What is ICT Readiness?
Prepare organization ICT technology (infrastructure, operation, applications), process, and people against unforeseeable focusing events that could change the risk environment Leverage and streamline resources among traditional business continuity, disaster recovery, emergency response, and IT security incident response and management
WG2 Security Techniques
Chair Prof. K Naemura
WG3 Security Evaluation
Chair Mats Ohlin
WG4 Security Controls &
Services
Chair Meng-Chow Kang
Information Security Management Systems (ISMS)
国际信息安全技术标准发展
ISO/IEC JTC 1/SC 27/WG 4
江明灶 Meng-Chow Kang, CISSP, CISA Convener, Security Controls & Services Working Group (WG 4), ISO/IEC JTC 1 SC 27 (Security Techniques) Chief Security Advisor Microsoft Great China Region
Gaps between Readiness & Response
IT Security, BCP, and DRP Planning & Execution
IT Security Planning
Protect
Detect
React/ Response
Business Continuity Planning
Anti-Spyware, Anti-SPAM, AntiPhishing, Cybersecurity-event coordination & information sharing
ISO 18028 revision; WD for new Part 1, 2 & 3; New Study Period on Home Network Security
ICT Readiness for Business Continuity (27031)
Cybersecurity (27032)
Network Security (27033)
Application Security (27034)
Includes ISO/IEC 24762, Vulnerability Mgmt, IDS, & Incident Response related standards
Why ICT Readiness focus on Business Continuity?
ICT systems are prevalent in organizations ICT systems are necessary to support incident, business continuity, disaster, and emergency response and management needs Business continuity is incomplete without considering ICT systems readiness Responding to security incident, disasters, and emergency situations are about business continuity
Known security issues
Investigate to establish facts about breaches; identify who done it and what went wrong
Security breaches and compromises
SC27 WG4 Roadmap
27001
ISMS Requirements
27000
Fundamental & Vocabulary
27006
Accreditation Requirements
ISMS Family
27005
ISMS Risk Management
27002
Code of Practice
27003
ISMS Implementation
1st WD available for comments
TTP Services Security
New Study Period proposed; Includes outsourcing and off-shoring security
Forensic Investigation
Future NP
Guidance
27004
ISMS Measurement
SC27 WG4 Roadmap Framework
Prepare to respond; eliminate or reduce impact
Unknown and emerging security issues
Risk manage; Prevent occurrence; Reduce impact of occurrence
WG1 ISMS Standards
Chair Ted Humphreys Vice-Chair Angelika Plate
WG5 Privacy Technology,
ID management and Biometrics
Chair Kai Rannenberg
ISO/IEC JTC 1 SC 27 Chair Walter Fumy Vice Chair Marijike de Soete Secretary Krystyna Passia
Activate BCP
Prepare & Test
Plan
Plan
Prepare & Test
Activate DCRP
Disaster Contingency & Recovery Planning
Disaster Events
IT Systems Failures
6
ICT Readiness for Business Continuity