Cloud computing security related works in ITU-T SG17 - PowerPoint PPT Presentation

Loading...

PPT – Cloud computing security related works in ITU-T SG17 PowerPoint presentation | free to download - id: 6b3d2d-NzhkN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Cloud computing security related works in ITU-T SG17

Description:

ITU Workshop on Cloud Computing Standards - Today and the Future ... PPT prepared by Liang Wei(Rapporteur of Q8/17) ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Date added: 12 June 2020
Slides: 20
Provided by: PRos156
Learn more at: http://www.itu.int
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Cloud computing security related works in ITU-T SG17


1
Cloud computing security related works in ITU-T
SG17
ITU Workshop on Cloud Computing Standards -
Today and the Future (Geneva, Switzerland, 14
November 2014)
  • Haihua, Li
  • Vice Chief Engineer of Institute of Communication
    Standards Research of CATR, MIIT
  • PPT prepared by Liang Wei(Rapporteur of Q8/17)

2
Contents
3
SG17 mandate established by World
Telecommunication Standardization Assembly
(WTSA-12)
  • WTSA-12 decided the following for Study Group 17
  • Title Security
  • Responsible for building confidence and security
    in the use of information and communication
    technologies (ICTs). This includes studies
    relating to cybersecurity, security management,
    countering spam and identity management. It also
    includes security architecture and framework,
    protection of personally identifiable
    information, and security of applications and
    services for the Internet of things, smart grid,
    smartphone, IPTV, web services, social network,
    cloud computing, mobile financial system and
    telebiometrics. Also responsible for the
    application of open system communications
    including directory and object identifiers, and
    for technical languages, the method for their
    usage and other issues related to the software
    aspects of telecommunication systems, and for
    conformance testing to improve quality of
    Recommendations.
  • Lead Study Group for
  • Security
  • Identity management
  • Languages and description techniques
  • Responsible for specific E, F, X and Z series
    Recommendations
  • Responsible for 12 Questions

4
SG17 structure
WP1Fundamental security Q1Telecommunication/ICT security coordination
WP1Fundamental security Q2Security architecture and framework
WP1Fundamental security Q3Telecommunication information security management
WP2Network and information security Q4Cybersecurity
WP2Network and information security Q5Countering spam by technical means
WP3Identity management and cloud computing security Q8Cloud computing security
WP3Identity management and cloud computing security Q10Identity management architecture and mechanisms
WP4Application security Q6Security aspects of ubiquitous telecommunication services
WP4Application security Q7Secure application services
WP4Application security Q9Telebiometrics
WP5Formal languages Q11Generic technologies to support secure applications
WP5Formal languages Q12Formal languages for telecommunication software and testing
5
SG17 cloud computing security related Questions
1. Security architecture/model and framework
2.Security management and audit
technology 3. BCP/disaster recovery and storage
security 4.Data and privacy protection 5.Account/i
dentity management 6.Network monitoring and
incidence response 7.Network security 8.Interopera
bility security 9.Service portability
Q3/17
Q10/17
Q4/17
Q8/17
Management
CyberSecurity
(Main)cloud
IdM/Bio
6
SG17 cloud computing securitywork items
Published in 2014.1
Common text with ISO/IEC
Established work item in 2014-09 SG17 meeting
7
Rec. ITU-T X.1601Security framework for cloud
computing
8
Rec. ITU-T X.1601Security framework for cloud
computing
9
Rec. ITU-T X.16017. Security threats for cloud
computing
10
Rec. ITU-T X.16018. Security challenges for
cloud computing
11
Rec. ITU-T X.16019.Cloud computing security
capabilities
  • 9.1 Trust model
  • 9.2 Identity and access management (IAM),
    authentication, authorization, and transaction
    audit
  • 9.3 Physical security
  • 9.4 Interface security
  • 9.5 Computing virtualization security
  • 9.6 Network security
  • 9.7 Data isolation, protection and privacy
    protection
  • 9.8 Security coordination
  • 9.9 Operational security
  • 9.10 Incident management
  • 9.11 Disaster recovery
  • 9.12 Service security assessment and audit
  • 9.13 Interoperability, portability, and
    reversibility
  • 9.14 Supply chain security

12
Rec. ITU-T X.160110. Framework methodology
13
Draft Rec. ITU-T X.cc-control
  • Title Information technology Security
    techniques Code of practice for
    information security controls for
    cloud computing services based on ISO/IEC 27002
  • Scope
  • This International Standard provides guidelines
    supporting the implementation of Information
    security controls for cloud service providers and
    cloud service customers of cloud computing
    services. Selection of appropriate controls and
    the application of the implementation guidance
    provided will depend on a risk assessment as well
    as any legal, contractual, or regulatory
    requirements. ISO/IEC 27005 provides information
    security risk management guidance, including
    advice on risk assessment, risk treatment, risk
    acceptance, risk communication, risk monitoring
    and risk review.
  • Planned determination 2015-09

Geneva, Switzerland, 14 November 2014
14
Draft Rec. ITU-T X.sfcse
  • TitleSecurity functional requirements for
    SaaS application environment
  • Scope
  • This Recommendation mainly focuses on the
    security aspects of Software as a Service (SaaS)
    applications at different maturity levels in the
    telecom cloud computing environment, and
    specifies security requirements for service
    oriented SaaS application environment. The target
    audiences of this Recommendation are cloud
    service partners such as application developers.
  • Planned determination2015-09

15
Draft Rec. ITU-T X.goscc
  • TitleGuidelines of operational security for
    cloud computing
  • Scope
  • This Recommendation provides guideline of
    operational security for cloud computing, which
    includes guidance of SLA and daily security
    maintenance for cloud computing. The target
    audiences of this recommendation are cloud
    service providers, such as traditional telecom
    operators, ISPs and ICPs.
  • Planned determination2015-09

16
Draft Rec. ITU-T X.idmcc
  • TitleRequirement of IdM in cloud computing
  • Scope
  • This Recommendation provides use-case and
    requirements analysis giving consideration to the
    existing industry efforts. This Recommendation
    concentrates on the requirements for providing
    IdM as a Service (IdMaaS) in cloud computing. The
    use of non-cloud IdM in cloud computing, while
    common in industry, is out of scope for this
    Recommendation.
  • Planned determination 2015-09

17
Draft Rec. ITU-T X.CSCdataSec
  • Title Guidelines for cloud service customer
    data security
  • Scope
  • This Recommendation will provide guidelines for
    cloud service customer data security in cloud
    computing, for those cases where the CSP is
    responsible for ensuring that the data is handled
    with proper security. This is not always the
    case, since for some cloud services the security
    of the data will be the responsibility of the
    cloud service customer themselves. In other
    cases, the responsibility may be mixed.
  • This Recommendation identifies security controls
    for cloud service customer data that can be used
    in different stages of the full data lifecycle.
    These security controls may differ when the
    security level of the cloud service customer data
    changes. Therefore, the Recommendation provides
    guidelines on when each control should be used
    for best security practice.
  • Planned determination 2017

18
SG17 cloud computing security Recommendation
structure


19
Thanks for listening!
About PowerShow.com