ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as: Security requirements capture methodology; Management of information and ICT security; in particular information security management systems, security processes, security controls and services; Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information; Security management support documentation including terminology, guidelines as well as procedures for the registration of security components; Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the area of information security management systems; Security evaluation criteria and methodology. SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas.
Sécurité de l’information, cybersécurité et protection de la vie privée
Élaboration de normes relatives à la protection de l'information et des TIC. Ces normes concernent les méthodes génériques, les techniques et les lignes directrices visant à traiter les aspects de sécurité et de protection de la vie privée, notamment: La méthodologie d'identification des exigences de sécurité; Le management de la sécurité de l'information et des TIC, en particulier les systèmes de management de la sécurité de l'information, les processus de sécurité, et les contrôles et services de sécurité; Les mécanismes cryptographiques et autres mécanismes de sécurité, comprenant, entre autres, les mécanismes de protection de l'imputabilité, de la disponibilité, de l'intégrité et de la confidentialité de l'information; La documentation venant à l'appui du management de la sécurité, concernant la terminologie, les lignes directrices ainsi que les procédures d'enregistrement des composants de sécurité; Les aspects de sécurité de la gestion des identités, de la biométrie et de la protection de la vie privée; Les exigences relatives à l'évaluation de la conformité, à l'accréditation et aux audits dans le domaine des systèmes de management de la sécurité de l'information; Les critères et la méthodologie d'évaluation de la sécurité. Le SC 27 assure l'élaboration et la mise en application correctes de ses normes et rapports techniques en liaison et en collaboration étroites avec des organismes concernés dans les domaines pertinents.
General Information
Frequently Asked Questions
ISO/IEC JTC 1/SC 27 is a Subcommittee within the International Electrotechnical Commission (IEC). It is named "Information security, cybersecurity and privacy protection" and is responsible for: The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as: Security requirements capture methodology; Management of information and ICT security; in particular information security management systems, security processes, security controls and services; Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information; Security management support documentation including terminology, guidelines as well as procedures for the registration of security components; Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the area of information security management systems; Security evaluation criteria and methodology. SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas. This committee has published 451 standards.
ISO/IEC JTC 1/SC 27 develops IEC standards. The scope of work includes: The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as: Security requirements capture methodology; Management of information and ICT security; in particular information security management systems, security processes, security controls and services; Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information; Security management support documentation including terminology, guidelines as well as procedures for the registration of security components; Security aspects of identity management, biometrics and privacy; Conformance assessment, accreditation and auditing requirements in the area of information security management systems; Security evaluation criteria and methodology. SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas. Currently, there are 451 published standards from this subcommittee.
The International Electrotechnical Commission (IEC) is the world's leading organization for the preparation and publication of international standards for electrical, electronic, and related technologies. Founded in 1906, the IEC provides a global platform for companies, industries, and governments to meet, discuss, and develop the international standards they require.
A Subcommittee (SC) in IEC operates under a Technical Committee and focuses on a specific subset of the TC's scope. Subcommittees develop standards and technical specifications in their specialized area, reporting to their parent Technical Committee. They may also have working groups for detailed technical work.