CG-TXNDF Terms of Reference

From ITUwiki

Jump to: navigation, search

INTERNATIONAL TELECOMMUNICATION UNION

TELECOMMUNICATION STANDARDIZATION SECTOR

STUDY PERIOD 2009-2012

STUDY GROUP 17

Geneva, 11-20 February 2009

TD 0271

English only

Original: English

Question(s): 4/17

TEMPORARY DOCUMENT

Source: Rapporteur, Q.4/17

Title: Terms of Reference for Correspondence Group on the Exchange of Trusted Network Forensics

TERMS OF REFERENCE

CORRESPONDENCE GROUP ON

TRUSTED EXCHANGE OF NETWORK DIGITAL FORENSICS

Background

The subject of trusted exchange of network forensics, including vulnerabilities, has become an increasingly important and rapidly evolving field of cybersecurity. This exchange occurs among a complex mix of computer and network emergency response teams, operators, and vendors. This Terms of Reference proposes work be initiated in this area in SG17 under the Rapporteur Group on Cybersecurity (Q.4) through the creation of a correspondence group to identify and facilitate today’s network forensic ecosystem and the ITU-T’s existing and potential evolving part of that ecosystem.

“Forensics” generally refers to the acquisition, preservation, and exchange of trusted information associated with an incident, event or discovered vulnerability of interest – including derivative aggregate information. “Network forensics” is generally regarded as a subset of “digital forensics” – where the latter can include digital-based information associated with an event occurring on some non-networked device.

WTSA-08 in Res. 50 in calling for cybersecurity activity in SG17, explicitly noted that Rec. “X.805 provides a systematic framework for identifying security vulnerabilities that, together with many new security-related deliverables from ITU and other organizations, can assist in risk assessment and in the development of mechanisms to mitigate risks.” Res. 58 in encouraging the creation of national computer incident response teams, particularly for developing countries, calls for “collaboration between national CIRTs, such as capacity building and exchange of information, within an appropriate framework.”

Terms of Reference

1. The ITU-T Correspondence Group for the trusted exchange of network forensics will undertake:

  • a) Discovery, outreach and analysis for all known forums and platforms dealing with the subject of trusted exchange of network forensics, including vulnerabilities
  • b) Preparation of a report on findings that includes
    • a. produce of an ecosystems overview and gap analysis
    • b. proposals for how the ITU-T Q.4/17 can effectively bridge the gaps, to the extent possible

2. The Correspondence Group will continue to use the email list tsg17q4-tendf@itu.int. The CG interactions may include email exchange via the email list, virtual meetings, and electronic meetings. The Q.4/17 Action Plan items relating to this subject will be the basis for the CG activities.

3. The Correspondence Group co-convenors will be Tony Rutkowski (VeriSign, USA) <trutkowski@netmagic.com>, rapporteur for Q.4/17, and Gregg Schudel (Cisco Systems) <gschudel@cisco.com>.

References

[1] WTSA-08 Resolutions 50 and 58

[2] Doc. COM 17 – C 072, TD 221-PLEN Rev. 2

Personal tools