The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as: <UL><LI>Security requirements capture methodology; <LI>Management of information and ICT security; in particular information security management systems, security processes, and security controls and services; <LI>Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information; <LI>Security management support documentation including terminology, guidelines as well as procedures for the registration of security components; <LI>Security aspects of identity management, biometrics and privacy; <LI>Conformance assessment, accreditation and auditing requirements in the area of information security management systems; <LI>Security evaluation criteria and methodology.</UL> SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas
