1 / 152

Security / Cybersecurity

Security / Cybersecurity. ITU Herbert Bertine, Chairman ITU-T Study Group 17. Submission Date: July 1, 2008 . Strategic Direction. Cybersecurity – one of the top priorities of the ITU

eljah
Download Presentation

Security / Cybersecurity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security / Cybersecurity ITU Herbert Bertine, Chairman ITU-T Study Group 17 Submission Date:July 1, 2008

  2. Strategic Direction Cybersecurity – one of the top priorities of the ITU • Plenipotentiary Resolution 140 (2006), ITU’s role in implementing the outcomes of the World Summit on the Information Society – The important moderator/facilitator role of ITU in action line C5 (building confidence and security in the use of ICTs). • Plenipotentiary Resolution 149 (2006), Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies • WTSA-04 Resolution 50, Cybersecurity – Instructs the Director of TSB to develop a plan to undertake evaluations of ITU-T “existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment” • WTSA-04 Resolution 51, Combating spam – Instructs the Director of TSB to “prepare urgently a report to the Council on relevant ITU and other international initiatives for countering spam, and to propose possible follow-up actions” - Done • WTSA-04 Resolution 52, Countering spam by technical means – Instructs relevant study groups “to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam”

  3. Highlights of current activities (1) • ITU Global Cybersecurity Agenda (GCA) • A Framework for international cooperation in cybersecurity • ITU response to its role as sole Facilitator for WSIS Action Line C5 • Five key work areas: Legal, Technical, Organisational, Capacity Building, International Cooperation • World renowned Group of High-Level Experts (HLEG) working on global strategies • GCA/HLEG met 26 June 2008 to agree upon a set of recommendations on all five work areas for presentation to ITU Secretary-General • ISO/IEC/ITU-T Strategic Advisory Group on Security • Coordinates security work and identifies areas where new standardization initiatives may be warranted. Portal established. Workshops conducted. • Identity Management • Effort jump started by IdM Focus Group which produced 6 substantial reports (265 pages) in 9 months • JCA –IdM and IDM-GSI established – main work is in SGs 17 and 13 • First IdM Recommendation – X.1250, Requirements for global identity management trust and interoperability - now in approval process

  4. Highlights of current activities (2) • Core security (SG 17) • Approved 14 texts in 2007, 17 so far in 2008, 15 more for action in September 2008 • Summaries of Recommendations under development are available at: http://www.itu.int/dms_pub/itu-t/oth/0A/0D/T0A0D00000D0003MSWE.doc • Covering frameworks, cybersecurity, countering spam, home networks, mobile, web services, secure applications, ISMS, telebiometrics, etc. • Work underway on additional topics including IPTV, multicast, and USN security; risk management and incident management; traceback • Questionnaire issued to developing countries to ascertain their security needs • Updated security roadmap/database, compendia, manual; strengthened coordination • Security for NGN • Y.2701, SecurityRequirements for NGN Release 1 - published • Y.2702, NGN authentication and authorization requirements – determined

  5. Challenges Addressing security to enhance trust and confidence of users in networks, applications and services • With global cyberspace, what are the security priorities for the ITU with its government / private sector partnership? • Need for top-down strategic direction to complement bottom-up, contribution-driven process • Balance between centralized and distributed efforts on security standards • Legal and regulatory aspects of cybersecurity, spam, identity/privacy • Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning • Agree uniform definitions of cybersecurity terms and definitions • Marketplace acceptance of Information Security Management System (ISMS) standards (ISO/IEC 27000-series and ITU-T X.1051) – the security equivalent to ISO 9000-series • Effective cooperation and collaboration across the many bodies doing cybersecurity work • PSO help is needed in keeping security database up-to-date • Informal security experts network – needs commitment There is no “silver bullet” for cybersecurity

  6. Next Steps/Actions for ITU-T • All Study Groups have proposed Questions for next study period • Most study groups have Questions concerning security • Questions are mainly evolution of existing work program • See Supplemental Information • The World Telecommunication Standardization Assembly (WTSA) in October 2008 will make decisions on the priorities, work program (Questions) and organization of Study Groups, including security / cybersecurity work • Meanwhile, the present work program continues under the current structure – See Supplemental Information • E.g., Study Groups 17 and 13 will each meet in September to approve additional security Recommendations • A new edition of the ITU-T “Security Manual” is scheduled for October 2008

  7. Proposed revision to Resolution • Resolution GSC-12/19, Cybersecurity • Add a new Resolves follows: 5) supply updated information on their security standards work for inclusion in the ICT Security Standards Roadmap, a databaseof security standards hosted by the ITU-T at:http://www.itu.int/ITU-T/studygroups/com17/ict/index.html

  8. Supplemental Information Supplemental Information • Security activities • ITU General Secretariat • Telecommunication Standardization Sector (ITU-T) • Radiocommunication Sector (ITU-R) • Telecommunication Development Sector (ITU-D) • Useful web resources

  9. Supplemental Information ITU General Secretariat Corporate Strategy Division

  10. ITU GlobalCybersecurityAgenda A Framework for International Cooperation in Cybersecurity

  11. Vulnerabilities in software and hardware applications and services • Low entry barriers for cyber-criminals • Increasing sophistication of cybercrime • Loopholes in current legal frameworks • Absence of appropriate organizational structures • Inadequate cooperation among various stakeholders • Global problem which cannot be solved by any single entity • (country or organization) Major challenge is to develop harmonized and comprehensive global strategies at the international level Issues and Challenges • Constant evolution of the nature of cyberthreats

  12. WSIS and Cybersecurity Confidence and security are among the main pillars of the information society “Strengthening the trust framework, including information security and network security, authentication, privacy and consumer protection, is a prerequisite for the development of the Information Society and for building confidence among users of ICTs. “ WSIS Geneva Declaration of Principles, Para 35 “We reaffirm the necessity to further promote, develop and implement in cooperation with all stakeholders a global culture of cyber-security, as outlined in UNGA Resolution 57/239 and other relevant regional frameworks.” WSIS Tunis Agenda, Para 39

  13. ITU’s Role as WSIS C5 FACILITATOR At the World Summit on the Information Society (WSIS), world leaders and governments entrusted ITU to take the leading role in coordinating international efforts on cyber-security, as the sole Facilitator of Action Line C5, “Building confidence and security in the use of ICTs” The International Telecommunication Union (ITU) provides the global perspective and expertise needed to meet the challenges, with a track record of brokering agreements between public and private interests on a level playing field ever since its inception in 1865. Third Facilitation Meeting 22-23 May 2008, ITU Headquarters, Geneva http://www.itu.int/osg/csd/cybersecurity/WSIS/3rdMeeting.html

  14. A Global Strategy for Action The strategy for a solution must identify those existing national, regional and international initiatives, work with all relevant players to identify priorities and bring partners together with the goal of proposing global solutions to address the global challenges we face today. ITU Global Cybersecurity Agenda (GCA) • A framework for international multi-stakeholder cooperation in cybersecurity • ITU Response to its role as sole Facilitator for WSIS Action Line C5 • World renowned Group of High Level Experts (HLEG) to develop global strategies • Representing main stakeholder groups working towards the same goals • : Developing harmonized global strategies

  15. 1 2 3 4 5 GCA Work Areas GCA rests on five pillars or work areas: • Legal Measures • Technical and Procedural • Measures • Organizational Structures • Capacity Building • International Cooperation

  16. High-Level Expert Group (HLEG) • A global multi-stakeholder think-tank • made up of high-level experts from: • Governments • Industry • Regional and international organizations • Research and academic institutions • Individual experts provided advice on strategies in all five work areas or pillars High-Level Experts Group (GCA/HLEG) Elaboration of global strategies for 1 the development of a model cybercrime legislation 2 the creation of appropriate national and regional organizational structures and policies on cybercrime 3 the establishment of security criteria and accreditation schemes for software applications and systems 4 the creation of a global framework for watch, warning and incident response 5 the creation and endorsement of a generic and universal digital identity system 6 the facilitation of human and institutionalcapacity-building 7 international cooperation, dialogue and coordination

  17. GCA/HLEG Members Argentina Brazil Cameroon Canada China Egypt Estonia Germany Japan India Indonesia Italy Malaysia Morocco Portugal Republic of Lithuania Russian Federation Saudi Arabia South Africa Switzerland United States Diversity of Participation • Ecole Polytechnique Fédérale de Lausanne • (EPFL), Switzerland • Information Security Institute, Australia • Moscow Technical University of • Communications, Russian Federation • African Telecommunication Union (ATU) • Asia Pacific Economic Cooperation • Telecommunications (APECTEL) • Commonwealth Telecommunications • Organisations (CTO) • Council of Europe • Department of Economic and • Social Affairs (DESA) • European Information and Network • Security Agency (ENISA) • International Criminal Police • Organization (Interpol) • Organisation for Economic Co-operation • and Development (OECD) • Organisation International de la Francophonie • Society for the Policing of Cyberspace (POLCYB) • UMTS Forum • United Nations Institute for Training • and Research (UNITAR) • United Nations Office on Drugs and Crime • Authentrus • BITEK International Inc. • Cybex • Cisco • Garlik • Intel Corporation • Microsoft Corporation • Télam S.E. • VeriSign, Inc. • Stein Schjolberg, Chief Judge, • Moss Tingrett Court, Norway • Solange Ghernaouti-Helie, • HEC-Université de Lausanne, Switzerland • Sy Goodman, Georgia Institute of Technology, • United States • Nabil Kisrawi, Chairman of WG-Def, • Syrian Republic • Bruce Schneier, Security Technologist, • Unites States • Marco Gercke, Professor, Cologne University, • Germany

  18. 1 2 3 GCA/HLEG Leveraging expertise for international consensus On a Global level, from government, international organizations to industry For a Harmonisedapproach to build synergies between initiatives Through Comprehensive strategies on all levels GCA/HLEG is building synergies with existing initiatives and working with stakeholders in these five key areas: Legal Measures e.g. Cybercrime legislation (Council of Europe), Moss Tingrett Court Norway, Cybex Technical and Procedural Measures e.g. Software (Microsoft) , hardware (Intel), Networking (CISCO), Security Apps/Services (Verisign), Global Standards and Development (ITU) Organisational Structures e.g. Ecole Polytechnique Fédérale de Lausanne (EPFL), Forum of Incident Response and Security Teams, OECD Capacity Building e.g. United Nations Institution for Training and Research (UNITAR), European Network and Information Security Agency (ENISA) International Cooperation e.g. Interpol, United Nations Office on Drug and Crime (UNODC)

  19. HLEG • The HLEG work is an ongoing dynamic process with information-sharing and interaction relating to the elaboration of Global Strategies to meet the goals of the GCA and the ITU role as sole facilitator for WSIS Action Line C.5. • Three meetings held: • First Meeting of the HLEG held on 5 October 2007 • Second Meeting of the HLEG held on 21 May 2008 • Third Meeting of the HLEG held on 26 June 2008 • Chairman's Report: • The results of the work of the HLEG, including recommendations, the views expressed during the meeting and additional information about the previous work of the HLEG are contained in the Chairman’s report which will be available at: http://www.itu.int/osg/csd/cybersecurity/gca/hleg/meetings/third/index.html

  20. GCA Sponsorship Programme – Join us! • This Sponsorship programme – will ensure that all relevant stakeholders are aware of HLEG’s valuable work, will increase also a global understanding about how to work together to implement effective strategies. It will then be up to the stakeholders themselves – within their respective mandates and capabilities – to translate these strategies into concrete actions. • GCA Sponsors will help to promote the goals of this initiative around the world by participating in high-profile business activities including publications, pubic campaigns, an annual conference and other events. In addition to the opportunity to meet with high-level decision makers, Sponsors also stand to enhance their image and credibility with their stakeholders.

  21. "The world must take action. It must stand united. This is not a problem any one nation can solve alone" Dr Óscar Arias Sánchez Nobel Peace Laureate, President of the Republic of Costa Rica, Patron of the Global Cybersecurity Agenda.

  22. Conclusions Towards a global Cyberpeace… The threats to global cybersecurity demand a global framework! The magnitude of this issue calls for a coordinated global response to ensure that there are no safe havens for cybercriminals. ITU will act as a catalyst and facilitator for these partners to share experience and best practice, so as to step up efforts for a global response to cybercrime. In this way, working together, we can create a cyberspace that is somewhere safe for people to trade, learn and enjoy. Dr Hamadoun I. Touré Secretary-General, ITU

  23. For More information on: ITU Global Cybersecurity Agenda & ITU Activities in Cybersecurity: http://www.itu.int/cybersecurity/ Email: gca@itu.int

  24. Supplemental Information ITU-TTelecommunication StandardizationSector

  25. ITU-T ITU-T Security and Cybersecurity Activities • SG 17, Security, Languages and Telecommunication Software • Lead Study Group on Telecommunication Security • SG 2, Operational Aspects of Service Provision, Networks and Performance • SG 4, Telecommunication Management • SG 5, Protection Against Electromagnetic Environment Effects • SG 9, Integrated Broadband Cable Networks and Television and Sound Transmission • SG 11, Signalling Requirements and Protocols • SG 13, Next Generation Networks • SG 15, Optical and Other Transport Network Infrastructures • SG 16, Multimedia Terminals, Systems and Applications • SG 19, Mobile Telecommunication Networks

  26. ITU-T SG 17 ITU-T Study Group 17Security, Languages and Telecommunication Software • Q.4/17, Communications Systems Security Project • Q.5/17, Security Architecture and Framework • Q.6/17, Cyber Security • Q.7/17, Security Management • Q.8/17, Telebiometrics • Q.9/17, Secure Communication Services • Q.17/17, Countering Spam by Technical Means • Q.2/17, Directory Services, Directory Systems andPublic-key/Attribute Certificates

  27. SG 17 – Q.4/17: Communications SystemsSecurity Project ITU-T SG 17 Question 4 Communications Systems Security Project • Overall Security Coordination and Vision • Outreach and promotional activities • ICT Security Standards Roadmap • Security Compendium • ITU-T Security manual • Focus Group on Security Baseline For Network Operators

  28. SG 17 – Q.4/17 results achieved • Successful workshop organized at start of Study Period to consider future direction of security standards • Security Standards Roadmap developed – includes security standards from ITU, ISO/IEC, IEEE, IETF, ATIS, ETSI, OASIS, 3GPP • Security Compendium and Security Manual maintained and updated • Security Baseline for Network Operators developed

  29. SG 17 – Q.4/17 challenges • Overall shortage of participants and contributors • Roadmap issues/challenges: • Taxonomy (always a challenge!) • Finding out about new standards and when to post them • Appearance of the database • Need to develop a short guide to the update process

  30. SG 17 – Q.4/17 progress since GSC-12 Security Roadmap • The listing of standards has been converted to a searchable database • Further updating is planned to ease navigation • A new section (Part 5) has been added on (non-proprietary) Best Practices

  31. SG 17 – Q.4/17 focus for next study period • Will continue to be primary SG contact for security coordination issues • Will maintain and update outreach material • Security Manual • Security Roadmap • Security Compendium • Responsibilities will be limited to coordination and outreach – no Recommendations

  32. SG 17 – Q.5/17: Security Architecture and Framework ITU-T SG 17 Question 5 Security architecture and framework • Scope • Strategic direction • Challenges • Major activities and accomplishments • Actions for the next study period

  33. SG 17 – Q.5/17 scope X.1036 X.1034, X.1035 X.1031 Supplement to X.800-X.849,Guidelines for implementing system and network security Recommendation X.805 has been a foundation of Q.5/17 security studies and shaped the scope of its work

  34. SG 17 – Q.5/17 scope (continued) • Q.5/17 has developed Recommendations that further develop the concepts of X.805 and provide guidance on their implementation • X.1031, Security architecture aspects of end users and networks in telecommunications - provides guidance on applying the concepts of the X.805 architecture for distributing the security controls between the telecommunication networks and the end user’s equipment. • X.1034, Guidelines on Extensible Authentication Protocol based Authentication and Key Management in a Data Communication Networkand X.1035, Password-Authenticated Key Exchange Protocol (PAK) - specify protocols and procedures that support functions of the Authentication security dimension. • X.1036, Framework for creation, storage, distribution and enforcement of policies for network security further develops the concept of the security policy described in X.805. • Supplement to X.800-X.849, Guidelines for implementing system and network securityprovides guidelines for implementing system and network security utilizing the concepts of X.805 and other security Recommendations and standards.

  35. SG 17 – Q.5/17 strategic direction • Development of a comprehensive set of Recommendations for providing standard security solutions for telecommunications in collaboration with other Standards Development Organizations and ITU-T Study Groups. • Studies and development of a trusted telecommunication network architecture that integrates advanced security technologies. • Maintenance and enhancements of Recommendations in the X.800-series and X.103x-series. • Coordination of studies on NGN security (with Question 15/13)

  36. SG 17 – Q.5/17 challenges • Authentication and key agreement is one of the most complex and challenging security procedures. Question 5/17 has developed Recommendations that contribute to the standards solutions for authentication and key management • X.1034, Guidelines on Extensible Authentication Protocol based Authentication and Key Management in a Data Communication Network • Establishes a framework for the EAP-based authentication and key management for securing the link layer in an end-to-end data communication network. • Provides guidance on selection of the EAP methods. • X.1035, Password-Authenticated Key Exchange Protocol (PAK) • Specifies a protocol, which ensures mutual authentication of both parties in the act of establishing a symmetric cryptographic key via Diffie-Hellman exchange.

  37. SG 17 – Q.5/17 major accomplishments • Recommendations developed by Q.5/17: • X.1031, Security architecture aspects of end users and networks in telecommunications • X.1034, Guidelines on Extensible Authentication Protocol based Authentication and Key Management in a Data Communication Network • X.1035, Password-Authenticated Key Exchange Protocol (PAK) • X.1036, Framework for creation, storage, distribution and enforcement of policies for network security • A Supplement developed by Q.5/17 • Supplement to X.800 - X.849 seriesGuidelines for implementing system and network security • Other technical documents prepared by Q.5/17 • In response to the WTSA Resolution 50, Question 5/17 has prepared Guidelines for designing secure protocols using ITU-T Recommendation X.805. • Major coordination activity conducted by Q.5/17 • Question 5/17 has coordinated security studies with Question 15 of SG 13, NGN Security ensuring alignment of the standards work in both groups.

  38. SG 17 – Q.5/17 actions for next study period • How should a comprehensive, coherent communications security solution be defined? • What is the architecture for a comprehensive, coherent communications security solution? • What is the framework for applying the security architecture in order to establish a new security solution? • What is the framework for applying security architecture in order to assess (and consequently improve) an existing security solution? • What are the architectural underpinnings for security? • What new Recommendations may be required for providing security solutions in the changing environment? • How should architectural standards be structured with respect to existing Recommendations on security? • How should architectural standards be structured with respect to the existing advanced security technologies? • How should the security framework Recommendations be modified to adapt them to emerging technologies and what new framework Recommendations may be required? • How are security services applied to provide security solutions?

  39. SG 17 – Q.6/17: Cyber Security ITU-T SG 17 Question 6 Cyber Security • Motivation • Scope • Challenges • Highlights of activities • Actions for Next Study Period • Collaboration with SDOs

  40. SG 17 – Q.6/17 motivation • Network connectivity and ubiquitous access is central to today’s IT systems • Wide spread access and loose coupling of interconnected IT systems and applications is a primary source of widespread vulnerability • Threats such as: denial of service, theft of financial and personal data, network failures and disruption of voice and data telecommunications are on the rise • Network protocols in use today were developed in an environment of trust • Most new investments and development is dedicated to building new functionality and not on securing that functionality • An understanding of cybersecurity is needed in order to build a foundation of knowledge that can aid in securing the networks of tomorrow

  41. SG 17 – Q.6/17 scope • Definition of Cybersecurity • Security of Telecommunications Network Infrastructure • Security Knowledge and Awareness of Telecom Personnel and Users • Security Requirements for Design of New Communications Protocol and Systems • Communications relating to Cybersecurity • Security Processes – Life-cycle Processes relating to Incident and Vulnerability • Security of Identity in Telecommunication Network • Legal/Policy Considerations • IP traceback technologies • Authentication Assurance

  42. SG 17 – Q.6/17 challenges • How should the current Recommendations be further enhanced for their wide deployment and usage? • How to harmonize common IdM data models across the ITU • How to define and use the term Identity within the ITU • How to detect and predict future threats and risks to networks • How to harmonize various IdM solutions • What are the best strategies to improve Cybersecurity • How to maintain a living list of IdM terms and definition and use it informally across the ITU

  43. SG 17 – Q.6/17 highlights of activities Completed Recommendations * Currently in the approval process

  44. SG 17 – Q.6/17 highlights of activities (2) Recommendations under development ITU-T X.eaa | ISO/IEC xxxx, Information technology – Security techniques – Entity authentication assurance This Recommendation | International Standard provides a framework for entity authentication assurance which is the quantification of the risks that an entity is who or what he/she/it claims to be. In other words, entity authentication assurance is a measure of the confidence or risks associated with the authentication process and mechanisms. ITU-T X.gopw, Guideline on preventing worm spreading in a data communication network This Recommendation describes worm and other malicious codes spreading patterns and scenarios in a data communication network. The Recommendation provides guidelines for protecting users and networks from such malicious codes.

  45. SG 17 – Q.6/17 highlights of activities (3) Recommendations under development ITU-T X.idif, User Control enhanced digital identity interchange framework This Recommendation defines a framework that covers how global interoperable digital identity interchange can be achieved and how an entity’s privacy is enhanced by providing an entity more control over the process of identity interchange. In addition, the Recommendation defines the general and functional requirements of the framework that should be satisfied. Based on the requirements, a framework is defined with basic functional building blocks for identity interchange and enhancing entity control. ITU-T X.idm-dm, Common identity data model This Recommendation develops a common data model for identity data that can be used to express identity related information among IdM systems.

  46. SG 17 – Q.6/17 actions for next study period • Enhance current Recommendations to accelerate their adoption • Work with SG 2 in Trusted Service Provider Identifier (TSPID) • Collaborate with Questions 5, 7, 9, 17/17 and with SG 2 in order to achieve better understanding of various aspects of network security • Collaborate with IETF, OASIS, ISO/IEC JTC1, Liberty Alliance and other standardization bodies on Cybersecurity • Work with OASIS on maintaining the OASIS Common Alerting Protocol V1.1 (ITU-T Recommendation X.1303) • Study new Cybersecurity issues – How should ISPs deal with botnets, evaluating the output of appropriate bodies when available. • Study technical aspects of Traceback techniques • Joint work is ISO/JTC1 SC 27 on Entity Authentication Assurance • Progress work with Liberty Alliance on Identity Authntication Frameworks • Working with SG 4 and SG 13 on common IdM Data Models. • Developing frameworks for User control enhanced digital identity interchange framework • Developing guideline on protection for personally identifiable information in RFID application • Developing requirements for security information sharing framework • Developing guideline on preventing worm spreading in a data communication network • Maintaining the IdM Lexicon document

  47. SG 17 – Q.6/17 collaboration with other SDOs • ISO/IEC JTC 1/SC 27 • IEC/TC 25 • IETF • IEEE • Liberty Alliance • OASIS • W3C • 3GPP • ETSI/TISPAN

  48. SG 17 – Q.7/17: Security management ITU-T SG 17 Question 7 Security management • Scope • Challenges • Highlights of activities • Actions for Next Study Period • Collaboration with SDOs

  49. SG 17 – Q.7/17 scope For telecommunications organizations, information and the supporting processes, facilities, networks and communications medias are all important business assets. In order for telecommunications organizations to appropriately manage these business assets and to correctly continue the business activity, Information Security Management is extremely necessary. The scope of this question is to provide GUIDELINES and BASELINES of Information Security Management to be appropriately applied for telecommunications organizations. Studies related on this issue can be a little bit extended to cover the following items: - information security management guidelines (baseline) - information incident management guidelines - risk management and risk profiles guidelines - assets management guidelines - policy management guidelines - information security governance - etc.

  50. Baseline X.1051 Information Security Management Guidelines IncidentManagement VulnerabilityHandling SystemsSecurity OrganizationalSecurity Compliant BCP Physical AccessControls OperationalSecurity Alert Handling Assets Announcement Personnel IncidentHandling Policy Information SecurityGovernance Assets ManagementMethodology Policy Mang. Other Managements Event Mang. Risk Management& Risk Profiles IncidentMang. Asset Mang. Risk Mang. Other IncidentManagement MaintenanceMang. FrameworkX.ismf X.sim: Security Incident Mang. X.rmg * * * Based on the proposals from NSMF Practical Implementation Methodologies SG 17 – Q.7/17 strategic directions

More Related