Bright Stove

Reflecting information risk journey


leave a comment »

DSC04100Yet another security standards meeting this week. This may sound like a boring thing, and I guess that’s why our host in Cyprus (like many other hosts of SC 27 meetings in the past) has chosen a beach resort for the meeting. I have taken some pictures of the scenery here yesterday evening and earlier today and put together in a set of Photosynth collection here, here, here, and here, and also some shots below (in case Photosync doesn’t work). The location is Grand Resort, Limassol, Cyprus. It is more than 10,000 km away from Beijing. The total travelling time to get here is approximately 17.5 hours. It could have been longer if not for the taxi driver who drove at 140 km/hr to cover 77km in about 30 minutes, across the desert-like highway from the airport to the hotel.

While the beach and hotel look great, and the weather is also quite comfortable (at around 22 degree Celsius), the place here seems to have nothing else in particular to look forward to. Besides hotels and some apartments (low-rise) nearby, it is actually quite deserted when I jogged out yesterday for about 5.5 km eastward. Can’t really find a good route as well, as the road just runs parallel to the beach and gets narrower and more deserted after a while.

In any case, the trip here iDSC04017s for the 5th WG 4 Meeting, and perhaps I should say a few words about the WG’s plan and my expectation of this week. At this point, there are six projects that are in the development stage, ISO/IEC 27031 to 27035, and 29149 (Time Stamping Services), and three Study Periods. Study Periods are new ideas for exploration and to gauge interest from members. ISO/IEC 27035 (Incident Management) is an upgrading project to convert the previous TR 18044 on the same topic to an IS, as a Guideline to be more specific. 27033 itself has multiple parts, as revision of the previous IS 18028 standard on Network Security, and right now, four of the eight parts are in development. These projects should progress thru’ the meeting, and in this meeting, unlikely to see anyone of them escalating to FCD stage, except for 27033-1, if it can get thru’ the many comments on its first Committee Draft (CD). I’m also delighted to see that there are many comments and contributions received for these projects, which means that they are projects that many national bodies are paying attentions and have an interest in wanting the eventual standards to be useful. The many comments and contributions are necessary to improve the rigor of these work and the final quality.

DSC04076As for the three Study Periods, a number of contributions have also been received, and it looks like we should be able to move them to the next stage of development upon completion of this meeting, i.e., to propose for new projects to be started in the three areas: (1) Security of Outsourcing; (2) Evidence Acquisition and Digital Forensic; and (3) Information Security Incident Classification and Categorization. With the industry’s current focus on Cloud Computing, perhaps the Security of Outsourcing project may have a much more expanded scope that it was originally planned to be as well.


Written by mengchow

October 5, 2008 at 2:27 pm

Posted in Security Standards

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: