1. Objectives of Roadmap
This ICT Security Standards Roadmap is intended to support the security standardization work of the ITU by identifying existing published security standards, standards that are in development, and areas where a need for standards has been identified but where work has not yet been initiated. Although the focus is primarily on standards in the ITU-T space (i.e. security standards relating to telecommunication networks), the standards and work of other formal and informal regional and international standards development organizations (SDOs) are included in this Roadmap. The Roadmap also identified existing collaborative projects and helps to identify possible opportunities for future collaboration. It is hoped that the Roadmap will contribute to the coordination of security standardization activities by providing an up-to-date summary of work that has been completed and work that is in progress across SDOs as well as identifying the major organizations participating in this work. By knowing what has been done already, and what work is in progress, it will be possible to avoid duplication of effort and also to identify gaps that need attention.
2. Structure and content
The Roadmap, which is considered a “work in progress” is currently structured with the intention that the primary publication medium will be the web. Although periodic paper publication is not precluded, it is important that the currency of the information be maintained and that the updating process be easy and timely. Publishing the Roadmap as a web document facilitates frequent updates and will make the document readily available to the widest possible audience at the lowest cost.
The information provided via Roadmap is expected to expand as the work of other SDOs is added. Currently, security standards of ATIS, ETSI, IEEE, IETF, ISO/IEC, ITU, OASIS, 3GPP and 3GPP2 are included. Further expansion to other organizations is anticipated as data is made available.
This part of the Roadmap provides summaries of the standards work in progress by identifying the respective organizations and their overall work programs. (The actual standards are listed in Part 2 of the Roadmap using a fairly simple classification scheme.) In addition, this part of the Roadmap includes a section devoted to the very important topic of security definitions. In general, information in the body of the Roadmap is in the form of brief summaries and headings; more detailed information may be obtained by following the hot links.
3. Key international and regional ICT security standards development organizations
Each international Standards Development Organization listed has a particular role in the development of ICT security standards.
Standards of the following organizations are currently included in the Roadmap:
3.1 Formal International Standards Development Organizations
International Telecommunication Union – Telecommunication Standardization Sector (ITU-T)
3.2 Other international standards bodies and forums
Internet Engineering Task Force (IETF)
Organization for the Advancement of Structured Information Standards (OASIS)
3.3 Regional standards development organizations
Alliance for Telecommunications Industry Solutions (ATIS)
The European Telecommunications Standards Institute (ETSI)
Institute of Electrical and Electronics Engineers
Regional Asia Information Security Standards Exchange (RAISS Forum)
4. IT Security Definitions
Terminology forms a very important part of any standard. It is essential that terms used be clear and unambiguous. However, the development of definitions can often generate much discussion and divert attention from the more important task of developing a technical specification. In addition, in IT security, where diverse groups of experts are developing standards relatively independently, there is a great risk that multiple definitions will be developed for the same term or that similar definitions will be appended to different terms. A number of security glossaries have already been developed by SDOs. References are provided below. ITU-T SG17 urges that experts who are engaged in the development utilize existing definitions from these glossaries wherever possible. New terms should be defined only where an acceptable definition does not already exist. Further, if it is necessary to define a new term, it should not duplicate, or conflict with, a term that has already been defined in an existing standard.
Existing security vocabularies
Compendium of ITU-T approved security definitions extracted from ITU-T recommendations
This document is a compendium of security-related definitions extracted from approved ITU-T Recommendations with a view toward establishing a common understanding (and use) of security terms within ITU-T. This listing will continue to be developed.
ISO/IEC JTC 1/SC 27 Terminology
This SC27 Standing Document (SD 6) contains terms and definitions that appear in SC 27 International Standards, Technical Reports and Drafts.
This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed.
ETSI Glossary of security terminology ETR 232
Go to the above link and select “ETR” in the “Type” box and “232” in the “Number” box. (NOTE: ETR 232 was published in 1995)
ISO/IEC JTC1 SC 37 Harmonized Biometric Vocabulary
This Standing Document (SD 2) of SC37 contains an extensive list of biometric-related definitions.
Recent Comments