国际信息安全技术标准发展(英文版)
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
– Leverage and streamline resources among traditional business continuity, disaster recovery, emergency response, and IT security incident response and management
Cybersecurity (27032)
Network Security (27033)
Application Security (27034)
Includes ISO/IEC 24762, Vulnerability Mgmt, IDS, & Incident Response related standards
Activate BCP
Prepare & Test
Plan
Plan
Prepare & Test
Activate DCRP
Disaster Contingency & Recovery Planning
Disaster Events
IT Systems Failures
ICT Readiness for Business Continuity
1st WD available for comments
TTP Services Security
New Study Period proposed; Includes outsourcing and off-shoring security
Forensic Investigation
Future NP
ISO/IEC JTC 1 SC 27 Chair Walter Fumy Vice Chair Marijike de Soete Secretary Krystyna Passia
WG2 Security Techniques
Chair Prof. K Naemura
WG3 Security Evaluation
Chair Mats Ohlin
WG4 Security Controls &
Services
Chair Meng-Chow Kang
Information Security Management Systems (ISMS)
27001
ISMS Requirements
27000
Fundamental & Vocabulary
Gaps between Readiness & Response
IT Security, BCP, and DRP Planning & Execution
IT Security Planning
Protect
Detect
React/ Response
Business Continuity Planning
• Why ICT Readiness focus on Business Continuity?
– ICT systems are prevalent in organizations – ICT systems are necessary to support incident, business continuity, disaster,
• What is ICT Readiness?
– Prepare organization ICT technology (infrastructure, operation, applications), process, and people against unforeseeable focusing events that could change the risk environment
Anti-Spyware, Anti-SPAM, AntiPhishing, Cybersecurity-event coordination & information sharing
ISO 18028 revision; WD for new Part 1, 2 & 3; New Study Period on Home Network Security
Investigate to establish facts about breaches; identify who done it and what went wrong
S源自文库curity breaches and compromises
SC27 WG4 Roadmap
ICT Readiness for Business Continuity (27031)
Prepare to respond; eliminate or reduce impact
Unknown and emerging security issues
Risk manage; Prevent occurrence; Reduce impact of occurrence
Known security issues
国际信息安全技术标准 发展(英文版)
2020年4月24日星期五
WG1 ISMS Standards
Chair Ted Humphreys Vice-Chair Angelika Plate
WG5 Privacy Technology,
ID management and Biometrics
Chair Kai Rannenberg
27006
Accreditation Requirements
ISMS Family
27005
ISMS Risk Management
27002
Code of Practice
27003
ISMS Implementation
Guidance
27004
ISMS Measurement
SC27 WG4 Roadmap Framework
and emergency response and management needs – Business continuity is incomplete without considering ICT systems
readiness – Responding to security incident, disasters, and emergency situations are
Cybersecurity (27032)
Network Security (27033)
Application Security (27034)
Includes ISO/IEC 24762, Vulnerability Mgmt, IDS, & Incident Response related standards
Activate BCP
Prepare & Test
Plan
Plan
Prepare & Test
Activate DCRP
Disaster Contingency & Recovery Planning
Disaster Events
IT Systems Failures
ICT Readiness for Business Continuity
1st WD available for comments
TTP Services Security
New Study Period proposed; Includes outsourcing and off-shoring security
Forensic Investigation
Future NP
ISO/IEC JTC 1 SC 27 Chair Walter Fumy Vice Chair Marijike de Soete Secretary Krystyna Passia
WG2 Security Techniques
Chair Prof. K Naemura
WG3 Security Evaluation
Chair Mats Ohlin
WG4 Security Controls &
Services
Chair Meng-Chow Kang
Information Security Management Systems (ISMS)
27001
ISMS Requirements
27000
Fundamental & Vocabulary
Gaps between Readiness & Response
IT Security, BCP, and DRP Planning & Execution
IT Security Planning
Protect
Detect
React/ Response
Business Continuity Planning
• Why ICT Readiness focus on Business Continuity?
– ICT systems are prevalent in organizations – ICT systems are necessary to support incident, business continuity, disaster,
• What is ICT Readiness?
– Prepare organization ICT technology (infrastructure, operation, applications), process, and people against unforeseeable focusing events that could change the risk environment
Anti-Spyware, Anti-SPAM, AntiPhishing, Cybersecurity-event coordination & information sharing
ISO 18028 revision; WD for new Part 1, 2 & 3; New Study Period on Home Network Security
Investigate to establish facts about breaches; identify who done it and what went wrong
S源自文库curity breaches and compromises
SC27 WG4 Roadmap
ICT Readiness for Business Continuity (27031)
Prepare to respond; eliminate or reduce impact
Unknown and emerging security issues
Risk manage; Prevent occurrence; Reduce impact of occurrence
Known security issues
国际信息安全技术标准 发展(英文版)
2020年4月24日星期五
WG1 ISMS Standards
Chair Ted Humphreys Vice-Chair Angelika Plate
WG5 Privacy Technology,
ID management and Biometrics
Chair Kai Rannenberg
27006
Accreditation Requirements
ISMS Family
27005
ISMS Risk Management
27002
Code of Practice
27003
ISMS Implementation
Guidance
27004
ISMS Measurement
SC27 WG4 Roadmap Framework
and emergency response and management needs – Business continuity is incomplete without considering ICT systems
readiness – Responding to security incident, disasters, and emergency situations are