Security standardization in an evolving threat environment – Bill McCrum, Industry Canada (Canada)
[ CV | Abstract
| Presentation ]
This session will provide a context for the workshop by providing some background on how the security standardization work began and how it has evolved to meet a changing threat environment as Internet use has become pervasive. A summary of the current threat environment will be included.
These presentations will be high-level & broad-ranging and will provide an overview of the security standards work in each organization, existing collaboration, plus the major achievements and the key standards produced. Mention will be made of how requirements for standards are determined and evaluated, how standards are marketed and how they are assessed for success. Who are the targeted users for each organization’s standards? Possible gaps may be indicated and the respective strengths and weaknesses of each organization’s processes will be identified.
Representatives of ITU-T, ISO/IEC/JTC1 & ETSI will each highlight what they consider to be a key topic of current focus and to report on the challenges and issues associated with that topic.
Chair: Charles Brookson, Department of Trade and Industry (UK)
[ CV
]
A panel of stakeholders representing standards users (e.g. network operators, developers, transaction processors and administrations/regulators) will try to address some of the key questions concerning development and use of security standards. Who are the security standards stakeholders (i.e. the organizations who use the standards) and are the SDOs responding adequately to their needs? If not, why not? What needs to change? What are the economic implications of security standards? Can security standards be implemented cost-effectively in a way that provides “good-enough security” while ensuring cost-competitiveness of the product/service?
Each panellist will be invited to make a short opening statement/presentation following which there will be a mediated discussion with questions and contributions from the audience.
This session will cover 3 key areas of technical focus for security standardization.
Information Security Management for Networks – what is the status of current work & where is it leading? (e.g. ISO 17799, SC27 work such as ISMS, IETF work on OpSec.) What are the implications of this work for security standards development and collaboration?
- Angelika Plate (Germany/SC27) [ CV ] & Ted Humphreys (UK/SC27)
[ CV | Abstract
| Presentation ]
SS7 and the vulnerability of the networking infrastructure – Michel Leber, Tekelec (France)
[ CV | Abstract
| Presentation
]
Security of voice in an IP environment – Xiaofeng Huang, France Telecom (France)
[ CV | Abstract
| Presentation
]
12:30-14:00
Lunch break
14:00 – 15:00
Session 8 – Refining the focus and the processes for security standardization
This panel discussion and interactive session will provide an opportunity for all workshop participants to join in the discussion to try to find answers to the problems facing standards development organizations.
What are the crucial problems in ICT security and which of these can/should be addressed by standards? What areas should standardization avoid? Are there differences in security standards needs (or differences in emphasis) in the different regions? How can standards bodies respond most quickly and effectively to emerging threats? How can the work be funded and resourced? How can SDOs address evolving threats such as
spyware, bots, etc
This session responds to a growing need to address network security in the developing countries and countries with economies in transition. The presentation will review the particular situation in these countries and provide an assessment as to whether the DCs have any special needs that are not already being addressed by the current security standards work.
15:30-16:00
Coffee break
16:00 – 17:00
Session 10 – Improving the effectiveness of the security standards process - next steps
Chair: Bob Thornberry (Lucent Technologies)
[ CV ]
A panel discussion with participation of representatives from each session and significant interaction with delegates. The purpose is to identify those areas of focus in which the standards organizations (and the ITU in particular) can be most effective in developing security standards, to prioritize security standards activities and to improve collaboration.
How can we increase collaboration and leverage the respective strengths of the formal and informal processes? What can be done to improve alignment of the needs and the work? How can we avoid redundant and conflicting efforts? How do we validate new work proposals and ensure on-going cooperation and coordination?