Professor Ian Bryant | |
|---|---|
 | |
| Born | 1965 (age 58–59) England |
| Nationality | British |
| Education | Taunton School |
| Alma mater | University of Leicester |
| Occupation | Academic |
| Years active | 1980s – |
| Known for | ITSafe, CCT Mark, TSFdn/TSI/SSRDI |
Ian Bryant (born 1965) is a British academic. He is primarily involved in promoting Trustworthy Software and Systems, and in Standardisation.
Ian Bryant is currently known for several roles:
Ian Bryant was educated at Taunton School in Somerset, and the University of Leicester where he studied Engineering.
Ian Bryant has been a Professional Engineer employed by HM Government for much of his career, either as a technical specialist and/or project manager, with assignments spanning a variety of organisations, including Cabinet Office, MOD, National Archives, National Policing, and the former National Infrastructure Security Coordination Centre (now CPNI).
He has been involved with "Cyber Security" (and its various predecessor terms) since the 1980s, in a variety of roles including Investigation / Incident Response, Security Architecture, Systems Accreditation, Research and Technology Management, and Policy Development.
His work on Trustworthy Software originated with leading the original Cabinet Office (CSIA) study on Secure Software Development (SSD), then being the Technical Manager for the Pilot Operation of the CSIA (now CESG) Claims Tested Mark (CCT Mark) Scheme. Subsequently, he contributed to the Technology Strategy Board (TSB) Cyber Security Knowledge Transfer Network (CSKTN) Special Interest Group (SIG) on Secure Software Development, and latterly lead the Secure Software Development Partnership's (SSDP) SIG on Standards before the formalisation of the Software Security, Dependability and Resilience Initiative (SSDRI – the original name for TSI) in July 2011.
He also developed and launched the IT Security Awareness for Everyone (ITSafe) service—now part of GetSafeOnline and helped found the National Information Assurance Forum (NIAF – formerly "GIPSI") which he now Co-Chairs.
Research activity includes leading a NATO Research Task Group (RTG), and being the lead Information Security specialist for the European Commission (EC) funded MS3i and NEISAS [2] Projects.
Ian Bryant has been active in Academia for 3 decades, including:
Ian Bryant's primary Standardisation roles are:
Internationally, he engages with ISO, IEC, ITU-T, CEN, CENELEC, and ETSI.
BS 7799 was a British standard "Code of Practice for Information Security Management", first published as such by the British Standards Institution (BSI) in February 1995. Read about the origins of BS 7799 here.
ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.
Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
The ISO/IEC 15288Systems and software engineering — System life cycle processes is a technical standard in systems engineering which covers processes and lifecycle stages, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Planning for the ISO/IEC 15288:2002(E) standard started in 1994 when the need for a common systems engineering process framework was recognized.
IEEE 1471 is a superseded IEEE standard for describing the architecture of a "software-intensive system", also known as software architecture.
BS 7988 is a standard originally published by the British Standards Institution (BSI) in 2002. It is a code of practice for the use of information technology (IT) in the delivery of assessments, and gives guidance and good practice in using computers to deliver assessments.
ISO/IEC 27000 is one of the ISO/IEC technical standards in the ISO/IEC 27000 series of Information Security Management Systems (ISMS)-related standards. The formal title for ISO/IEC 27000 is Information technology — Security techniques — Information security management systems — Overview and vocabulary.
The British Standards Institution (BSI) is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services and also supplies certification and standards-related services to businesses.
International standards in the ISO/IEC 19770 family of standards for IT asset management address both the processes and technology for managing software assets and related IT assets. Broadly speaking, the standard family belongs to the set of Software Asset Management standards and is integrated with other Management System Standards.
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information security, cybersecurity and privacy protection — Information security controls.
ISO/IEC 27006 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Part of the ISO/IEC 27000 series of ISO/IEC Information Security Management System (ISMS) standards, it is titled Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems.
ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and promote standards in the fields of information and communications technology (ICT).
A Publicly Available Specification or PAS is a standardization document that closely resembles a formal standard in structure and format but which has a different development model. The objective of a Publicly Available Specification is to speed up standardization. PASs are often produced in response to an urgent market need.
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.
Tatsuo Kobayashi is a Japanese web architect who specializes in international standardization.
The United Kingdom has a diverse cyber security community, interconnected in a complex network.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. A SWOT analysis of the ISO/IEC 27001 certification process was conducted in 2020.
The Trustworthy Software Foundation (TSFdn) is a UK not-for-profit organisation, with stated aim of improving software.
ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which develops and facilitates standards within the field of identification cards and personal identification. The international secretariat of ISO/IEC JTC 1/SC 17 is the British Standards Institution (BSI) located in the United Kingdom.
ISO/IEC 27040 is part of a growing family of International Standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in the area of security techniques; the standard is being developed by Subcommitee 27 (SC27) - IT Security techniques of the first Joint Technical Committee 1 of the ISO/IEC. A major element of SC27's program of work includes International Standards for information security management systems (ISMS), often referred to as the 'ISO/IEC 27000-series'.