ITU-T SG17 Q.3 Telecommunication information security management

Slides:



Advertisements
Similar presentations
Cloud computing security related works in ITU-T SG17
Advertisements

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
International Telecommunication Union Committed to connecting the world 4 th ITU Green Standards Week Paolo Gemma WG2 Coordinator, ITU-T Focus Group on.
Security Controls – What Works
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
Committed to Connecting the World International Telecommunication Union April 2015 Presentation of contributions to ITU-T SG17: GuidelinesITU-T SG17 Martin.
3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
DOCUMENT #:GSC15-PLEN-47r1 FOR:Presentation or Information SOURCE:CCSA AGENDA ITEM:6.9 CCSA Standardization activities on.
International Telecommunication Union ITU-T Study Group 17, Moscow, 30 March – 8 April 2005 New Recommendations on ODP Arve Meisingset Rapporteur Q15.
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
DOCUMENT #:GSC15-GTSC-05 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.1 NGN, Testing specification and Beyond Chaesub.
DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4 Identity Management Jianyong.
SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)
Presented by : Miss Vrindah Chaundee
Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.
International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa, Canada, 27 April-1 May 2003 Security Standardization.
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering
The information contained in this document is confidential, for internal use only, and may not be distributed outside Ministry of Transport and Communications.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Fostering worldwide interoperabilityGeneva, July 2009 IdM and Identification Systems Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration.
International Telecommunication Union Accra, Ghana, June 2009 Telecommunication Security Standardization in ITU-T SG 17 Georges Sebek, ITU/TSB ITU.
Tunis, Tunisia, 28 April 2014 Cloud Computing Standardization Includes Security Ruan HE, Senior Expert, Orange, Verdana 24 2 nd SG 13.
Jeju Island, Korea, 13 – 16 May 2013Identity Management and Identification Systems GSC17-PLEN-43 ITU-T IDENTITY MANAGEMENT UPDATE Bilel Jamoussi, Chief,
Information Security tools for records managers Frank Rankin.
Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.
ITU-T SG17 Q.2 Security Architecture and Framework An overview for newcomers Patrick Mwesigwa Q.2/17 Rapporteur 15 March 2016.
Overview of ITU, ITU-T and ITU-T Study Group 17 Odessa, Ukraine, June 2016 Martin Euchner Adviser, ITU-T ITU Regional Workshop for the CIS countries.
Pg 1 | Presentation Title Introduction to the PIMS Certification Scheme in Korea Presenter Heung Youl YOUM, PhD./Professor, TTA/Soonchunhyang University.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Inter-American Telecommunication Commission
ISO’s standardization approach to security, privacy and trust
Updates: ITU-T Study Group 17 Standardization of “Security”
Inter-American Telecommunication Commission
ITU-T Study Group 17 Security
A proposed Security Incident Management Process for WMO Member States
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
The ITU-T X.500 series and X.509 in a changing world
Tutorials of Q.8: cloud security related works in SG17
ISO/IEC JTC 1/SC 7 Working Group 42 - Architecture Johan Bendz
ISO Smart and Sustainable Cities developments
Kangchan lee 20th CJK UNIOT-WG (Current Status of Cloud Computing Standardization Acuities in ITU-T) - Update of CJK-UNIOT Kangchan.
Yong-Woon KIM HyoungJun KIM TTA
The Role of European Standards in Support of the Cybersecurity Act
Cyber-security and IEC International Standards
The ITU-T SG 17 Q10/17 IdM standardization activity
Updates: ITU-T Study Group 17 Standardization of “Security”
28 May ~ 2 June, 2006 HyoungJun KIM TTA/ETRI
WP2/17 (Cybersecurity) Chair of ITU-T SG17
ITU-T Study Group 2 Operational aspects of service provision and telecommunications management WTSA-12 Marie-Thérèse Alajouanine.
Introduction to ISO/IEC JTC 1 SC7
Cloud Computing Standardization Includes Security
ETSI role in Identity Management and Identification Systems
ISO Smart and Sustainable Cities developments
Group Meeting Ming Hong Tsai Date :
28 May ~ 2 June, 2006 Hyoungjun KIM TTA/ETRI
ITU-T Study Group 17 Security
Martin Euchner, Advisor, ITU-T Study Group 17
Report of User WG Meeting
Presentation of contributions to ITU-T SG17: Guidelines
ITU-T activity in ICT security
Updates: ITU-T Study Group 17 Standardization of “Security”
Presentation transcript:

ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016

Network and information security IdM + Cloud computing security SG17, Security Study Group 17 WP 1/17 Fundamental security WP 2/17 Network and information security WP 3/17 IdM + Cloud computing security WP 4/17 Application security WP 5/17 Formal languages Q1/17 Telecom./ICT security coordination Q4/17 Cybersecurity Q8/17 Cloud Computing Security Q6/17 Ubiquitous services Q11/17 Directory, PKI, PMI, ODP, ASN.1, OID, OSI Q2/17 Security architecture and framework Q5/17 Countering spam Q10/17 IdM Q7/17 Applications Q12/17 Languages + Testing Q3/17 IS Management Q9/17 Telebiometrics

Addressing security challenges on a global scale Question 3 The only question for information “management “ in SG17 Why information security became so important? What we have to protect ? What is the aspect of telecommunication organization? Business continuity Managing business assets Organizational view Technical view 2/27/2019Geneva, 6-7 December 2010 Addressing security challenges on a global scale

What we need to consider? Organization Compliance Incident handling Assets Governance Operations Human Assets policies Communications Networks Physical and environment Business Continuity Systems Supplier / External orgs relationship

Questions specific security management issues for telecommunications organizations? Management issues for small and medium-sized telecom organizations? Using the existing standards (ITU-T, ISO/IEC and others)? In cloud computing environment? personally identifiable information protection? IPv6 environment?

Recommendations X.1051 X.1052 X.1056 Incident mgt X.1054 X.1057 Framework X.1051 X.1056 Incident mgt X.1054 Governance X.1057 Asset mgt X.1055 Risk mgt Information technology – Security techniques – Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

X.1051 ITU-T X.1051 | ISO/IEC 27011 Revised version will be published soon “Information technology – Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations“ Joint documents with ISO/IEC JTC1 SC27 Controls in ISO/IEC 27002:2013 and telecommunications extended control set

Information security controls: 2016 Introduction 1 Scope 2 Normative Reference 3 Definitions and abbreviations 4 Overview 5 Information security policies 6 Organization of information security 7 Human resources security 8 Asset management

Information security controls: 2016 9 Access Controls 10 Cryptography 11 Physical and environmental security 12 Operations security 13 Communications security 14 Systems acquisition, development and maintenance 15 Supplier relationships 16 Information security incident management 17 Information security aspects of business continuity management 18 Compliances

Same objectives, controls with ISO/IEC 27002 Structure of controls 8 Asset management (Domain) 8.1 Responsibility for assets (Sub-clause) Objective: To identify organizational assets and define appropriate protection responsibilities. 8.1.1 Inventory of assets Control Assets associated with information and information processing facilities should be identified and an inventory of these assets should be drawn up and maintained. Implementation guidance The implementation guidance from ISO/IEC 27002 8.1.1 applies. Same objectives, controls with ISO/IEC 27002

Structure of controls (cont.) Telecommunications-specific implementation guidance When developing and maintaining the inventory of assets, clear responsibilities between the tele- communications facilities of the organization and those of other connected or related telecommuni- cations organizations should be specified and clearly documented. The list of assets should be comprehensive covering all telecommunications assets of value including Information assets for network facilities, network services and applications. Additional resources can be found in the Bibliography. Other information The other information from ISO/IEC 27002 8.1.1 applies. Sector specific guidance and other information (additional)

Recommendations -1 Governance of information security (Rec. ITU-T X.1054) Rec.X.1054 Implementation of Governance Model

Recommendations -2 Information Security Management: Information Security Management System (Recs. ITU-T X.1051, X.1052) Risk management and risk profile guidelines (Rec. ITU-T X.1055) Security incident management guidelines (Rec. ITU-T X.1056) Asset management guidelines (Rec. ITU-T X.1057) Rec. ITU-T X.1055 - Risk management process Rec. ITU-T X.1052 - Information Security Management Rec. ITU-T X.1057 - Asset management process

Rec. ITU-T X.1056 - Five high-level incident management processes Recommendations -3 Incident organization and security incident handling: Guidelines for telecommunication organizations (Rec. ITU-T E.409) Rec. ITU-T E.409 - pyramid of events and incidents Rec. ITU-T X.1056 - Five high-level incident management processes

Management view of IS, CS and PII Example PII Information Security Cybersecurity

Challenges (2014-2016) X.1051rev X.gpim: Code of practice for personally identifiable information protection (common text with ISO/IEC 29151) X.sgsm: Information security management guidelines for small and medium telecommunication organizations X.sup-gpim, Supplement to ITU-T X.gpim Code of practice for PII protection based on X.gpim for telecommunications X.sup-gisb, Best practice for implementation of X.1054 on governance of infromation security ; Case of Burkina Faso X. Sup 23, ITU-T X.1037 - Supplement on security management guidelines for the implementation of an IPv6 environment in telecommunication organizations (Q2/17) X.1631, Code of practice for information security controls based on ISO/IEC 27002 for cloud services (Q8/17)

Collaboration with ISO/IEC JTC1 SC27 International Organization for Standardization International Electrotechnical Commission JTC1 SC27: Security Technique WG1 Information Security Management System WG2 Cryptography and security mechanisms WG3 Security evaluation, testing and specification WG4 Security controls and services WG5 Identity management and privacy technologies X.gpim Common documents/Updating related projects X.1051 X.1631

Emerging issues for “cyber resilient” organization Next Challenge Not yet confirmed but, Emerging issues for “cyber resilient” organization Traditional approach + Cyber approach and…

Thank you Rapporteur: Miho Naganuma Associate Rapporteur: Kyeong Hee Oh

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.