Arkadiy KremerChairman ITU-T Study Group 17.ppt
《Arkadiy KremerChairman ITU-T Study Group 17.ppt》由会员分享,可在线阅读,更多相关《Arkadiy KremerChairman ITU-T Study Group 17.ppt(23页珍藏版)》请在麦多课文档分享上搜索。
1、Arkadiy Kremer Chairman ITU-T Study Group 17,Session 2: Role of Standardization in Cybersecurity,ITU Open Forum on Cybersecurity, 6 December 2008,“We have received a strong message from our members that ITU is, and will remain the worlds pre-eminent global telecommunication and ICT standards body. A
2、nd we hear also, and very clearly, that ITU should continue on its mission to connect the world, and that bringing the standardization gap, by increasing developing country participation in our work, is an essential prerequisite to achieve this goal”.Malcolm Johnson, TSB Director(Closing speech at t
3、he WTSA-08),2 of 23,ITU Open Forum on Cybersecurity, 6 December 2008,Strategic direction,WSIS Action Line C5, Building confidence and security in use of ICTs WTSA-08 Resolution 50, Cybersecurity Resolves “that ITU-T continue to evaluate existing and evolving new Recommendations, and especially signa
4、ling and telecommunication protocol Recommendations, with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment in the global information and telecommunication infrastructure”. WTSA-08 Resolution 52, Countering and
5、combating spam Instructs ITU-T study groups “to continue collaboration with the relevant organizations (e.g., IETF), in order to continue developing, as a matter of urgency, technical Recommendations with a view to exchanging best practices and disseminating information through joint workshops, trai
6、ning sessions, etc.“,3 of 23,ITU Open Forum on Cybersecurity, 6 December 2008,Strategic direction (cont.),4 of 23,Plenipotentiary Resolution 130, Strengthening the role of ITU in building confidence and security in the use of information and communication technologies Instructs Director of TSB to in
7、tensify work in study groups, address threats & vulnerabilities, collaborate, and share information Plenipotentiary Resolution 149, Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies - Instructs Council to study
8、terminology ITU Global Cybersecurity Agenda. Key work areas: Legal Measures, Technical and Procedural Measures, Organizational Structures, Capacity Building, International Cooperation. World renowned Group of High-Level Experts report to ITU Secretary General contains recommendations in each of the
9、five areas,ITU Open Forum on Cybersecurity, 6 December 2008,Coordination,5 of 23,ISO/IEC/ITU-T Strategic Advisory Group Security Oversees standardization activities in ISO, IEC and ITU-T relevant to security; provides advice and guidance relative to coordination of security work; and, in particular,
10、 identifies areas where new standardization initiatives may be warranted (portal established, workshops conducted) Global Standards Collaboration ITU and participating standards organizations exchange information on the progress of standards development in the different regions and collaborate in pl
11、anning future standards development to gain synergy and to reduce duplication. GSC-13 resolutions concerning security include Cybersecurity (13/11), Identity Management (13/04), Network aspects of identification systems (13/03), Personally Identifiable Information protection (13/25).,ITU Open Forum
12、on Cybersecurity, 6 December 2008,ITU-T security activities,6 of 23,Study Group 17 is the lead study group in the ITU-T for security responsible for: Coordination of security work Development of core Recommendations Most of the other study groups have responsibilities for standardizing security aspe
13、cts specific to their technologies (TMN security, IPCablecom security, NGN security, Multimedia security, etc.),ITU Open Forum on Cybersecurity, 6 December 2008,SG 17 Security Project,7 of 23,Security Coordination Within SG 17, with ITU-T SGs, with ITU-D and externally Kept others informed - TSAG, I
14、GF, ISO/IEC/ITU-T SAG-S Made presentations to workshops/seminars and to GSC Maintained reference information on LSG security webpage Security Compendium Includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations Security Standards
15、Roadmap Includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS) ITU-T Security Manual assisted in its development,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations,8 of 23,Strong ramp-up on developing
16、core security Recommendations in SG 17 14 approved in 2007 27 approved in 2008 44 under development for approval next study period Subjects include: Architecture and Frameworks Web services Directory Identity management Risk management Cybersecurity Incident management Mobile security Countering spa
17、m Security management Secure applications Telebiometrics Ubiquitous Telecommunication services SOA security Ramping up on: Multicast Traceback Ubiquitous sensor networks Collaboration with others on many items,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),9 o
18、f 23,ITU-T Recommendation X.1205 Overview of CybersecuritySummary This Recommendation provides a definition for Cybersecurity. The Recommendation provides taxonomy of security threats from an organization point of view. Cybersecurity threats and vulnerabilities including the most common hackers tool
19、s of the trade are presented. Threats are discussed at various network layers. Various Cybersecurity technologies that are available to remedy the threats are discussed including: routers, firewalls, antivirus protection, intrusion detection systems, intrusion protection systems, secure computing an
20、d audit and monitoring. Network protection principles such as defence in depth, access management with application to Cybersecurity are discussed. Risk management strategies and techniques are discussed including the value of training and education in protecting the network. Examples for securing va
21、rious network based on the discussed technologies are also discussed.,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),10 of 23,ITU-T Recommendation X.1206 A vendor-neutral framework for automatic notification of security related information and dissemination of
22、 updatesSummary This Recommendation provides a framework for automatic notification of security related information and dissemination of updates. The key point of the framework is that it is a vendor-neutral framework. Once an Asset is registered, updates on vulnerabilities information and patches o
23、r updates can be automatically made available to the users or directly to applications regarding the Asset.,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),11 of 23,Recommendation ITU-T X.1207 Guidelines for telecommunication service providers for addressing th
24、e risk of spyware and potentially unwanted softwareSummary Recommendation ITU-T X.1207 provides guidelines for telecommunication service providers (TSPs) for addressing the risks of spyware and potentially unwanted software. This Recommendation promotes best practices around principles of clear noti
25、ces and users consents and controls for TSP web hosting services. This Recommendation develops and promotes best practices to users on personal computer (PC) security, including use of anti-spyware, anti-virus, personal firewall and security software updates on client systems.,ITU Open Forum on Cybe
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
2000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ARKADIYKREMERCHAIRMANITUTSTUDYGROUP17PPT
