System and Practice of Information Security Certification for IT products in China
|
|
- Lionel Fletcher
- 5 years ago
- Views:
Transcription
1 System and Practice of Information Security Certification for IT products in China
2 Catalogue 01 Introduction to IT product information security certification 02 Practice of industrial control security product certification 2
3 Setting background of IT product information security certification Setting background of IT product information security certification IT products are a basic unit to form key information infrastructure, such as basic networks, important information systems, industrial control systems and etc., and the significance of their information security has become increasingly obvious. The risk of IT products information security vulnerabilities has become increasingly serious, as a result, related networks and systems are facing security risks of sensitive information leakage, system outage and other major security incidents. 3
4 Purpose and meaning of certification Product certification system Owner Confidence Measures Conformance Information security assurance Information security risks Manufacturer Effectiveness Quality+ Information Security Assurance technology Instructional documents Information security certification result IT product standard technical specifications Information security testing & certification evaluation technology Procedure rules Normalization 4 Certification and testing organization
5 Certification system Laws and regulations Policies and rules Regulations of the People s Republic of China on Certification and Accreditation Notices, announcements, departmental regulations & etc. published by state departments Normative documents Technical specifications Procedure rules Management requirements 5
6 Certification modes Type test Initial factory Inspection (If applicable) Supervision after certificate Validity of certificate: the certificate is valid within 3 years Change of certified products In case of any change to manufacturer, holder of certificate or related address & etc., a change application shall be submitted to the certification organization. The change of other certificates shall be executed as per related Implementation Rules After the certificate is expired, please reapply for the extension of certificate validity when necessary Extension of products covered by the certificate Please submit an extension application to the certification organization when extending the certification scope for certified products. 6
7 Main contents of certification rules Certification Implementation Rules Scope of application Certification basis Certification modes Certification application and acceptance Normative documents Factory inspection Supervision after certificate certificate Use of marks Applicable product scope Corresponding national, industrial standards and technical requirements for applicable products Certification modes Subdivision principles or regulations for application unit Requirements for sampling and sample presentation Confirmation requirements for key components and raw materials(when necessary) Requirements for testing standards (when necessary) Requirements for factory inspection Requirements for follow-up inspection after obtaining certificate Requirements for validity period of certificate Requirements for the certification mark labeling of certified products Specify the certification requirements for specific products Guide the implementation of certification activities 7 7
8 Standards and Specifications (GB/T 18336) In 2001 GB/T In 2008 GB/T In 2015 GB/T International common criteria ISO/IEC 15408:1999 International common criteria ISO/IEC 15408:2005 International common criteria ISO/IEC 15408:2009 Common criteria(cc) In 1999(V2.1) Common criteria(cc) In 2005 (V2.3) Common criteria(cc) In 2009(V3.1) 8
9 Standards and Specifications (GB/T 18336) GB/T Firewall GB/T Network intrusion detection GB/T IC-card chip GB/T Data backup and recovery GB/T18336 ( 一 ) GB/T IC-card embedded software GB/T Network and terminal isolation GB/T Network vulnerability scanning One of the important technical bases of carrying out information security certification work in China is the common standards of information security product certification and the normative and reference standards of security technical requirements/national standards/industrial standards for related products. 9
10 Standards and Specifications Security technical standards Information security products IDS IPS UTM security audit products, etc. GB/T IT products integrating security function IT products with smart cards, switches and operating systems IT products with new technology & new application Cloud computing, industrial control, internet of things Testing and evaluation methods Security assurance evaluation: development documents, life cycle support & instructional documents and test documents Security tests: independence test, penetrability test and security assurance evaluation Test results: type test report and evaluation technical report Factory inspection requirements Inspection of information security assurance ability, quality assurance ability and product uniformity 10
11 Progress of certification business 70 technical Specifications Access co product across boundaries, data security product, identification and access control product Intrusion supervision product, basic platform product, application security product and security management product Smart card product, and IT product integrating security function Special product for industrial control and internet of things 9 test labs The 15th research institute of CETC(NCI), Beijing Information Security Test and Evaluation Center, Shanghai information security Testing evaluation and certification center, CETC information security lab, Liaoning information security and software testing evaluation and certification center, the 1st institute of the Ministry of Public Security, China Financial Certification Authority, the 3rd institute of the Ministry of Public Security, and the 6th research institute of China Electronics Coporation Authentication certificates Issued 366 certificates accumulatively, including 243 valid certificates 11
12 Catalogue 01 Introduction to IT product information security certification 02 Practice of industrial control security product certification 12
13 Security challenges faced by industrial control network As national strategies like made in China 2025, internet+ were put forward, the information security construction of industrial enterprises has been put on the schedule, and the industrial control network security is faced with greater challenges. Control security Network security Data security Equipment security Factory s control environment is threatened and permeated by external internet due to Opening control environment Greater security risks are brought to factory network by IP-based & wireless network, and networking flexibility Data and privacy protection are faced with unprecedented challenges due to flow and share Production equipments and products are exposed under the network attack due to Intelligent equipments. 13
14 Security risks faced by industrial control network backdoor of equipment Advanced persistent threat Industrial network virus Surge of vulnerabilities Industrial control network Attack and elimination 14
15 Requirements for industrial control security management Laws and regulations CyberSecurity Law of the P.R.C Regulation on the Protection of Security of Critical Information Infrastructure System and working mechanism Product testing and certification Critical infrastructure protection Special security inspection Authorities management requirements CAC NDRC Ministry of industry and information technology The Ministry of Public Security National Energy Administration Critical industries: rail traffic, electric traffic, petrochemical industry, aerospace equipments, etc. Alliances and associations: industrial control information security industry alliance(icsisia), industrial internet industry alliance and critical infrastructure protection committee, etc. 15
16 Industrial control security technical standards (national) GB/T Security control application guide to industrial control system of information security technology Standardization Administration of the people s republic of china (SAC) National Information Security Standardization Technical Committee (SAC/TC260) Technical committee for standardization of national industrial process measurement and control (SAC/TC124) Technical committee for standardization of national power system management and information exchange (SAC /TC 82) Technical committee for standardization of national electricity supervision and management (SAC/TC 296) Technical committee for standardization of national nuclear instrumentation (SAC/TC 30) GB/T Security procedure to establish industrial automation and control system for Industrial communications, network and system security GB/T Programmable Logic Controller(PLC) for network security of industrial automation and control system GB/T Distributed control system(dcs) for network security of industrial automation and control system GB/T Industrial control system information security GB/Z Power system management and its information exchange data and communications security Safety protection standards for power secondary system (compulsive) Security inspection specifications for power information system (compulsive) Evaluation indexes for power industry Information safety level (recommended) GB/T Part I design criteria for safety systemof nuclear power plant GB/T Applicable specifications for digital computer in safety system of nuclear power plant 16
17 Industrial control security technical standards (industrial) JB/T Security networks and system security for industrial process measurement and control (IEC/TR : 2008) Standards of mechanical industry JB/T Safety terms, concepts and models for industrial communications network and system(iec/ts : 2009) JB/T information security technology for industrial communications network, network and information system, industrial automation and control system(iec/tr :2009) Standard of nuclear industry HAD Computer-based software for important systemsecurity of nuclear power plant 17
18 Certification for industrial control security products Based on IT product information security certification, ISCCC and their joint lab have carried out the industrial control product testing certification, including industrial control firewall products, industrial control gatekeeper products, industrial control safety auditing products & etc. The related labs have carried out the verification tests for safety technical specifications of PLC, DCS and other equipments. 18
19 Certification case: industrial control firewall Network layer control Application layer protocol control (EAL2 level) Security operation, maintenance and management 抗拒绝服务攻击 Certification test on industrial control firewall 19
20 Certification case: industrial control firewall Deep packet inspection Carry out deep content detection for common industrial control protocols Support OPC and other industrial control protocols Support industrial control protocol filtering over protocol Anti-Denial of service attack High availability Packet filtering Certification test on industrial control firewall Network scanning protection Dynamic open port Support Bypass, multiple working modes, power redundancy, thermal discharge mode and dual-computer hotstandby. 20
21 Certification case: industrial control firewall Test items Traditional firewall Industrial control firewall 1 Packet filtering Filtering based on MAC address, IP address, port, protocol type, time & etc. Support industrial control protocol filtering over protocol 2 NAT Support SNAT DNAT Optional, deployed in the control layer, usually transparent 3 Policy routing Support related function of Policy routing None related requirements 4 Dynamic open port Support FTP and other protocols Requirements for supporting OPC and other industrial control protocols 5 Deep packet inspection For some common protocols (http, smtp & etc.) Carry out deep content detection for common industrial control protocols 6 High availability dual-computer hot-standby Bypass, working modes, power redundancy, thermal discharge mode 21 and dual-computer hot-standby.21
22 Thanks! Bu Ning China information security certification center/isccc 22
FeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.
FeliCa Approval for Security and Trust (FAST) Overview Introduction The security certification scheme called FeliCa Approval for Security and Trust (FAST) has been set up to enable the evaluation and certification
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationIoT Security Policy and Regulation Initiatives in China. Fan Dongyang, Huawei
IoT Security Policy and Regulation Initiatives in China Fan Dongyang, Huawei China Economy Facilitating High-quality Growth The new norm Going digital GDP Growth Rate Supply-side reform E-commerce is on
More informationISA Security Compliance Institute
ISA Security Compliance Institute ISASecure from an Asset Owner s perspective ISA Automation Week 2013 1 ISA Security Compliance Institute Presentation objectives Introduction to ISA/IEC 62443 Standards
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationTABLE OF CONTENTS. Section Description Page
GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationUNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Provide cybersecurity and data protection for organizations,
More informationSystrome Next Gen Firewalls
N E T K S Systrome Next Gen Firewalls Systrome s Next Generation Firewalls provides comprehensive security protection from layer 2 to layer 7 for the mobile Internet era. The new next generation security
More informationCloud Computing Lectures. Cloud Security
Cloud Computing Lectures Cloud Security 1/17/2012 Why security is important for cloud computing? Multi Tenancy, that is same infrastructure, platform, Service is shared among vendors. It is accessed over
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationUnofficial English translation offered by EuropElectro, for reference only
No.: CNCA C03 01:2014 Implementation Rules for Compulsory Certification of Low-voltage Electrical Apparatus Low-voltage Switchgear Assembly Announced on July.16.2014 Implemented on Sep.1.2014 Certification
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationKillTest. 半年免费更新服务
KillTest 质量更高 服务更好 学习资料 http://www.killtest.cn 半年免费更新服务 Exam : 642-618 Title : Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0) Version : DEMO 1 / 9 1.On the Cisco ASA, tcp-map can be applied to
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationUnofficial English translation offered by EuropElectro, for reference only
No.:CNCA C16 01: 2014 Implementation Rules for Compulsory Certification of Telecommunication Terminal Equipment Announced on Jul. 15, 2014 Implemented on Sep. 1, 2014 Certification and Accreditation Administration
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationOnline Services Security v2.1
Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction
More informationICSA Labs Network Firewall Certification Testing Report Corporate Criteria Version 4.2. Huawei Technologies. USG Series/Eudemon-N Series
ICSA Labs Huawei Technologies USG Series/Eudemon-N Series 4/20/2015 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com FWXX HUAWEITECH-2015-0420-01 Table of
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security
More informationNETWORK SECURITY STORMSHIELD. Unified Threat Management Solutions and Next- Generation Firewalls
NETWORK SECURITY STORMSHIELD NETWORK SECURITY Unified Threat Management Solutions and Next- Generation Firewalls Our Mission Make the digital world a sustainable and trustworthy environment while ensuring
More informationObjectives of the Security Policy Project for the University of Cyprus
Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University
More informationChina s Certification System for ICT Equipment. Mr. Dabing Ling TL Certification Institute, CAICT
China s Certification System for ICT Equipment Mr. Dabing Ling TL Certification Institute, CAICT 2017-10-30 1 Course Objectives 1 Introduce China s certification system for ICT equipment 2 Provide reference
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-618 Title : Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0) Vendors : Cisco
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationCompTIA Security+ Study Guide (SY0-501)
CompTIA Security+ Study Guide (SY0-501) Syllabus Session 1 At the end of this session, students will understand what risk is and the basics of what it means to have security in an organization. This includes
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationCOLLABORATIVE SECURITY. Network Security Endpoint Security Data Security
COLLABORATIVE SECURITY Network Security Endpoint Security Data Security 40+ countries 35% industrial ac4vi4es 20+ Years of Experience 15 000+ customers 900+ partners Key Customers A Global Solution for
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationGA Translated English of Chinese Standard: GA
Translated English of Chinese Standard: GA1280-2015 www.chinesestandard.net Sales@ChineseStandard.net PUBLIC SECURITY INDUSTRY STANDARD GA OF THE PEOPLE S REPUBLIC OF CHINA GA 1280-2015 Security requirements
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationSANS SCADA and Process Control Europe Rome 2011
SANS SCADA and Process Control Europe Rome 2011 Ian Buffey Director International Services Industrial Defender ibuffey@industrialdefender.com A Holistic Approach Planning, training and governance Cybersecurity
More informationUnofficial English translation offered by EuropElectro, for reference only
Ref. No. CNCA-00C-007 DETAILED IMPLEMENTATION RULES FOR COMPULSORY PRODUCTS CERTIFICATION Submission, Dissemination and Publication of Information Issued on Jan. 8, 2014 Implemented on Jan. 8, 2014 Published
More informationCertification Report
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationUnofficial English translation offered by EuropElectro, for reference only
No.: CNCA-C10-01: 2014 Implementation Rules for Compulsory Certification of Lighting Electrical Appliances Announced on Jul. 16, 2014 Implemented on Sep. 1, 2014 Certification and Accreditation Administration
More informationInterCall Virtual Environments and Webcasting
InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationCertification Report
Certification Report EAL 4 Evaluation of Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationA Risk Management Platform
A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationSiemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris September 2018
Siemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris 24-25 September 2018 Unrestricted https://www.siemens.com/press/charter-of-trust Cybersecurity
More informationLindström Tomas Cyber security from ABB System 800xA PA-SE-XA
Lindström Tomas 2013-09-02 Cyber security from ABB System 800xA PA-SE-XA-015963 Cyber Security solutions from ABB Agenda Cyber Security in ABB: general view, activities, organization How we work with Cyber
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More information环球律师事务所. Ren Qing Partner GLOBAL LAW OFFICE. Beijing, June
An Introduction to the PRC Cyber Security Law 环球律师事务所 GLOBAL LAW OFFICE www.glo.com.cn Ren Qing Partner Beijing, June 2017 Overview: 7 Chapters and 79 Articles. Chapter I General Provisions Cyber Security
More informationSYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS
SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA;
More information2. Firewall Management Tools used to monitor and control the Firewall Environment.
Firewall Review Section 1 FIREWALL MANAGEMENT & ADMINISTRATION Common management practices with regard to administering the (company) network should be in accordance with company policies and standards.
More informationSimplify Your Network Security with All-In-One Unified Threat Management
Singtel Business Product Factsheet Brochure Managed Defense Unified Services Management Simplify Your Network Security with All-In-One Unified Management Singtel Managed Unified Management (UTM) Services,
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationData Security & Operating Environment
Data Security & Operating Environment Version 1.0, Summer 2018 Last updated: June 21, 2018 https://www.kintone.com/contact/ Contents 1. Service Level Objective (SLO)... 1 2. Availability and Reliability...
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationNo Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017
No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated
More informationSecurity Standardization and Regulation An Industry Perspective
Security Standardization and Regulation An Industry Perspective Dr. Ralf Rammig Siemens AG Megatrends Challenges that are transforming our world Digitalization In the future, we ll be living in a world
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationLaboratory Capacity Building
Laboratory Capacity Building Presented by LIU Hanxia Chinese Academy of Inspection and Quarantine June 13, 2013 Outline I. The role of food testing in ensuring food safety II. Lab Accreditation in China
More informationNext-Generation Firewall Series Datasheet
RUIJIE NETWORKS COMPANY LIMITED www.ruijienetworks.com Ruijie 1600 Next-Generation Firewall Series Datasheet Ruijie 1600 Firewall Series is a collection of nextgeneration firewall offering security, routing
More informationSiemens Research Cyber Security
Siemens Research Cyber Security Rainer Falk, Uwe Blöcher November 26 th, 2018 Siemens Corporate Technology Cyber Security is the most important enabler for Digitalization Design & Engineering Automation
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles
ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability Session 2: Conformity Assessment Principles 12-16 October 2015 Beijing, China Keith Mainwaring ITU Expert Agenda 1. Context
More informationSAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2
APPENDIX 2 SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION This document contains product information for the Safecom SecureWeb Custom service. If you require more detailed technical information,
More informationINDUSTRIAL SECURITY STORMSHIELD PROTECTION FOR OPERATIONAL NETWORKS. Unified Threat Management and Next-Generation Firewalls Solutions
INDUSTRIAL SECURITY STORMSHIELD PROTECTION FOR OPERATIONAL NETWORKS Unified Threat Management and Next-Generation Firewalls Solutions Our mission To make the digital world a sustainable and trustworthy
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationWireless e-business Security. Lothar Vigelandzoon
Wireless e-business Security Lothar Vigelandzoon E-business evolution Increased business drivers for cost efficiency & market penetration Increased Importance of brand reputation Distance between IT and
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationRequired Textbook and Materials. Course Objectives. Course Outline
Information Technology Security (ITSY 1342) Credit: 3 semester credit hours (2 hours lecture, 4 hours lab) Prerequisite/Co-requisite: None Course Description Instruction in security for network hardware,
More informationIntegrating Microsoft Forefront Threat Management Gateway (TMG)
Integrating Microsoft Forefront Threat Management Gateway (TMG) EventTracker v7.x Publication Date: Sep 16, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This
More informationVirtual Private Cloud. User Guide. Issue 21 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 21 Date 2018-09-30 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationProfessional Services Overview
Professional Services Overview Internet of Things (IoT) Security Assessment and Advisory Services IOT APPLICATION MOBILE CLOUD NETWORK Company Overview HISTORY HISTORY Founded in 2010 Headquartered in
More informationReal-time Communications Security and SDN
Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationSecurity protection to industrial control system based on Defense-in-Depth strategy
Security protection to industrial control system based on Defense-in-Depth strategy X. Luo The College of Mechatronics and Information Engineering, Shanghai Lida Polytechnic Institute, China Abstract In
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More information