Nominated by: Dr Michael Nash, Director, Gamma Secure Systems Ltd, IST/33 – Information Security Techniques
Referees: Ms Anne Hayes, BSI Head of Market Development – Governance & Resilience; Mr Dick Price, IST/33 (retired)
Professor Edward Humphreys is known worldwide for his standardization work on information security management. His individual contribution to the establishment of the 27000 series of Information Security Management System standards cannot be overstated. He's acknowledged, and often referred to as the "father of the ISO/IEC 27001 family of information security management systems standards" (See, for example, a recent ISO press release).
Professor Humphreys has served as Convenor of ISO/IEC Joint Technical Committee 1 Subcommittee 27, Security Techniques, Working Group 1, Information Security Management Systems, since its inception in 1990. He has also served as the Chairman of the UK Shadow Committee to SC 27, IST/33, since 1991. He has participated as chair or member in many other BSI, European and International standards committees.
In addition to the development of the ISO/IEC 27001 family of standards, Professor Humphreys has contributed to standardization in many other highly significant ways. In the 1980s there were national security concerns relating to the standardization of cryptographic algorithms. Professor Humphreys led the development of a standard to establish a register of cryptographic algorithms. He successfully piloted this development through to publication as BS ISO/IEC 9979. The significance of this register is often forgotten but what should be remembered is that the publication of ISO/IEC 9979 by SC 27 in 1991, created a pathway that has enabled the current successful working relationship between national security interests in cryptography and standardization.
Another example of his achievements is the successful development of the original CCITT (ITU-T) X.509 standard, the implementation of which is now embedded in most internet browsers and is the basis of most secure online transactions. He was responsible for the development of the original X.509 standard in 1986 whilst he was employed by British Telecom. This development finally made its way into publication as a CCITT X.509 | ISO 9594-8 recommendation/standard in 1988.
Today it's often forgotten that in 1995 when BSI first submitted BS 7799, its Code of Practice for Information Security Management, to ISO and IEC, it was rejected. It was a major achievement by Professor Humphreys to subsequently convince the subcommittee SC 27 and his Working Group that BS7799-1 should be accepted as an International Standard (achieved in 2000 as ISO/IEC 17799, now renumbered as ISO/IEC 27002), and that it should replace ISO/IEC 13335.
Within the UK, Professor Humphreys was one of the first people to recognize that to be truly effective, BS 7799 had to provide a security management process as well as a code of practice. As a leading member of BSI Committee (BDD/2), he helped develop BS 7799-2, the Specification for Information Security Management Systems. He then oversaw its harmonization with other management systems standards and its successful submission to ISO and IEC to become ISO/IEC 27001.
Under contract to the UK Department for Trade and Industry, Professor Humphreys personally developed the final essential component for Information Security Management certification, the accreditation requirements for ISMS Certification Bodies (EA 7/03), which in due course he managed its progression into ISO and IEC to became ISO/IEC 27006.
We can also highlight Professor Humphreys' strategic vision. Professor Humphreys personally conceived the concept of a coordinated and integrated set of Information Security Management Standards, the 27000 series. Under his leadership within SC 27/WG 1, this has been created. It currently represents a set of more than 30 published standards, newly developed or created from existing independent and potentially incompatible standards, all supporting and complementing the key ISMS standard ISO/IEC 27001.
Professor Humphreys is liked and respected by his fellow committee members, in the UK and internationally, admired for his skills in setting strategic direction and achieving consensus. He's an example to new committee members, and always willing to help and to advise. He has always provided good support and guidance to his secretariats, both internationally and in BSI.
"Professor Humphreys is the father of the ISO/IEC 27001 family of information security management systems standards and it's impossible to discuss the history of 27001 without acknowledging Edward's vital personal contribution at key moments and crises in its history. He personally conceived the concept of a coordinated and integrated set of Information Security Management Standards, the 27000 series." – Mike Nash, Director, Gamma Secure Systems Ltd, IST/33 – Information Security Techniques
"He deserves recognition from BSI for his huge commitment to developing international standards for over thirty years.” – Anne Hayes, Head of Market Development, Governance and Resilience, BSI
"Edward is liked and respected by his fellow committee members, admired for his skills in setting strategic direction and achieving consensus. He's an example to new committee members, and always willing to help and advise". – Anne Cassidy, Lead Programme Manager, BSI
“I'm delighted that Edward has received this award. It's richly merited”. – Chris Mitchell, Professor of Computer Science at Royal Holloway, University of London, convenor of Technical Panel 2 of IST/33
"Meeting Ted in the early 90s was a game-changer for me. Here was someone who took information security seriously, which I found immensely reassuring. He played such a large part in the codifying of information security issues, and how they could be managed, which of course resulted in the eventual delivery of ISO 27001/2 and family of associated standards. I am so pleased about Ted's nomination and award." – Dick Price, IST/33 (retired)