- About FIRST
- FIRST Members
- Global Initiatives
- Special Interest Groups (SIGs)
- Best Practices Contest
- Standardization efforts
- Affiliates
- Events
- Meetings
- Security Library
- Newsroom
FIRST established a number Category C liaison relationship with ISO/IEC JTC 1/SC 27. The relationship is established with Working Group 3 (WG3) and WG4. Damir Rajnovic (gaus.rajnovic at eu.panasonic.com) is appointed as a liaison officer. You can read more about SC 27 activities at SC 27 home page. The list of all standards that are developing within JTC 1/SC 27 are visible here.
If you would like to contribute to any ISO activity within ISO/IEC JTC 1/SC 27/WG 3 or WG4 that is not listed here please contact Damir Rajnovic (gaus.rajnovic@eu.panasonic.com) to investigate access to the relevant documents.
To access all public documents in WG3 visit The Official BSI IST/33/-/3 Home Page. No such page is known to exist for WG4.
Contributing to activities that are outside of WG3 or WG4 may be possible in some instances but that has to be investigated on a case-by-case basis.
There are several ways you can submit your comments to ISO:
Whichever avenue you choose to use it is very important not to send the identical comments via multiple avenues. It is acceptable to use multiple avenues for passing your comments and it is certainly fine if these comments are similar in nature, but do not copy-and-paste them. Failure to follow this guideline may result in complete disregard of your contributions.
Currently the following ISO activites are being tracked
| ISO Activities | Lead | Maling list |
|---|---|---|
| New work item - "Vulnerability Handling Processes" | Damir Rajnovic |
none defined |
| ISO 29147 - Responsible Vulnerability Disclosure | Damir Rajnovic |
iso-vulnerability@first.org |
| ISO 27035 - Information Security Incident Management | Yurie Ito |
iso-incident@first.org |
| ISO 27010 - Guidance for Information Security Management for Inter-sector Communications | Damir Rajnovic | none defined |
| ISO 27032 - Guidelines for Cybersecurity | Damir Rajnovic | iso-cybersecurity@first.org |
| ISO 27037 - Evidence Acquisition Procedure for Digital Forensics | Steve Collins | iso-forensics@first.org |
ISO/IEC JTC 1/SC 27 - Security techniques Future Meetings (full calendar available in meeting calendar of ISO/IEC JTC 1/SC 27):
This new work item is proposed at the 2010 meeting in Berlin and national boides must vote if they would accept this work or not. Its scope is given as follows:
The New Work Item Proposal and accompanying attachment are currently the only documents available.
We expect voting results around end of December 2010.
This is a new standard. The editor is Faud Khan (Alcatel-Lucent).
Documents related to this effort can be found here. They are in inverse chronologica order (oldest at the top).
Kyoto, 2008-Apr:
Limasol, 2008-Oct:
Beijing, 2009-May:
Redmond, 2009-Nov:
Malaka, 2010-Apr:
Berlin, 2010-Oct:
ITU-T produced recommendation X.1206 (04/2008) A vendor-neutral framework for automatic notification of security related information and dissemination of updates. The summary of ITU-T X1206 follows:
Recommendation ITU-T X.1206 provides a framework for automatic notification of security related information and dissemination of updates. The key point of the framework is that it is a vendor-neutral framework. Once an Asset is registered, updates on vulnerabilities information and patches or updates can be automatically made available to the users or directly to applications regarding the Asset.
As such it can be viewed as complementary to ISO29147.
This is about 'upgrading' the already existing Technical Report (TR 18044) into a full standard.
Related documents to ISO 27035:
Redmond, 2009-Nov:
ITU-T produced recommendation E.409 (05/2004) Incident organization and security incident handling: Guidelines for telecommunication organizations. This work seems to cover the same area as what ISO 27035 tries to address.
Acting Project Co-editors (Benoit Poletti and Charles Provencher). This will be (at least) four part standard. The parts are as follows:
From the Summary of ISO27010-1:
Information is an asset of important value that should be (or must be) securely managed and exchanged between relevant organizations. It should be delivered in time to address business issues and to make better decisions, even more so if it is critical to the organization.
Adequate information security management for inter-sector communications is strongly recommended to face the following challenges; failure to do so could impact normal business conditions and cause disruptions during incidents:
The term “inter-sector communications” could be defined as a managed dissemination of predefined types of information, reviewed and approved for release, transmitted to selected and relevant organizations, independently from public and/or private sectors.
Involved organizations in inter-sector communications need to be aware of their environment, such as their industrial sector and their partner’s to Support with awareness and rehabilitation
In ISO 27010-2 the proposal is to use the “OASIS CAP V.1.1” (Common Alerting Protocol) add “IT Security Profile” to it.
ITU-T produced the recommendation X.1303 (09/2007) Common alerting protocol (CAP 1.1) and, as such, is/should be closely related to ISO 27010-2.
Project editor (K. Nakao, A. Cheang)
Documents related to this effort can be found here. They are in inverse chronologica order (oldest at the top).
Redmond, 2009-Nov:
From the Introduction to ISO27032:
This standard provides an overview of the unique security challenges on the Internet, or Cyberspace, within the scope of Cybersecurity as defined. This standard differentiates Cybersecurity from Critical Information Infrastructure Protection (CIIP), Internet security, network security, ICT security, and information security in general, thereby highlighting the unique roles of and a set of best practices applicable to users (including Internet-using organizations and governments) and service providers for improving Cybersecurity.
An important aspect of Cybersecurity is the need for efficient and effective information sharing, coordination and incident handling amongst different organizations, users, governments (such as law enforcement agencies), and service providers in a secure and reliable manner that protects also the privacy of individuals concerned. Many of these entities may reside in different geographical locations and time zones, and are likely to be governed by a different regulatory regime. This standard provides a basic framework for achieving such purposes of information sharing, coordination, and incident handling.
The framework includes basic elements of considerations for establishing trust, necessary processes for coordination and information exchange and sharing, and technical requirements for systems integration and interoperability.
Acting Project Co-editors (M. Daud, K.-S. Lee)
Related documents (in inverse chronologica order, i.e. oldest are at the top) to ISO 27037:
Redmond, 2009-Nov:
Malaka, 2010-Apr:
From the Summary of ISO27037:
This International Standard provides detailed guidance that describes the process for recognition and identification, collection and/or acquisition and preservation of digital data which may contain information of potential evidential value. This document includes physical and documentary activities deemed necessary in supporting inter-jurisdictional recognition of collected and/or acquired potential digital evidence.
This standard covers potential digital evidence that is collected and/or acquired regardless of the type of media involved. It shall also cover potential digital evidence acquired from sources that shall include but not limited to static data, data in transit (e.g. over networks) and volatile data (e.g. RAM).
This standard shall not replace specific legal requirements of a particular jurisdiction. Instead, this standard may serve as a practical guideline for first responder in investigations involving potential digital evidence and may facilitate exchange of potential digital evidence between jurisdictions.
Copyright © 1995 - 2013 by FIRST.org, Inc.
