atsec experts participate in ISO/IEC JTC 1/SC 27

atsec information security corporation is proud that two of its consultants contributed as experts of the U.S. National Body delegation in the recent 34th meeting of the ISO/IEC JTC 1/SC 27 "Information technology - Security Techniques" held in MS Lenin between Moscow and St Petersburg.

atsec's Helmut Kurth, Chief Scientific Officer, and Fiona Pattinson, Director of Business Development & Strategy, attended the meeting as experts, and noted that the standardization effort is extremely important to the progress and maturation of the information security discipline. Information Security is a trans-national problem and internationally agreed standards are an important tool in addressing security globally.

The sub committee consists of some 35 participating countries and 13 observer countries. Work progresses in each of the following five working groups:

- JTC 1/SC 27/WG 1: requirements, security services and guidelines
- JTC 1/SC 27/WG 2: security techniques and mechanisms
- JTC 1/SC 27/WG 3: security evaluation criteria
- JTC 1/SC 27/WG 4: security controls and services
- JTC 1/SC 27/WG 5: identity management and privacy technologies

Standards that are produced by SC 27 cover the full range of information security standards from cryptographic algorithms through secure software development, and include standards that are both well used and respected by the community including:

- ISO/IEC TR 15446 Guide for the production of Protection Profiles and Security Targets
- ISO/IEC 15408:2005 Evaluation criteria for IT security
- ISO/IEC 27001:2005 Information security management systems – Requirements
- ISO/IEC FCD 27005 Information security risk management
- ISO/IEC 21827 Systems Security Engineering – Capability Maturity Model® (SSE-CMM®)
- ISO/IEC NP 24760 A Framework for Identity Management

The primary focus of standardization in the field of Information and Communications Technologies in the U.S. is managed by INCITS, (InterNational Committee for Information Technology Standards) who have the responsibility of providing the U.S. Technical Advisory Group on behalf of ANSI (American National Standards Institute) to SC 27. Many of the most prominent companies and organizations involved in information security in the U.S. are members of the INCITS Cybersecurity committee CS1. Information on joining the committee can be found at http://www.incits.org/

# # #

About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in January 2000 and has extensive international operations with offices in the US, Germany, Sweden, the UK, and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf. For more information, please visit www.atsec.com.