|Work item||Subject / Title||Summary
|X.TRsuss||Technical Report on the successful use of security standards||This Technical Report on the successful use of security standards is intended to help users, especially those from developing countries, to gain a better understanding of the value of using security-related ITU-T Recommendations in a variety of contexts (e.g. business, commerce, government, industry). It covers the use of security standards in a variety of applications and also introduces readers to the relevance and importance of foundational security standards such as architectural standards, methodology, definitions, and other high-level guidance. The overall focus is to encourage successful and productive use of these standards.
|X.salcm||Security reference architecture for lifecycle management of e-commerce business data||Security is very important for e-commerce services. Meanwhile, e-commerce service ecosystems have a lot of security similarities. Recommendation ITU-T X.salcm analyses the main features of internet and typical threats for e-commerce service ecosystem, and provides a reference architecture for lifecycle management of e-commerce business data. This Recommendation also describes security objectives achieved by application of security dimensions to data lifecycle management specified in the reference architecture.
|X.sdnsec-2||Security requirements and reference architecture for Software-Defined Networking||This Recommendation is to support security protection for software-defined networking (SDN). It is to identify new security threats as well as traditional network security threats to SDN, to define security requirements, to provide possible security countermeasures against new security threats, and to design security reference architecture for SDN.
|X.sgmvno||ITU-T X.805 - Supplement on Security guideline for mobile virtual network operator (MVNO)||Security is very important for mobile virtual network operator (MVNO). Meanwhile, MVNOs have a lot of security similarities. This supplement provides security guideline for MVNOs. This Supplement also analyses the main features of MVNOs and typical threats to MVNOs. Based on the structure of MVNOs, this Supplement provides security framework of MVNOs, including security objectives and security requirements.
|X.tigsc||Technical implementation guidelines for ITU-T X.805||Many organizations in developing countries as well as developed countries may have difficulties in implementing the high-level domains described in Recommendation ITU-T X.805. Recommendation ITU-T X.tigsc is aimed at providing a set of countermeasures to implement the high-level domains. The technical implementation guidelines for security countermeasures can be used to improve organizations' security strength with provision of understandable implementation guidelines of technical countermeasures. A set of countermeasures or solutions described in this Recommendation could assist organizations in managing information security risks and implementing technical domains. The audience of this Recommendation include, but not limited to, those individuals responsible for implementing an organization's information security domains.
|X.voLTEsec-1||Security framework for voice-over-long-term-evolution (VoLTE) network operation||VoLTE is a VoIP service over LTE network, and it is the most promising telecommunication services for global operators in the future. VoLTE is a full IP network architecture based on SIP, which makes VoLTE network more vulnerable to be attacked. For example, the key equipment of SBC maybe suffers from denial of service attacks, hackers might launch defraud calling, etc.
Recommendation ITU-T X.voLTEsec-1 will set up a security framework for VoLTE network operation, and provide a guideline to strengthen the secure deployment and operation, and it will cover complementary technical and management aspects, such as:
- Security deployment via isolation of security domains.
- Standardized security configuration baseline for VoLTE network equipment and system.
- Deployment of dedicated security devices for depth defences.
- Network operation via specific O&M system.
- Security risk response and disposal.
This Recommendation will be helpful for all telecommunication operators to improve the security operation of VoLTE network service.
|X.gpim||Information technology - Security techniques - Code of practice for Personally Identifiable Information protection||Recommendation ITU-T X.gpim | ISO/IEC 29151 provides guidelines of management of personal information in the context of telecommunications. It also defines privacy controls and good practices for personal information protection. The objective of this Recommendation | International Standard is to provide a common ground for the management of personal information. The Recommendation | International Standard is applicable to all relevant departments in a telecommunication organization throughout the life cycle of personal information, i.e., from generation to the destruction. The Recommendation | International Standard is also applicable to all types and sizes of telecommunication organizations, which collect, use, and process personally identifiable information as part of information processing.
|X.sgsm||Information security management guidelines for small and medium telecommunication organizations||This Recommendation ITU-T X.sgsm
(a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in small and medium-sized telecommunication organizations based on Rec. [ITU-T X.1051| ISO/IEC 27011];
(b) provides an implementation baseline of information security management for small and medium-sized telecommunication organizations to ensure the confidentiality, integrity and availability of telecommunication facilities and services.
The objectives of this Recommendation are to provide practical guidance suited for small and medium-sized telecommunication organizations on commonly-accepted goals of information security management specifically suited for small and medium-sized telecommunication organizations.
As a result of implementing this Recommendation, small and medium-sized telecommunication organizations, both within and between jurisdictions, will:
(a) be able to assure the confidentiality, integrity and availability of the specific small and medium-sized telecommunication facilities and services;
(b) have adopted secure collaborative processes and controls ensuring the reducing of risks in the delivery of telecommunication services;
(c) be able to redeploy resources for more productive activities;
(d) have adopted a consistent and holistic approach to information security;
(e) be able to improve personnel awareness and morale, and increase public trust.
|X.sup-gisb||ITU-T X.1054 - Supplement on Best practice for implementation of Rec. ITU-T X.1054 | ISO /IEC 27014 on governance of information security - Case of Burkina Faso||To create value, the information should be governed within the organization so as to have a strategic alignment between the objectives of information security and those of the organization. Governance and management of information security should be conducted in complete synergy. The management should be responsible for the operation of information and reporting (idea of responsibility) to the governing body.
To achieve this, the organization can use standards, recommendations and other frameworks whose implementation will encourage its success.
It is in this spirit that the Recommendation ITU-T X.1054 is implemented to the governance of information security of e-Council of Ministers in Burkina Faso.
This approach aims to be a case of best practice in the implementation of Recommendation ITU-T X.1054. Here it is used as part of a unifying project gathering all members of the Government of Burkina Faso (Presidency, Prime Ministry, General Secretariat of Government and the Council of Ministers, all ministries). However, this ITU-T Recommendation could be applied to any type of organization.
|X.sup-gpim||ITU-T X.gpim - Supplement on Code of practice for personally identifiable information protection based on ITU-T X.gpim for telecommunications organizations||The number of telecommunications organizations which process personally identifiable information (PII) is on the rise. Accordingly, the expectation for the protection of a customer's privacy and for the security of personally identifiable information of the customers is also increasing.
There is a need for a set of additional controls and their implementation guidelines specific PII protection in addition to those in ITU-T X.gpim, which are applicable to telecommunications organizations. Its aim is to complement the ITU-T X.gpim | ISO/IEC 29151.
|X.1500 Amd.10||Overview of cybersecurity information exchange - Amendment 10 - Revised structured cybersecurity information exchange techniques||Amendment 10 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have been created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recommendation. This amendment reflects the situation of recommended techniques as of September 2016, including bibliographical references.
|X.1542 (ex X.simef)||Session information message exchange format||In today's network environment, computer networks are vulnerable to threats from both inside and outside the organization. The firewall systems log session information about selected incoming and outgoing transmission control protocol/Internet protocol (TCP/IP) connections.
However, those systems that are currently available are not generally interoperable because each system has its own special functionality, control mechanisms and session log formats.
The need most security administrators face today is the maintaining of consistent session information exchange format across diverse firewall systems and even varied infrastructures.
Recommendation ITU-T X.1542 (X.simef) describes the information model for the session information message exchange format (SIMEF) and provides an associated data model specified with extensible markup language (XML) schema. The SIMEF defines a data model representation for sharing the transport layer session log information regarding the centralized network security management and security information exchange system. The specification of any transport protocol is beyond the scope of this Recommendation.
|X.cogent||Design considerations for improved end-user perception of trustworthiness indicators||Diverse kinds of attacks employ replicated contents from trustworthy service providers, thereby deceiving end-users into believing its false trustworthiness. Recommendation ITU-T X.cogent describes design consideration for improved end-user perception of trustworthiness indicators. The appendix describes representative techniques for measuring end-user perception of such indicators.
|X.metric||Metrics for evaluating threat and resilience in cyberspace||Recommendation ITU-T X.metric describes possible quantification methods for threats and associated resilience mechanisms, along with applicable normalization methods, as well as discretization and simplification methods. The proposed threat metric is currently comprised of attack intensity, report confidence, level of sophistication, impact and persistence, each of which can be derived from measurable quantities that are elaborated in this Recommendation.
|X.nessa||Access control models for incidents exchange networks||Recommendation ITU-T X.nessa introduces existing approaches for implementing access control policies for incident exchange networks. This Recommendation introduces a variety of well-established access control models, sharing models as well as criteria for evaluating incident exchange network performance. Standards-based solutions are considered to facilitate implementation of different access control models within different cybersecurity information sharing models and under diverse trust environments.
|X.samtn||Security assessment techniques in telecommunication/ICT networks||Recommendation ITU-T X.samtn describes global security assessment methodology and best practices for developers, manufacturers, operators and end users of the telecommunication domain. Both the traditional circuit-switched networks and the packet-based networks are exposed to different threats and attacks - from external as well as internal sources - that target the various parts of the telecommunications/ICT network. This Recommendation covers the following:
- Detection of vulnerabilities in telecommunications/ICT network
- Methodology of security assessment in telecommunications/ICT network.
|X.sbb||Security capability requirements for countering smartphone-based botnets||Recommendation ITU-T X.sbb provides security capability requirements for countering smartphone-based botnets. It studies the challenges brought forward by smartphone-based botnets, and hence their specific threats to and requirements on the operator's network as well as smartphone themselves. The scope of study focuses on threat analysis and requirement enumeration. The purpose is to safeguard operator's infrastructures and smartphones, ensure operator's services and service qualities, and enhance user experience. Detailed technical solutions, other intelligent terminals such as tablet devices are beyond the scope of this Recommendation.
|X.cspim||Technical requirements for countering instant messaging spam (SPIM)||Instant messaging is gaining large popularity and the proliferation of instant messaging spam (SPIM) is becoming a serious problem. The characteristics of instant messaging, such as IP-based, free of charge and wide coverage, cause instant messaging spam (SPIM) to spread widely and out of control. If these problems are not carefully solved, it will have very negative impact on the utilization of instant messaging service itself. Recommendation ITU-T X.cspim identifies characteristics of instant messaging spam (SPIM) and then specifies technical requirements for countering instant messaging spam.
|X.gcspi||ITU-T X.1242 - Supplement on Guidelines on countermeasures against short message service (SMS) phishing and smishing attack||Short message service (SMS) phishing is a fraudulent technique through mobile phones by causing phishing frauds with smartphones, acquiring personal information on the smartphones, or by enabling small amounts of money to be approved and paid while the account holder is not aware of the approval. The purpose of this supplement to Rec. ITU-T X.1242 is to universalize the guideline for countermeasures against SMS phishing incident by defining a security guideline about security technology against SMS phishing incident and method, and specification of report contents.
|X.tfcma||Technical framework for countering mobile in-application advertising spam||Mobile in-application advertising spam is the unsolicited advertisement displayed within a mobile phone application. It can be shown on the display units such as banner at the top or bottom of the screen, mobile interstitial, overlay and so on. With the fast development of mobile application, mobile in-application advertisement has been developing dramatically. Filtering unwanted or malicious advertisements is often incomplete. Although many countermeasures have been proposed and implemented, they all suffer from theoretical limitations and drawbacks, and we still face in practice a high volume and a high portion of mobile in-application advertising spam. Therefore, it is necessary to establish a practical framework for countering mobile in-application advertising spam, which can reasonably integrate all the advantages of countermeasures.
Recommendation ITU-T X.tfcma provides a technical framework for countering mobile in-application advertising spam.