Professional Documents
Culture Documents
Telecommunication Security
Herbert Bertine
Chairman, ITU-T Study Group 17
Standards
Cooperation
Awareness
ITU-T Study Groups
SG 2* Operational aspects of service provision, networks and
performance
SG 3 Tariff and accounting principles including related telecommunications
economic and policy issues
SG 4* Telecommunication management
SG 5 Protection against electromagnetic environment effects
SG 6 Outside plant and related indoor installations
SG 9 Integrated broadband cable networks and television and sound
transmission
SG 11* Signalling requirements and protocols
SG 12 Performance and quality of service
SG 13* Next generation networks
SG 15 Optical and other transport network infrastructures
SG 16* Multimedia terminals, systems and applications
SG 17** Security, languages and telecommunication software
SG 19 Mobile telecommunication networks
* Significant security work ** Lead Study Group on Security
ITU-T Security Building Blocks
Security Architecture Network Management
Framework Security
(X.800-series) (M.3000-series)
Security compendium
• Catalogue of approved ITU-T Recommendations related to
telecommunication security
• Extract of ITU-T approved security definitions
• Summary of ITU-T Study Groups with security-related
activities
• http://www.itu.int/ITU-T/studygroups/com17/tel-security.html
The ITU Global Cybersecurity Gateway
Communication security
THREATS
Data confidentiality
Non-repudiation
Authentication
Destruction
Access control
Data integrity
Availability
Services security Corruption
Privacy
VULNERABILITIES Removal
Disclosure
ATTACKS
End-user plane
Control plane 8 Security dimensions
Management plane X.805_F3
Motivation
Objectives
Scope
Current area of focus
Draft Recommendations under development
Q.6/17 Motivation
Definition of Cybersecurity
Security of Telecommunications Network Infrastructure
Security Knowledge and Awareness of Telecom Personnel and
Users
Security Requirements for Design of New Communications Protocol
and Systems
Communications relating to Cybersecurity
Security Processes – Life-cycle Processes relating to Incident and
Vulnerability
Security of Identity in Telecommunication Network
Legal/Policy Considerations
Q.6/17 Current Area of Focus 1/2
Tasks
Plan on Recommendations
Revised Recommendation X.1051
Q.7/17 Tasks
Information Security Management Guidelines for
telecommunications
• (Existing X.1051, Information security management system –
Requirements for telecommunications (ISMS-T))
• Maintain and revise Recommendation X.1051, “Information Security
Management Guidelines for telecommunications based on
ISO/IEC27002”.
• Jointly develop a guideline of information security management with
ISO/IEC JTC 1/SC 27 (ISO/IEC 27031 =.Recommendation X.1051).
Risk Management Methodology
• Study and develop a methodology of risk management for
telecommunications in line with Recommendation X.1051.
• Produce and consent a new ITU-T Recommendation for risk
management methodology.
Incident Management
• Study and develop a handling and response procedure on security
incidents for the telecommunications in line with Recommendation
X.1051.
• Produce and consent a new ITU-T Recommendation for incident
management methodology and procedures.
Q.7/17 plan on Recommendations
X.1050: To be proposed
X.1051: In revision process
Information Security Management Guidelines for
Telecommunications based on ISO/IEC 27002
X.1052: To be proposed
X.1053: To be proposed
(Implementation Guide for Telecommunications)
X.1054: To be proposed
(Measurements and metrics for Telecommunications)
X.1055: In the first stage of development
Risk Management Guidelines for Telecommunications
X.1056: In the first stage of development
Security Incident Management Guidelines for Telecommunications
X.1057: To be proposed
(Identity Management for Telecommunications)
Information security management guidelines
for Telecommunications (Revised X.1051)
Revised X.1051
Security policy
Implementation Implementation
Implementation
Information systems acquisition, guidance requirements
guidance
for Telecom
development and maintenance for Telecom
Other
information Other
information
Information security incident
Existing
management
X.1051
ISO/IEC 17799 Revised
Business continuity management (2004)
(2005) X.1051
Compliance Approach to develop the revised
Recommendation X.1051
ITU-T SG 17 Question 8
Telebiometrics
Objectives
Study areas on biometric processes
Recommendations
Q.8/17 Objectives
Storage
Biometric
Sensors
NW
Acquisition NW NW Matching
(capturing)
Extraction Score
NW
Decision NW Application
NW:Network
Yes/No
Q.8/17 Recommendations 1/3
Focus
Position of each topic
Mobile security
Home network security
Web services security
Secure applications services
Q.9/17 Focus
Mobile Home
Mobile Network Open Network Network
Terminal
Home network
Mobile security
security
Multicast security
Q.9/17 - Mobile Security
Other SDOs
Q.17/17 Brief Summaries of draft
Recommendations 1/3
Core Security
Framework 1st Deployment Consolidation Improvement and Additions Reorganization
Engineering
H.235V4
H.235V3 H.235V3 H.235V3 H.235.0
+ Amd1 + Amd1 ~
Annex I Annex H H.235.9
approved
H.235 Annex G
H.235V2
Security Annex D
Profiles Annex F
Annex E H.530
Annex D
Annex E approved consent
H.235V1
approved started
Initial
Draft
H.323V1 H.323V2 H.323V4 H.323V5 H.323V6
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006
H.235 V4 sub-series
Recommendations