Available for download: 6th edition of the ITU-T Security Manual
The ITU-T Security Manual offers a comprehensive overview of ITU-T’s work to build confidence and security in the use of information and communication technologies (ICTs). Download the 6th edition of the manual free of charge here…
The manual documents ITU-T’s efforts to respond to global cybersecurity challenges with international standards, complementary guidance documents and outreach to build capacity in the application of advanced ICT security mechanisms.
Introductory chapters highlight high-priority areas of ITU-T security work and basic requirements for the protection of ICT applications, services and information. Central to this introduction is an examination of standards’ role in meeting the security requirements borne of prevalent threats and vulnerabilities. Subsequent chapters introduce readers to technical frameworks for ICT security and best practices in their application.
The manual outlines foundational security architectures as a basis for the discussion of more specific security considerations, following an iterative structure addressing key aspects of ICT security:
Generic security architectures for open systems and end-to-end communications, as well as examples of application-specific architectures, which establish frameworks for the consistent application of multiple facets of security.
Information security management, risk management and asset management, including management activities relevant to securing network infrastructure and the data used to monitor and control the telecommunications network.
The Directory and its role in supporting authentication and other security services. Particular attention is paid to the cryptographic concepts that rely on Directory services, providing an introduction to public key infrastructures, digital signatures and privilege-management infrastructures.
Identity management – a topic of growing importance to connected things, objects and devices – and the related topic of telebiometrics, the use of biometric characteristics for personal identification and authentication in telecommunications environments.
Approaches to network security, including the security requirements for next-generation networks and mobile communications networks in transition from a single technologies (e.g. CDMA or GSM) to mobility across heterogeneous platforms using the Internet Protocol (IP). This section also tackles security provisions for home networks, cable television and ubiquitous sensor networks.
Cybersecurity and incident response, looking at how best to develop an effective response to cyber attacks, including the need to understand the source and nature of attacks when sharing associated information with monitoring agencies.
Application-specific security needs, emphasizing the security features defined in ITU-T standards for Voice over IP, Internet Protocol Television, Web services, and identification tags such as RFID tags.
Technical measures to counter common network threats such as spam, malicious code and spyware, including the importance of timely notifications with respect to the dissemination of software updates within structured, consistent incident-response frameworks.
Cloud computing security is a new addition to the manual, reflecting the importance of this topic to industry and the significance of related ITU-T standardization work.
The manual concludes with a brief discussion of the potential future direction of ITU-T’s work in ICT security standardization, an area led by ITU-T Study Group 17…