IT Governance, the leading provider of ISO 27001 and information security expertise, is delighted to announce that its executive director, Steve Watkins, has been appointed Chair of IST/33.
IST/33 is responsible for the UK’s contributions to revising the ISO 27000 series of international standards on information security management.
Steve said: “IT Governance has been dedicated to supporting the activities of various technical committees that draft British standards and contribute to the development of international standards for many years. Our most recent development in the standardization community is an increase of our contribution to IST/33, the committee for IT security techniques.
“This is a great opportunity for IT Governance to further contribute to and remain at the leading edge of developing standards in the information security arena.”
Working under the direction of the British Electrotechnical Committee and the Standards Policy and Strategy Committee, IST/33 is responsible for the UK’s input into ISO/IEC JTC 1/SC 27, whose scope is the information security management system (ISMS) family of standards, and recommending appropriate actions to be taken on issues relevant to ISO/IEC JTC 1 that concern the planning and coordination of IT security work.
IST/33 is also responsible for coordinating security standardization activities within the scope of ICT, and sustaining collaboration with other groups within and outside the British Standards Institution (BSI) concerned with security standardization.
IST/33 consists of five sub-committees:
- Information Security Management Systems, IST/33/1, is responsible for the ISMS family of standards. This includes ISMS requirements, guidelines, accreditation and auditing, and sector-specific ISMS standards.
- Cryptography and Security Mechanisms, IST/33/2, is responsible for cryptographic techniques, including cryptographic key management and entity authentication exchanges.
- Security Evaluation, Testing and Specification, IST/33/3, is responsible for inputs into standards addressing the security evaluation of IT systems, components, and products, including the definition of security evaluation criteria and related issues, such as evaluation methodology and the administrative procedures for testing, evaluation, certification, and accreditation. Its scope also includes associated issues such as the specification of security properties, security testing methodologies and processes, and vulnerability notification.
- Security Controls and Services, IST/33/4, is responsible for input into the development and maintenance of standards and guidelines addressing services and applications that support the implementation of control objectives and controls as defined in ISO 27001.
- Identity Management and Privacy Technologies, IST/33/5, is responsible for inputs into standards that cover the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics, privacy, and the protection of personal data.
Steve is also a member of ISO/IEC JTC 1/SC 27, and is involved with the UK standards technical committees: RM/1 (risk management) and RM/1/-/3 (responsible for BS 31111, providing guidance for boards and senior management on cyber risk and resilience, published on March 26, 2018), IST/060/02 (IT service management), and IDT/001/0-/04 (data protection).
In addition, Steve is the Chair of the UK ISO 270001 User Group, and is a contracted technical assessor for UKAS, conducting assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He also undertakes information security assessments to the Forensic Science Regulator’s Code of Practice and Conduct.
Alongside Alan Calder, IT Governance’s founder and executive chairman, Steve led the first UK-based successful ISMS implementation compliant with BS 7799 (the forerunner of ISO 27001). He is also the co-author of
IT Governance – An International Guide to Data Security and ISO27001/ISO27002, Sixth edition.
IT Governance provides support to organizations on implementing an
ISO 27001-compliant ISMS, enabling them to achieve certification through a wide range of affordable solutions, such as
books,
toolkits,
training,
staff awareness,
software,
standards,
consultancy, and
DIY packaged solutions.
To find out more about IT Governance’s information security solutions, please visit the
website, email
servicecenter@itgovernanceusa.com, or call +1-877-317-3454.