Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.

Published byClarence Burke Modified over 8 years ago

Similar presentations

Presentation on theme: "ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016."— Presentation transcript:

1 ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016

2 SG17, Security 2/93 Study Group 17 WP 1/17 Fundamental security WP 2/17 Network and information security WP 3/17 IdM + Cloud computing security WP 4/17 Application security WP 5/17 Formal languages Q6/17 Ubiquitous services Q7/17 Applications Q9/17 Telebiometrics Q12/17 Languages + Testing Q1/17 Telecom./ICT security coordination Q2/17 Security architecture and framework Q3/17 IS Management Q4/17 Cybersecurity Q5/17 Countering spam Q8/17 Cloud Computing Security Q10/17 IdM Q11/17 Directory, PKI, PMI, ODP, ASN.1, OID, OSI

3 Question 3 The only question for information “management “ in SG17 Why information security became so important? What we have to protect ? What is the aspect of telecommunication organization? 3 Addressing security challenges on a global scale 7/10/2016Geneva, 6-7 December 2010 Managing business assets Business continuity Organizational view Technical view

4 What we need to consider? policies Organization Physical and environment Human Assets Assets Operations Communications Networks Communications Networks Systems Supplier / External orgs relationship Compliance Incident handling Business Continuity Governance

5 Questions specific security management issues for telecommunications organizations? Management issues for small and medium- sized telecom organizations? Using the existing standards (ITU-T, ISO/IEC and others)? In cloud computing environment? personally identifiable information protection? IPv6 environment?

6 Recommendations Information technology – Security techniques – Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

7 X.1051 ITU-T X.1051 | ISO/IEC 27011 Revised version will be published soon “Information technology – Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations“ Joint documents with ISO/IEC JTC1 SC27 Controls in ISO/IEC 27002:2013 and telecommunications extended control set

8 Information security controls: 2016

9

10 Structure of controls 8Asset management (Domain) 8.1Responsibility for assets (Sub-clause) Objective: To identify organizational assets and define appropriate protection responsibilities. 8.1.1Inventory of assets Control Assets associated with information and information processing facilities should be identified and an inventory of these assets should be drawn up and maintained. Implementation guidance The implementation guidance from ISO/IEC 27002 8.1.1 applies. Same objectives, controls with ISO/IEC 27002

11 Structure of controls (cont.) Telecommunications-specific implementation guidance When developing and maintaining the inventory of assets, clear responsibilities between the tele- communications facilities of the organization and those of other connected or related telecommuni- cations organizations should be specified and clearly documented. The list of assets should be comprehensive covering all telecommunications assets of value including Information assets for network facilities, network services and applications. Additional resources can be found in the Bibliography. Other information The other information from ISO/IEC 27002 8.1.1 applies. Sector specific guidance and other information (additional)

12 Recommendations -1  Governance of information security (Rec. ITU-T X.1054)Rec. ITU-T X.1054 Rec.X.1054 Implementation of Governance Model

13 Recommendations -2  Information Security Management:  Information Security Management System (Recs. ITU-T X.1051, X.1052) Risk management and risk profile guidelines (Rec. ITU-T X.1055)X.1051X.1052Rec. ITU-T X.1055  Security incident management guidelines (Rec. ITU-T X.1056)Rec. ITU-T X.1056  Asset management guidelines (Rec. ITU-T X.1057)Rec. ITU-T X.1057 Rec. ITU-T X.1057 - Asset management process Rec. ITU-T X.1052 - Information Security Management Rec. ITU-T X.1055 - Risk management process

14 Recommendations -3  Incident organization and security incident handling: Guidelines for telecommunication organizations (Rec. ITU-T E.409)Rec. ITU-T E.409 Rec. ITU-T E.409 - pyramid of events and incidents Rec. ITU-T X.1056 - Five high-level incident management processes

15 Management view of IS, CS and PII Information Security PII Cybersecurity Example

16 Challenges (2014-2016) X.1051rev X.gpim: Code of practice for personally identifiable information protection (common text with ISO/IEC 29151) X.sgsm: Information security management guidelines for small and medium telecommunication organizations X.sup-gpim, Supplement to ITU-T X.gpim Code of practice for PII protection based on X.gpim for telecommunications X.sup-gisb, Best practice for implementation of X.1054 on governance of infromation security ; Case of Burkina Faso X. Sup 23, ITU-T X.1037 - Supplement on security management guidelines for the implementation of an IPv6 environment in telecommunication organizations (Q2/17) X.1631, Code of practice for information security controls based on ISO/IEC 27002 for cloud services (Q8/17)

17 Collaboration with ISO/IEC JTC1 SC27 International Organization for Standardization International Electrotechnical Commission JTC1 SC27: Security Technique WG1 Information Security Management System WG1 Information Security Management System WG2 Cryptography and security mechanisms WG2 Cryptography and security mechanisms WG3 Security evaluation, testing and specification WG3 Security evaluation, testing and specification WG4 Security controls and services WG4 Security controls and services WG5 Identity management and privacy technologies WG5 Identity management and privacy technologies X.1051 X.1631 X.gpim Common documents/Updating related projects

18 Next Challenge Not yet confirmed but, – Emerging issues for “cyber resilient” organization – Traditional approach + Cyber approach and…

19 Thank you Rapporteur: Miho Naganuma Associate Rapporteur: Kyeong Hee Oh

Download ppt "ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016."

Similar presentations

Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
International Telecommunication Union Committed to connecting the world 4 th ITU Green Standards Week Paolo Gemma WG2 Coordinator, ITU-T Focus Group on.

International Telecommunication Union Committed to connecting the world 4 th ITU Green Standards Week Paolo Gemma WG2 Coordinator, ITU-T Focus Group on.
Security Controls – What Works

Security Controls – What Works
The 6th CJK IT Standards Meeting April 10 ~ 12, 2006, Hangzhou, China CJK IT Standards Meeting (Collaboration of Security Activity between CJK On NGN and.

The 6th CJK IT Standards Meeting April 10 ~ 12, 2006, Hangzhou, China CJK IT Standards Meeting (Collaboration of Security Activity between CJK On NGN and.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Committed to Connecting the World International Telecommunication Union April 2015 Presentation of contributions to ITU-T SG17: GuidelinesITU-T SG17 Martin.

Committed to Connecting the World International Telecommunication Union April 2015 Presentation of contributions to ITU-T SG17: GuidelinesITU-T SG17 Martin.
3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,

3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
DOCUMENT #:GSC15-PLEN-47r1 FOR:Presentation or Information SOURCE:CCSA AGENDA ITEM:6.9 CCSA Standardization activities on.

DOCUMENT #:GSC15-PLEN-47r1 FOR:Presentation or Information SOURCE:CCSA AGENDA ITEM:6.9 CCSA Standardization activities on.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Arkadiy Kremer Chairman ITU-T Study Group 17 Session 2: Role of Standardization in Cybersecurity.

Arkadiy Kremer Chairman ITU-T Study Group 17 Session 2: Role of Standardization in Cybersecurity.
International Telecommunication Union ITU-T Study Group 17, Moscow, 30 March – 8 April 2005 New Recommendations on ODP Arve Meisingset Rapporteur Q15.

International Telecommunication Union ITU-T Study Group 17, Moscow, 30 March – 8 April 2005 New Recommendations on ODP Arve Meisingset Rapporteur Q15.
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.

DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
DOCUMENT #:GSC15-GTSC-05 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.1 NGN, Testing specification and Beyond Chaesub.

DOCUMENT #:GSC15-GTSC-05 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.1 NGN, Testing specification and Beyond Chaesub.
DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4 Identity Management Jianyong.

DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4 Identity Management Jianyong.
DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4 Identity Management Jianyong.

DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4 Identity Management Jianyong.
DOCUMENT #: GSC15-GTSC8-06 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC8; 4.2 CONTACT(S): Art Reilly ATIS Cybersecurity.

DOCUMENT #: GSC15-GTSC8-06 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC8; 4.2 CONTACT(S): Art Reilly ATIS Cybersecurity.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Similar presentations

Ads by Google