|
Summary:
|
General guidelines of information security management for telecommunications organizations are presented in ITU-T Recommendation X.1051, which is based on ISO/IEC Standards 27001 and 27002. In an information security management system (ISMS) based on Recommendation X.1051, physical security is a key issue, as shown for example in the following text presented in Recommendation X.1051:
"A site whose environment is least susceptible to damage from strong electromagnetic field shall be selected for communication centers. If necessary, less than satisfactory site may be selected provided appropriate measures are taken to protect telecommunications equipment rooms with electromagnetic shields, etc."
"controls should be adopted to minimize the risk of potential physical threats, e.g. theft, fire, explosives, smoke, water (or water supply failure), dust, vibration, chemical effects, electrical supply interference, communications interference, electromagnetic radiation, and vandalism;"
When the security is managed considering above mentioned sentences, we should evaluate the threat and mitigate equipment or site. The threat is related to "Vulnerability" and "Confidentiality" in ISMS.
This basic Recommendation outlines electromagnetic security risks of telecommunication equipments and guides how to assess and prevent those risks, in order to manage ISMS in accordance with Recommendation X.1051. Major electromagnetic security risks taken up in this Recommendation are as follows:
" Natural EM threats (e.g. lightning);
" Unintentional interference (i.e. Electromagnetic Interference (EMI));
" Intentional interference(i.e. Intentional Electromagnetic Interference (IEMI));
" Deliberate EM attack via High Altitude Electromagnetic Pulse (HEMP);
" Deliberate EM attack via High Power Electromagnetic (HPEM);
" Information leakage from EM emanation (i.e. Electromagnetic security (EMSEC));
|
