Dsti/iccp/cisp(2007)2/final
participants”, which include “governments, businesses, other organisations and
Yüklə 1,26 Mb. Pdf görüntüsü
|
|
Security (2002) calls “participants”, which include “governments, businesses, other organisations and
individual users who develop, own, provide, manage service and use information systems and networks” to “focus on security in the development of information systems and networks”, in order to tackle “a growing number
and a wider variety of
threats and
vulnerabilities”. Online
at http://www.oecd.org/document/42/0,2340,en_21571361_36139259_15582250_1_1_1_1,00.html
(last
accessed Aprile 2007). 129
See Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), ondine at http://europa.eu.int/eur- lex/pri/en/oj/dat/2002/l_201/l_20120020731en00370047.pdf. See also the European Commission document: “New Strategy for a Secure Information Society”, COM(2006)251 of May 2006. Security is one of the main priorities of the European Commission strategic initiative i2010. More information is available online at http://ec.europa.eu/information_society/eeurope/i2010/index_en.htm. Regarding regulatory initiatives touching upon IT security in the United States, see the Sarbanes Oxley Act, ondine at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h3763enr.tst.pdf. 130
communications”. 131
OECD “Scoping Study on Identity Theft” DSTI/CP(2007)3/FINAL. 132
ITU-T Study Group 13, Report 24 “Draft ITU-T Recommendation Y.2701, Security requirements for NGN Release 1”. November 2006. 133
See ITU-T Recommendation Y.2201 “NGN Release 1 requirements”, and ITU-T Recommendation Y.2012 “Functional requirements and architecture of the NGN”. 134
communicate directly with customer equipment. Un-trusted zone: a zone that includes all networks elements of customer networks or possibly peer networks, which are connected to the NGN provider’s border elements. See Study Group 13, Report 24 “Draft ITU-T recommendation Y.2701, Security requirements for NGN Release 1”. 135
security service and facilities. NGN providers are in charge of preparing such policies and of implementing it to all network elements and devices under their control. ITU-T Draft Recommendation Y.2701 (op. cit). 136
Alcatel-Lucent paper: “Security 3GPP IMS to TISPAN NGN”, last quarter 2005, online at http://www1.alcatel-lucent.com/com/en/appcontent/apl/S0512-TISPAN_NGN-EN_tcm172-521381635.pdf
(last accessed April 2007). 137
Graham Ingram, AusCert, presentation at the OECD NGN Technical Foresight Forum “NGN Security”, online at http://www.oecd.org/document/12/0,2340,en_2649_33703_37392780_1_1_1_1,00.html (last accessed April 2007). 138
139
See OECD, Working Party on Security and Privacy, IDM resources online at www.oecd.org/sti/security- privacy/idm . 140
At the technical level the ITU-T, in liaison with other standardisation groups, such as IETF, ETSI/TISPAN, liberty alliance, OMA, etc, is working on the harmonisation of technical approaches to IdM, with particular
DSTI/ICCP/CISP(2007)2/FINAL
63
attention to the security aspects of Identity Management. On the policy side, the OECD hold a workshop on Digital Identity Management on 8-9 May 2007, exploring the main information security and privacy issues surrounding digital identity management, as well as possible responses to those challenges. More information about the OECD work on IdM is available online at www.oecd.org/sti/security-privacy/idm . See also OECD Workshop proceedings “Social and Economic Factors Shaping the Future of the Internet”, forthcoming (May 2007). Yüklə 1,26 Mb. Dostları ilə paylaş:
|