According to some industry estimates, the global cost of cyber attacks was $145 billion in 2003. The total annual United States security related losses reported in a 2003 survey were $201 million. Security threats continue to rise globally – up 22% in 2005. Many critical security requirements are currently addressed as an afterthought in a reaction to the security incidents. This results in piecemeal security fixes, which do not provide a comprehensive and cost effective security solution.
Assuring the security of each network element independently does not necessarily assure a secure network. Network security should be designed around a strong security framework, the available tools, standardized protocols, and where available, easily configured software and hardware. Naturally, in a multi-vendor environment, no end-to-end security solution can be achieved without standards.
At the same time there are specific regulations that need to be followed for each of the critical industry segments that support global economy. For example, HIPAA is very critical for the health industry addressing the privacy concerns. HIPPA privacy is generally addressed by information handling processes and network applications & services layers. However, privacy measures alone do not ensure that the data has not been compromised in other ways. Which leads to a question, are the networks (enterprise, WAN, NGN,..) that support HIPPA compliant applications secure enough? How does a service provider, enterprise or consumer know what security standards or regulations are important to them and why? How can you rationalize what security terms mean in one industry vs. another? Why is this important? What is the relationship of the security regulations to the standards? Is there a security industry framework that can be used to help ensure the right set of security mechanisms and capabilities are implemented for different technologies?
This tutorial will focus on providing an overview of the critical security standards and regulations, their use in specific industries and next generation technologies. The relevance of these standards and how they can be addressed in an efficient manner to maximize use of resources and protection of critical assets will also be discussed especially as it relates to next generation networks.
||Uma Chandrashekhar, leads the Bell Labs Security Technology Applications Research team in Holmdel, NJ, at Lucent Technologies. Her team has responsibility for developing innovative solutions addressing reliability/security challenges in both wireless and wireline technology. Ms. Chandrashekhar has extensive experience in security program lifecycle from concept to systems engineering, secure data communications, operations planning, network management, and deployment. Her experience also includes leading the IITP (Interoperability Industry Test Plan) phases to support the reliability of the SS7 network, which included major industry players as part of the National Reliability Interoperability Council (NRIC) recommendations on reliability of the nation’s infrastructure. She has led and project-managed strategic projects from inception to market in the areas of network operations, reliability, security, network monitoring systems, and network management. Uma was the editor of the Bell Labs Technical Journal special issue on Network Security. Uma led her team to the development of the Bell labs Security Model that is now the foundation of the global ITU-T X.805 standard for Telecom industry and ISO 18028-2 for the IT industry. She has a Masters in Electrical Engineering, and is certified as a project manager (PMP) as well as certified security professional (CISSP). Prior to joining Bell Labs, Uma’s working experience covers network operators, vendors, and research organizations.|