Bright Stove

Reflecting information risk journey

Beijing Friendship

leave a comment »

More than six months has passed since the ISO/IEC JTC 1/SC 27 Working Group (WG) meeting at Limmasol, Cyprus. The group is meeting again this week in Beijing, at the Beijing Friendship Hotel. The China national body that organized this meeting has chosen this venue as it is one that could accommodate the 200+ participants and many meeting rooms required for this meeting, and more importantly, a hotel that reflects the Chinese architecture and culture in its design and layout. It is indeed a beautiful hotel, with good ambience, and plenty of spaces for socializing and networking, something not to be forgotten when we work on developing information security standards.

The gathering this time stretches to nine days (seven working days to be exact), and over a weekend. The last two days are for the Sub-committee’s (SC 27) plenary.

In WG 4, a number of projects are progressing since the meeting at Limassol, Cyprus. The outcomes of the national bodies’ (NB) vote for the two new work item proposals, on the “Security of Outsourcing”, and “Guidelines for the identification, collection, and/or acquisition, and preservation of digital evidence” are now available and both have been approved for development. The two projects have also been registered as ISO/IEC 27036, and ISO/IEC 27037, respectively.

Besides the new projects, part 1 of the revised network security standard (ISO/IEC 27033-1) has also been successfully voted by the NB to become a Final Committee Draft (FCD), and if all goes well this week, it will be ready for submission as a Final Draft International Standard (FDIS), a process that will lead it to formal publication.

Similarly, the project on the “Guidelines on information security incident management” (ISO/IEC 27035) has been successfully voted to a Committee Draft (CD), which means that it could potentially get to its IS status faster than the other projects that were undertaken since the formation of WG 4, i.e., ISO/IEC 27031, 27032, and 27034, on “ICT Readiness for Business Continuity”, “Guidelines for Cybersecurity”, and “Application Security”, respectively. These projects are still at the Working Draft stage at this point, and we all hope to bring it to CD status by the end of this week—quite a bit to accomplish for the group indeed.


Written by mengchow

May 4, 2009 at 8:37 am

Posted in Security Standards

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: