Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Apr 21, 2017

NBlog April 21 - ISO27k meeting progress report

ISO/IEC TR 27019 concerns Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry. 27019 identifies information security controls that are either specific to the energy utilities, or are critical in that domain and perhaps need to be bolstered.

The 2013 standard is currently being revised and will be published as a full International Standard, possibly later this year. There are some formatting issues to resolve with ITTF but the content is stable enough to move forward to FDIS.

The SC27 project on cybersecurity insurance is developing a standard explaining cyberinsurance concepts to information security professionals, and cybersecurity concepts to insurance professionals, forming a common basis for specifying, discussing and adopting cyberinsurance. The Study Period has developed a solid donor document with plenty of meaty content.

The SC27 Study Period on Risk Handling Library (RHL) resolved to develop and then maintain an SC27 Standing Document that references ISO27k and other standards that concern or mention information security risk. The next step is to call for contributions to help flesh out the initial SD.

A minor revision of ISO/IEC 27000 may be required as a result of publishing 27003, 27004 and 27011.


The SC27 Terminology Working Group resolved to develop a new approach to the management of terminology, using 'concept maps' (similar in style to mind maps) as a way to clarify and distinguish terms and their relationships. A half-day workshop is proposed, possibly for the next SC27 meeting in Berlin in October.

The SC27 Annex SL special working group is preparing to respond to possible changes pushed by JTCG concerning the common/boilerplate text for all the ISO management systems standards. JTCG will be circulating a questionnaire to national standards bodies concerning the possible changes.

A cybersecurity standard will initially become an SC27 Standing Document 27103 that may then go forward as PDTR 27103.


Tomorrow's plenary session will include formal voting on these projects and activities. This evening, though, we are visiting Hobbiton for a tour and gala dinner.

Regards,
Gary (Gary@isect.com)