|
Work item:
|
TR.cs-sc
|
|
Subject/title:
|
Technical Report: Collection of Security Concerns for extracting the Security Requirements for Cyber Security Reference Architecture
|
|
Status:
|
Under study
|
|
Approval process:
|
Agreement
|
|
Type of work item:
|
Technical report
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2025-Q4 (Medium priority)
|
|
Liaison:
|
ISO/IEC JTC1/SC27; ISO/IEC JTC1/WG13
|
|
Supporting members:
|
India, Korea (Rep. of), Broadcom Europe
|
|
Summary:
|
The integration of TCP/IP technology with traditional protocols, for all activities has converted/transformed the digital Systems & Digital Infrastructures and Networks into a interconnection of Operations Technology(OT) part of the network and information Technology (IT) Part of the network. Security risks and concerns are managed differently in IT and OT networks. Security in IT is primarily focused on protecting data confidentiality, ensuring that sensitive information is accessible only to authorized users. OT security, however, prioritizes the safety and availability of industrial systems and processes. The integrity and continuous operation of physical equipment are paramount in OT, given that a failure can result in significant safety and financial implications. The security concerns of the OT part and the IT part are to be taken together so as to devise strategy & Mitigation measures toward building a secure and resilient digital Service Provider’s network.
The Security concerns or threats are interchangeably used but have slightly different connotations and contexts to the OT part and IT part of the Telecommunication Service provider’s network , hence need not necessarily be the same. A Collection of the same for both with the appropriate context shall help in identifying the security requirements, and the stakeholders to be addressed through the Cyber Security Reference Architecture in X.cs-ra.
This work item mainly covers the collection of Security concerns with the contexts of use case to derive the appropriate security requirements. The output of this Technical Report shall play an important role in developing a comprehensive Cyber Security Reference Architectures by analyzing the collected Security concerns and breaking down them into the generic concerns applicable to any network be it based on IT, or OT or both IT&OT.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2024-03-11 10:59:47
|
|
Last update:
2024-06-05 14:58:50
|
