SlideShare a Scribd company logo

SC27 Privacy related projects update

Download as PPTX, PDF
Yoshihiro Satoh
Yoshihiro Satoh

SC27 Privacy related projects update as of October 30th, 2021

Business
1 of 52
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ プライバシー関連の ISO/IEC 国際規格動向 ISO/IEC JTC 1/SC 27 WG5の動向について (プライバシー関連の規格のみを抜粋) 2021年10月30日
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 2 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行された規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment →JIS X 9251:2021 プライバシー影響評価のためのガイドライン 2021/1/20発行 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ← Wait for systematic review ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184:2020 Online privacy notices and consent 2021年10月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 3 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行された規格 ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS (対訳書発行) ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities ISO/IEC IS 27551 Requirements for attribute-based unlinkable entity authentication ISO/IEC 27555 Guidelines on PII deletion 2021年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 4 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 DIS ISO/IEC 27556 User-centric privacy preferences management framework (a.k.a. User-centric framework for the handling of PII based on privacy preferences) DIS ISO/IEC 27557 Organizational privacy risk management DIS ISO/IEC 27559 Privacy enhancing data de-identification framework DIS ISO/IEC 27553-1 Security and privacy requirements for authentication using biometrics on mobile devices – Part 1: Local modes DTR ISO/IEC 27563 Impact of security and privacy in artificial intelligence use cases (a.k.a. Impact of artificial intelligence on security and privacy) 2021年10月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 5 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 4th WD ISO/IEC TS 27560 Consent record information structure 2nd WD ISO/IEC IS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS 2nd WD Privacy operationalization model and method for engineering (POMME) 2nd WD Privacy guidelines for fintech services CfC ISO/IEC 27553-2 Security and privacy requirements for authentication using biometrics on mobile devices – Part 1: Remote modes Amendment of ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment プライバシー関連で規格を作成するか審議中の案件 NWIP ISO/IEC 27565 Guidance on privacy preservation based on zero knowledge proofs PWI Guidance on illustrative processes for a privacy information management system ← monitoring継続 PWI Age assurance systems (a.k.a. Age verification) Part 1: Framework, levels of assurance and Part 2: Conformity Assessment Part 3: Interoperability PWI ISO/IEC 27564 Privacy models AHD Guidance on addressing privacy protection for artificial intelligence systems ※更新部分を赤色下線で示しています。 2021年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 6 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2021年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 7 規格審議の協力者 絶賛 募集中です ISO/IEC JTC 1国際規格の審議は、研究者以外でも会 費 (年間1口70万円~)を払って規格賛助員になることで 基本的にどなたでも参加できます。 情報処理学会情報規格調査会ホームページ http://www.itscj.ipsj.or.jp/
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 8 これまでの規格作成作業の経過
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 9 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment →JIS X 9251:2021 プライバシー影響評価のためのガイドライン 2021/1/20発行 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ← Wait for systematic review ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184:2020 Online privacy notices and consent 2021年4月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 10 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS (対訳書発行 予定あり) ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities ISO/IEC IS 27551 Requirements for attribute-based unlinkable entity authentication 2021年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 11 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 FDIS ISO/IEC 27555 Guidelines for PII deletion 2021年4月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 12 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 3rd CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 1st CD ISO/IEC 27557 Organizational privacy risk management 1st CD ISO/IEC 27559 Privacy enhancing data de-identification framework 3rd WD ISO/IEC 27560 Consent record information structure 1st WD ISO/IEC IS 27006-2 Requirements for bodies providing audit and certification of PIMS according to ISO/IEC 27701 in combination with ISO/IEC 27001 1st WD Privacy operationalization model and method for engineering (POMME) 1st WD Privacy guidelines for fintech services プライバシー関連で規格を作成するか審議中の案件 PWI Guidance on illustrative processes for a privacy information management system ← monitoring PWI Impact of AI on security and privacy PWI Age verification PWI Guidance and practice for privacy preservation based on zero-knowledge proofs ※更新部分を赤色下線で示しています。 2021年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 13 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2021年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 14 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment →JIS X 9251:2021 プライバシー影響評価のためのガイドライン 2021/1/20発行 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184:2020 Online privacy notices and consent 2021年1月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 15 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS (対訳書発行予定あり) 2021年3月追加
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 16 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities FDIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication DIS ISO/IEC 27555 Guidelines for PII deletion 2021年1月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 17 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 2nd CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 2nd WD ISO/IEC 27557 Organizational privacy risk management 2nd WD ISO/IEC 27559 Privacy enhancing data de-identification framework 2nd WD ISO/IEC 27560 Consent record information structure プライバシー関連で規格を作成するか審議中の案件 NWIP Privacy operationalization model and method for engineering (POMME) NWIP Privacy guidelines for fintech services PWI Guidance on illustrative processes for a privacy information management system PWI Impact of AI on security and privacy ※更新部分を赤色下線で示しています。 2021年1月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 18 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2021年1月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 19 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment – 正誤表の作成に2020年4月から着手 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184 Guidelines for online privacy notice and consent 2020年10月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 20 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS FDIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication DIS ISO/IEC 27555 Guidelines for PII deletion 2020年10月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 21 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 2nd CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 2nd WD ISO/IEC 27557 Organizational privacy risk management 2nd WD ISO/IEC 27559 Privacy enhancing data de-identification framework 2nd WD ISO/IEC 27560 Consent record information structure プライバシー関連で規格を作成するか審議中の案件 NWIP Privacy operationalization model and method for engineering (POMME) NWIP Privacy guidelines for fintech services PWI Guidance on illustrative processes for a privacy information management system PWI Impact of AI on security and privacy ※更新部分を赤色下線で示しています。 2020年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 22 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2020年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 23 規格審議の協力者 絶賛 募集中です ISO/IEC JTC 1国際規格の審議は、研究者以外でも会 費 (年間1口70万円~)を払って規格賛助員になることで 基本的にどなたでも参加できます。 情報処理学会情報規格調査会ホームページ http://www.itscj.ipsj.or.jp/
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 24 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment – 正誤表の作成に2020年4月から着手 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes 2020年4月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 25 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 FDIS ISO/IEC 29184 Guidelines for online privacy notice and consent 1st DIS ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st DIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 2020年4月時点 Free Download
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 26 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 3rd DTS ISO/IEC TS 27570 Privacy guidelines in smart cities 1st DTS ISO/IEC 27006-2 Requirements for bodies providing audit and certification of PIMS according to USI/UEC 27701 in combination with ISO/IEC 27001 2nd CD ISO/IEC 27555 PII deletion concept in organizations 1st CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 1st WD ISO/IEC 27557 Organizational privacy risk management 1st WD ISO/IEC 27559 Privacy enhancing data de-identification framework 1st WD O/IEC 27560 Consent record information structure プライバシー関連で規格を作成するか審議中の案件 NWIP Guidance on processes of a privacy information management system SP Impact of Artificial Intelligence on Privacy SP Privacy engineering model SP Privacy for fintech services ※更新部分を赤色下線で示しています。 2020年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 27 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2020年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 28 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2018 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ※27552から27701に規格番号が変更された ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes プライバシー関連で発行される規格 なし 2019年10月時点 Downloa d
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 29 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 FDIS ISO/IEC 29184 Guidelines for online privacy notice and consent 1st DIS ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st DIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 2nd PDTS ISO/IEC TS 27570 Privacy guidelines in smart cities 1st CD ISO/IEC 27555 PII deletion concept in organizations 2nd WD ISO/IEC 27556 User-centric framework for PII handling based on privacy preferences 2019年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 30 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 SP Privacy consideration in practical workflows NWIP Privacy enhancing data de-identification framework (a.k.a. Additional privacy-enhancing data de-identification standards SP Impact of Artificial Intelligence on Privacy SP Consent receipts and records SP Privacy engineering model SP Review of requirements for accredited certification for sector specific ISMS standards (WG5-WG1 joint) NWIP Privacy technologies - Consent record information structure (assumed as TS) NWIP Organizational privacy risk management (assumed as IS) SP Guidance on processes of a privacy information management system SP Privacy for fintech services CfC Comments on ISO/IEC 31700 Privacy by design for consumer goods and services NWIP Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001 ※更新部分を赤色下線で示しています。 2019年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 31 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP on Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2019年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 32 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2018 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC 20889:2018 Privacy enhancing data de-identification techniques プライバシー関連で発行される規格 ISO/IEC 27552:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ※27552は27701に変更される予定 2019年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 33 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 DIS ISO/IEC 29184 Guidelines for online privacy notice and consent 2nd CD ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st CD ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 1st PDTS ISO/IEC TS 27570 Privacy guidelines in smart cities 2nd WD ISO/IEC 27555 PII deletion concept in organizations 1st WD ISO/IEC 27556 User-centric framework for PII handling based on privacy preferences 2019年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 34 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 NWIP Requirements for privacy notices for WG convenor to fictional character transformations Study period on PII protection considerations for smartphone app providers Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Privacy consideration in practical workflows Study period on Additional privacy-enhancing data de-identification standards NWIP Impact of Artificial Intelligence on Privacy Study period on Interface for personal data interchange Study period on Consent receipts and records Study period on Privacy engineering model Study period on Review of requirements for accredited certification for sector specific ISMS standards (WG5-WG1 joint) ※更新部分を赤色下線で示しています。 2019年4月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 35 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework (Revision FDIS) ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors (Revision FDIS) ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy 2018年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 36 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 FDIS ISO/IEC 20889 Privacy enhancing data de-identification techniques DIS ISO/IEC 27552 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management 3rd PDTR ISO/IEC TR 27550 Privacy engineering for system life cycle processes 3rd CD ISO/IEC 29184 Guidelines for online privacy notice and consent CD ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 4th WD ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 2nd WD ISO/IEC TS 27570 Privacy guidelines in smart cities WD ISO/IEC 27555 PII deletion concept in organizations 2018年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 37 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 NWIP User-centric framework for PII handling based on privacy preferences NWIP Requirements for privacy notices for WG convenor to fictional character transformations Study period on PII protection considerations for smartphone app providers Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Privacy consideration in practical workflows Study period on Additional privacy-enhancing data de-identification standards Study period on Impact of Artificial Intelligence on Privacy Study period on Interface for personal data interchange ※更新部分を赤色下線で示しています。 2018年10月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 38 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:???? Code of practice for personally identifiable information protection プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy 2017年6月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 39 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 1st PDTS ISO/IEC 29003 Identity proofing DIS ISO/IEC 29115 Entity authentication assurance framework – Amendment 1 *** 2nd CD ISO/IEC 20889 Privacy enhancing data de-identification techniques 3rd WD on ISO/IEC 29184 Guidelines for online privacy notice and consent 2nd WD on ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 2nd WD NWIP 27550 Privacy engineering 2nd WD NWIP 27551 Requirements for attribute-based unlinkable entity authentication 2nd WD NWIP 27552 Enhancement to ISO/IEC 27001 for privacy management – Requirements 1st DAM 29100 Privacy framework 2nd DAM 29115 Entity authentication assurance framework ***: 最新状況確認中 2017年6月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 40 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 NWIP Requirements for privacy notices for WG convenor to fictional character transformations Study period on PII protection considerations for smartphone app providers Study period on Privacy in smart cities Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Code of Practices solution for different types of PII processors CANCELED Study period on Framework for user-centric PII handling based on privacy preference management by users Study period on PII protection considerations for Smartphone App providers ※前回国際会議からの更新部分を赤色下線で示しています。 2017年6月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 41 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 FDIS ISO/IEC 29134 Privacy impact assessment FDIS ISO/IEC 29151 Code of practice for personally identifiable information protection (次スライドに、つづく) 2016年12月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 42 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格(前スライドからの、つづき) DIS ISO/IEC 29003 Identity proofing DIS ISO/IEC 29115 Entity authentication assurance framework – Amendment 1 1st CD ISO/IEC 20889 Privacy enhancing data de-identification techniques 2nd WD on ISO/IEC 29184 Guidelines for online privacy notice and consent NWI on ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st WD NWIP 27550 Privacy engineering 1st WD NWIP 27551 Requirements for attribute-based unlinkable entity authentication 1st WD NWIP 27552 Enhancement to ISO/IEC 27001 for privacy management – Requirements プライバシー関連で規格を作成するか審議中の案件 Study period on PII protection considerations for smartphone app providers Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Code of Practices solution for different types of PII processors Study period on Privacy in smart citties ※前回国際会議からの更新部分を赤色下線で示しています。 2016年12月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 43 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →Study period on periodical review ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 DIS ISO/IEC 29134 Privacy impact assessment DIS ISO/IEC 29151 Code of practice for personally identifiable information protection PDTS ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) (次スライドに、つづく) 2016年5月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 44 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格(前スライドからの、つづき) 3rd CD ISO/IEC 29003 Identity proofing 2nd WD ISO/IEC 20889 Privacy enhancing data de-identification techniques 1st WD on ISO/IEC 29184 Guidelines for online privacy notice and consent NWI on ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) プライバシー関連で規格を作成するか審議中の案件 NWIP on Privacy engineering framework NWIP on Enhancement to ISO/IEC 27001 for privacy management – Requirements NWIP on Requirements for attribute-based unlinkable entity authentication *** Study period on Entity authentication assurance framework Study period on PII protection considerations for smartphone app providers Study period on Privacy in smart cities Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Privacy-preserving anonymous attribute-based entity authentication *** Study period on Privacy enhancing identity management scheme using attribute based credentials ** Study period on On the adoption and usage of ISO/IEC 29115 and its interaction with ISO/IEC 29003 * Study period on Anonymous attribute assurance ** 2016年5月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 45 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model プライバシー関連の作業用文書 SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 2nd CD ISO/IEC 29134 Privacy impact assessment 2nd CD ISO/IEC 29151 Code of practice for personally identifiable information protection 2nd CD ISO/IEC 29003 Identity proofing CD ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) NWI ISO/IEC 20889 Privacy enhancing data de-identification techniques (次スライドに、つづく) 2015年11月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 46 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 (前スライドからの、つづき) プライバシー関連で規格を作成するか審議中の案件 NWIP on Guidelines for online privacy notice and consent Study period on Privacy enhancing identity management scheme using attribute based credentials ** Study period on Privacy engineering framework Study period on On the adoption and usage of ISO/IEC 29115 and its interaction with ISO/IEC 29003 * Study period on Anonymous attribute assurance ** Study period on Entity authentication assurance framework * Study period on PII protection considerations for smartphone app providers Study period on Privacy in smart cities Study period on Privacy-preserving attribute-based entity authentication 2015年11月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 47 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:201x Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:201x Privacy capability assessment model プライバシー関連の作業用文書 SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards Privacy Assessment(SPA) SC27 WG5 SD5 Guidelines for the application of ISMS in the area of privacy プライバシー関連で作成中の規格 CD ISO/IEC 29134 Privacy impact assessment – Methodology Guideline CD ISO/IEC 29151 Code of practice for personally identifiable information protection CD ISO/IEC 29003 Identity proofing 3rd WD TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs , WG3N1114 , WG3N1155) (次スライドに、つづく) 2015年5月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 48 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 (前スライドからの、つづき) プライバシー関連で規格を作成するか審議中の案件 Study period on Privacy impact assessment (ISO/IEC 27009 Sector specificを参考に検討) Study period on Age verification Study period on Privacy enhancing identity management scheme using attribute-based credentials Study period on User friendly online privacy notice and consent Study period on Privacy engineering framework Study period on On the adoption and usage of ISO/IEC 29115 and its interaction with ISO/IEC 29003 NWIP on Privacy enhancing data de-identification techniques (Study period on Anonymous attribute assurance) 2015年5月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 49 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:201x Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:201x Privacy capability assessment model プライバシー関連で作成中の規格 CD registered ISO/IEC 29134 Privacy impact assessment – Methodology CD registered ISO/IEC 29151 Code of practice for personally identifiable information protection 5th WD ISO/IEC 29003 Identity proofing 2nd WD Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) SD5 “Guidelines on the application of ISMS in the area of privacy“ プライバシー関連で規格を作成するか審議中の案件 Study period on Privacy impact assessment (ISO/IEC 27009 Sector specificを参考に検討) Study period on Technical issue of 29115 when applied in national ID infrastructure Study period on Age verification Study period on A privacy-respecting identity management scheme using attribute-based credentials Study period on User friendly online privacy notice and consent 2014年11月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 50 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料化済み, Periodical pre-reviewed ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:201x Code of practice for PII protection in public clouds acting as PII processors プライバシー関連で作成中の規格 DIS(FDIS registered) ISO/IEC 29190 Privacy capability assessment model(検証を反映したのでFDIS) CD registered ISO/IEC 29134 Privacy impact assessment – Methodology CD registered ISO/IEC 29151 Code of practice for PII protection (ITU-T SG17共通文書にする方向) 4th WD ISO/IEC 29003 Identity proofing (法人を含めるScope変更, マルチパート化の意見あり) New Work Item on Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) SD5 “Guidelines on the application of ISMS in the area of privacy“ プライバシー関連で規格を作成するか審議中の案件 Study period on Privacy impact assessment (ISO/IEC 27009 Sector specificを参考に今後検討) Study period on Age verification (Confirmed to submit NWIP) Study period on A privacy-respecting identity management scheme using attribute-based credentials 2014年5月時点 Downloadable from Free document page
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 51 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料化を検討中 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) プライバシー関連で作成中の規格 DIS ISO/IEC 29190 Privacy capability assessment model DIS ISO/IEC 27018 Code of practice for PII protection in public clouds acting as PII processors 3rd WD ISO/IEC 29134 Privacy impact assessment – Methodology 3rd WD ISO/IEC 29003 Identity proofing 2nd WD ISO/IEC 29151 Code of practice for PII protection プライバシー関連で審議中の案件 New Work Item Proposal on Privacy seal programs (is started as WG3 project) Study period on Privacy impact assessment Canceled: Study period on Documentation of data deletion principles Study period on Age verification 参考 2013年11月時点
© Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 52 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料化を検討中 プライバシー関連で作成中の規格 ISO/IEC FDIS 29115 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC DIS 29191 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC CD 29101 Privacy architecture framework ISO/IEC WD 29190 Privacy capability assessment model ISO/IEC NP 27018 Code of practice for data protection controls for public cloud computing services ISO/IEC NP 29134 Privacy impact assessment – Methodology プライバシー関連で審議中の案件 SP on Privacy / Personal Information Management Systems (PIMS) SP on Privacy impact assessment SP on Study period on Privacy seal programs SP on Documentation of data deletion principles 参考 2012年11月時点

Recommended

UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
BL4CKSWAN Srl
 
ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie
StefanMathuvis
 
20200206 privatum privacy after work - notes 3p
20200206 privatum privacy after work - notes 3p20200206 privatum privacy after work - notes 3p
20200206 privatum privacy after work - notes 3p
Peter GEELEN ✔
 
Hughes iso-standards-identiverse-2018-06-24 v3
Hughes iso-standards-identiverse-2018-06-24 v3Hughes iso-standards-identiverse-2018-06-24 v3
Hughes iso-standards-identiverse-2018-06-24 v3
Andrew Hughes
 
Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018
Дзвенислава Карплюк
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
najascj
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
PECB
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Lakshy Management Consultant Pvt Ltd
 

Recommended

UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
BL4CKSWAN Srl
 
ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie
StefanMathuvis
 
20200206 privatum privacy after work - notes 3p
20200206 privatum privacy after work - notes 3p20200206 privatum privacy after work - notes 3p
20200206 privatum privacy after work - notes 3p
Peter GEELEN ✔
 
Hughes iso-standards-identiverse-2018-06-24 v3
Hughes iso-standards-identiverse-2018-06-24 v3Hughes iso-standards-identiverse-2018-06-24 v3
Hughes iso-standards-identiverse-2018-06-24 v3
Andrew Hughes
 
Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018
Дзвенислава Карплюк
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
najascj
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
PECB
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Lakshy Management Consultant Pvt Ltd
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
PECB
 
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyLegal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
IFCLA - International Federation of Computer Law Associations
 
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorksTackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
IT Masterclasses
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawThe EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie Law
Silverpop
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
Axon Lawyers
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services Sector
MSpadea
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
Hubilo
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
Hildebrand Technology
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the sky
Carlos Chalico
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET Journal
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
Seungjoo Kim
 
SC27 Privacy related projects update
SC27 Privacy related projects update SC27 Privacy related projects update
SC27 Privacy related projects update
Yoshihiro Satoh
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

More Related Content

What's hot

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services Sector
MSpadea
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 

What's hot (20)

PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
 
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyLegal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
 
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorksTackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawThe EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie Law
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services Sector
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the sky
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain Technology
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
 

Similar to SC27 Privacy related projects update

Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
toncik
 
Система международных стандартов в области инф. безопаности - Александр Потий
Система международных стандартов в области инф. безопаности - Александр ПотийСистема международных стандартов в области инф. безопаности - Александр Потий
Система международных стандартов в области инф. безопаности - Александр Потий
HackIT Ukraine
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
PECB
 

Similar to SC27 Privacy related projects update (20)

SC27 Privacy related projects update
SC27 Privacy related projects update SC27 Privacy related projects update
SC27 Privacy related projects update
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
Система международных стандартов в области инф. безопаности - Александр Потий
Система международных стандартов в области инф. безопаности - Александр ПотийСистема международных стандартов в области инф. безопаности - Александр Потий
Система международных стандартов в области инф. безопаности - Александр Потий
 
Eric hibbard storage-security_the-standard
Eric hibbard storage-security_the-standardEric hibbard storage-security_the-standard
Eric hibbard storage-security_the-standard
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Information security management system ISMS
Information security management system ISMSInformation security management system ISMS
Information security management system ISMS
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
 
AIOTA Certification.pdf
AIOTA Certification.pdfAIOTA Certification.pdf
AIOTA Certification.pdf
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
 

Recently uploaded

Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di SurabayaObat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
Toyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsToyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & Transformations
Stefan Wolpers
 
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di DepokObat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di MalangObat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg PfizerJual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Pusat Herbal Resmi BPOM
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
LR1709MUSIC
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
daisycvs
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
Western Alaska Minerals Corp.
 

Recently uploaded (20)

hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statements
 
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deck
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deckPitch Deck Teardown: Goodcarbon's $5.5m Seed deck
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deck
 
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di SurabayaObat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
 
Toyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsToyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & Transformations
 
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di DepokObat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
 
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di MalangObat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
 
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg PfizerJual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
 
10 Easiest Ways To Buy Verified TransferWise Accounts
10 Easiest Ways To Buy Verified TransferWise Accounts10 Easiest Ways To Buy Verified TransferWise Accounts
10 Easiest Ways To Buy Verified TransferWise Accounts
 
The Art of Decision-Making: Navigating Complexity and Uncertainty
The Art of Decision-Making: Navigating Complexity and UncertaintyThe Art of Decision-Making: Navigating Complexity and Uncertainty
The Art of Decision-Making: Navigating Complexity and Uncertainty
 
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In HarareTop^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
 
Elevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesElevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO Services
 
HAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsHAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future Prospects
 
What are the differences between an international company, a global company, ...
What are the differences between an international company, a global company, ...What are the differences between an international company, a global company, ...
What are the differences between an international company, a global company, ...
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
 
Thompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptx
Thompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptxThompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptx
Thompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptx
 
Moradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in PenacovaMoradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in Penacova
 
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
 

SC27 Privacy related projects update

  • 1. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ プライバシー関連の ISO/IEC 国際規格動向 ISO/IEC JTC 1/SC 27 WG5の動向について (プライバシー関連の規格のみを抜粋) 2021年10月30日
  • 2. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 2 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行された規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment →JIS X 9251:2021 プライバシー影響評価のためのガイドライン 2021/1/20発行 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ← Wait for systematic review ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184:2020 Online privacy notices and consent 2021年10月時点 Free Download
  • 3. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 3 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行された規格 ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS (対訳書発行) ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities ISO/IEC IS 27551 Requirements for attribute-based unlinkable entity authentication ISO/IEC 27555 Guidelines on PII deletion 2021年10月時点
  • 4. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 4 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 DIS ISO/IEC 27556 User-centric privacy preferences management framework (a.k.a. User-centric framework for the handling of PII based on privacy preferences) DIS ISO/IEC 27557 Organizational privacy risk management DIS ISO/IEC 27559 Privacy enhancing data de-identification framework DIS ISO/IEC 27553-1 Security and privacy requirements for authentication using biometrics on mobile devices – Part 1: Local modes DTR ISO/IEC 27563 Impact of security and privacy in artificial intelligence use cases (a.k.a. Impact of artificial intelligence on security and privacy) 2021年10月時点 Free Download
  • 5. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 5 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 4th WD ISO/IEC TS 27560 Consent record information structure 2nd WD ISO/IEC IS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS 2nd WD Privacy operationalization model and method for engineering (POMME) 2nd WD Privacy guidelines for fintech services CfC ISO/IEC 27553-2 Security and privacy requirements for authentication using biometrics on mobile devices – Part 1: Remote modes Amendment of ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment プライバシー関連で規格を作成するか審議中の案件 NWIP ISO/IEC 27565 Guidance on privacy preservation based on zero knowledge proofs PWI Guidance on illustrative processes for a privacy information management system ← monitoring継続 PWI Age assurance systems (a.k.a. Age verification) Part 1: Framework, levels of assurance and Part 2: Conformity Assessment Part 3: Interoperability PWI ISO/IEC 27564 Privacy models AHD Guidance on addressing privacy protection for artificial intelligence systems ※更新部分を赤色下線で示しています。 2021年10月時点
  • 6. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 6 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2021年10月時点
  • 7. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 7 規格審議の協力者 絶賛 募集中です ISO/IEC JTC 1国際規格の審議は、研究者以外でも会 費 (年間1口70万円~)を払って規格賛助員になることで 基本的にどなたでも参加できます。 情報処理学会情報規格調査会ホームページ http://www.itscj.ipsj.or.jp/
  • 8. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 8 これまでの規格作成作業の経過
  • 9. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 9 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment →JIS X 9251:2021 プライバシー影響評価のためのガイドライン 2021/1/20発行 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ← Wait for systematic review ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184:2020 Online privacy notices and consent 2021年4月時点 Free Download
  • 10. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 10 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS (対訳書発行 予定あり) ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities ISO/IEC IS 27551 Requirements for attribute-based unlinkable entity authentication 2021年4月時点
  • 11. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 11 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 FDIS ISO/IEC 27555 Guidelines for PII deletion 2021年4月時点 Free Download
  • 12. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 12 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 3rd CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 1st CD ISO/IEC 27557 Organizational privacy risk management 1st CD ISO/IEC 27559 Privacy enhancing data de-identification framework 3rd WD ISO/IEC 27560 Consent record information structure 1st WD ISO/IEC IS 27006-2 Requirements for bodies providing audit and certification of PIMS according to ISO/IEC 27701 in combination with ISO/IEC 27001 1st WD Privacy operationalization model and method for engineering (POMME) 1st WD Privacy guidelines for fintech services プライバシー関連で規格を作成するか審議中の案件 PWI Guidance on illustrative processes for a privacy information management system ← monitoring PWI Impact of AI on security and privacy PWI Age verification PWI Guidance and practice for privacy preservation based on zero-knowledge proofs ※更新部分を赤色下線で示しています。 2021年4月時点
  • 13. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 13 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2021年4月時点
  • 14. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 14 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment →JIS X 9251:2021 プライバシー影響評価のためのガイドライン 2021/1/20発行 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184:2020 Online privacy notices and consent 2021年1月時点 Free Download
  • 15. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 15 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS (対訳書発行予定あり) 2021年3月追加
  • 16. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 16 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities FDIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication DIS ISO/IEC 27555 Guidelines for PII deletion 2021年1月時点 Free Download
  • 17. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 17 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 2nd CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 2nd WD ISO/IEC 27557 Organizational privacy risk management 2nd WD ISO/IEC 27559 Privacy enhancing data de-identification framework 2nd WD ISO/IEC 27560 Consent record information structure プライバシー関連で規格を作成するか審議中の案件 NWIP Privacy operationalization model and method for engineering (POMME) NWIP Privacy guidelines for fintech services PWI Guidance on illustrative processes for a privacy information management system PWI Impact of AI on security and privacy ※更新部分を赤色下線で示しています。 2021年1月時点
  • 18. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 18 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2021年1月時点
  • 19. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 19 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment – 正誤表の作成に2020年4月から着手 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ISO/IEC IS 29184 Guidelines for online privacy notice and consent 2020年10月時点 Free Download
  • 20. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 20 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 ISO/IEC IS 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) ISO/IEC TS 27570 Privacy guidelines for smart cities ISO/IEC TS 27006-2 Requirements for bodies providing audit and certification of ISMS – Part 2: PIMS FDIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication DIS ISO/IEC 27555 Guidelines for PII deletion 2020年10月時点 Free Download
  • 21. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 21 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 2nd CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 2nd WD ISO/IEC 27557 Organizational privacy risk management 2nd WD ISO/IEC 27559 Privacy enhancing data de-identification framework 2nd WD ISO/IEC 27560 Consent record information structure プライバシー関連で規格を作成するか審議中の案件 NWIP Privacy operationalization model and method for engineering (POMME) NWIP Privacy guidelines for fintech services PWI Guidance on illustrative processes for a privacy information management system PWI Impact of AI on security and privacy ※更新部分を赤色下線で示しています。 2020年10月時点
  • 22. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 22 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2020年10月時点
  • 23. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 23 規格審議の協力者 絶賛 募集中です ISO/IEC JTC 1国際規格の審議は、研究者以外でも会 費 (年間1口70万円~)を払って規格賛助員になることで 基本的にどなたでも参加できます。 情報処理学会情報規格調査会ホームページ http://www.itscj.ipsj.or.jp/
  • 24. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 24 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC IS 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC IS 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC IS 29101:2018 Privacy architecture framework ISO/IEC IS 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC IS 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC IS 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC IS 29134:2017 Guidelines for privacy impact assessment – 正誤表の作成に2020年4月から着手 ISO/IEC IS 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC IS 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC IS 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes 2020年4月時点 Free Download
  • 25. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 25 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD1 Roadmap →無料 SC27 WG5 SD2 Privacy references list →無料 SC27 WG5 SD4 Standards privacy assessment(SPA) →無料 SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で発行される規格 FDIS ISO/IEC 29184 Guidelines for online privacy notice and consent 1st DIS ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st DIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 2020年4月時点 Free Download
  • 26. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 26 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 3rd DTS ISO/IEC TS 27570 Privacy guidelines in smart cities 1st DTS ISO/IEC 27006-2 Requirements for bodies providing audit and certification of PIMS according to USI/UEC 27701 in combination with ISO/IEC 27001 2nd CD ISO/IEC 27555 PII deletion concept in organizations 1st CD ISO/IEC 27556 User-centric framework for the handling of PII based on privacy preferences 1st WD ISO/IEC 27557 Organizational privacy risk management 1st WD ISO/IEC 27559 Privacy enhancing data de-identification framework 1st WD O/IEC 27560 Consent record information structure プライバシー関連で規格を作成するか審議中の案件 NWIP Guidance on processes of a privacy information management system SP Impact of Artificial Intelligence on Privacy SP Privacy engineering model SP Privacy for fintech services ※更新部分を赤色下線で示しています。 2020年4月時点
  • 27. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 27 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP Privacy consideration in practical workflows SP Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2020年4月時点
  • 28. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 28 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2018 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC 20889:2018 Privacy enhancing data de-identification techniques ISO/IEC 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ※27552から27701に規格番号が変更された ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes プライバシー関連で発行される規格 なし 2019年10月時点 Downloa d
  • 29. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 29 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 FDIS ISO/IEC 29184 Guidelines for online privacy notice and consent 1st DIS ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st DIS ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 2nd PDTS ISO/IEC TS 27570 Privacy guidelines in smart cities 1st CD ISO/IEC 27555 PII deletion concept in organizations 2nd WD ISO/IEC 27556 User-centric framework for PII handling based on privacy preferences 2019年10月時点
  • 30. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 30 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 SP Privacy consideration in practical workflows NWIP Privacy enhancing data de-identification framework (a.k.a. Additional privacy-enhancing data de-identification standards SP Impact of Artificial Intelligence on Privacy SP Consent receipts and records SP Privacy engineering model SP Review of requirements for accredited certification for sector specific ISMS standards (WG5-WG1 joint) NWIP Privacy technologies - Consent record information structure (assumed as TS) NWIP Organizational privacy risk management (assumed as IS) SP Guidance on processes of a privacy information management system SP Privacy for fintech services CfC Comments on ISO/IEC 31700 Privacy by design for consumer goods and services NWIP Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001 ※更新部分を赤色下線で示しています。 2019年10月時点
  • 31. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 31 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するかの審議が規格作成に進まずに終了した案件 SP on Guidelines for privacy in Internet of Things (IoT) NWIP Requirements for privacy notices for WG convenor to fictional character transformations SP PII protection considerations for smartphone app providers SP Interface for personal data interchange ※更新部分を赤色下線で示しています。 2019年10月時点
  • 32. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 32 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2018 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2019 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing ISO/IEC 20889:2018 Privacy enhancing data de-identification techniques プライバシー関連で発行される規格 ISO/IEC 27552:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ISO/IEC TR 27550:2019 Privacy engineering for system life cycle processes ※27552は27701に変更される予定 2019年4月時点
  • 33. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 33 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 DIS ISO/IEC 29184 Guidelines for online privacy notice and consent 2nd CD ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st CD ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 1st PDTS ISO/IEC TS 27570 Privacy guidelines in smart cities 2nd WD ISO/IEC 27555 PII deletion concept in organizations 1st WD ISO/IEC 27556 User-centric framework for PII handling based on privacy preferences 2019年4月時点
  • 34. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 34 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 NWIP Requirements for privacy notices for WG convenor to fictional character transformations Study period on PII protection considerations for smartphone app providers Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Privacy consideration in practical workflows Study period on Additional privacy-enhancing data de-identification standards NWIP Impact of Artificial Intelligence on Privacy Study period on Interface for personal data interchange Study period on Consent receipts and records Study period on Privacy engineering model Study period on Review of requirements for accredited certification for sector specific ISMS standards (WG5-WG1 joint) ※更新部分を赤色下線で示しています。 2019年4月時点
  • 35. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 35 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework (Revision FDIS) ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors (Revision FDIS) ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:2017 Code of practice for personally identifiable information protection ISO/IEC TS 29003:2018 Identity proofing プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy 2018年10月時点
  • 36. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 36 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 FDIS ISO/IEC 20889 Privacy enhancing data de-identification techniques DIS ISO/IEC 27552 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management 3rd PDTR ISO/IEC TR 27550 Privacy engineering for system life cycle processes 3rd CD ISO/IEC 29184 Guidelines for online privacy notice and consent CD ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 4th WD ISO/IEC 27551 Requirements for attribute-based unlinkable entity authentication 2nd WD ISO/IEC TS 27570 Privacy guidelines in smart cities WD ISO/IEC 27555 PII deletion concept in organizations 2018年10月時点
  • 37. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 37 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 NWIP User-centric framework for PII handling based on privacy preferences NWIP Requirements for privacy notices for WG convenor to fictional character transformations Study period on PII protection considerations for smartphone app providers Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Privacy consideration in practical workflows Study period on Additional privacy-enhancing data de-identification standards Study period on Impact of Artificial Intelligence on Privacy Study period on Interface for personal data interchange ※更新部分を赤色下線で示しています。 2018年10月時点
  • 38. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 38 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250:2017 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 2017/6/20発行 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) ISO/IEC 29134:2017 Privacy impact assessment ISO/IEC 29151:???? Code of practice for personally identifiable information protection プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy 2017年6月時点
  • 39. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 39 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格 1st PDTS ISO/IEC 29003 Identity proofing DIS ISO/IEC 29115 Entity authentication assurance framework – Amendment 1 *** 2nd CD ISO/IEC 20889 Privacy enhancing data de-identification techniques 3rd WD on ISO/IEC 29184 Guidelines for online privacy notice and consent 2nd WD on ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 2nd WD NWIP 27550 Privacy engineering 2nd WD NWIP 27551 Requirements for attribute-based unlinkable entity authentication 2nd WD NWIP 27552 Enhancement to ISO/IEC 27001 for privacy management – Requirements 1st DAM 29100 Privacy framework 2nd DAM 29115 Entity authentication assurance framework ***: 最新状況確認中 2017年6月時点
  • 40. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 40 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で規格を作成するか審議中の案件 NWIP Requirements for privacy notices for WG convenor to fictional character transformations Study period on PII protection considerations for smartphone app providers Study period on Privacy in smart cities Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Code of Practices solution for different types of PII processors CANCELED Study period on Framework for user-centric PII handling based on privacy preference management by users Study period on PII protection considerations for Smartphone App providers ※前回国際会議からの更新部分を赤色下線で示しています。 2017年6月時点
  • 41. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 41 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →JIS X 9250 プライバシーフレームワーク(プライバシー保護の枠組み及び原則)」 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 FDIS ISO/IEC 29134 Privacy impact assessment FDIS ISO/IEC 29151 Code of practice for personally identifiable information protection (次スライドに、つづく) 2016年12月時点
  • 42. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 42 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格(前スライドからの、つづき) DIS ISO/IEC 29003 Identity proofing DIS ISO/IEC 29115 Entity authentication assurance framework – Amendment 1 1st CD ISO/IEC 20889 Privacy enhancing data de-identification techniques 2nd WD on ISO/IEC 29184 Guidelines for online privacy notice and consent NWI on ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) 1st WD NWIP 27550 Privacy engineering 1st WD NWIP 27551 Requirements for attribute-based unlinkable entity authentication 1st WD NWIP 27552 Enhancement to ISO/IEC 27001 for privacy management – Requirements プライバシー関連で規格を作成するか審議中の案件 Study period on PII protection considerations for smartphone app providers Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Code of Practices solution for different types of PII processors Study period on Privacy in smart citties ※前回国際会議からの更新部分を赤色下線で示しています。 2016年12月時点
  • 43. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 43 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 →Study period on periodical review ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model プライバシー関連の随時更新文書(SD: Standing Document) SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 DIS ISO/IEC 29134 Privacy impact assessment DIS ISO/IEC 29151 Code of practice for personally identifiable information protection PDTS ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) (次スライドに、つづく) 2016年5月時点
  • 44. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 44 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で作成中の規格(前スライドからの、つづき) 3rd CD ISO/IEC 29003 Identity proofing 2nd WD ISO/IEC 20889 Privacy enhancing data de-identification techniques 1st WD on ISO/IEC 29184 Guidelines for online privacy notice and consent NWI on ISO/IEC 20547 Big data reference architecture – Part 4: Security and privacy fabric (WG4 project) プライバシー関連で規格を作成するか審議中の案件 NWIP on Privacy engineering framework NWIP on Enhancement to ISO/IEC 27001 for privacy management – Requirements NWIP on Requirements for attribute-based unlinkable entity authentication *** Study period on Entity authentication assurance framework Study period on PII protection considerations for smartphone app providers Study period on Privacy in smart cities Study period on Guidelines for privacy in Internet of Things (IoT) Study period on Privacy-preserving anonymous attribute-based entity authentication *** Study period on Privacy enhancing identity management scheme using attribute based credentials ** Study period on On the adoption and usage of ISO/IEC 29115 and its interaction with ISO/IEC 29003 * Study period on Anonymous attribute assurance ** 2016年5月時点
  • 45. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 45 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:2013 Privacy architecture framework ISO/IEC 29115:2013 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:2014 Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:2015 Privacy capability assessment model プライバシー関連の作業用文書 SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards privacy assessment(SPA) SC27 WG5 SD5 Guidelines on the application of ISMS in the area of privacy プライバシー関連で作成中の規格 2nd CD ISO/IEC 29134 Privacy impact assessment 2nd CD ISO/IEC 29151 Code of practice for personally identifiable information protection 2nd CD ISO/IEC 29003 Identity proofing CD ISO/IEC TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) NWI ISO/IEC 20889 Privacy enhancing data de-identification techniques (次スライドに、つづく) 2015年11月時点
  • 46. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 46 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 (前スライドからの、つづき) プライバシー関連で規格を作成するか審議中の案件 NWIP on Guidelines for online privacy notice and consent Study period on Privacy enhancing identity management scheme using attribute based credentials ** Study period on Privacy engineering framework Study period on On the adoption and usage of ISO/IEC 29115 and its interaction with ISO/IEC 29003 * Study period on Anonymous attribute assurance ** Study period on Entity authentication assurance framework * Study period on PII protection considerations for smartphone app providers Study period on Privacy in smart cities Study period on Privacy-preserving attribute-based entity authentication 2015年11月時点
  • 47. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 47 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:201x Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:201x Privacy capability assessment model プライバシー関連の作業用文書 SC27 WG5 SD2 Privacy references list SC27 WG5 SD4 Standards Privacy Assessment(SPA) SC27 WG5 SD5 Guidelines for the application of ISMS in the area of privacy プライバシー関連で作成中の規格 CD ISO/IEC 29134 Privacy impact assessment – Methodology Guideline CD ISO/IEC 29151 Code of practice for personally identifiable information protection CD ISO/IEC 29003 Identity proofing 3rd WD TR 19608 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs , WG3N1114 , WG3N1155) (次スライドに、つづく) 2015年5月時点
  • 48. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 48 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 (前スライドからの、つづき) プライバシー関連で規格を作成するか審議中の案件 Study period on Privacy impact assessment (ISO/IEC 27009 Sector specificを参考に検討) Study period on Age verification Study period on Privacy enhancing identity management scheme using attribute-based credentials Study period on User friendly online privacy notice and consent Study period on Privacy engineering framework Study period on On the adoption and usage of ISO/IEC 29115 and its interaction with ISO/IEC 29003 NWIP on Privacy enhancing data de-identification techniques (Study period on Anonymous attribute assurance) 2015年5月時点
  • 49. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 49 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:201x Code of practice for PII protection in public clouds acting as PII processors ISO/IEC 29190:201x Privacy capability assessment model プライバシー関連で作成中の規格 CD registered ISO/IEC 29134 Privacy impact assessment – Methodology CD registered ISO/IEC 29151 Code of practice for personally identifiable information protection 5th WD ISO/IEC 29003 Identity proofing 2nd WD Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) SD5 “Guidelines on the application of ISMS in the area of privacy“ プライバシー関連で規格を作成するか審議中の案件 Study period on Privacy impact assessment (ISO/IEC 27009 Sector specificを参考に検討) Study period on Technical issue of 29115 when applied in national ID infrastructure Study period on Age verification Study period on A privacy-respecting identity management scheme using attribute-based credentials Study period on User friendly online privacy notice and consent 2014年11月時点
  • 50. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 50 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料化済み, Periodical pre-reviewed ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) ISO/IEC 27018:201x Code of practice for PII protection in public clouds acting as PII processors プライバシー関連で作成中の規格 DIS(FDIS registered) ISO/IEC 29190 Privacy capability assessment model(検証を反映したのでFDIS) CD registered ISO/IEC 29134 Privacy impact assessment – Methodology CD registered ISO/IEC 29151 Code of practice for PII protection (ITU-T SG17共通文書にする方向) 4th WD ISO/IEC 29003 Identity proofing (法人を含めるScope変更, マルチパート化の意見あり) New Work Item on Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 (WG3 project: formerly Privacy seal programs) SD5 “Guidelines on the application of ISMS in the area of privacy“ プライバシー関連で規格を作成するか審議中の案件 Study period on Privacy impact assessment (ISO/IEC 27009 Sector specificを参考に今後検討) Study period on Age verification (Confirmed to submit NWIP) Study period on A privacy-respecting identity management scheme using attribute-based credentials 2014年5月時点 Downloadable from Free document page
  • 51. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 51 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料化を検討中 ISO/IEC 29191:2012 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC 29101:201x Privacy architecture framework ISO/IEC 29115:201x Entity authentication assurance framework (ITU-T X.1254) プライバシー関連で作成中の規格 DIS ISO/IEC 29190 Privacy capability assessment model DIS ISO/IEC 27018 Code of practice for PII protection in public clouds acting as PII processors 3rd WD ISO/IEC 29134 Privacy impact assessment – Methodology 3rd WD ISO/IEC 29003 Identity proofing 2nd WD ISO/IEC 29151 Code of practice for PII protection プライバシー関連で審議中の案件 New Work Item Proposal on Privacy seal programs (is started as WG3 project) Study period on Privacy impact assessment Canceled: Study period on Documentation of data deletion principles Study period on Age verification 参考 2013年11月時点
  • 52. © Copyright 2012-2016 Yoshihiro Satoh (http://yosihiro.com/) The latest document is located at http://www.slideshare.net/yoshihirosatoh5/ 52 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques WG5 Privacy, Identity management and Biometrics 国際規格化の動向 http://bit.Ly/jtc1sc27 プライバシー関連で発行されている規格 ISO/IEC 29100:2011 Privacy framework →無料化を検討中 プライバシー関連で作成中の規格 ISO/IEC FDIS 29115 Entity authentication assurance framework (ITU-T X.1254) ISO/IEC DIS 29191 Requirements for partially anonymous, partially unlinkable authentication ISO/IEC CD 29101 Privacy architecture framework ISO/IEC WD 29190 Privacy capability assessment model ISO/IEC NP 27018 Code of practice for data protection controls for public cloud computing services ISO/IEC NP 29134 Privacy impact assessment – Methodology プライバシー関連で審議中の案件 SP on Privacy / Personal Information Management Systems (PIMS) SP on Privacy impact assessment SP on Study period on Privacy seal programs SP on Documentation of data deletion principles 参考 2012年11月時点