Managing Cybersecurity Threats
|
|
- Catherine Tate
- 5 years ago
- Views:
Transcription
1 Managing Cybersecurity Threats by engaging with Accredited Open Trusted Technology Providers - Organizations that conform to the Open Trusted Technology Provider Standard Mitigating Maliciously Tainted and Counterfeit Products (O- TTPS) Build with Integrity- Buy with Confidence Sally Long, Director, The Open Group Trusted Technology Forum s.long@opengroup.org 0
2 Presentation Overview q Background & Context: Brief overview of The Open Group and The Open Group Trusted Technology Forum (OTTF) q The Supply Chain Challenge as it applies to: COTS ICT Critical Infrastructure q Industry Response to the Challenge The Open Trusted Technology Provider Standard Mitigating Maliciously Tainted and Counterfeit Products (O-TTPS) O-TTPS Accreditation Program q Current State of the OTTF: Milestones, Roadmap and Global Outreach Efforts q What You Can do Now 1
3 The Open Group Membership Argentina Australia Austria Belgium Brazil Canada China Colombia Czech Republic Denmark Finland France Germany Hong Kong India Italy Japan Luxembourg Malaysia Poland Qatar Russian Federation Saudi Arabia Singapore South Africa Over 40,000 participants from Spain Over 95 countries Sweden Over 500 memberships with Switzerland HQs in 40 countries from Taiwan 6 continents Turkey Mexico UK Netherlands United Arab Emirates New Zealand USA Norway 2
4 What Does The Open Group Do? q Membership & Events International & Regional Conferences Forums: ArchiMate Architecture, Enterprise Management Forum, IT4IT, Open Platform 3.0, Real-time & Embedded Systems, Security, Trusted Technology Forum, Platform Base Working Group q Standards and Certification - Over 25 years experience Voluntary consensus standards and certification programs through The Open Group Standards Process consistent with OMB Circular A-119 People & Organizations: ArchiMate, POSIX, TOGAF, UNIX, Open Trusted Technology Provider Professional: TOGAF, ArchiMate, Certified Architect (Open CA), Certified IT Specialist (Open CITS), Open FAIR Consortia: Hotel Technology Next Generation (HTNG), North American State and Provincial Lotteries (NASP)L, Near Field Communication Forum (NFC Forum) NFC Forum, UNIX, WAP, Architecture Tools Defense Standards: DirecNet, FACE 3
5 The Open Group CyberSecurity Activities Security Forum Real Time & Embedded Systems Forum Trusted Technology Forum Open Standards & Best Practices Security architecture Information security management Risk management standards, best practices, and certification Compliance & security automation MILS Open Standards Software assurance High assurance certification Dependability Supply Chain Security Standards, Best Practices Open Trusted Technology Provider TM (O-TTPS) (Standard) Addressing maliciously tainted and counterfeit products O-TTPS Accreditation Program 4
6 The Supply Chain Challenge and the OTTF Copyright (C) The Open Group 2014
7 The Open Group Trusted Technology Forum (OTTF) q Government-industry roundtable discussion in 2009 Initiated by DoD AT&L(SE), DoD-CIO and The Open Group q Government raised these issues Moving from high assurance customized solutions to Commercial Off The Shelf (COTS) Information Communication Technology (ICT) Need to confidently identify trusted COTS ICT products/providers q Government recommendation Establish consensus on best of breed best practices based on industry experience to create a standard that enables all providers to conform to those best practices when building products. Create an accreditation program brand that identifies trusted technology providers who conform to the standard q Response to the recommendation the OTTF Providers, integrators, government agencies, third party labs from around the globe responded to the recommendation 6
8 The Open Group Trusted Technology Forum A global industry-led initiative defining best practices for secure engineering and supply chain integrity so that you can Build with Integrity and Buy with Confidence 7
9 The Supply Chain Challenge for COTS ICT Providers Product certification is not enough. Need assurance that best practices are followed through product life cycle including global supply chains. Governments Procure from an Accredited Open Trusted Technology Provider Consumers Service Providers Enterprises Challenges: Build with Integrity Buy with Confidence Need to secure our Global Supply Chains Need a full life cycle approach Need a standard of best practices for all constituents in the chain Need accreditation to help assure conformance to the standard Need public registry to identify trusted/accredited constituents Need customers to reward trusted/accredited constituents thru procurement 8
10 Technology Supply Chain Threat Matrix Taint Counterfeit Upstream Provider Downstream Upstream Provider Downstream Malware Malicious code (masquerading as vulnerabilities) Unauthorized Parts Unauthorized Configuration Scrap/ Substandard Parts Unauthorized Production 9
11 A Threat-Based Problem Global supply chain security for COTS products Commercial Off the Shelf Products are developed and used globally COTS products rely on components that are often globally sourced COTS products are integrated into Critical Infrastructure, Government systems and Commercial solutions THREATS Counterfeit product Maliciously tainted Tainted Insiders Obsolescence Many others 10
12 The product does what it s intended to do functionally & performs at the required performance levels Functional, & Quality Requirements for Products Functional, Quality, Security & Integrity Process Requirements for Operators Security Requirements for Products Security & Integrity Process Requirements for Providers The product meets certain security assurance levels based on requirements of the environment into which it s placed and the acceptable level of risk for that environment. 11
13 Operator organizations must ensure security and integrity of systems during operation. In addition operator organizations must have policies in place for each of the four categories: - all systems function & perform well - products comply with security reqs. - They buy from trusted providers. - Systems are secure during operation & recovery Functional, & Quality Requirements for Products Functional, Quality, Security & Integrity Process Requirements for Operations Security Requirements for Products Security & Integrity Process Requirements for Providers (O-TTPS) Integrators and providers who build IT products must follow best practices for security, integrity - design thru disposal (both inhouse and in their supply chains). Reduces risk of vulnerabilities (potential malware insertion sites), tainted & counterfeit components, before the products make it into the critical environment. 12
14 The O-TTPS The first version of the O-TTPS addresses the two threats that have been identified as the most pressing: Maliciously Tainted Counterfeit Products 13
15 O-TTPS Standard Mitigating Risks for Tainted and Counterfeit Products q q q A tainted product is produced by the provider and is acquired through reputable channels but has been tampered with maliciously. - Could result in: product failure, degraded performance, can enable malware insertion, weakened security mechanisms allowing rogue functionality and potentially critical damage enabled IP and Identity theft, damage to critical infrastructure operations which could lead to catastrophic results for citizens A counterfeit product is produced other than by or for the provider, or is supplied by other than a reputable channel, and is represented as legitimate. Could result in: For customers: if product fails at critical juncture loss of productivity, revenue For providers: loss of revenue stream and brand damage Double risk if counterfeit products are also tainted 14
16 O-TTPS: Mitigating Maliciously Tainted and Counterfeit Products q q q The Open Trusted Technology Provider TM Standard (O-TTPS) released in April, page document on requirements for organizational best practices The result of over 3 years of collaborative consensus-based effort Apply across product life cycle. Some highly correlated to threats of maliciously tainted and counterfeit products - others more foundational but considered essential Design Sourcing Build Fulfillment Distribution Sustainment Disposal Technology Development Supply Chain q 2 areas of requirements often overlap depending on product and provider: Technology Development - mostly under the provider s in-house supervision Supply Chain activities mostly where provider interacts with third parties who contribute their piece in the product s life cycle 15
17 O-TTPS: Technology Development q Product Development/Engineering Requirements in: Software/Firmware/Hardware Design Process Development/Engineering Process and Practices Configuration Management Quality/Test Management Product Sustainment Management q Secure Development/Engineering Requirements in: Threat Analysis and Mitigation Run-time Protection Techniques Vulnerability Analysis and Response Product Patching and Remediation Secure Engineering Practices Monitor and assess the impact of changes in the threat landscape 16
18 O-TTPS: Supply Chain Activities q Supply Chain Requirements In: Risk Management Physical Security Access Controls Employee and Supplier Security Business Partner Security Supply Chain Security Training Information Systems Security Trusted Technology Components Secure Transmission and Handling Open Source Handling Counterfeit Mitigation Malware Detection 17
19 OTTF Principles The OTTF is developing their standards and accreditation programs according to these principles: Practical and effective - Practitioner based, evidence that it works in the field Reasonable - Achievable and implementable by a wide variety of vendors and stakeholders Affordable - Reasonably cost effective to implement Open - Based on open standards and recognized industry best practices publically available to all Organizational/Process Based Accreditation - Flexible enough that an organization can choose their own scope of accreditation (product, product-line, entire organization) 18
20 The O-TTPS Accreditation Program Based on Warranty from Organization & Conformance Assessment Scope Flexible. Whole organization to one product Application Accreditation Authority: Program Operated by The Open Group Governance and Operation OTTF: develops and maintains Standard - Membership is open to all O-TTPS Accreditation Program Vendor neutral program: Accreditation Authority responsible for accreditation of 3 rd party assessors, appeals, certificates, logo-use, consistency Success! across accreditations Open Trusted Technology Providers Open to all Component Suppliers, Conformance Providers, Integrators, Distributors and Resellers O-TTPS Recognized 3 rd Party Assessors V e r i f i e s 19 Program logo used to support accreditation claims
21 Accreditation Program Description q q q q q q q q q The Applicant can be a Technology Provider, Component Supplier, Integrator, Distributor (Value-Add), Reseller The Applicant warrants and represents their conformance to requirements throughout their declared Scope of Accreditation that is they claim that they follow the best practices through out the product life-cycle, including supply chain cycles for all of the products in their declared Scope Scope up to Applicant: product, product(s), product-line, organization, etc. Warranty backed by evidence of conformance and assessment of evidence by 3 rd Party Assessors The Open Group will operate vendor-neutral program, provide oversight and consistency across applications Successful Applicant gets certificate and use of Trademark and Logo The Open Group manages Trademark and Logo use, problem reporting and appeals process. The accreditation period is 3 years before required renewal Launch of a public O-TTPS accreditation program December 2014 open to any organization don t need to be a member 20
22
23
24 Assessments by 3 rd Party Labs q Publically Available Assessment Procedures Help achieve objectivity, repeatability, and consistency across accreditations Geared specifically to: Providers, Component Suppliers, Integrators and Value Add Distributors, and Resellers (Non-Value Add) q Two types of requirements/evidence to be assessed: process and implementation Process Need evidence there are documented processes Implementation Need evidence that processes were implemented q Formal Recognition of O-TTPS 3 rd party labs q Must meet established criteria and assessors must pass O- TTPS Assessor exam. q Receive certificates and listed on public registry 23
25 O-TTPS Recognized Assessors atsec information security corporation EWA Canada Booz Allen Hamilton (BAH) 24
26 O-TTPS Recognized Assessor Requirements Recognized Assessor Company Accepted standards: ISO/IEC 17020: 2012: Conformity Assessment Requirements for the operation of various types of bodies performing inspection, ISO/IEC 17021:2011: Conformity Assessment Requirements for bodies providing audit and certification of management systems, ISO/IEC 17025:2005: General requirements for the competence of testing and calibration laboratories The Open Group Program relies on existing compliance with industry norms using standards commonly specified for information assurance (IA) assessor companies and process assessors Competent assessors Accepted qualifications: Lead auditor ISO/IEC ISO 9001 CMMI-DEV appraisers ISO/IEC or Common Criteria evaluator (with experience in evaluating lifecycle assurance requirements) ISO/IEC or FIPS tester with experience in testing the process requirements of that standard 25
27 O-TTPS Recognized Assessor Requirements Recognized Assessor Company Has established a process for performing O-TTPS accreditations in accordance with its own established management system requirements and The Open Group Assessment Procedures The Open Group Program builds on existing standards assuring that Subject Matter Expertise is established in the assessor companies Competent assessors Have sufficient skills in: Supply chain management terminology and techniques Technical knowledge of O-TTPS Attributes & the assessment program Have successfully completed the O-TTPS Assessor Exam 26
28 OTTF Milestones and Time Frames Q1 Q2 Early Industry Collaboration Q3 Forum Launched Framework White Paper Published Q4` Q1 Q2 Q3 Standard Development: Snapshot => Publish V 1.0 Define Conformance Criteria, Conduct Pilot Program Define & Approve O-TTPS Accreditation Program Q4` Q1 Q2 Q3 Q4` Q1 O-TTPS v. 1.0 published April 2013 Q2 Q3 Q4` Q1 Q2 Q3 Q4` Conducted Pilot of the O-TTPS Accreditation Feb 3, 2014 Announce: 1. Public Launch of Accreditation Program 2. First Accredited Open Trusted Technology Provider 3. First two O- TTPS Recognized Assessor Labs Implement and Launch Public O-TTPS Accreditation Program 27
29 The Open Group Trusted Technology Forum (OTTF) Roadmap Items 4Q2014 1Q2015 2Q2015 3Q2015 4Q2015 ISO PAS Submission - Open Trusted Technology Provider Standard (O-TTPS) V 1.1 ISO Review ISO Ballot If Approved work with ISO to Publish O-TTPS 1.1. Translation (Simplified Chinese) Review Review Publish O-TTPS Assessment Procedures Revisions Review V1.1 Publish V1.1 Consider ISO PAS Develop V1.2 Review V1.2 28
30 The OTTF Roadmap (continued) Items O-TTPS Mapping to other standards: 4Q2014 1Q2015 2Q2015 3Q2015 4Q2015 Map to: Common Criteria (CC) & NIST Cybersecurity Framework (NCF) Develop Review Publish O-TTPS 2.0 Develop Develop 29
31 OTTF Additional Publications Publications Type Date O-TTPS Recognized Assessor Program: Update Training Materials and Assessor Exam Training Materials for Accreditation Applicants & Market Adoption Materials for Customers O-TTPS Mapping Table(s): Update and Provide Additional Mappings O-TTPS Accreditation Program: Update Supporting Documents Accreditation Q2/15 Accreditation Q2/15 Accreditation Q3/15 Accreditation Q3/15 30
32 Outreach & Harmonization q Approach Communicate the facts GAO Report: mentions O-TTPS as one of the two most cited supply chain standards efforts in their report References to O-TTPS in NIST SP-161 draft NASA RFP recommendation included O-TTPS in (SEWP V 2013) Expect customers to begin demanding O-TTPS compliance Mapping to NIST Cybersecurity Framework Leverage opportunities to inform stakeholders Conference speaking engagements Concentrate on the strength of our content Mapping our content to other standards Use public sources and social media Develop demand among the broad community through the value proposition not regulation Focus on priorities 31
33 Offers Holistic Approach to Securing Global Supply Chains Customer/Acquirer Demands Accreditation certificate as evidence of conformance to Open Trusted Technology Provider standards Integrator, Distributors, Resellers Will seek business partners who meet Open Trusted Technology Provider requirements Business Partners Standards Process Standards Body Will seek ways of achieving market up-take/ integrity of standards Alliance Accreditation Component Suppliers May be hardware, software, global, open source - or not - multiple supplier layers Business Partners Provider Will seek business partners who meet Open Trusted Technology Provider requirements Process Accreditation/ Accreditation Body Must be independent & vendor/technology-neutral
34 What You Can Do Now. q Technology Providers (OEM S, component suppliers (HW or SW), Integrators, Value-add Resellers (VARs), Distributors: Get prepared: Go to Download the documents and read them everything is publically available learn what s required, and what you need to demonstrate conformance. Improve the integrity and the security of your processes. Get accredited Encourage your technology partners (Integrators, OEMs, VARs, Distributors, Component Suppliers) to get accredited. q Customers (government, commercial): Make your Suppliers, Integrators, VARs aware of O-TTPS. Encourage them to learn about it, prepare and get accredited. Let them know their accreditation is a differentiator in procurement. q Customers, Technology Providers, Assessors: Consider joining the OTTF (Forum) to evolve the standard and accreditation program in a way that meets your needs. 33
35 Resources q The Open Group Trusted Technology Forum (OTTF) q The OTTF Information Sheet Handout q The O-TTPS (Standard) Version 1.1 q The Open Group represents OTTF at Congress q OTTF Vendor Testimonials q The O-TTPS Accreditation Website q OTTF Podcast (Dana Gander with: Brickman, Lipner, Lounsbury, and Szakal) q Press Release Feb 3, 2014 Launch of the O-TTPS Accreditation Program q The Open Group 34
36 Thank You! For more information contact: Mike Hickey or Sally Long Copyright (C) The Open Group 2014
Build with Integrity Buy with Confidence
Securing the Global Supply Chain Enabling Providers to Raise the Bar on Security and Integrity The Open Group Trusted Technology Forum (OTTF) Build with Integrity Buy with Confidence OTTF Presentation
More informationThe Role of SANAS in Support of South African Regulatory Objectives. Mr. Mpho Phaloane South African National Accreditation System
The Role of SANAS in Support of South African Regulatory Objectives Mr. Mpho Phaloane South African National Accreditation System Outline of Presentation INTRODUCTION STATUS OF SANAS TECHNICAL INFRASTRUCTURE
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationOpen Trusted Technology Provider Standard (O-TTPS) Conformance Statement
Open Trusted Technology Provider Standard (O-TTPS) Conformance Statement Version 1.1 January 2017 Copyright 2013-2017, The Open Group All rights reserved. No part of this publication may be reproduced,
More informationOpen Trusted Technology Provider Standard (O-TTPS) Conformance Statement
Open Trusted Technology Provider Standard (O-TTPS) Conformance Statement Version 1.1 January 2017 Copyright 2013-2017, The Open Group All rights reserved. No part of this publication may be reproduced,
More informationThe IECEE CB Scheme facilitates Global trade of Information Technology products.
The IECEE CB Scheme facilitates Global trade of Information Technology products. WTO - Symposium on the 15th Anniversary of the Information Technology Agreement 14-15 May 2012 Pierre de RUVO Executive
More informationBuilding an Assurance Foundation for 21 st Century Information Systems and Networks
Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership
More informationTHE POWER OF A STRONG PARTNERSHIP.
THE POWER OF A STRONG PARTNERSHIP. Now you can harness a network of resources. Connections, knowledge, and expertise. All focused on your success. The Cisco Channel Partner Program. BE CONNECTED. Great
More informationGreat to meet you! Apex Plaza, Forbury Road Reading RG1 1AX UK. Chris Parnell Director Membership Services.
Welcome! Great to meet you! Chris Parnell Director Membership Services c.parnell@opengroup.org Apex Plaza, Forbury Road Reading RG1 1AX UK Tel: +44 (0)23 9225 7694 Fax: +44 (0)700 609 9522 www.opengroup.org
More informationIECEE provides facilitation to the Global Trade
INTERNATIONAL ELECTROTECHNICAL COMMISSION WORLDWIDE SYSTEM FOR CONFORMITY TESTING AND CERTIFICATION OF ELECTRICAL EQUIPMENT AND COMPONENTS IECEE provides facilitation to the Global Trade IECEE takes the
More informationPurchasing. Operations 3% Marketing 3% HR. Production 1%
Agenda Item DOC ID IAF CMC (11) 75 For Information For discussion For decision For comments to the author IAF End User Survey results (October 211) This report summarises the total responses to the IAF
More informationTechnology Lifecycle Management Assessment. Know your network - achieve business agility
Technology Lifecycle Management Assessment Know your network - achieve business agility Your network is the platform on which you build the success of your organisation. In addition to connecting your
More informationMicrosoft Dynamics 365 for Finance and Operations. Table of contents
Microsoft Dynamics 365 for Finance and Operations Product localization and translation availability guide April 2018 update 1 Dynamics 365 for Finance and Operations Product localization and translation
More informationPARTNERING WITH THE REGULATORS: The Role for 3rd Party Accreditation in Food Safety
PARTNERING WITH THE REGULATORS: The Role for 3rd Party Accreditation in Food Safety Roger Brauninger American Association for Laboratory Accreditation (A2LA), Frederick, Maryland Topics Role of Accreditation
More informationMicrosoft Dynamics 365 for Finance and Operations, Enterprise edition. Table of contents
Microsoft Dynamics 365 for Finance and Operations, Enterprise edition Product availability, localization, and translation guide July 2017 Update 1 Dynamics 365 for Finance and Operations, Enterprise edition
More informationInnovative Fastening Technologies
Innovative Fastening Technologies Corporate Overview 2011 Update Infastech is one of the world s largest producers of engineered mechanical fasteners with revenues exceeding USD500 million and an industry
More informationModule 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan
Module 6: Network and Information Security and Privacy Session 3: Information Security Methodology Presenter: Freddy Tan Learning Objectives Understanding the administrative, physical, and technical aspects
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationFrequently Asked Questions
December 2001 Introduction International Standard ISO/IEC 17799:2000 Information Security Management, Code of Practice for Information Security Management Frequently Asked Questions The National Institute
More informationCisco Aironet In-Building Wireless Solutions International Power Compliance Chart
Cisco Aironet In-Building Wireless Solutions International Power Compliance Chart ADDITIONAL INFORMATION It is important to Cisco Systems that its resellers comply with and recognize all applicable regulations
More informationCustomers want to transform their datacenter 80% 28% global IT budgets spent on maintenance. time spent on administrative tasks
Customers want to transform their datacenter 80% global IT budgets spent on maintenance 28% time spent on administrative tasks Cloud is a new way to think about your datacenter Traditional model Dedicated
More informationINTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Annual Meeting Minutes October 15, 2005 Miami, Florida USA
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Annual Meeting Minutes October 15, 2005 Miami, Florida USA Opening: The annual meeting of the International Information Systems
More informationAn Overview of TOGAF Version 9.1
An Overview of TOGAF Version 9.1 Robert Weisman MSc, PEng, PMP, CD CEO / Chief Enterprise Architect robert.weisman@buildthevision.ca 44 Montgomery Street 1168 Ste Therese Ottawa, Ontario Canada K1C2A6
More informationMoving Professionals Forward. World Leader In Competence Based Certification
Moving Professionals Forward World Leader In Competence Based Certification Professionalism in a changing world The world is changing and project management is changing with it. IPMA is adapting: to the
More informationReport on ISO/IEC/JTC1/SC27 Activities in Digital Identities
International Telecommunication Union ITU-T Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities Dick Brackney ISO/SC27 Liaison Officer to ITU-T SG17 Standards Program Manager, U.S. Dept of Defense
More informationFAQ: The IECEE CB Scheme
2 nd Edition: April 2013 Intertek Italia Via Principe di Udine, 114-33030 Campoformido (UD) info.etls-italy@intertek.com www.intertek.it Contents What do the initials IECEE CB stand for?... 2 Who are the
More informationINTERDIGITAL. 4 th Quarter 2013 Investor Presentation. invention collaboration contribution InterDigital, Inc. All rights reserved.
INTERDIGITAL 4 th Quarter 2013 Investor Presentation invention collaboration contribution 1 2013 InterDigital, Inc. All rights reserved. Forward-Looking Statements 2 2013 InterDigital, Inc. All rights
More informationThe Critical Importance of CIIP to Cybersecurity
The Critical Importance of CIIP to Cybersecurity Without CIIP there is no Cybersecurity Peter Burnett GFCE-Meridian Coordinator The Global Forum on Cyber Expertise Focus: cyber capacity building (awareness
More informationIdentity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition
Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition Sept. 8, 2008 Liberty Alliance 1 Welcome! Introduction of speakers Introduction of attendees Your organization
More informationImproving digital infrastructure for a better connected Thailand
Improving digital infrastructure for a better connected 1 Economies across the globe are going digital fast The Global GDP forecast 2017 Economies are setting policies to encourage ICT investment Global
More informationEventBuilder.com. International Audio Conferencing Access Guide. This guide contains: :: International Toll-Free Access Dialing Instructions
EventBuilder.com International Audio Conferencing Access Guide TM This guide contains: :: International Toll-Free Access Dialing Instructions :: ATFS (Access Toll-Free Service) Dialing Instructions ::
More informationTHE ENERGY MANAGEMENT WORKING GROUP
THE ENERGY MANAGEMENT WORKING GROUP Meeting Climate Goals through Energy Management Policies and Standards 5000&1 SEAPs 4 th Webinar February 23, 2017 Ms. Pamela de los Reyes Energetics Incorporated EMWG
More informationEND-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO MEDIA CONVERGENCE SERVER 7845H-2400
END-OF-LIFE NOTICE, NO. 2566 END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO MEDIA CONVERGENCE SERVER 7845H-2400 Cisco Systems announces the end of life of the Cisco Media Convergence Server 7845H-2400.
More informationSoftware & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management
Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management Joe Jarzombek, PMP, CSSLP Director for Software & Supply
More informationISTQB in a Nutshell. ISTQB Marketing Working Group. February 2012 v10
ISTQB in a Nutshell ISTQB Marketing Working Group February 2012 v10 Contents 1 2 3 4 5 Introduction to ISTQB ISTQB : Worldwide Footprint Syllabi and Exams Benefits Contacts 2 What is ISTQB? ISTQB : International
More informationIMPLEMENTATION COURSE (MODULE 1) (ISO 9001:2008 AVAILABLE ON REQUEST)
ISO 9001:2015 IMPLEMENTATION COURSE (MODULE 1) (ISO 9001:2008 AVAILABLE ON REQUEST) COURSE DURATION: 3 DAYS Course Summary: The implementation course provides the participant with an in-depth level of
More informationPEFC: The best way to develop nationally appropriate and internationally recognised forest certification Ben Gunneberg
PEFC The best way to develop nationally appropriate and internationally recognised forest certification Zhejiang, China, July 24. Ben Gunneberg Secretary General, Programme for the Endorsement of Forest
More informationWith the successful completion of this course the participant will be able to:
ISO 13485:2016 INTRODUCTION COURSE COURSE DURATION: 1 DAY Course Summary: The introduction course provides the participant with an oversight on the requirements of ISO 13485:2016 standard. Our course is
More informationStrategic IT Plan Improves NYCHA Resident Services While Reducing Costs US$150 Million
C U S T O M E R C A S E S T U D Y Strategic IT Plan Improves NYCHA Resident Services While Reducing Costs US$150 Million Executive Summary CUSTOMER NAME New York City Housing Authority (NYCHA) INDUSTRY
More informationThe IECEx Ticket to Global Markets
The IECEx Ticket to Global Markets Extract from the tutorial at PCIC Europe 2008 Rudolf Pommé KEMA Quality NL Karel Neleman BARTEC NL With special thanks to co-authors: Mario Colpa BACAB CH Frédérique
More informationGlobal Institute for Risk Management Standards
Global Institute for Risk Management Standards Survey Courses Conference Linkedin Group ISO TC 262 Certification Contact!: Alex Dali, Msc, ARM Email!: Alex.Dali@G31000.org Phone: +33 660 4542 80 Disclaimer:
More informationThe Value of ANSI Accreditation. Top 10 Advantages. of accredited third-party conformity assessment
The Value of ANSI Accreditation Top 10 Advantages of accredited third-party conformity assessment The American National Standards Institute (ANSI) offers highly recognized accreditation programs globally
More informationKeysight N8840A USB Power Delivery Electrical and Protocol Compliance Test Software
Keysight N8840A USB Power Delivery Electrical and Protocol Compliance Test Software For Infiniium Oscilloscopes Data Sheet 02 Keysight N8840A USB Power Delivery Electrical and Protocol Compliance Test
More informationTOGAF Transforming Business
TOGAF 9.2 - Transforming Business The Open Group EA Forum ArchiMate, DirecNet, Making Standards Work, OpenPegasus, Platform 3.0, The Open Group, TOGAF, UNIX, and The Open Brand X logo are registered trademarks
More informationWorkday s Robust Privacy Program
Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield
More informationThe Open Group Certification for People. Training Course Accreditation Requirements
The Open Group Certification for People Training Course Accreditation Requirements Version 1.1 February 2014 Copyright 2013-2014, The Open Group All rights reserved. No part of this publication may be
More informationDigital EAGLEs. Outlook and perspectives
2016 Digital EAGLEs Outlook and perspectives Fixed and Mobile broadband adoption rates in the next decade Changes in Fixed-Broadband penetration 2014-25 Changes in Mobile-Broadband penetration 2014-25
More informationTraining of Welding Personnel Qualification of Welding Personnel Certification of Personnel Certification of Companies Collaboration Projects
EWF The European Federation for Welding, Joining and Cutting, was created in 1992 by all the welding institutes of the European Community with the aim of updating and harmonization training and education
More informationThe U.S. Government s Role in Standards and Conformity Assessment
The U.S. Government s Role in Standards and Conformity Assessment ASTM International-Russian Federation on Technical Regulating and Metrology Coordinated Program Mary Saunders Chief, Standards Services
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationThe Open Group Certification for People. TOGAF Program Configuration
The Open Group Certification for People TOGAF Program Configuration Version 1.1 June 2016 Copyright 2014-2016, The Open Group All rights reserved. This publication may be reproduced, stored in a retrieval
More informationCisco Optimization Services
Service Overview Cisco Optimization Services Cisco Optimization Services help very large enterprises to improve performance, availability, security, and quality of service; integrate advanced technologies;
More informationMining and The Standards World
GMSG and AMTC Santiago Forum 2015 Building Towards the Future of Mining November 3, 2015 Mining and The Standards World The International Standards Organization ISO A Global System + 600 organisations
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationItems exceeding one or more of the maximum weight and dimensions of a flat. For maximum dimensions please see the service user guide.
Rate Card International Flats Effective from 2 April 2013 Pricing your mail Once you have selected the service you wish to use, calculate the price using the tables on the following pages. For more information
More informationTHE CISCO SUCCESS BUILDER PROGRAM THE CISCO SMALL OFFICE COMMUNICATIONS CENTER: AFFORDABLE, PROVEN COMMUNICATIONS SOLUTIONS FOR SMALL ORGANIZATIONS
THE CISCO SUCCESS BUILDER PROGRAM THE CISCO SMALL OFFICE COMMUNICATIONS CENTER: AFFORDABLE, PROVEN COMMUNICATIONS SOLUTIONS FOR SMALL ORGANIZATIONS CISCO SUCCESS BUILDER. IT S MORE THAN AN INCENTIVE PROGRAM.
More informationACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES. Advisory Document on Tenders For Systems, Processes & Product Certifications
ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES CAB Accreditation Advisory Document Document Title: Document Number: Advisory Document on Tenders For Systems, Processes & Product Certifications
More informationThe Open Group Professional Certification Program. Accreditation Requirements
The Open Group Professional Certification Program Accreditation Requirements Version 1.0 October 2018 Copyright 2018, The Open Group All rights reserved. This publication may be reproduced, stored in a
More informationA Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services
A Working Paper of the EastWest Institute Breakthrough Group Increasing the Global Availability and Use of Secure ICT Products and Services August 5, 2015 The EastWest Institute (EWI) is leading a Global
More informationInternational Accreditation Forum, Inc. User Advisory Committee UAC
International Accreditation Forum, Inc. User Advisory Committee UAC UAC Position Paper UAC- N018 Users Expectations of Accreditation, of the Multilateral Recognition Arrangement (MLA) between Accreditation
More informationGlobal Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.
CONTENTS i. INTRODUCTION 3 ii. OVERVIEW SPECIFICATION PROTOCOL DOCUMENT DEVELOPMENT PROCESS 4 1. SCOPE 5 2. DEFINITIONS 5 3. REFERENCES 6 4. MANAGEMENT STANDARDS FOR APPROVED CERTIFICATION BODIES 6 4.1
More informationHybrid Wide-Area Network Application-centric, agile and end-to-end
Hybrid Wide-Area Network Application-centric, agile and end-to-end How do you close the gap between the demands on your network and your capabilities? Wide-area networks, by their nature, connect geographically
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationJoint ITU-UNIDO Forum on Sustainable Conformity Assessment for Asia-Pacific Region (Yangon City, Republic of Union of Myanmar November 2013)
Joint ITU-UNIDO Forum on Sustainable Conformity Assessment for Asia-Pacific Region (Yangon City, Republic of Union of Myanmar 25-27 November 2013) Mark Amos Business Manager, IECEx Secretariat, IEC mark.amos@iecex.com
More informationCisco Value Incentive Program Advanced Technologies: Period 7
Cisco Partner Program Latin America Program Rules Cisco Value Incentive Program Advanced Technologies: Period 7 Revised: March 30, 2006 The Cisco Value Incentive Program is a comprehensive rebate program
More informationACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES
ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES ACCREDITATION SCHEME MANUAL Document Title: Document Number: Various Accreditation Schemes ACCAB-ASM-7.0 CONTROLLED COPY Revision Number Revision
More informationCarrier Services. Intelligent telephony. for over COUNTRIES DID NUMBERS. All IP
Carrier Services All IP Intelligent telephony In current times, being connected to the telephone network just isn t enough anymore; one needs to be INTERconnected with it, as it all has become IP. Along
More informationThe emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18
The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 European Union Agency for Network and Information Security
More informationEXCiPACT: taking an idea to global reality
EXCiPACT: taking an idea to global reality Kevin McGlue President, EXCiPACT asbl EXCiPACT Certification Workshop Mumbai 29 th November, 2018 EXCiPACT What is it? EXCiPACT is a credible, independent, voluntary,
More informationIATF Stakeholder Conference
IATF Stakeholder Conference 13 September 2017 Oberursel, Germany Rüdiger Funke (BMW Group) Number of certified sites against ISO/TS 16949 (and IATF 16949) 70,000 60,000 50,000 40,000 30,000 30,156 50,071
More informationThird Annual Green IT & Sustainability Survey: U.S. Results and Services Implications
Third Annual Green IT & Sustainability Survey: U.S. Results and Services Implications Gard Little Research Manager Worldwide Services, Global Services Markets & Trends 2009 IDC 1 Agenda Overview of the
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationTraffic Offload. Cisco 7200/Cisco 7500 APPLICATION NOTE
APPLICATION NOTE Cisco 700/Cisco 700 Traffic offload allows exchange carriers to offload their telephony traffic to a packet network from the Public Switched Telephone Network (PSTN). By doing so, carriers
More informationCISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD
DATA SHEET CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD The Cisco 7304 Router, part of the industry-leading Cisco 7000 Series, is optimized to deliver flexible, high-performance IP and Multiprotocol
More informationHELLO, MOSCOW. GREETINGS, BEIJING. ADDRESSING RISK IN YOUR IT SUPPLY CHAIN
SESSION ID: PNG-F01 HELLO, MOSCOW. GREETINGS, BEIJING. ADDRESSING RISK IN YOUR IT SUPPLY CHAIN MODERATOR: Edward Brindley Principal Deputy, DCIO/CS in DoD-CIO Mr. Don Davidson Deputy Director, Cyber Security
More informationInformation and Communication Technology (ICT) Supply Chain Security Emerging Solutions
Information and Communication Technology (ICT) Supply Chain Security Emerging Solutions Nadya Bartol, CISSP, CGEIT UTC Senior Cybersecurity Strategist Agenda Problem Definition Existing and Emerging Practices
More informationGLOBAL PKI TRENDS STUDY
2018 GLOBAL PKI TRENDS STUDY Sponsored by Thales esecurity Independently conducted by Ponemon Institute LLC SEPTEMBER 2018 EXECUTIVE SUMMARY #2018GlobalPKI Mi Ponemon Institute is pleased to present the
More informationICNDT WG1 on qualification and certification efforts on global harmonization of the process of personnel certification
19 th World Conference on Non-Destructive Testing 2016 ICNDT WG1 on qualification and certification efforts on global harmonization of the process of personnel certification Alexander MULLIN 1 1 RTC Testing
More informationOne step ahead in home automation
Consumer Technology One step ahead in home automation testing and Certification services for Smart Home devices For over 120 years, UL has been advancing safety science in support of successful product
More informationiclass SE multiclass SE 125kHz, 13.56MHz 125kHz, 13.56MHz
Date created: 11 July 2016 Last update: 18 August 2016 READERS REGULATORY CERTIFICATION BY COUNTRY. The following table consists of the current regulatory certifications for the readers. HID Global is
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationConference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions
Conference for Food Protection Standards for Accreditation of Food Protection Manager Certification Programs Frequently Asked Questions Q. What was the primary purpose for the Conference for Food Protection
More informationInternational Packets
Rate Card International Packets Effective from 2 April 2013 Pricing your mail Once you have selected the service you wish to use, calculate the price using the tables on the following pages. For more information
More informationTOGAF TM Certification
TOGAF TM Certification Paul Hickey Regional Director 7708 Shadyrock Drive Austin, Texas 78731 USA Tel +1 512 343-0927 www.opengroup.org p.hickey@opengroup.org TOGAF is a trademark of The Open Group in
More informationACCAB. Accreditation Commission For Conformity Assessment Bodies
ACCAB Accreditation Commission For Conformity Assessment Bodies ACCAB Platinum Plus Accreditation For Certification Bodies, Inspection Bodies, Testing & Calibration Laboratories and Medical Laboratories
More informationDefining IT Security Requirements for Federal Systems and Networks
Defining IT Security Requirements for Federal Systems and Networks Employing Common Criteria Profiles in Key Technology Areas Dr. Ron Ross 1 The Fundamentals Building more secure systems depends on the
More informationNational Information Assurance Partnership (NIAP) 2017 Report. PPs Completed in CY2017
National Information Assurance Partnership (NIAP) 2017 Report NIAP continued to grow and make a difference in 2017 from increasing the number of evaluated products available for U.S. National Security
More informationIMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION
IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are
More informationITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles
ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability Session 2: Conformity Assessment Principles 12-16 October 2015 Beijing, China Keith Mainwaring ITU Expert Agenda 1. Context
More informationIGEL-Briefing March Managed Software and Hardware Thin Clients
IGEL-Briefing March 2016 Managed Software and Hardware Thin Clients Agenda IGEL Technology IGEL Partner Network IGEL Offering Software Products Hardware Products Why IGEL Cloud / VDI Solutions?
More informationAllianz SE Reinsurance Branch Asia Pacific Systems Requirements & Developments. Dr. Lutz Füllgraf
Allianz SE Reinsurance Branch Asia Pacific Systems Requirements & Developments Dr. Lutz Füllgraf Technology and Innovation for Insurance Conference 2007, Sydney 22 March 2007 Contents 1 Importance of a
More informationInternational Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management. Frequently Asked Questions
November 2002 International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management Introduction Frequently Asked Questions The National Institute of Standards and Technology s
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationCisco CallManager 4.0-PBX Interoperability: Lucent/Avaya Definity G3 MV1.3 PBX using 6608-T1 PRI NI2 with MGCP
Application Note Cisco CallManager 4.0-PBX Interoperability: Lucent/Avaya Definity G3 MV1.3 PBX using 6608-T1 PRI NI2 with MGCP Introduction This is an application note for connectivity of Lucent/Avaya
More informationCreating a Global Network
International Personnel Certification Association: Creating a Global Network Dr. George Anastasopoulos IPC Chairman a short history... interested parties came together late 1993 formally establishing IATCA
More informationManaging Supply Chain Risks for SCADA Systems
Managing Supply Chain Risks for SCADA Systems Nadya Bartol, Vice President of Industry Affairs and Cybersecurity Strategist, UTC Nadya.bartol@utc.org 2014 Utilities Telecom Council Agenda Problem Definition
More informationSynergies of the Common Criteria with Other Standards
Synergies of the Common Criteria with Other Standards Mark Gauvreau EWA-Canada 26 September 2007 Presenter: Mark Gauvreau (mgauvreau@ewa-canada.com) Overview Purpose Acknowledgements Security Standards
More informationCISCO IP PHONE 7970G NEW! CISCO IP PHONE 7905G AND 7912G XML
Q & A CISCO IP PHONE 7970G NEW! CISCO IP PHONE 7905G AND 7912G XML GENERAL QUESTIONS Q. What is the Cisco IP Phone 7970G? A. The 7970G is our latest state-of-the-art IP phone, which includes a large color,
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationBiorisk Management Professional Certification Program. Maureen Ellis Executive Director International Federation of Biosafety Associations
Biorisk Management Professional Certification Program Maureen Ellis Executive Director International Federation of Biosafety Associations International Federation of Biosafety Associations 37 Member national
More information