ITU‐T Achievements in ICT Security Standardization
7th ETSI Security Workshop18 ‐19 January 2012, Sophia Antipolis, France
Martin EuchnerAdvisor of Study Group [email protected]
January 2012y
Contents
Brief recap of SG 17 work program
Update on SG 17 Security Standardization WorkUpdate on SG 17 Security Standardization Work since the last ETSI Security Workshop:
ITU T Recommendations Approved or Approval ProcessITU‐T Recommendations Approved or Approval Process Initiated in 2011
N W k It I iti t d i 2011New Work Items Initiated in 2011
Security Project
Collaboration
Useful references2/31
Study Group 17 Overview
Primary focus is to build confidence and security in the use of Information and Communication Technologies (ICTs)
Meets twice a year. Last meeting had 171 participants from 21 Member States, 20 Sector Members and 7 Associates.
As of 27 December 2011, SG 17 is responsible for 286 approved Recommendations, 11 approved Supplements and 3 approved Implementer’s Guides in the E, F, X and Z series.
Large program of work:• 23 new work items added to work program in 2011• 33 Recommendations, 22 Corrigenda and 3 Supplements approved or
entered approval process in 2011• 143 new or revised Recommendations and other texts are under
development for approval in 2012 or laterWork organized into 3 Working Parties with 15 Questions3 LSG responsibilities: Security, Identity Management, and Languagesp y y g g gSee SG 17 web page for more informationhttp://itu.int/ITU‐T/studygroups/com17 3/31
SG 17, Securityty g
esWorking Party 1 Working Party 2 Working Party 3
secu
rit
ty anguag
Q10 IdM
Q11 DirectoryQ6 UbiquitousSecurityprojectQ1
mat
ion
sec
urit
nt
and l Q11 Directory,
PKI and PMI
Q12 ASN.1, OIDQ7 Applications
Q6 qservices
project
Q2 Architecture
d info
rm
icat
ion
agem
en
Q13 LanguagesQ8 SOA
Q3 ISM
Q4 Cybersecurity
ork
and
Appl
y m
ana Q14 Testing
Q15 OSI
Q9 Telebiometrics
Q y y
Q5 Counteringspam
WP 1 WP 2 WP 3
Net
wo
Iden
tity
I4/31
Additional Security Work
Cloud Computing Security• Expected transfer in early 2012 of security work from ITU T• Expected transfer in early 2012 of security work from ITU‐T Focus Group on Cloud Computing to SG 17
• Smart Grid Securityy• Expected transfer in early 2012 of security work from ITU‐T Focus Group on Smart Grid to SG 17
h ld l• Child Online Protection• Correspondence group currently looking at what aspects are appropriate given SG 17 mandate and area of expertiseare appropriate given SG 17 mandate and area of expertise
• MoU UNODC‐ITU• ITU Secretary General signed MoU with United NationsITU Secretary General signed MoU with United Nations Office on Drugs and Crime (UNODC) – Role of SG 17 needs further consideration
SG 17 h d fi t d ft f 17 d Q ti fSG 17 has prepared first draft of 17 proposed Questions for the 2013‐2016 study period
5/31
U d SG 17 S iUpdate on SG 17 SecurityStandardization Work since the last
h6th ETSI SECURITY WORKSHOP, 19.01.2011
6/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (1/12)Approval Process Initiated in 2011 (1/12)
SG 17 Recommendation ActionQuestion
Acronym Title Equivalent
2, Security X.1034 Framework for extensible authentication protocol (EAP)‐ None Approved, yarchitecture and framework
revp ( )
based authentication and key managementpp
X.1037 (X.rev)
Architectural systems for security controls for preventing fraudulent activities in public carrier networks
None Determined
3, Telecommunica‐tions information security
X.1052 Information security management framework None Approved
X.1057 Asset management guidelines in telecommunication organizations
None Approved
security management
g
7/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (2/12)Approval Process Initiated in 2011 (2/12)
SG 17 Recommendation ActionQuestion
Acronym Title Equivalent
4, Cybersecurity X.1500 Overview of cybersecurity information exchange (CYBEX) None Approved, y y y y g ( ) pp
X.1500.1 (X.cybex.1)
Procedures for the registration of arcs under the object identifier (OID) arc for cybersecurity information exchange
None Determined
X 1520 Common vulnerabilities and exposures (CVE) None ApprovedX.1520 Common vulnerabilities and exposures (CVE) None Approved
X.1521 Common vulnerability scoring system (CVSS) None Approved
X.1524 Common weakness enumeration (CWE) None Determined(X.cwe)
X.1541 (X.iodef)
Incident object description exchange format None Determined
X.1570 Discovery mechanisms in the exchange of cybersecurityinformation
None Approved
8/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (3/12)Approval Process Initiated in 2011 (3/12)
SG 17 Recommendation ActionQuestion
Acronym Title Equivalent
4, Cybersecurity X.Suppl.9 Supplement 9 to ITU‐T X‐series Recommendations ‐ None Approved, y y pp ppITU‐T X.1205 ‐ Guidelines for reducing malware in ICT networks
pp
X.Suppl.10 Supplement 10 to ITU‐T X‐series Recommendations ‐ITU T X 1205 Usability of network traceback
None ApprovedITU‐T X.1205 ‐ Usability of network traceback
5, Countering spam by technical means
X.Suppl.11 Supplement 11 to ITU‐T X‐series Recommendations ‐ITU‐T X.1246 ‐ Framework based on real‐time blocking list (RBL) for countering VoIP spam
None Approved
( ) g p
9/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (4/12)Approval Process Initiated in 2011 (4/12)
SG 17 Recommendation ActionQuestion
Acronym Title Equivalent
6, Security X.1192 Functional requirements and mechanisms for the secure None Approved, yaspects ofubiquitoustelecommunica‐tion services
qtranscodable scheme of IPTV
pp
X.1193 Key management framework for secure internet protocol television (IPTV) services
None Approved
X.1195 Service and content protection (SCP) interoperability scheme
None Approved
X.1311 Information technology – Security framework for the ubiquitous sensor network
ISO/IEC 29180
Approvedubiquitous sensor network 29180
X.1312 Ubiquitous sensor network (USN) middleware security guidelines
None Approved
7, Secure X.1153 A management framework of an one time password‐based None Approved7, Secure application services
X.1153 A management framework of an one time password based authentication service
None Approved
10/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (5/12)Approval Process Initiated in 2011 (5/12)
SG 17Question
Recommendation Action
Acronym Title Equivalent
9, Telebiometrics X.1080.1 e‐Health and world‐wide telemedicines – Generic telecommunication protocol
None Approved
X.1081Amd 3
The telebiometric multimodal model – A framework for the specification of security and safety aspects of telebiometrics ‐ Amendment 3: Enhancement to support a new modality (ELECTRO)
None Approved
a new modality (ELECTRO)
X.1090 Authentication framework with one‐time telebiometrictemplate
None Approved
10, Identity X.1253 Security guidelines for identity management systems None Approvedymanagementarchitecture andmechanisms
y g y g y pp
X.1261(X.Evcert)
Extended validation certificate framework (EVcert) CA/Browser Forum
Determined
11/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (6/12)Approval Process Initiated in 2011 (6/12)
SG 17Question
Recommendation Action
Acron m Title Eq i alentAcronym Title Equivalent
11, Directory services, Directory systems
X.501 (2005)Cor. 3
Technical Corrigendum 3 to ITU‐T X.501 (2005) | ISO/IEC 9594‐2:2005
ISO/IEC 9594‐2:2005
Cor. 3
Approved
Directory systems, and public‐key/attribute certificates
X.509 (2005)Cor. 3
Technical Corrigendum 3 to ITU‐T X.509 (2005) | ISO/IEC 9594‐8:2005
ISO/IEC 9594‐8:2005
Cor. 3
Approved
X 511 (2005) Technical Corrigendum 3 to ITU‐T X 511 (2005) | ISO/IEC 9594‐ ISO/IEC ApprovedX.511 (2005)Cor. 3
Technical Corrigendum 3 to ITU T X.511 (2005) | ISO/IEC 95943:2005
ISO/IEC 9594‐3:2005
Cor. 3
Approved
X.518 (2005)Cor. 2
Technical Corrigendum 2 to ITU‐T X.518 (2005) | ISO/IEC 9594‐4:2005
ISO/IEC 9594‐4:2005
Approved
Cor. 2
X.519 (2005)Cor. 2
Technical Corrigendum 2 to ITU‐T X.519 (2005) | ISO/IEC 9594‐5:2005
ISO/IEC9594‐5:2005
Cor. 2
Approved
X.520 (2005)Cor. 3
Technical Corrigendum 3 to ITU‐T X.520 (2005) | ISO/IEC 9594‐6:2005
ISO/IEC 9594‐6:2005
Cor. 3
Approved
X 525 (2005) Technical Corrigendum 1 to ITU‐T X 525 (2005) | ISO/IEC 9594‐ ISO/IEC ApprovedX.525 (2005)Cor. 1
Technical Corrigendum 1 to ITU‐T X.525 (2005) | ISO/IEC 9594‐9:2005
ISO/IEC 9594‐9:2005
Cor. 1
Approved
12/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (7/12)Approval Process Initiated in 2011 (7/12)
SG 17Question
Recommendation Action
Acron m Title Eq i alentAcronym Title Equivalent
11, Directory services, Directory systems, and public‐
X.501 (2008) Cor. 1
Technical Corrigendum 1 to ITU‐T X.501 (2008) | ISO/IEC 9594‐2:2008
ISO/IEC 9594‐2:2008
Cor. 1
Approved
key/attribute certificates
X.509 (2008) Cor. 1
Technical Corrigendum 1 to ITU‐T X.509 (2008) | ISO/IEC 9594‐8:2008
ISO/IEC 9594‐8:2008
Cor. 1
Approved
X 511 (2008) Technical Corrigendum 1 to ITU‐T X 511 (2008) | ISO/IEC 9594‐ ISO/IEC ApprovedX.511 (2008) Cor. 1
Technical Corrigendum 1 to ITU T X.511 (2008) | ISO/IEC 95943:2008
ISO/IEC 9594‐3:2008
Cor. 1
Approved
X.518 (2008) Cor. 1
Technical Corrigendum 1 to ITU‐T X.518 (2008) | ISO/IEC 9594‐4:2008
ISO/IEC 9594‐4:2008
Approved
Cor. 1
X.519 (2008) Cor. 1
Technical Corrigendum 1 to ITU‐T X.519 (2008) | ISO/IEC 9594‐5:2008
ISO/IEC9594‐5:2008
Cor. 3
Approved
X.520 (2008) Cor. 1
Technical Corrigendum 1 to ITU‐T X.520 (2008) | ISO/IEC 9594‐6:2008
ISO/IEC 9594‐6:2008
Cor. 1
Approved
X 525 (2008) Technical Corrigendum 1 to ITU‐T X 525 (2008) | ISO/IEC 9594‐ ISO/IEC ApprovedX.525 (2008) Cor. 1
Technical Corrigendum 1 to ITU‐T X.525 (2008) | ISO/IEC 9594‐9:2008
ISO/IEC 9594‐9:2008
Cor. 1
Approved
13/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (8/12)Approval Process Initiated in 2011 (8/12)
SG 17Question
Recommendation Action
Acronym Title Equivalent
12, Abstract Syntax
X.660rev Information technology – Procedures for the operation of Object Identifier Registration Authorities: General
ISO/IEC 9834‐1
Approved
Notation One (ASN.1), object identifiers (OIDs) and associated
procedures and top arcs of the International Object Identifier tree
X.674 Procedures for the registration of arcs under the alerting object identifier arc
None Approved
registrationobject identifier arc
X.680Cor.1
Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation – Technical Corrigendum 1
ISO/IEC 8824‐1Cor.1
Approved
X.681Cor.1
Information technology – Abstract Syntax Notation One (ASN.1): Information object specification – Technical Corrigendum 1
ISO/IEC 8824‐2Cor.1
Approved
X 690 Information technology ASN 1 encoding rules: ISO/IEC ApprovedX.690Cor.1
Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) – Technical Corrigendum 1
ISO/IEC 8825‐1Cor.1
Approved
X.691Cor.1
Information technology – ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) – Technical Corrigendum 1
ISO/IEC 8825‐2Cor.1
Approved
14/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (9/12)Approval Process Initiated in 2011 (9/12)
SG 17Question
Recommendation Action
Acronym Title Equivalent
12, AbstractSyntax
X.692Cor.1
Information technology – ASN.1 encoding rules: Specification of Encoding Control Notation (ECN) –
ISO/IEC 8825‐3
Approved
Notation One (ASN.1), objectidentifiers (OIDs) and associated
Technical Corrigendum 1 Cor.1
X.693Cor.1
Information technology – ASN.1 encoding rules: XML Encoding Rules (XER) – Technical Corrigendum 1
ISO/IEC 8825‐4Cor.1
Approved
registrationCor.1
X.694Cor.1
Information technology – ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1 – Technical Corrigendum 1
ISO/IEC 8825‐5Cor.1
Approved
X.891Cor.1
Information technology – Generic applications of ASN.1: Fast infosec – Technical Corrigendum 1
ISO/IEC 24825‐1Cor.1
Approved
15/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (10/12)Approval Process Initiated in 2011 (10/12)
SG 17 Recommendation ActionQuestion
Acronym Title Equivalent
13, Formal Z.100rev Specification and Description Language: Overview of None Approved,languages and telecommunica‐tion software
p p g gSDL‐2010
pp
Z.101 Specification and Description Language: Basic SDL‐2010 None Approved
Z.102 Specification and description language: Comprehensive SDL‐2010
None Approved
Z.103 Specification and Description Language: Shorthand None Approvednotation and annotation in SDL‐2010
Z.104rev Specification and Description Language: Data and action language in SDL‐2010
None Approved
Z.105rev Specification and Description Language: SDL‐2010 combined with ASN.1 modules
None Approved
Z.106rev Specification and Description Language: Common None Approvedinterchange format for SDL‐2010
16/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (11/12)Approval Process Initiated in 2011 (11/12)
SG 17 Recommendation ActionQuestion
Acronym Title Equivalent
13, Formal Z.120rev Message sequence chart (MSC) None Approved,languages and telecommunica‐tion software
g q ( ) pp
Z.150rev User requirements notation (URN) – Language requirements and framework
None Approved
Z.Imp100rev
Specification and description language implementers’ guide None Approved
17/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (12/12)Approval Process Initiated in 2011 (12/12)
SG 17Question
Recommendation Action
Acronym Title Equivalent
14, Testing languages,
Z.161rev Testing and Test Control Notation version 3: TTCN 3 Core Language
ETSI ES 201 873‐1
Approved
methodologies and framework Z.164rev Testing and Test Control Notation version 3: TTCN‐3
Operational SemanticsETSI ES 201
873‐4Approved
Z.165rev Testing and Test Control Notation version 3: TTCN‐3 ETSI ES 201 ApprovedRuntime Interface (TRI) 873‐5
Z.166rev Testing and Test Control Notation version 3: TTCN‐3 Control Interface (TCI)
ETSI ES 201 873‐6
Approved
Z.167rev Testing and Test Control Notation version 3: TTCN‐3 Using ASN.1 with TTCN‐3
ETSI ES 201 873‐7
Approved
Z.168rev Testing and Test Control Notation version 3: TTCN‐3 The ETSI ES 201 ApprovedIDL to TTCN‐3 Mapping 873‐8
Z.169rev Testing and Test Control Notation version 3: TTCN‐3 Using XML schema with TTCN‐3
ETSI ES 201 873‐9
Approved
Z.170rev Testing and Test Control Notation version 3: TTCN‐3 Documentation Comment Specification
ETSI ES 201 873‐10
Approved
18/31
New Work Items Initiated in 2011 (1/4)
SG 17 Draft RecommendationQuestion
Acronym Title
2, Security X.hsn Heterarchic architecture for secure distributed service networks2, Security architecture andFramework
X.hsn Heterarchic architecture for secure distributed service networks
X.ipv6‐secguide
Technical guideline on deploying IPv6
3, Telecommunications information security
X.gpim Guideline for management of personally identifiable information for telecommunication organizations
X.mgv6 Security management guideline for implementation of IPv6management
X.mgv6 Security management guideline for implementation of IPv6 environment in telecommunications organizations
Supplement of X.1051
Supplement to X‐series Recommendations – ITU‐T X.1051: Information security management users' guide for y g gRecommendation ITU‐T X.1051
Handbook Handbook on information security incident management for developing countries
19/31
New Work Items Initiated in 2011 (2/4)
SG 17 Draft RecommendationQuestion
Acronym Title
4, Cybersecurity X.csmc Continuous security monitoring using CYBEX techniques4, Cybersecurity X.csmc Continuous security monitoring using CYBEX techniques
X.cvrf Common vulnerability reporting format
X.rid Real‐time inter‐network defense
X.ridt Transport of real‐time inter‐network defense messagesp g
X.sisnego Framework of security information sharing negotiation
5, Countering spam by technical means
X.ticvs Technologies involved in countering voice spam in telecommunication organizations
20/31
New Work Items Initiated in 2011 (3/4)
SG 17 Draft RecommendationQuestion
Acronym Title
6, Security aspects of X.iptvsec‐8 Virtual machine‐based security platform for renewable IPTV6, Security aspects of ubiquitoustelecommunicationservices
X.iptvsec 8 Virtual machine based security platform for renewable IPTV service and content protection (SCP)
7, Secure application services
X.p2p‐4 Use of service providers’ user authentication infrastructure to implement PKI for peer‐to‐peer networks
X.sap‐6 One time password based non‐repudiation framework
X.sap‐7 The requirements of fraud detection and response service for sensitive Information Communication Technology
X.xacml3 Extensible access control markup language 3.0
8, Service oriented X.sfcse Security functional requirements for Software as a Service architecture security (SaaS) application environment
21/31
New Work Items Initiated in 2011 (4/4)
SG 17 Draft RecommendationQuestion
Acronym Title
9, Telebiometrics X.1081 The telebiometric multimodal model – A framework for the9, Telebiometrics X.1081 Amd.3
The telebiometric multimodal model A framework for the specification of security and safety aspects of telebiometrics ‐Amendment 3: Enhancement to support a new modality “ELECTRO” and define new object identifiers
X.tam A guideline to technical and operational countermeasures for telebiometric applications using mobile devices
10, Identity X.atag Attribute aggregation frameworkmanagementarchitecture andmechanisms
13, Formal languagesand telecommunicationsoftware
Z.10x Specification and Description Language: Object‐oriented data in SDL‐2010
Z.104A C
Language bindingsoftware Annex C
22/31
Security ProjectSecurity Coordination• Coordinate security matters within SG 17, with ITU-T SGs,
ITU-D and externally with other SDOsITU-D and externally with other SDOs• Maintain reference information on LSG security webpage
ICT S it St d d R dICT Security Standards Roadmap• Searchable database of approved ICT security standards from
ITU-T, ISO/IEC, ETSI and othersITU T, ISO/IEC, ETSI and others
Security Compendium• Catalogue of approved security-related Recommendations
and security definitions extracted from approved Recommendations
ITU-T Security Manual • 5th edition planned for 2012
23/31
Coordination & Collaboration
Joint Coordination Activity on Identity Management (JCA-IdM)
Joint Coordination Activity on Conformance and Interoperability Testing (JCA-CIT)
Both JCAs will run in conjunction with ITU-T SG 17 meeting (20 February 2 March 2012)meeting (20 February – 2 March 2012)
24/31
Security CoordinationSecurity activities in other ITU‐T Study GroupsSecurity activities in other ITU T Study Groups
ITU‐T SG 2 Operation aspects & TMN– Q3 International Emergency Preference Scheme , ETS/TDR
– Q5 Network and service operations and maintenance procedures , E.408
– Q11 TMN security, TMN PKI
ITU‐T SG 9 Integrated broadband cable and TVITU‐T SG 9 Integrated broadband cable and TV– Q3 Conditional access, copy protection, HDLC privacy,
– Q7, Q8 DOCSIS privacy/security
bl ( ) d– Q9 IPCablecom 2 (IMS w. security), MediaHomeNet security gateway, DRM,
ITU‐T SG 11 Signaling Protocols– Q7 EAP‐AKA for NGN
ITU‐T SG 13 Future network– Q16 Security and identity management for NGN
Q17 Deep packet inspection– Q17 Deep packet inspection
ITU‐T SG 15 Optical Transport & Access– Reliability, availability, Ethernet/MPLS protection switching
ITU‐T SG 16 Multimedia– Secure VoIP and multimedia security (H.233, H.234, H.235, H.323, JPEG2000) 25/31
Coordination with other bodies
Study Group 17
ITU-D, ITU-R, xyz…y
26/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (1/2)Approval Process Initiated in 2011 (1/2)
SG Question Recommendation Action
Acronym Title Equivalent
2 11, Protocols and security for
M.3016.1 Amd.1
Security for the management plane: Security requirements ‐ Authentication extension
None Approved
managementM.3016.3Amd.1
Security for the management plane: Security requirements ‐ Redundant authentication extension
None Approved
M.3016.4 Security for the management plane: Security None ApprovedAmd.1 mechanism ‐ Authentication extension
5 15, Security of telecommunication and
K.87 Guide for the application of electromagnetic security requirements ‐ Basic Recommendation
None Approved
on and information systems regarding the electromagneticelectromagnetic environment
27/31
ITU‐T Recommendations Approved orApproval Process Initiated in 2011 (2/2)Approval Process Initiated in 2011 (2/2)
SG Question Recommendation Action
A Titl E i l tAcronym Title Equivalent
13 16, Security and identity management
Y.2722 NGN identity management mechanisms None Approved
management Y.2740 Security requirements for mobile remote financial transactions in next generation networks
None Approved
Y2741 Architecture of secure mobile financial None ApprovedY.2741 Architecture of secure mobile financial transactions in next generation networks
None Approved
Y.2760 Mobility security framework in NGN None Approved
15 5, Transport equipment and network protection/
G.873.1 Optical Transport Network (OTN): Linear protection
None Approved
G.8031/ Y1342
Ethernet linear protection switching None Approvedprotection/ restoration
Y.1342
16 3, Multimedia gateway control
hit t d
H.248.77 Gateway control protocol: Secure real‐time transport protocol ‐ (SRTP) package and
d
None Approved
architectures and protocols
procedures
28/31
New Work Items Initiated in 2011
SG Question Draft Recommendation
Acronym Title
13 16, Security and Y.ETS‐Sec Y.ETS Security , yidentity management
y
Y.NGN‐OOF Framework for NGN Support and Use of OpenID and OAuth
Y.NGN‐OpenID
Support for OpenID in NGNOpenID
Y.NGN‐OAuth
Support for OAuth in NGN
S it A f M bil V IP S iSecurity Assurance for Mobile VoIP Service
Supplement Y.2700 series: NGN Security Planning and Operations Guidelines
16 3, Multimedia gateway control architectures and protocols
H.248.TLS Gateway control protocol: H.248 packages for control of transport security
29/31
Reference linksWebpage for ITU‐T Study Group 17
• http://itu.int/ITU‐T/studygroups/com17
Webpage on ICT security standard roadmapp g y p
• http://itu.int/ITU‐T/studygroups/com17/ict
Webpage on ICT cybersecurity organizations
• http://itu int/ITU T/studygroups/com17/nfvo• http://itu.int/ITU‐T/studygroups/com17/nfvo
Webpage for JCA on Identity management
• http://www.itu.int/en/ITU‐T/jca/idm/Pages/default.aspx
Webpage for JCA on Conformance and interoperability testing
• http://itu.int/en/ITU‐T/jca/idm
Webpage on lead study group on telecommunication securityWebpage on lead study group on telecommunication security
• http://itu.int/en/ITU‐T/studygroups/com17/Pages/telesecurity.aspx
Webpage on lead study group on identity management
// / / / / / /• http://itu.int/en/ITU‐T/studygroups/com17/Pages/idm.aspx
Webpage on lead study group on languages and description techniques
• http://itu.int/en/ITU‐T/studygroups/com17/Pages/ldt.aspxp yg p g p
Webpage for security workshop on Addressing security challenges on a global scale
• http://itu.int/ITU‐T/worksem/security/201012 30/31