1
Scope
2 Normative references
3 Definitions and abbreviations
3.1 Definitions
3.2 Abbreviations
4 Overview
4.1 Structure of this
guideline
4.2 Information security
management systems in telecommunications business
5 Security policy
6 Organization of information
security
6.1 Internal organization
6.2 External parties
7 Asset management
7.1 Responsibility for
assets
7.2 Information
classification
8 Human resources security
8.1 Prior to employment
8.2 During employment
8.3 Termination or change
of employment
9 Physical and environmental
security
9.1 Secure areas
9.2 Equipment security
10 Communications and operations
management
10.1 Operational procedures
and responsibilities
10.2 Third party service
delivery management
10.3 System planning and
acceptance
10.4 Protection against
malicious and mobile code
10.5 Back‑up
10.6 Network security
management
10.7 Media handling
10.8 Exchange of
information
10.9 Electronic commerce
services
10.10 Monitoring
11 Access control
11.1 Business requirement
for access control
11.2 User access management
11.3 User responsibilities
11.4 Network access control
11.5 Operating system
access control
11.6 Application and
information access control
11.7 Mobile computing and
teleworking
12 Information systems
acquisition, development and maintenance
12.1 Security requirements
of information systems
12.2 Correct processing in
applications
12.3 Cryptographic controls
12.4 Security of system
files
12.5 Security in
development and support processes
12.6 Technical
vulnerability management
13 Information security incident
management
13.1 Reporting information
security events and weaknesses
13.2 Management of
information security incidents and improvements
14 Business continuity management
14.1 Information security
aspects of business continuity management
15 Compliance
Annex A – Telecommunications extended control set
A.9 Physical and
environmental security
A.10 Communications and
operations management
A.11 Access control
A.15 Compliance
Annex B – Additional implementation guidance
B.1 Network security
measures against cyber attacks
B.2 Network security
measures for network congestion
Bibliography