Scope

This track wills covers a part of the objectives defined in the BNSI whitepaper and is specially focused on normalization focused on three sub-objectives. The first one is Information Security norms to be promoted in Belgium the second one is targeted on certification of products, services, systems and person's accreditation in Belgium and as a result of these mentioned before the third one is representation in the several normalization organisms by Belgium By takng into account the contents of:

• the BISI whitepaper
• develop base materials that can be used immediately, re-used and re-engineered for specific occasions, or that can serve as a basis for further custom development
• develop a single recognisable brand that can be re-used in order to become a label of quality and of recognition throughout the awareness activities
• The contact established in other European countries allowing receiving relevant feedback from peers
• ...

The writing down of this TOR specific for the normalization aspects was made possible.

Methods & External Liasons

The Working Group on Standardization will generate results based on preparation (i.e. prior to meetings) and on brainstorming sessions during the meetings. For each agreed deliverable a specialized cell under the lead of one WG member will be responsible for both the initial investigations and reporting and the later editorial work. Initial drafts of the meeting results will be generated regularly by a small number of WG members and will be regularly submitted to the WG for peer review. The convener of the working groups will coordinate the work of the sub-groups to keep the work in line with this T.O.R.
The members of the WG will have close working relationships with bodies performing work in related fields, such as industry representative (like Agoria), standardization bodies(like ISO), and public Bodies (like Fedict). WG members will liaise on demand with every third party activity that seems to be relevant for the generation of the deliverables (e.g. CEN, ECSA, European agencies…).This may result in presentation of a business case during each meeting.

Tasks

Tasks and activities to be carried out through the WG are:

• Information Security norms to be promoted in Belgium
• Establish a list of the references norms(international, regional or national) "Information Security" related( from all kind of origins) useful for Belgium either in private or public sector;
• Investigation of what should be interesting for Belgium and establish priorities and responsibilities for follow-up and promotion
• Certification of products, services , systems and person's accreditation in Belgium
• Identify existing and suitable certifications schemes (e.g. Common Criteria, ITIL, 27001…).
• Document the needs of the private sector for a Certification Scheme
• Identify person's existing and suitable accreditation schemes.
• Identify the steps in order to implement an internationally recognized Certification Scheme for Belgium
• " Representation in the several normalization organisms by Belgium
• Overview of activities in the existing international normalization committees (like CEN, ETSI, ISO, ITSMF…)
• Participation in development of norms related to information security, and promote in Belgium
• Identify what exists in the world, what is in place in Belgium and especially should be, the interrelations between them and insure the presence and ad-hoc representation of Belgian specialists by quality check on the relevance on the participation and in fine apposition of a label of Belgian expert's
• ...

BelNIS (the Belgian discussion forum on information security) asked BISI to organize a Survey on the knowledge, interest and use of the information security standards (ISO 27001 & 27002). The survey questionnaire can be downloaded here ( EN , FR and NL ). Please respond prior to November 14th. Answers are expected on a personal basis, please reply to through standards@bissi.be; in the name of their organization, through centraloffice@ictstandards.be.