ISO27k meeting

The ISO/IEC JTC 1/SC 27 meeting is under way in Hamilton. After a stormy couple of weeks in NZ, the weather is fine and sunny so hopefully delegates will have some time to see the country after the meeting.

Work on the ISO/IEC 27000-series information security management standards ("ISO27k") standards this week includes:

27000 (glossary & intro) - terminology working group to review process for maintaining terms

27001 - its use in governments and regulators is going well, may become a SD as it demonstrates the value of 27001

27002 - structure & future to be discussed in depth this week, particularly the ~5-10 themes (chapters or sections of the standard, the logical sequence, classes of control) and control attributes (tags, categories) that may form the basis of a revised, smaller, more usable 27002

27005 - reported defect to be discussed and resolved; revision project to be discussed too

27007 - comments to be discussed and resolved this week: should go to DIS stage after the meeting. 

27008 - comments to be discussed and resolved this week: should go to DIS stage after the meeting.

27009 - reported defect to be discussed and resolved; use cases to be discussed

27011 - technical defect to be discussed

27015 - withdrawal to be discussed

27019  - comments to be discussed and resolved this week: should go to DIS stage after the meeting

27021 - comments to be discussed and resolved this week: should go to DIS stage after the meeting

27102? - cyber insurance SP, likely to go ahead to IS

Other cybersecurity stuff - may be combined

I'll be providing updates during the week as I attend various meetings and talk to other delegates.