Beyond the CC certificate. How to continue to assess the security assurance in operational systems?
|
|
- Adrian Dean
- 5 years ago
- Views:
Transcription
1 Beyond the CC certificate How to continue to assess the security assurance in operational systems? 1
2 Christophe BLAD / OPPIDA : Certifier then Technical manager of the French scheme 2005 now: Director of OPPIDA s ITSEF OPPIDA s ITSEF ~15 CC evaluators ~50 evaluations since 2002 EAL1 to EAL5 Digital signature applications File encryption solutions Virtualization solutions Firewalls VPNs Systems 2
3 Observed situation CC-certified products, in operational systems, do not offer the expected security features Reasons: CC currently focus on design and implementation phases of the product life-cycle Deployment and usage are system-specific and cannot be evaluated by the ITSEF for a product on-the-shelf 3
4 Inherent risks Risk Assessment Identified risks Design & Implementation Deployment Security Objectives / Requirements Security Implementation Deployed security architecture Deployment drift Accepted identified risks Implementation drift Operational system Running Security Operational drift 4 OK OK NOK NOK Null if certified Security Assurance in the operational system
5 Solutions to evaluate the deployment and operational drift To define checkpoints to be implemented in the operational system 1. Define measurement requirements 2. Collect base measures 3. Interpret base measures using references 4. Evaluate assurance on measures 5. Correlate and aggregate measures 6. Display results Source: BUGYO project, operational security assurance monitoring, European EUREKA/CELTIC funded research project 5
6 The benefit of a taxonomy to specify measurement requirements Classification of requirements and results Evaluation of the completeness of the requirements Interpretation of results: If execution of the security function is OK but its configuration NOK -> current situation OK but NOK after reboot Aggregation and presentation of results by categories 6
7 Definition of a taxonomy to specify measurement requirements Are the [Properties] of the [Security requirement realization] as [expected]? [Security requirement realization]: The concerned security requirement: SFRs, security objectives for the operational environment The supporting element: the TOE / subsystems of the TOE / elements of TOE operational environment (operating system, database, administrators, premises, ) The type of element: physical / social / cyber [Properties]: The temporal property: Configuration / Execution The specificity: Generic (TOE guidance) / Specific (deployment specific) [expected]: The reference permitting to interpret the collected data 7
8 Who and where to specify the measurement requirements? The intended audience is the community of future integrators and operators of the certified product/system - > the document must be public/available The security target A specific operational guide The CC certification report The developer in collaboration with the evaluator can edit it 8
9 9 Example: volume encryption application
10 The deployment drift Security requirement realization Properties Expectation Requirement Certification scope Supporting element Type Temporal Specificity TOE Version Workstation Cyber Configuration Generic Version = Tested platform Workstation Cyber Configuration Generic OS = Windows XP SP3 10
11 Security objectives for the operational environment (1/2) Security requirement realization Properties Expectation Requirement Supporting element Objectives for the operational environment Physical aspects Physical access to workstations Physical access to workstations Personnel aspects Type Temporal Specificity Offices Physical Configuration specific Intrusion tests performed once a month Offices Physical Execution specific Intrusion test results OK Trusted admin System admins Social Configuration specific A security clearance process is defined Trusted admin System admins Social Execution specific The system administrator has a security clearance Password protection users Social Configuration specific A password protection policy is defined Password users Social Execution specific Users apply the password protection Regular audit of logs 11 protection policy Security officer Social Execution specific The security officier performs audit of logs once a week
12 Security objectives for the operational environment (2/2) Security requirement realization Properties Expectation Requirement Supporting element Objectives for the operational environment Connectivity aspects Trusted host (update, antivirus, ) Trusted PKCS#11 library, smartcard driver Type Temporal Specificity workstation 1 Cyber Execution specific Workstation conforms to the workstation security policy workstation 1 Cyber Configuration specific Installed PKCS#11 library = Gemalto xxx Trusted smartcard users smartcards Cyber Configuration Generic CC EAL4 certified smartcard Trusted PKI internal PKI Cyber Configuration Generic CC certified PKI 12
13 For each SFR Security requirement realization Properties Expectation Requirement Supporting element Type Temporal Specificity SFRs FCS_COP.1 (file encryption) FCS_COP.1 Workstations Cyber Configuration Generic Encryption configuration FCS_COP.1 Workstations Cyber Execution Generic Pictogram on encrypted folders FCS_COP.1 Workstations Cyber Execution Specific Encrypted container content 13
14 Deployment of probes to collect base measures The selection of the necessary probe is helped by the precise specification of the measurement requirements Manual probes: human checking Automated probes: scripts, tools The frequency of the checking and the quality of the probe (trust in the collected data) permits to evaluate an assurance level for the result Assurance scale depends on your needs Regular / frequent / continuous Unproved / proved probe 14
15 Interpretation of the collected data Collected data (base measures) can be: Complete or parts of Configuration files Network traffic Output of system shell commands Minutes of interviews Collected data needs to be compared with a reference to decide if the expectation is reached or not Normalization of results allows correlation and aggregation 15
16 16
17 Correlation / aggregation / presentation Define you own rules depending of the specificity of your operational system Easy rule: percentage of conformity Is execution more important than configuration? In case of duplication of equipments (eg. Load balancing), the non conformity of one of the equipment does not lead to non conformity of the complete system 17
18 Security Measurement Infrastructure Security Problem Definition Security Objectives Security Requirements Measurement Requirements (Are [Properties] of [SecReq realization] as [expected]?) Abstract Infrastructure Objects Operational Security measures (value {0,1}, assurance) Derived Measures (interpreted BMs) Base Measures (raw data) System real elements Operational system
19 Threats/OSP/compliance Security metrics Security Problem Definition Measurement Infrastructure Security Objectives Security Objectives metrics Security Requirements Security Requirements metrics Measurement Requirements (Are [Properties] of [SecReq realization] as [expected]?) Architectural metrics Abstract Infrastructure Objects Operational Security Assurance measures (value {0,1}, assurance) Derived Measures (interpreted BMs) Element metrics System real elements Operational system Base Measures (raw data)
20 Future work Specification of Assurance Profiles (AP) PP/ST+ specification of measurement requirements Allow communities of experts to define both security requirements and how to assure that the security requirements are running in the operational system Ground for the definition of Security SLAs Standardization of the AP structure on-going at ETSI (European Telecom Standards Institute) 20
21 21
Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationSECURITY CERTIFICATION
ÉDITION 2018 SECURITY CERTIFICATION OF PRODUCTS BY THE FRENCH NATIONAL CYBERSECURITY AGENCY (ANSSI) PAR L AGENCE NATIONALE DE LA SÉCURITÉ DES SYSTÈMES D INFORMATION Security Visas provide a competitive
More informationImplementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004
Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004 Introduction This five-day instructor-led course provides students
More informationAltius IT Policy Collection
Altius IT Policy Collection Complete set of cyber and network security policies Over 100 Policies, Plans, and Forms Fully customizable - fully customizable IT security policies in Microsoft Word No software
More informationNE Administering Windows Server 2012
NE-20411 Administering Windows Server 2012 Summary Duration 5 Days Audience IT Professionals Level 200 Technology Windows Server 2012 Delivery Method Instructor-led (Classroom) Training Credits N/A Introduction
More informationMicrosoft Certified Solutions Associate (MCSA)
Microsoft Certified Solutions Associate (MCSA) Installing and Configuring Windows Server 2012 (70-410) Module 1: Deploying and Managing Windows Server 2012 Windows Server 2012 Overview Overview of Windows
More informationAdministering Windows Server 2012 (20411D)
Administering Windows Server 2012 (20411D) Overview Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day Microsoft Official Course.
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationCertification Report
Certification Report Curtiss-Wright Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
More informationAdministering Windows Server 2012
Administering Windows Server 2012 20411D; 5 days, Instructor-led Course Description Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day
More informationBuilding an Assurance Foundation for 21 st Century Information Systems and Networks
Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership
More informationWindows Server : Administering Windows Server 2012 R2. Upcoming Dates. Course Description. Course Outline
Windows Server 2012 20411: Administering Windows Server 2012 R2 Acquire the skills necessary to administrate and implement the core infrastructure services in a Windows Server 2012 R2 environment. Learn
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Dell EMC Elastic Cloud Storage v3.2 15 May 2018 383-4-439 V1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,
More informationUseful Tips for Reducing the Risk of Unauthorized Access for Fiery Controllers: imagepress Server/ ColorPASS/ imagepass
Useful Tips for Reducing the Risk of Unauthorized Access for Fiery Controllers: imagepress Server/ ColorPASS/ imagepass IMPORTANT To administrators: Please read this document. Overview and Use of this
More informationPROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Make the digital world a sustainable and trustworthy environment
More informationGermany and The Netherlands Certification of cryptographic modules
Germany and The Netherlands Certification of cryptographic modules Leo Kool (Msc), Brightsight 18 May 2016, kool@brightsight.com Outline CC and Schemes Evaluation Process and Reporting forms (NSCIB, BSI)
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationCertification Report
Certification Report EAL 4+ Evaluation of Firewall Enterprise v8.2.0 and Firewall Enterprise Control Center v5.2.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationIT Security Evaluation : Common Criteria
AfriNIC-9 MEETING Mauritius 22-28 November 2008 IT Security Evaluation : Common Criteria Ministry of Communication Technologies National Digital Certification Agency Mounir Ferjani November 2008 afrinic
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Dell Data Protection Encryption Personal Edition Version 8.14.0 383-4-416 2 October 2017 v1.1 Government of Canada. This document is the property of the Government
More informationAdministering Windows Server 2012 (NI104)
Administering Windows Server 2012 (NI104) MOC OD20411D - 40 Hours Overview Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day Microsoft
More informationCertification Report
Certification Report Symantec Security Information Manager 4.8.1 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
More informationNetworking Infrastructure
Unit 43: Networking Infrastructure Unit code: A/601/1964 QCF Level 5: BTEC Higher National Credit Value 15 Aim To provide learners with an understanding of networking infrastructures, the directory based
More informationMCSA Windows Server 2012
MCSA Windows Server 2012 This Training Program prepares and enables learners to Pass Microsoft MCSA: Windows Server 2012 exams 1. MCSA: Windows Server 2012 / 70-410 Exam (Installing and Configuring Windows
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Ixia NTO 7303 and Vision ONE v4.5.0.29 30 October 2017 383-4-409 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationWindows Server : Configuring Advanced Windows Server 2012 Services R2. Upcoming Dates. Course Description.
Windows Server 2012 20412: Configuring Advanced Windows Server 2012 Services R2 Gain the skills and knowledge necessary to perform advanced management and provisioning of services within Windows Server
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT McAfee Data Loss Prevention 11.0 with epolicy Orchestrator 5.9.0 4 January 2018 383-4-429 Version 1.0 Government of Canada. This document is the property of the Government
More informationMCSA Windows Server 2012
MCSA Windows Server 2012 This course is developed for IT professionals who need to design, plan, implement, manage and support Microsoft Windows 2012 networks or who plan to take the related MCSE and MCSA
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Blue Ridge Networks BorderGuard Centrally Managed Embedded PKI Virtual Private Network (VPN)
More informationENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS. Protection for workstations, servers, and terminal devices
ENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS Protection for workstations, servers, and terminal devices Our Mission Make the digital world a sustainable and trustworthy environment while ensuring
More informationFeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.
FeliCa Approval for Security and Trust (FAST) Overview Introduction The security certification scheme called FeliCa Approval for Security and Trust (FAST) has been set up to enable the evaluation and certification
More informationQUICK SET-UP VERIFICATION...3
TABLE OF CONTENTS 1 QUICK SET-UP VERIFICATION...3 2 INSTALLING CERTIFICATES...3 3 IF YOU USE MS INTERNET EXPLORER...3 3.1 INSTALLING THE CERTIFICATE...3 3.2 SSL3 ACTIVATION:...3 3.3 JAVASCRIPT ACTIVATION...3
More informationPublic. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2
Atos Trustcenter Server Certificates + Codesigning Certificates Version 1.2 20.11.2015 Content 1 Introduction... 3 2 The Atos Trustcenter Portfolio... 3 3 TrustedRoot PKI... 4 3.1 TrustedRoot Hierarchy...
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationMicrosoft Certified Solutions Expert (MCSE)
Microsoft Certified Solutions Expert (MCSE) Installing and Configuring Windows Server 2012 (70-410) Module 1: Deploying and Managing Windows Server 2012 Windows Server 2012 Overview Overview of Windows
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT HP Service Manager v9.41 Patch 3 383-4-395 17 February 2017 v1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT EMC RecoverPoint v4.4 SP1 19 May 2016 FOREWORD This certification report is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security
More informationCertification Report
Certification Report McAfee Enterprise Security Manager with Event Receiver, Enterprise Log Manager, Advanced Correlation Engine, Application Data Monitor and Database Event Monitor 9.1 Issued by: Communications
More informationInformation System Security. Nguyen Ho Minh Duc, M.Sc
Information System Security Nguyen Ho Minh Duc, M.Sc 2 Lecture 04 AUDITING, TESTING AND MONITORING Topics What security auditing and analysis are How to define your audit plan What auditing benchmarks
More informationCASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)
CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001) Gregg, Michael ISBN-13: 9781118083192 Table of Contents Foreword xxi Introduction xxvii Assessment Test xliv Chapter 1 Cryptographic
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security
More informationC017 Certification Report
C017 Certification Report BT-Direct Version File name: Version: v1a Date of document: 25 May 2011 Document classification: For general inquiry about us or our services, please email: mycc@cybersecurity.my
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationCertification Report
Certification Report EAL 2+ Evaluation of Verdasys Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT WorkCentre 7525/7530/7535/7545/7556 with FIPS 140-2 Compliance over SNMPv3 25 July 2016 v1.0 383-4-371 Government of Canada. This document is the property of the Government
More informationAudit Logging and Monitoring Procedure Document Number: OIL-IS-PRO-ALM
Audit Logging and Monitoring Procedure Document Number: OIL-IS-PRO-ALM Document Détails Title Description Version 1.0 Author Classification Review Date 25/02/2015 Audit Logging and Monitoring Procedures
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Lexmark CX920, CX921, CX922, CX923, CX924, XC9235, XC9245, XC9255, and XC9265 Multi-Function Printers 7 February 2018 383-4-434 V1.0 Government of Canada. This document
More informationt a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationLegal Regulations and Vulnerability Analysis
Legal Regulations and Vulnerability Analysis Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) Germany Introduction of the BSI National Authority for Information
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT VMware Horizon 6 version 6.2.2 and Horizon Client 3.5.2 12 August 2016 v1.0 File Number 383-4-356 Government of Canada. This document is the property of the Government
More informationMicrosoft Certified System Engineer
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Microsoft Certified System Engineer Program Summary This instructor-led program with a combination
More informationETSI ISG ISI Information Security Indicators
ETSI ISG ISI Information Security Indicators Updates on ISI standardization results Paolo De Lutiis (Telecom Italia Information Technology) 9th ETSI Security Workshop ETSI 2014. All rights reserved Cyber
More informationISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo
ISC2 Exam Questions CISSP Certified Information Systems Security Professional (CISSP) Version:Demo 1. How can a forensic specialist exclude from examination a large percentage of operating system files
More informationCertification Report
Certification Report EAL 4+ Evaluation of JUNOS-FIPS for SRX Series version 10.4R4 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Dell EMC Unity OE 4.2 383-4-421 22 September 2017 Version 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,
More informationCertification Report
Certification Report EAL 3+ Evaluation of Xerox WorkCentre 5632/5638/5645/5655/5665/5675/5687 Multifunction Systems Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationKorean National Protection Profile for Electronic Document Encryption V1.0 Certification Report
KECS-CR-17-57 Korean National Protection Profile for Electronic Document Encryption V1.0 Certification Report Certification No.: KECS-PP-0821-2017 2017. 8. 18 IT Security Certification Center History of
More informationDooblo SurveyToGo: Security Overview
Dooblo SurveyToGo: Security Overview November, 2013 Written by: Dooblo Page 1 of 11 1 Table of Contents 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 PURPOSE... 3 2 PHYSICAL DATA CENTER SECURITY... 4 2.1 OVERVIEW...
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationBMC Remedyforce Discovery and Client Management. Frequently asked questions
BMC Remedyforce Discovery and Client Management Frequently asked questions 1 Table of Contents BMC Remedyforce Discovery and Client Management 4 Overview 4 Remedyforce Agentless Discovery 4 Remedyforce
More informationIT Services IT LOGGING POLICY
IT LOGGING POLICY UoW IT Logging Policy -Restricted- 1 Contents 1. Overview... 3 2. Purpose... 3 3. Scope... 3 4. General Requirements... 3 5. Activities to be logged... 4 6. Formatting, Transmission and
More informationCourse Content of MCSA ( Microsoft Certified Solutions Associate )
Course Content of MCSA 2012 - ( Microsoft Certified Solutions Associate ) Total Duration of MCSA : 45 Days Exam 70-410 - Installing and Configuring Windows Server 2012 (Course 20410A Duration : 40 hrs
More informationAdministering Windows Server 2012
Administering Windows Server 2012 Course Details Course Outline Module 1: Configuring and Troubleshooting Domain Name System This module explains how to configure and troubleshoot DNS, including DNS replication
More informationUpdating Your Windows Server 2003 Technology Skills to Windows Server 2008
6416D: Updating Your Windows Server 2003 Technology Skills to Windows Server 2008 Page 1 of 10 Updating Your Windows Server 2003 Technology Skills to Windows Server 2008 Course 6416D: 4 days; Instructor-Led
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationGeneral Framework for Secure IoT Systems
General Framework for Secure IoT Systems National center of Incident readiness and Strategy for Cybersecurity (NISC) Government of Japan August 26, 2016 1. General Framework Objective Internet of Things
More informationOnline Services Security v2.1
Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Peter Thermos President & CTO Tel: (732) 688-0413 peter.thermos@palindrometech.com Palindrome Technologies 100 Village Court Suite
More informationIdentification and Authentication
Identification and Authentication Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationContinuous auditing certification
State of the Art in cloud service certification Cloud computing has emerged as the de-facto-standard when it comes to IT delivery. It comes with many benefits, such as flexibility, cost-efficiency and
More informationAdministering Windows Server 2012
Page 1 of 10 Overview Get hands-on instruction and practice administering Windows Server 2012, including Windows R2, in this five-day Microsoft Official Course. This course is part two in a series of three
More informationCompTIA E2C Security+ (2008 Edition) Exam Exam.
CompTIA JK0-015 CompTIA E2C Security+ (2008 Edition) Exam Exam TYPE: DEMO http://www.examskey.com/jk0-015.html Examskey CompTIA JK0-015 exam demo product is here for you to test the quality of the product.
More informationCertification Report
Certification Report HP 3PAR StoreServ Storage Systems Version 3.2.1 MU3 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme
More informationCloud Computing Lectures. Cloud Security
Cloud Computing Lectures Cloud Security 1/17/2012 Why security is important for cloud computing? Multi Tenancy, that is same infrastructure, platform, Service is shared among vendors. It is accessed over
More informationCOURSE OUTLINE MOC 20411: ADMINISTERING WINDOWS SERVER 2012 MODULE 1: CONFIGURING AND TROUBLESHOOTING DOMAIN NAME SYSTEM
COURSE OUTLINE MOC 20411: ADMINISTERING WINDOWS SERVER 2012 MODULE 1: CONFIGURING AND TROUBLESHOOTING DOMAIN NAME SYSTEM This module explains how to configure and troubleshoot DNS, including DNS replication
More informationMOC Configuring Advanced Windows Server 2012 Services
Windows Server Course - 20412 MOC 20412 - Configuring Advanced Windows Server 2012 Services Length 5 days Prerequisites Before attending this course, students must have: Experience working with Windows
More informationCertification Report
Certification Report EAL 4 Evaluation of Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
More informationCertification Report
Certification Report Security Intelligence Platform 4.0.5 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security
More informationThe Most Important Facts in a Nutshell Content Security User Interface Security Infrastructure Security In Detail...
Data security is the highest priority at Brosix, enabling us to continue achieving the goal of providing efficient and secure online realtime communication services. Table of Contents The Most Important
More informationCOURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationCertification Report
Certification Report McAfee File and Removable Media Protection 4.3.1 and epolicy Orchestrator 5.1.2 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation
More informationCertification Report
Certification Report EAL 3+ Evaluation of Juniper Networks M-Series Multiservice Edge Routers, MX-Series 3D Universal Edge Routers, T-Series Core Routers and EX-Series Ethernet Switches running JUNOS 11.4R2
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationCertification Report
Certification Report McAfee Management for Optimized Virtual Environments Antivirus 3.0.0 with epolicy Orchestrator 5.1.1 Issued by: Communications Security Establishment Certification Body Canadian Common
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationDefining IT Security Requirements for Federal Systems and Networks
Defining IT Security Requirements for Federal Systems and Networks Employing Common Criteria Profiles in Key Technology Areas Dr. Ron Ross 1 The Fundamentals Building more secure systems depends on the
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report for the Cisco Jabber 11.8 for Windows 10 Report Number: CCEVS-VR-10802-2017 Dated: 6/13/2017
More informationUsing Windows 2000 with Service Pack 3 in a Managed Environment: Controlling Communication with the Internet
Using Windows 2000 with Service Pack 3 in a Managed Environment: Controlling Communication with the Internet Microsoft Corporation Published: March 2003 Table of Contents Introduction... 3 Device Manager
More information