1 / 13

ISO Update

ISO Update. Presentation to Kantara Initiative Privacy and Public Policy WG 21 June 2012 Steve Johnston Canadian Head of Delegation to ISO/IEC JTC1/SC27/WG 5. ISO Update. Overview SC27 Structure WG 5 update Mandate Published standards Current projects/study periods

orinda
Download Presentation

ISO Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISO Update Presentation to Kantara Initiative Privacy and Public Policy WG 21 June 2012 Steve Johnston Canadian Head of Delegation to ISO/IEC JTC1/SC27/WG 5

  2. ISO Update • Overview • SC27 Structure • WG 5 update • Mandate • Published standards • Current projects/study periods • New projects/study periods

  3. SC27 Structure • SC27 consists of five (5) Working Groups: • WG 1 – information security management systems • WG 2 – cryptography and security mechanisms • WG 3 – security evaluation criteria • WG 4 – security controls and services • WG 5 – identity management and privacy technologies

  4. WG 5 Update • WG 5 established May 2006 • WG 5 mandate: • development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data

  5. WG 5 Update • Published WG 5 standards*(see notes) • ISO 24761 (Authentication context for biometrics) (May 2009) • ISO 24745 (Biometric information protection) (December 2011) • ISO 24760-1 (Framework for identity management: Part 1 – Terminology and concepts)(December 2011) • ISO 29100 (Privacy framework) (December 2011)

  6. WG 5 Update • Current projects*(see notes) • Identity management • ISO 24760 (Framework for identity management) • Part 2 (Reference architecture and requirements) (3rd WD – May 2014) • Part 3 (Practice) (2nd WD – Nov 2014) • ISO 29115 (Entity authentication assurance framework) (FDIS – late 2012/early 2013) • ISO 29146 (Framework for access management) (6th WD – Nov 2014)

  7. WG 5 Update • Current projects*(see notes) • Protection of personal information • ISO 29101 (Privacy architecture framework) (5th CD – May 2013) • ISO 29190 (Privacy capability assessment model) (4th WD – May 2013 (will miss)) • ISO 29191 (Requirements for partially anonymous, partially unlinkable authentication) (DIS – May 2012 (missed))

  8. WG 5 Update • Current projects*(see notes) • Standing Documents • SD 1: Roadmap • SD 2: Privacy References List • SD 3: Harmonized Vocabulary

  9. WG 5 Update • New projects*(see notes) • ISO 17922 (Telebiometric authentication framework using biometric hardware security module (ITU-T X.bhsm) (1st WD – Dec 2014) • ISO 27018 (Code of practice for data protection controls for public cloud computing services) (1st WD – Dec 2014)

  10. WG 5 Update • New work item proposals*(see notes) • Identity proofing • PIA methodology

  11. WG 5 Update • Study Periods*(see notes) • Current/extended • Privacy/personal information management systems (PIMS) • Privacy impact assessments • Joint Coordination Group – Cloud Computing Security and Privacy

  12. WG 5 Update • Study Periods*(see notes) • New (as of May 2012) • Privacy seals (e.g., EuroPRiSe) • Data deletion • Evaluation of anti-spoofing techniques in biometrics • Smart Grid (SC27 level)

  13. Questions?

More Related