TC 11 - Security and Privacy Protection in
Information Processing Systems - Aims and Scopes
est. 1984,
revised 2006
AIMS
To increase the
reliability and general confidence in information processing, as well as to act
as a forum for security managers and others professionally active in the field
of information processing security.
SCOPE
the establishment of a common frame of reference for security in
organizations, professions and the public domain;
the exchange of practical experience in security work;
the dissemination of information on and the evaluation of current
and future protective techniques;
the promotion of security and protection as
essential elements of information processing systems.
WG11.1
- Information Security Management
est.
1985, revised 1992
AIMS
As management,
at any level, may be increasingly held answerable for the reliable and secure
operation of the information systems and services in their respective
organizations in the same manner as they are for financial aspects of the
enterprise, the Working Group will promote all aspects related to the
Management of Information Security.
These aspects
cover a wide range, from purely managerial aspects concerning Information
Security, (like upper management awareness and responsibility for establishing
and maintaining the necessary policy documents), to more technical aspects
(like risk analysis, disaster recovery and other technical tools) to support
the Information Security management process.
SCOPE
to study and promote methods to make senior business management
aware of the value of information as a corporate asset, and to get their
commitment to implementing and maintaining the necessary objectives and
policies to protect these assets
to study and promote methods and ways to measure and assess the
security level in a company and to convey these measures and assessments to
management in an understandable way;
to research and develop new ways to identify the Information
Security threats and vulnerabilities which every organization must face;
to research and identify the effect of new and changed facilities
and functions in new hardware and software on the management of Information
Security;
to study and develop means and ways to help information security
managers to assess their effectiveness and degree of control;
to address the problem of standards for
Information Security.
STATEMENT
OF CASE
There is a
growing trend for senior business management to be held answerable for the
reliable and secure operation of their information systems, as they are for
control of their financial aspects. Information Security is, and should always
be upper management responsibility.
Information security professionals, and WG 11.1 in
particular, should therefore be responsible for the development of all types of
tools, mechanisms and methods to support top management in this new
responsibility.
WG11.2
- Small Systems Security
est.
1985, revised 1992, 1995
AIMS
To investigate
methods and issues in the area of information security, particularly those
related to small systems.
SCOPE
to promote awareness and understanding of small
systems security.
to provide a forum for the discussion and understanding of small
system security matters
to advance technologies and methodologies that support small
systems security
to contribute, as feasible and appropriate, to international
standards for small system security
STATEMENT OF
CASE
Small systems
shall be defined to include personal computers, local area networks,
multi-user and similar installations where there is typically no-one dedicated
to security administration and the end user(s) are in the main responsible for
system administration.
It is the
management of all organizations who are responsible for the reliable and secure
operation of information systems which support the organization. Thus, it is
management who must address security issues in the small systems
environment.
WG11.3
- Data and Application Security
est.
1987, revised 2001
AIMS
To promote wider
understanding of the risks to society of operating data management systems that
lack adequate measures for security or privacy.
To encourage the application of existing technology for enhancing
the security of database systems.
SCOPE
To advance technologies
that support:
the statement of security requirements for database systems;
the design, implementation, and operation of database systems that
include security functions;
the assurance that implemented data management
systems meet their security requirements.
WG11.4
- Network & Distributed Systems Security
est.
1985, revised 1992, 1997, 2003
AIMS
to promote research on technical measures for securing computer
networks, including both hardware- and software-based techniques;
to promote dissemination of research results on network secutity in real-life networks in industry, academia and
administrative institutions;
to promote education in the application of security techniques,
and to
promote general awareness about security
problems in the broad field of information technology.
SCOPE
Research on network security is understood to encompass at least the following
topics:
cryptographic techniques and their applications (confidentiality,
digital signatures, integrity checking, ...);
cryptographic protocols, including protocols for authentication,
key distribution, electronic voting, electronic commerce, digital cash, ...
practical implementations of cryptographic protocols in network
security systems (Kerberos, SSL, KryptoKnight, ...);
secure mobile code (language based security, Java Security,
proof-carrying code, code signing, meta-level protocols for security, aspect
languages for security, ...);
security from a software engineering point of view; adding
security to applications in an orthogonal way using meta-level protocols,
aspect languages, secure software engineering ...;
firewalls;
software for intrusion detection and audit tools.
STATEMENT OF
CASE
Management in
any organization is responsible for the reliable and secure operation of the
information systems that support the organization. As inter and
intra-organization networking between information systems become the rule as
well as the daily operational environment, the scope of concern takes on new
aspects and new technical details come into play.
Management must not only address the security issues of wholly internal systems
together with any networks to which they might be connected, but also must
assure that the protective mechanisms installed in them are not accidentally or
intentionally thwarted or subverted by other systems with which data exchange
connections are established.
The range of
subjects includes local area networks, regional and wide area networks,
homogeneous and heterogeneous networks, and the networks which can arise for
varying periods of time as a result of operational requirements for temporary
or semi-permanent interconnections which can exist for varying periods of time.
Such networks
will include dial-up or other connections which permit an organization's
employees to work from their homes, and those external connections enabling
organizations to transact mutually linked business activities e.g. such as will
take place under EDI agreement.
WG11.5
- Systems Integrity and Control
est. 1987, revised 1989 and 1991 – dissolved 2007
WG11.6 – Identity
Management
est. 2006
AIMS
The aim is to promote through education,
research and outreach, the awareness and understanding of:
1. Identity management in general, and, in this context:
- identity
management applications and methodologies;
- optical
and electronic document security;
- potential
and actual role and function of biometrics in particular;
2. Methods and techniques that can help to evaluate (specific) biometric
technologies;
- operational
aspects of biometrics;
- legal
aspects of the application of biometrics;
- impact
of biometrics on society;
- methods
and techniques that can help to improve the quality of biometric technology
(performance, privacy, compliance); and
3. National identity management in particular:
- national
identity management as (a kind of) federated identity management;
- national
identity management as a part of multilateral identity management;
- (possible)
role and effectiveness of identity management in fighting (inter)national
fraud, crime and terrorism;
- methods
and techniques that can help to improve the quality of national identity
management.
SCOPE
1. To establish and
expand a common identity management
lexicon so that the international community speaks the same language.
2. To propose, define and evaluate identity management applications and
methodologies that will meet the standards of decision-makers in the public and
private sector.
3. To propose, define and evaluate optical and electronical document security
technologies that will meet the standards of decision-makers in the public and
private sector.
4. To propose, define and evaluate biometric technologies and methodologies to
be incorporated in (national) identity management that will meet the standards
of decision-makers in the public and private sector.
5. To promote through education, research and outreach, a wider understanding
of the legal, social and operational issues related to (national) identity
management in general and the technologies mentioned above in particular.
6. In order to promote discussion related to research in the field, WG 11.6
will foster cooperation between:
International
communities
Stakeholders, scientists
and industry.
Technicians,
sociologists, biologists, philosophers, psychologists and political scientists.
WG11.8 - Information Security Education
est.
1991
AIMS
To promote
information security education and training at the university level and in
government and industry.
SCOPE
To establish an international resource center for the exchange of
information about education and training in information security.
To develop model courses in information security at the university
level.
To encourage colleges and universities to include a suitable model
course in information security at the graduate and/or undergraduate level in
the disciplines of computer science, information systems and public service.
To develop information security modules that can be integrated
into a business educational training program and/or introductory computer
courses at the college or university level.
To promote an appropriate module about information security to
colleges and universities, industry and govern-ment.
To collect, exchange and disseminate information, relating to
information security courses conducted by private organizations for industry.
To collect and periodically disseminate an annotated bibliography
of information security books, feature articles, reports, and other educational
media.
WG11.9
- Digital Forensics
est. 2004
AIMS
The aim of the
IFIP WG11.9 group is to promote through education, research and outreach, the
awareness and understanding of (i) the scientific
methods and techniques that help to tell about a computer related security incident
(including those that involve converging digital technology), what occurred,
when it occurred, how it occurred, what resources were affected and who
initiated the incident, in a manner that will support a legal action, and (ii)
the operational and legal aspects of new and emerging digital technology so as
to help develop such methods and techniques.
SCOPE
To establish and expand a common digital forensics lexicon so that
international community speaks the same language.
To propose, define and evaluate core technologies that assist in
the discovery, explanation and presentation of conclusive and persuasive
digital evidence that will meet the heightened scrutiny of the courts and other
decision-makers in military and civilian environments.
To promote through education, research and outreach, a wider
understanding of the legal, social and operational issues related to digital
forensics.
To foster cooperation between international communities so as to
promote scholarly discussion related to digital forensic research and its
application.
WG11.10 – Critical Infrastructure Protection
est. 2006
AIMS
The principal
aim of IFIP WG 11.10 is to weave science, technology and policy in developing
and implementing sophisticated, yet practical, solutions that will help secure
information, computer and network assets in the various critical infrastructure
sectors. Information infrastructure protection efforts at all levels –
local, regional, national and international – will be advanced by leveraging
the WG 11.10 membership’s strengths in sustained research and
development, educational and outreach initiatives.
SCOPE
To identify information security challenges and implementation
issues that are common (as well as unique) to
infrastructure sectors.
To elucidate the interdependencies existing between infrastructure
sectors and their information security implications.
To identify core security principles and techniques that can be
applied to address problems in information infrastructure protection.
To develop sophisticated
information infrastructure protection solutions that blend scientific methods,
engineering techniques and public policy.
WG11.11 – Trust Management
est. 2006
AIMS
Working Group
11.11 aims to provide a forum for cross-disciplinary investigation of the
application of trust as a means of establishing security and confidence in the
global computing infrastructure, recognizing trust as a crucial enabler for
meaningful and mutual beneficial interactions. The working group will bring
together researchers with an interest in complementary aspects of trust, from
both technology oriented disciplines and the field of law, social sciences and
philosophy. In this way the working group will provide the common background
necessary for advancing towards an in-depth understanding of the fundamental
issues and challenges in the area of trust management in open systems.
The main
membership will most likely be specialized researchers, both from universities
and company laboratories. Government organizations and IFIP member societies
and their members will be the main users of the results of the group.
Working Group 11.11 has a link to the area of other groups, both inside and
outside IFIP and the group will seek actively for close cooperation with these
groups.
SCOPE of the working group
(non-exhaustive and non-exclusive):
semantics and models for security and trust;
trust management architectures, mechanisms and policies;
trust in e-commerce, e-service, e-government;
trust and privacy; (link with wg 9.6 /
11.7)
identity and trust management; (link with wg
11.6)
trust securing digital as well as physical assets;
social and legal aspects of trust (link with wg
9.6 / 11.7)