Page 184 - 2015 Security in Telecommunications and Information Technology
P. 184
SECURITY IN TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY
Term Definition Reference
secret key A key that is used with a symmetric cryptographic algorithm. ITU-T
Possession of a secret key is restricted (usually to two entities). X.810
security The term "security" is used in the sense of minimizing the ITU-T
vulnerabilities of assets and resources. An asset is anything of value. X.800
A vulnerability is any weakness that could be exploited to violate a
system or the information it contains. A threat is a potential violation
of security.
security alarm A message generated when a security-related event that is defined by ITU-T
security policy as being an alarm condition has been detected. X.816
A security alarm is intended to come to the attention of appropriate
entities in a timely manner.
security audit An independent review and examination of system records and ITU-T
activities in order to test for adequacy of system controls, to ensure X.800
compliance with established policy and operational procedures, to
detect breaches in security, and to recommend any indicated changes
in control, policy and procedures.
security audit trail Data collected and potentially used to facilitate a security audit. ITU-T
X.800
security certificate A set of security-relevant data issued by a security authority or trusted ITU-T
third party, together with security information which is used to X.810
provide the integrity and data origin authentication services for the
data. Note – All certificates are deemed to be security certificates.
The term security certificate in the ITU-T X.800 series is adopted in
order to avoid terminology conflicts with ITU-T X.509.
security domain 1. A collection of users and systems subject to a common security ITU-T
policy. X.841
2. The set of resources subject to a single security policy. ITU-T
X.411
security information (SI) Information needed to implement security services. ITU-T
X.810
security management Security management comprises all activities to establish, maintain ITU-T
and terminate the security aspects of a system. Topics covered are: M.3016.0
management of security services; installation of security mechanisms;
key management (management part); establishment of identities,
keys, access control information, etc.; management of security audit
trail and security alarms.
security model A framework for describing the security services that counter ITU-T
potential threats to the MTS and the security elements that support X.402
those services.
security policy 1. The set of rules laid down by the security authority governing the ITU-T
use and provision of security services and facilities. X.509
2. The set of criteria for the provision of security services. Note –
See identity-based and rule-based security policy. A complete ITU-T
security policy will necessarily address many concerns which are X.800
outside of the scope of OSI.
security service A service, provided by a layer of communicating open systems, ITU-T
which ensures adequate security of the systems or of data transfers. X.800
security threat (threat) A potential violation of security ITU-T
X.800
162 Annex A