1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview of information security measures
7 Information security measures
7.1 Access control
7.2 Authentication
7.3 Non-repudiation
7.4 Data confidentiality
7.5 Communication security
7.6 Data integrity
7.7 Availability
7.8 Privacy
Annex A – Additional technical implementation guidance
A.1 Secure configuration
A.2 Malware protection
A.3 Patch management
A.4 Vulnerability management
A.5 Information security incidents management
A.6 System development security
A.7 Authentication for information systems and applications
A.8 Data leakage prevention
A.9 Operations security
A.10 Backup and disaster recovery
A.11 Desktop PC and mobile device protection
Appendix I – Organizational implementation guidance
I.1 Information security policies
I.2 Organization of information security
I.3 Human resources security
I.4 Asset management
I.5 Physical and environment security
I.6 Supplier relationship
Appendix II – Level of security assurance
II.1 Level of assurance for entity authentication [b-ITU-T X.1254]
II.2 Level of security assurance
Appendix III – Guidance on assigning specific level of security assurance from
the final index
III.1 Methodology for level of security assurance
Appendix IV – SGSN specific implementation guideline
IV.1 Overview
IV.2 Access control dimension for module 1
IV.3 Availability dimension for module 1
IV.4
Non repudiation dimension for module 1
IV.5 Authentication dimension for module 1
IV.6 Data integrity dimension for module
IV.7 Privacy and data confidentiality dimension for module 1
IV.8 Communication security dimension for module 1
Bibliography