The world is inching towards combating cyber security threats and vulnerabilities as well as gaining cutting-edge methods on how to combat such threats.
This comes after a meeting of ITU-T's Security Study Group approved new standards (ITU-T Recommendations) others were in progress in several important areas.
According to the ITU, some of the new ITU-T Recommendations facilitate the interconnection of security and management systems and to exchange cyber security information, such as of security events and of security attack incidents.
Experts in SA believe that if the standards get implemented they will have positive impact in overall consumer confidence in electronic and mobile commerce.
According the principal attorney at Chetty Law, Pria Chetty, this hinges on the awareness, assessment and implementation of the standards by South African organisations.
Chetty says, should the recommendations be implemented, benefits to organisations, including South African organisations, may include faster response times to cyber security attacks.
This will also help with a higher rate of success in the methods of combating and prosecuting cyber crimes, and a positive impact in overall consumer confidence in electronic and mobile commerce, she adds.
Local policy
From a policy setting perspective, she says, the draft National Cyber Security Policy published in 2010 will be impacted by new International Telecommunication Union (ITU)-T Recommendations.
“The general amendment of the draft policy for alignment with an international standard is not favourable.
“The committee responsible for the cyber security policy should consider, however, whether the current policy, against the content of the standards and recommendations has kept pace with international cyber security developments,” she says.
The South African policy is: Draft South African National Cyber Security Policy, published in the 19 February 2010 Government Gazette number 32963.
Specialised advise
According to Chetty, the ITU-T standards are the output of specialised study groups established by the International Telecommunications Agency on topics and themes that stem from meetings of experts in the fields.
“This means that the standards provide invaluable insight for cyber security professionals on latest cyber-security threats and vulnerabilities and cutting edge methods on how to combat such threats, she points out.
“This is a positive and logical approach. The pace at which cyber security threats develop means that isolated knowledge development and response to such threats is inappropriate.”
Chetty says one of the ways that the standards promote collaboration is through the listing of the principal technical and organisational capabilities necessary for systems for cyber security information exchange.
She also notes; certain recommendations pertain to countering spam and other unsolicited communications through an interactive gateway system and extended validation certificates, which is likely to promote Internet user confidence in Web sites which is good for electronic and mobile commerce.
Risk mitigation
According to ITU, the standards specify how this information can be shared across organisations for enhanced security preparedness and broader and better risk mitigation against vulnerabilities, to allow vulnerability databases and other capabilities to be linked together, and to facilitate the comparison of security tools and service.
One recommendation identifies real-life scenarios where cyber security information can be exchanged across organisations, the UN telecoms organisation, “the standard specifies the principal technical and organisational capabilities necessary for systems in terms of cyber security information exchange”.
The study group also saw new and ongoing security and identity management standardisation work in the area of cloud computing and virtual service platforms where challenging security problems remain to be solved and standardised.
“Another new interesting area of standardisation work seeks to define an information security management reference model for small and medium telecommunication organisations,” it says.
Share
