodies casting a vote.

Area of Work
ISO/IEC JTC 1 SC 27 is a subcommittee of this joint technical committee. Its title is "Security techniques". Its area of work is standardization of generic methods and techniques for IT Security. This includes:

  • identification of generic requirements (including requirements methodology)for IT system security services,
  • development of security techniques and mechanisms (including registration procedures and relationships of security components),
  • development of security guidelines (e.g., interpretative documents ,risk analysis), and
  • development of management support documentation and standards(e.g., terminology and security evaluation criteria).

Excluded is:

  • the embedding of mechanisms in applications.

Note: The SC 27 Scope and Area of Work includes the standardization of cryptographic algorithms for integrity, authentication and non-repudiation services. Furthermore it includes the standardization of cryptographic algorithms for confidentiality services for use in accordance with internationally accepted policies.

Structure

Current activities of SC 27 are divided into five working groups: 

  • Working Group 1:Information security management systems
  • Working Group 2: Cryptography and security mechanisms
  • Working Group 3: Security evaluation criteria
  • Working Group 4: Security controls and services
  • Working Group 5: Identity management and privacy technologies

Kenya has what is referred to as the mirror committee of ISO/IEC JTC 1/SC 27 (KEBS TC93) with its Secretariat at the Kenya Bureau of Standards (KEBS). This mirror committee is composed of professionals from different sectors of the economy and work within the scope of SC27 including its five working groups and directly participates in the work of SC27.
To obtain the International Standards adopted by KEBS TC93 or participate in its work, please contact Mr. Amos Wambua (wambua@kebs.org) who is its Secretary.

ISO/IEC JTC1 SC 27 WG 1

Information security management systems 

The Terms of Reference of this working group are:
The scope of WG1 covers the development of ISMS (Information Security Management System) standards and guidelines. This includes:

  1. Development and maintenance of the ISO/IEC 27000 ISMS standards family
  2. Identification of requirements for future ISMS standards and guidelines
  3. On-going maintenance of WG1 standing document SD WG1/1 (WG1 Roadmap)
  4. Collaboration with other Working Groups in SC 27, in particular with WG4 on standards addressing the implementation of control objectives and controls as defined in ISO/IEC 27001.

Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for ISMS, for example:

  • ITU-T Telecoms
  • ISO/TC 215 Healthcare
  • ISO/TC 68 Banking
  • ISO/TC 204 Intelligent transport systems
  • ISO/TC 223 Civil defense
  • ISSEA
  • Aerospace
  • Automotive industry
  • Standards bodies, such as IETF, IEEE
  • International institutions, e.g. OECD, APEC, EU
  • IAF and CASCO, and other relevant groups regarding the development of accreditation and certification standards and guidelines

ISO/IEC JTC1 SC 27 WG 2

Cryptography and security mechanisms 

The terms of reference of this working group are:
WG 2 provides a center of expertise for the standardization of IT Security techniques and mechanisms within JTC 1.

Terms of Reference:

  • identify the need and requirements for these techniques and mechanisms in IT systems and applications;
  • develop terminology, general models and standards for these techniques and mechanisms for use in security services.

The scope covers both cryptographic and non-cryptographic techniques and mechanisms including:

  • confidentiality;
  • entity authentication;
  • non-repudation;
  • key management;
  • data integrity such as
  • message authentication;
  • hash-functions;
  • digital signatures.

The mechanisms in general include several options with respect to the techniques used including symmetric cryptographic, asymmetric cryptographic and non-cryptographic.

ISO/IEC JTC 1/SC 27 WG 3
Security evaluation criteria

The terms of reference of this working group are:
Standards for IT Security evaluation and certification of IT systems, components, and products. This will include consideration of computer networks, distributed systems, associated application services, etc.
Three aspects may be distinguished: 

  • evaluation criteria;
  • methodology for application of the criteria;
  • administrative procedures for evaluation, certification, and accreditation schemes.

This work will reflect the needs of relevant sectors in society, as represented through ISO/IEC national Bodies and other organisations in liaison, expressed in standards for security functionality and assurance.
Account will be taken of related ISO/IEC and ISO standards for quality management and testing so as not duplicate these efforts.

ISO/IEC JTC 1/SC 27 WG 4
Security controls and services

The terms of reference of this working group are:
The scope of WG4 covers the development and maintenance of standards and guidelines addressing services and applications supporting the implementation of control objectives and controls as defined in ISO/IEC 27001.

This includes:

  • Current SC 27 projects:
  • IT Network security (ISO/IEC 18028)
  • Information security incident management (ISO/IEC TR 18044)
  • Guidelines for information and communications technology disaster recovery services (ISO/IEC 24762)
  • Selection, deployment and operation of Intrusion Detection Systems (IDS) (ISO/IEC 18043)
  • Guidelines on use and management of Trusted Third Party services (ITU-T X.842 I  ISO/IEC TR 14516)
  • Specification of TTP services to support the application of digital signatures (ITU-T X.843 I ISO/IEC 15945)
  • Security information objects for access control (ITU-T X.841 I ISO/IEC 15816)
  • Identification of requirements for and development of future service and applications standards and guidelines, for example in the areas of
    • Business Continuity
    • Cyber Security
    • Outsourcing
  • On-going maintenance of WG4 standing document SD WG4/1 (WG4 Road Map)
  • Collaboration with other Working Groups in SC 27, in particular with WG1 on ISMS standards and guidelines
  • Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for services and applications, for example:
    • ITU-T Telecoms
    • ISO/TC 215 Health informatics
    • ISO/TC 68 Banking
    • ISSEA
    • Aerospace
    • Automotive industry
    • Standards bodies, such as IETF, IEEE
    • International institutions, e.g. OECD, APEC, EU
    • IAF and CASCO, and other relevant groups regarding the development of accreditation and certification standards and guidelines

ISO/IEC JTC 1/SC 27 WG 5
Identity management and privacy technologies

The terms of reference of this working group are:
The scope of SC27/WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data.

This includes:

  • Current SC 27 projects:
    • Framework for Identity Management (ISO/IEC 24760)
    • Biometric template protection (ISO/IEC 24745)
    • Authentication context for biometrics (ISO/IEC 24761)
  • Identification of requirements for and development of future standards and guidelines in these areas.  For example in the area of Identity Management, topics such as
    • Role based access control
    • Provisioning
    • Identifiers
    • Single sign-on

In the area of Privacy, topics such as

  • A Privacy Framework
  • A Privacy Reference Architecture
  • Privacy infrastructures
  • Anonymity and credentials
  • Specific Privacy Enhancing Technologies (PETs)
  • Privacy Engineering

In the area of Biometrics, topics such as

    • Protection of biometric data 
    • Authentication technique

  • Collaboration with other Working Groups in SC 27, e.g., WG1 on management aspects, WG 2 on specific cryptographic techniques and WG 3 on evaluation aspects.
  • Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for services and applications in this area, for example:
    • ISO/IEC SC 37 Biometrics
    • ECRYPT
    • ISO TC68/SC2 Financial Services Security
    • ISO TC68/SC6/WG10 Financial Services-Retail Financial Services-Privacy
    • ITU-T SG17 (Security, languages and telecommunication software)
    • FIDIS (Future of Identity in the Information Society)
    • The International Conference of Data Protection and Privacy Commissioners
    • The Open Group (IdM Forum and Jericho Forum)
 
SPONSORSHIP OPPORTUNITIES

1. Gold Meeting Sponsor
The Gold Meeting sponsorship package combines marketing and branding before the event and maximum exposure during the meeting. Gold sponsorship status is priced at KES 5,000,000 (approximately USD 63,000) and attracts the benefits listed below:

  1. Logo prominently appearing on all the three flyers at the three major roundabouts in Nairobi.
  2. Full page sponsor recognition including company synopsis in the meeting Brochure.
  3. Website – The Gold sponsor shall be featured on the meeting website starting from the time a sponsorship agreement is made. The sponsor is entitled to promote their company as the Gold sponsor to the meeting.
  4. Signage – The Gold sponsor is entitled to provide appropriate signage in the main Meeting room and the Meeting registration area. The Gold sponsor’s signage will be more prominent than those of other sponsors.
  5. Promotional Material – The Gold sponsor’s company name and logo shall appear more prominently than those of other sponsors and will be featured (within productions schedule) in the Meeting programme, on a display board in the Meeting registration area and in any other pre Meeting promotional material.
  6. Giveaways – The Gold sponsor shall have the opportunity to include their company’s brochure and a gift/giveaway in the attendee pack that is material distributed to participants upon registration of the Meeting.
  7. Exhibition opportunity – The Gold sponsor will be offered an opportunity to have a stand both in the coffee/tea area and the registration area of the Meeting where they can exhibit or demonstrate products if appropriate.
  8. Acknowledgements – The Gold sponsor shall be acknowledged during the opening and closing Meeting sessions and in the proceedin

 2. Silver Meeting Sponsor
The Silver Meeting sponsorship package combines marketing and branding before the event and extensive exposure during the Meeting. Silver sponsorship status is priced at KES 3,000,000 (approximately USD 38,000) and attracts the benefits listed below:

  1. Logo appearing on all the three flyers at the three major roundabouts in Nairobi.
  2. Sponsor recognition in the meeting Brochure.
  3. Website – The Silver sponsor shall be featured on the Meeting website starting from the time a sponsorship agreement is made.
  4. Signage – The Silver sponsor is entitled to provide appropriate signage in the main Meeting room and the Meeting registration area.
  5. Promotional Material – The Silver sponsor’s company name and logo shall appear in the Meeting programme and on a display board in the Meeting registration area.
  6. Gift/Giveaway – The Silver sponsor shall have the opportunity to include their company’s brochure and a gift/giveaway in the attendee pack that is material distributed to participants upon registration of the Meeting.
  7. Exhibition opportunity – The Silver sponsor will have a stand in the coffee/tea area of the Meeting where they can exhibit or demonstrate products if appropriate.
  8. Acknowledgements – The Silver sponsor shall be duly acknowledged in the proceedings

 3. Bronze Meeting Sponsor
The Bronze Meeting sponsorship package combines marketing and branding before the event and exposure during the Meeting. Bronze sponsorship status is priced at KES 500,000 (approximately USD 6,500) and attracts the benefits listed below

  1. Website – The Bronze sponsor will be featured on the Meeting web site from the time a sponsorship agreement is made. The sponsor is entitled to promote their company as the Bronze sponsor to the Meeting.
  2. Signage – The Bronze sponsor is entitled to provide appropriate signage in the main Meeting room and workshop rooms.
  3. Meeting Proceedings – The Bronze sponsor’s company logo shall appear inside the Meeting proceedings.
  4. Promotional Material – The Bronze sponsor’s company logo shall be featured (within productions schedule) in the proceedings, on the Meeting programme and on a display board in the Meeting registration area.
  5. Gift/Giveaway – The Bronze sponsor shall have the opportunity to include their company’s brochure and a gift/giveaway in the Meeting kit that is distributed to participants upon registration.
  6. Acknowledgements - The Bronze sponsor shall be duly acknowledged in the proceedings.

3. Other Sponsors
This class of sponsorship package combines marketing and branding before the event and acknowledgement during the Meeting. This sponsorship status attracts the benefits listed below

  1. Website – The sponsor will be featured on the Meeting web site from the time a sponsorship agreement is made.
  2. Acknowledgements - The sponsor shall be duly acknowledged in the proceedings.
Official Sponsors
 
 
 
 
 
 
spacer
© 2011 | Kenya Bureau of Standards