ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17

Similar documents
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Regional Seminar on Cyber Preparedness ITU s work in Cybersecurity and Global Cybersecurity Index (GCI)

CYBEX The Cybersecurity Information Exchange Framework (X.1500)

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

INTERNATIONAL TELECOMMUNICATION UNION

Overview of ITU Cybersecurity Activities

Cybersecurity for ALL

ITU-T Security Standard Activities

Implementation of Universal Global Trusted Service Provider Identity (Trusted SPID)

How To Use A Policy Auditor (Macafee) To Check For Security Issues

Cybersecurity informa1on security exchange framework (CYBEX): importance and current developments

BMC Client Management - SCAP Implementation Statement. Version 12.0

3-5 Cybersecurity Information Exchange Techniques: Cybersecurity Information Ontology and CYBEX

How To Manage Security On A Networked Computer System

Continuous Monitoring

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

SIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd.

SCAP for VoIP Automating Configuration Compliance. 6 th Annual IT Security Automation Conference

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

CompTIA Security+ (Exam SY0-410)

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

Secunia Vulnerability Intelligence Manager (VIM) 4.0

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

Bachelor of Information Technology (Network Security)

An Enterprise Continuous Monitoring Technical Reference Architecture

CDM Vulnerability Management (VUL) Capability

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Clavister InSight TM. Protecting Values

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Korea s experience of massive DDoS attacks from Botnet

How To Monitor Your Entire It Environment

INSTANT MESSAGING SECURITY

PARAMETERS TO BE MONITORED IN THE PROCESS OF OPERATION WHEN IMPLEMENTING NGN TECHNICAL MEANS IN PUBLIC TELECOMMUNICATION NETWORKS

McAfee Network Security Platform

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

Cisco Advanced Services for Network Security

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

An ITU-T Vision on SPAM

Big Data, Big Risk, Big Rewards. Hussein Syed

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols

Cybersecurity and internal audit. August 15, 2014

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Cyber Watch. Written by Peter Buxbaum

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

93% of large organisations and 76% of small businesses

VOICE OVER IP SECURITY

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

ITU GLOBAL CYBERSECURITY AGENDA AND CHILD ONLINE PROTECTION. International Telecommunication Union

74% 96 Action Items. Compliance

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Jort Kollerie SonicWALL

network PRoteCtion and information L G S H a S P e R F o R M e D assurance networks R e D t e a M S e C U R i t Y

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

McAfee Security Architectures for the Public Sector

CTR System Report FISMA

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

The Ontological Approach for SIEM Data Repository

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Next-Generation Firewalls: Critical to SMB Network Security

Management (CSM) Capability

D. Grzetich 6/26/2013. The Problem We Face Today

A Phased Framework for Countering VoIP SPAM

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Human Factors in Information Security

A Model-based Methodology for Developing Secure VoIP Systems

Cyber security Country Experience: Establishment of Information Security Projects.

Into the cybersecurity breach

COMMISSION OF THE EUROPEAN COMMUNITIES

Continuous security audit automation with Spacewalk, Puppet, Mcollective and SCAP

Certified Information Systems Auditor (CISA)

Reference Ontology for Cybersecurity Operational Information

Domain 1 The Process of Auditing Information Systems

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

INTERNATIONAL TELECOMMUNICATION UNION

Cyber Security for NERC CIP Version 5 Compliance

Security Issues in Cloud Computing

Transcription:

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 TSB Briefing to the Regional Offices, 28 Feb 2011 Martin Euchner Advisor of ITU-T Study Group 17 Martin.Euchner@itu.int 1

Security activities in other ITU-T Study Groups ITU-T SG 2 Operation aspects & TMN Q3 International Emergency Preference Scheme, ETS/TDR Q5 Network and service operations and maintenance procedures, E.408 Q11 TMN security, TMN PKI ITU-T SG 9 Integrated broadband cable and TV Q3 Conditional access, copy protection, HDLC privacy, Q7, Q8 DOCSIS privacy/security Q9 IPCablecom 2 (IMS w. security), MediaHomeNet security gateway, DRM ITU-T SG 11 Signaling Protocols Q7 EAP-AKA for NGN ITU-T SG 13 Future network Q16 Security and identity management for NGN Q17 Deep Packet Inspection ITU-T SG 15 Optical Transport & Access Reliability, availability, Ethernet/MPLS protection switching ITU-T SG 16 Multimedia Secure VoIP and Multimedia security (H.233, H.234, H.235, H.323, secure JPEG2000) SG 15 SG 16 SG 13 SG 17 SG 2 SG 11 SG 3 SG 9 2

Q1 Study Group 17 Security http://www.itu.int/itu-t/studygroups/com17/index.asp WP 1 WP 2 WP 3 Network and information security Security project Q2 Security architecture Q3 Information Security Management Q4 Cybersecurity LSG Security Q5 Countering spam Res.130 Res.179 Res.181 Res.174 Res.58 Res.50 Res.52 Q6 Application security Ubiquitous services security Q7 Secure application services Q8 Service Oriented Architecture security Q9 Telebiometrics Res.76 Res.177 Identity management and languages Q10 IdM Q11 Directory, PKI Q12 ASN.1, OID Q13 Formal languages Q14 Testing languages Q15 OSI LSG IdM LSG Languages JCA-IdM JCA-CIT Res.50: Cybersecurity Res.52: Anti-SPAM Res.58: National CIRTs Res.76: Conformance & Interoperability Res.130: Security & Confidence in ICT Res.174: Illicit use of ICT Res.177: Conformance & Interoperability Res.179: Child Online Protection Res.181: Defs & Terms on ICT security, confidence 3

Definition of Cybersecurity (ref. Recommendation ITU-T X.1205, Overview of cybersecurity) Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user s assets. Organization and user s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user s assets against relevant security risks in the cyber environment. The general security objectives comprise the following: Availability Integrity, which may include authenticity and non-repudiation Confidentiality. 4

Major accomplishments (1) X.1200-series Recommendations allocated to Cyberspace security X.1200 X.1229 allocated to Cybersecurity Cybersecurity X.1205 Overview of cybersecurity New New X Suppl. 8 to ITU-T X.1205 Supplement on best practices against botnet threats X.1206 A vendor-neutral framework for automatic notification of security related information and dissemination of updates X.1207 Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software X.1209 Capabilities and their context scenarios for cybersecurity information sharing and exchange. 5

Major accomplishments (2) X.1230 X.1249 allocated to Countering spam Countering spam X.1231 Technical strategies on countering spam X.1240 Technologies involved in countering e-mail spam X.1241 Technical framework for countering e-mail spam X.1242 Short message service (SMS) spam filtering system based on New New user-specified rules X.1243 Interactive gateway system for countering spam X.1244 Overall aspects of countering spam in IP-based multimedia applications X.1245 Framework for countering spam in IP-based multimedia applications 6

Major accomplishments (3) X.1250 X.1279 allocated to Identity Management Identity Management X.1250 Baseline capabilities for enhanced global identity management and interoperability X Suppl. 7 to ITU-T X.1250 series Supplement on overview of identity management in the context of cybersecurity X.1251 A framework for user control of digital identity New New X.1252 Baseline identity management terms and definitions X.1261 Extended validation certificate framework (EVcert) X.1275 Guidelines on protection of personally identifiable information in the application of RFID technology Misc.: New X.674 Procedures for the registration of arcs under the Alerting object identifier arc X.1303 Common alerting protocol (CAP 1.1) 7

Question 4/17 Cybersecurity Some activities Security assurance mechanisms in telecommunication networks for service providers Development and sharing of best practices in the cyber environment Sharing of vulnerabilities information Framework for security information sharing; enhancements and refinements of cybersecurity information exchange techniques Malware attribute, vulnerability, weakness, misuse, attack pattern enumeration and classification Assessment result format, Common event expression, Digital forensics exchange format, Incident object description exchange, Extensible configuration checklist description format Discovery mechanisms in the exchange of cybersecurity information Guideline on preventing malicious code spreading in ICT networks Abnormal traffic detection Framework for Botnet detection and response Traceback scenarios, capabilities, mechanisms Techniques for preventing web-based attacks Requirements and solutions for telecommunications/ict using digital forensics, trace-back, to counter cyber stalking and fraud. Cybersecurity index computation from usage and measurement of indicators Distributing policies for network security Usage of networks to provide critical services in a secure fashion during national emergency. 8

CYBEX Basics (CYBEX = Cybersecurity information exchange) The new cybersecurity paradigm know your weaknesses minimize the vulnerabilities know your attacks share the heuristics within trust communities CYBEX techniques for the new paradigm Weakness, vulnerability and state Event, incident, and heuristics Information exchange policy Identification, discovery, and query Identity assurance Exchange protocols X.1500 culminates a broadly supported 2-year effort Consists of a non-prescriptive, extensible, complementary collection of tools that can be used as needed 9

CYBEX Facilitates a Global Cybersecurity Model Provide basis for additional actions Measures for threat response Provide basis for actions Measures for threat detection Reputation sanctions Forensics & heuristics analysis Patch development Provide data for analysis Blacklists & whitelists Vulnerability notices Real-time data availability Stored event data availability Deny resources Measures for protection Identity Management Provide awareness of vulnerabilities and remedies Encryption/ VPNs esp. for signalling Resilient infrastructure Routing & resource constraints Network/ application state & integrity CYBEX Information Exchange Techniques 10

Cybersecurity Entities Cybersecurity Information acquisition (out of scope) The CYBEX Model structuring cybersecurity information for exchange purposes identifying and discovering cybersecurity information and entities establishment of trust and policy agreement between exchanging entities requesting and responding with cybersecurity information assuring the integrity of the cybersecurity information exchange Cybersecurity Entities Cybersecurity Information use (out of scope) 11

CYBEX Technique Clusters: Structured Information Weakness, Vulnerability/State Exchange Knowledge Base Event/Incident/Heuristics Exchange Platforms Weaknesses Vulnerabilities and Exposures Event Expressions Malware Patterns State Security State Measurement Configuration Checklists Assessment Results Incident and Attack Patterns Malicious Behavior Exchange Policies Exchange Terms and conditions 12

CYBEX Technique Clusters: Utilities Identification, Discovery, Query Common Namespaces Discovery enabling mechanisms Request and distribution mechanisms Identity Assurance Exchange Protocol Trusted Platforms Authentication Assurance Methods Authentication Assurance Levels Trusted Network Connect Interaction Security Transport Security 13

Toward Network Security Planes: Security Automation Schemas Everywhere XCCDF exensible Configuration Checklist Description Format OVAL Open Vulnerability and Assessment Language CVSS Common Vulnerability Scoring System CWSS Common Weakness Scoring System SCAP Security Automation Tools CPE Common Platform Enumeration CCE Common Configuration Enumeration ARF Assessment Result Format CVE Common Vulnerabilities and Exposures CWE Common Weakness Enumeration 14

Future direction Cybersecurity X.1500-series Recommendations allocated to Cybersecurity information exchange Cybersecurity Information Exchange (CYBEX) Facilitate standardized global exchange of vulnerability and incident information making security measurable http://www.itu.int/en/itu-t/studygroups/com17/pages/cybex.aspx Draft X.1500 Draft X.1520 Draft X.1521 Draft X.gopw Cybersecurity information exchange framework Common vulnerabilities and exposures (CVE) Common vulnerability scoring system (CVSS) Guideline on preventing malicious code spreading in a data communication network Approx. 30 active work items on cybersecurity are in the Q4/17 pipeline and re being progressed towards Recommendations. 15

Child Online Protection (COP) New study topic within SG 17 COP aims to tackle cybersecurity holistically, addressing legal, technical, organizational and procedural issues as well as capacity building and international cooperation. TSAG has acknowledged (Feb 2011) that SG 17 can study and coordinate Child Online Protection. SG 17 s foreseen activities on COP are a logical next step in continuing the ITU COP initiative in the area of technical measures. SG 17 could be active on technical and procedural security measures concerning COP, where SG 17 members and Member States are expected to develop technical procedural criteria for telecom operators and/or service providers and related technical measures to combat new and emerging threats to children. In the technical domain, the objectives would be to identify best practices on technical measures for child online protection and to develop interoperable standards and related recommendations to protect children online. The aim would be to develop a widely shared approach which could be promoted across the whole telecommunication industry. Several SG 17 Questions might study technical aspects on COP. SG 17 might also want to study a Code of Conduct on COP (e.g. for service providers). 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information