The guide called the ICT Security Standards Roadmap brings together information about existing standards and work in progress by the world's key standards developers. It is a collaborative effort between ITU, the European Network and Security Information Agency (ENISA) and the Network and Information Security Steering Group (NISSG).
Enhancing security in cyberspace is a matter of critical concern in an increasingly networked society. Crime on the Internet alone has led to losses estimated at several billion dollars, both from online theft and from costs related to fixing networks that have been the victim of cyber attack. Cyber crime takes several forms, from breaching network security, financial fraud, invasion of privacy and identity theft to virus attacks or spam.
"There has never been a greater incentive to revitalize the order and trust in the stability and reliability of communications systems, and standardization in security design for networks is a key prerequisite," said Malcolm Johnson, Director of ITU's Telecommunication Standardization Bureau. "Standards-development bodies have a unique ability to address security vulnerabilities in ICT by bringing together all players. As well as the publication and development of many important security Recommendations, ITU has been behind many open discussions on providing security guidelines to protocol authors and identifying threats and vulnerabilities."
The guide provides information for potential users of security standards and other stakeholders to gain an understanding of what standards are available or under development as well as the key organizations that are working in the area. This web-based tool also lists standards-development organizations and the security standards they publish. Acting as a central tracking facility, it not only enables the identification of standards and standards activities but it also fosters coordination among standardization bodies, reducing duplication of effort and making it easier to identify existing gaps.
The guide, to be developed on an ongoing basis to enhance its scope and include other standard-development organizations, is organized in five sections:
- ICT standards development organizations and their work
- Approved ICT security standards
- Security standards under development
- Future needs and proposed new security standards
- Best practices