Session 3: Lawful Interception
|
|
- Edmund Day
- 6 years ago
- Views:
Transcription
1 Session 3: Lawful Interception Secure, verifiable and intelligible audit logs to support computer forensics in lawful interception 3 rd ETSI Security Workshop Elena de la Calle Vian Ministry of Industry SPAIN ETSI All rights reserved 3rd ETSI Security Workshop - Sophia-Antipolis, January 2008
2 Contents THE PROBLEM A SOLUTION APPROACH WORK IN PROGRESS IN SPAIN 3rd ETSI Security Workshop - Sophia-Antipolis, January
3 Contents THE PROBLEM A SOLUTION APPROACH WORK IN PROGRESS IN SPAIN 3rd ETSI Security Workshop - Sophia-Antipolis, January
4 The Greek telephone tapping case of , involved the illegal tapping of more than 100 mobile phones belonging mostly to members of the Greek government and top-ranking civil servants. The taps began sometime near the beginning of the 2004 Summer Olympics in August 2004 and were removed in March 2005 without discovering the identity of the perpetrators rd ETSI Security Workshop - Sophia-Antipolis, January
5 We still don't know who committed this crime. A big reason is that the cellular provider bobbled its handling of some key log files. It also reflexively removed the rogue software, instead of letting it continue to run, tipping off the perpetrators that their intrusion had been detected and giving them a chance to run for cover. It s impossible to overstate the importance of logging 3rd ETSI Security Workshop - Sophia-Antipolis, January
6 ETSI TS Requirements of Law Enforcement Agencies In order to prevent or trace misuse of the technical functions integrated in the telecommunication installation enabling interception, any activation or application of these functions in relation to a given identity shall be fully recorded, including any activation or application caused by faulty or unauthorized input. The communication service provider shall ensure that the records are tamper-proof and only accessible to specific nominated staff. 3rd ETSI Security Workshop - Sophia-Antipolis, January
7 The challenges in log management Log Generation and Storage Many Log Sources Inconsistent Log Content Inconsistent Timestamps Inconsistent Log Formats. Log Protection Confidentiality Integrity Availability Log Analysis 3rd ETSI Security Workshop - Sophia-Antipolis, January
8 Meeting the challenges World Class Standards Prioritize log management appropriately throughout the organization Establish policies and procedures for log management. Create and maintain a secure log management infrastructure Provide adequate support for all staff with log management responsibilities. Establish standard log management operational processes 3rd ETSI Security Workshop - Sophia-Antipolis, January
9 Log Management Operational Processes Configure the log sources, including log generation, storage, and security Perform analysis of log data Initiate appropriate responses to identified events Manage the long-term storage of log data. 3rd ETSI Security Workshop - Sophia-Antipolis, January
10 Log security World Class Standards Limit access to log files. Avoid recording unneeded sensitive data. Protect archived log files. Secure the processes that generate the log entries. Configure each log source to behave appropriately when logging errors occur. Implement secure mechanisms for transporting log data from the system to the centralized log management servers, 3rd ETSI Security Workshop - Sophia-Antipolis, January
11 LOG security. Levels of protection Tamper evident Tamper resistant Tamper proof Cryptographic research in secure logging systems aims at building logs that are irrevocably tamper-evident. 3rd ETSI Security Workshop - Sophia-Antipolis, January
12 Contents THE PROBLEM A SOLUTION APPROACH WORK IN PROGRESS IN SPAIN 3rd ETSI Security Workshop - Sophia-Antipolis, January
13 PREVIOUS WORKS Syslog-Sign The Syslog-Sign IETF draft aims to add origin authentication, message integrity and features that would guarantee uniqueness of messages and continuity of the log stream. 3rd ETSI Security Workshop - Sophia-Antipolis, January
14 PREVIOUS WORKS Forward Integrity Forward Integrity (FI) is a property proposed by Bellare and Yee to be associated with logging systems. A logging system can be considered having the FI property if it contains information that is sufficient to confirm or rebuke allegations of log stream modification before the moment of system compromise. 3rd ETSI Security Workshop - Sophia-Antipolis, January
15 3rd ETSI Security Workshop - Sophia-Antipolis, January
16 PREVIOUS WORKS Secure Logs on Untrusted Systems Another scheme proposed by Schneier and Kelsey uses similar Forward Integrity authentication codes for verifying log entries, but also improves the design by building in payload encryption, verification hash chaining and the ability to allow semi-trusted parties to verify the logs. Semi-trusted party verification allows verification of the logs without exposing all log data and the original authentication key to the verifier. 3rd ETSI Security Workshop - Sophia-Antipolis, January
17 3rd ETSI Security Workshop - Sophia-Antipolis, January
18 3rd ETSI Security Workshop - Sophia-Antipolis, January
19 Conceptual guidelines available today Secure logging to ensure authenticity of log data Proposal such as reliable syslog or Schneier/Kelsey s are the only conceptual guidelines available today 3rd ETSI Security Workshop - Sophia-Antipolis, January
20 A software implementation LOGCRYPT Open source implementation of the Schneier and Kelsey system, adding several significant improvements. The most significant is the ability to use public key cryptography 3rd ETSI Security Workshop - Sophia-Antipolis, January
21 3rd ETSI Security Workshop - Sophia-Antipolis, January
22 3rd ETSI Security Workshop - Sophia-Antipolis, January
23 3rd ETSI Security Workshop - Sophia-Antipolis, January
24 A step further 3rd ETSI Security Workshop - Sophia-Antipolis, January
25 A Framework for Secure and Verifiable Logging in Public Communication Networks Our paper is motivated from the recently announced interception case in a mobile telecommunications provider in Greece.As the Greek authorities and the provider itself revealed, part of the core network of the provider was compromised by some unknown trojan-like program. According to published information, the malicious software infected the core network. Then, it activated the Lawful Interception (LI) component in the infected elements, which is by default installed in inactive mode, and made possible the call interception of several subscribers. The malicious program turned off several logging procedures in order not to alarm about its presence or the fact that the LI component had been activated. The underestimation of several security threats and vulnerabilities regarding logging procedures and mechanisms, did not allow the immediate detection of the incident 3rd ETSI Security Workshop - Sophia-Antipolis, January
26 Contents THE PROBLEM A SOLUTION APPROACH WORK IN PROGRESS IN SPAIN 3rd ETSI Security Workshop - Sophia-Antipolis, January
27 PILOT PROJECT The Spanish Ministry of Industry has promoted recently the setting of a test environment to test tools and protocols to help improving log security, verifiability and intelligibility. Cost effectiveness and operational issues are taken into account 3rd ETSI Security Workshop - Sophia-Antipolis, January
28 INTECO The National Communications Technology Institute (INTECO), promoted by the Ministry of Industry, Tourism and Trade, is a platform for the development of the Knowledge Society through projects in the innovation and technology area. 3rd ETSI Security Workshop - Sophia-Antipolis, January
29 The Security Technologies Show-Room for SME The Security Technologies Show-Room for SME offers free and detailed information about the methods that guarantee the security of It equipment in companies and other entities. This service is offered by INTECO and its main objectives are: Implementing different tests with security products. Promote the use of security technologies in Spanish SME s. Promote the international visibility of Spanish security technologies 3rd ETSI Security Workshop - Sophia-Antipolis, January
30 Hellenic Authority for the Assurance of Communications Security and Privacy (ADAE) The Hellenic Authority for the Information and Communication Security and Privacy (ADAE) has been established under article 1 of the law 3115/2003, following the guidelines set in paragraph 2 of the article 19 of the Greek Constitution, in order to protect the secrecy of mailing, the free correspondence or communication in any possible way as well as the security of networks and information. 3rd ETSI Security Workshop - Sophia-Antipolis, January
31 3rd ETSI Security Workshop - Sophia-Antipolis, January
32 3rd ETSI Security Workshop - Sophia-Antipolis, January
33 CONCLUSIONS Logging is a fundamental service in LI Logging security is still a challenge Spain and Greece are collaborating in a project to test and develop new tools and protocols for improving log security New WI DTR/LI Security framework in Lawful Interception and Retained Data environment 3rd ETSI Security Workshop - Sophia-Antipolis, January
34 MUCHAS GRACIAS! 3rd ETSI Security Workshop - Sophia-Antipolis, January
TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationETSI TS V1.1.1 ( )
TS 103 307 V1.1.1 (2016-04) TECHNICAL SPECIFICATION CYBER; Security Aspects for LI and RD Interfaces 2 TS 103 307 V1.1.1 (2016-04) Reference DTS/CYBER-0005 Keywords cyber security, lawful interception,
More informationPRINCIPLES OF SECURE LOGGING FOR SAFEKEEPING DIGITAL EVIDENCE
11 th International Conference on IT Security Incident Management & IT Forensics (IMF 2018) PRINCIPLES OF SECURE LOGGING FOR SAFEKEEPING DIGITAL EVIDENCE Felix Freiling, Friedrich-Alexander-University
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Notifications No: Effective: OSC-10 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationCONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014
CONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014 1. Welcome 1.1 Welcome to the Connect Transit Card Program. The Connect Card Program makes using public transit easier
More informationEXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security
More informationVoting System Security as per the VVSG
Voting System Security as per the VVSG Austin Conference on State Certification Testing for Voting Systems (2017) Michael Santos Test Manager SLI Compliance Elements of Security Outside Vendor Control
More informationRev.1 Solution Brief
FISMA-NIST SP 800-171 Rev.1 Solution Brief New York FISMA Cybersecurity NIST SP 800-171 EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationTrusted Platform for Mobile Devices: Challenges and Solutions
Trusted Platform for Mobile Devices: Challenges and Solutions Lily Chen Motorola Inc. May 13, 2005 Outline Introduction Challenges for a trusted platform Current solutions Standard activities Summary New
More informationCyber Security Guidelines for Public Wi-Fi Networks
Cyber Security Guidelines for Public Wi-Fi Networks Version: 1.0 Author: Cyber Security Policy and Standards Document Classification: PUBLIC Published Date: April 2018 Document History: Version Description
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationLegal Foundation and Enforcement: Promoting Cybersecurity
Legal Foundation and Enforcement: Promoting Cybersecurity Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection February 19, 2008 Mark L. Krotoski Computer
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationCLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa
CLOUD FORENSICS : AN OVERVIEW Kumiko Ogawa What is Cloud Forensics Forensic Science - Application of science to the criminal and civil laws that are enforced by police agencies in a criminal justice system.
More informationTrends in Lawful Interception and Its Applications in National Security
Vol.1 No. 2, 95-99 (2012) Received Aug.2012; Accepted Nov.2012 Trends in Lawful Interception and Its Applications in National Security Abstract Namita Saxena and Mansi Singh Electronics and Communication
More informationThe following security and privacy-related audits and certifications are applicable to the Lime Services:
LIME SECURITY, PRIVACY, AND ARCHITECTURE Last Updated: September 26, 2016 FinAccel s Corporate Trust Commitment FinAccel (FinAccel Pte Ltd) is committed to achieving and maintaining the trust of our customers.
More informationNational Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016
National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents
More informationCompTIA CAS-003. CompTIA Advanced Security Practitioner (CASP)
CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) http://killexams.com/pass4sure/exam-detail/cas-003 DEMO Find some pages taken from full version Killexams CAS-003 questions and answers are
More informationACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES
ACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES Information Security Team DePaul University 1 East Jackson Boulevard Chicago, Illinois 60604 US https:/infosec.depaul.edu/ 13th December
More informationISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo
ISC2 Exam Questions CISSP Certified Information Systems Security Professional (CISSP) Version:Demo 1. How can a forensic specialist exclude from examination a large percentage of operating system files
More informationQUICKSIGN Registration Policy
QUICKSIGN Registration Policy Amendment to DOCUSIGN FRANCE s Certificate Policy for using the QUICKSIGN platform as a registration service to identify Subscribers September 27, 2016 QUICKSIGN_Registration_Policy_V1.0
More informationETSI TS V6.1.0 ( )
TS 102 224 V6.1.0 (2004-12) Technical Specification Smart cards; Security mechanisms for UICC based Applications - Functional requirements (Release 6) 2 TS 102 224 V6.1.0 (2004-12) Reference RTS/SCP-R0282r1
More informationA Holistic Approach to Cyber Security
A Holistic Approach to Cyber Security Shernon Osepa Manager Regional Affairs Latin America & the Caribbean Cyber Security & Digital Forensics Event Mona-UWI-Jamaica 1 October 2013 Agenda What is the Internet
More informationReal-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant
Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant Agenda The Presentation Beginning with the end. Terminology Putting it into Action Additional resources and information
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationCian Kinsella CEO, Digiprove
Cian Kinsella CEO, Digiprove cian.kinsella@digiprove.com Malaga 7 th June 2013 Been developing software since 1972 Commercial and Freelance Co-founder of 3 Software Product Companies Have had many different
More informationElectronic Commerce Working Group report
RESTRICTED CEFACT/ECAWG/97N012 4 December 1997 Electronic Commerce Ad hoc Working Group (ECAWG) Electronic Commerce Working Group report SOURCE: 10 th ICT Standards Board, Sophia Antipolis, 4 th November
More informationETSI TR V1.2.1 ( ) Technical Report. Lawful Interception (LI); Security framework in Lawful Interception and Retained Data environment
TR 102 661 V1.2.1 (2009-11) Technical Report Lawful Interception (LI); Security framework in Lawful Interception and Retained Data environment 2 TR 102 661 V1.2.1 (2009-11) Reference RTR/LI-00065 Keywords
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationETSI TS V (201
TS 122 153 V13.0.0 (201 16-03) TECHNICAL SPECIFICATION Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Multimedia priority service (3GPP TS
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Signature Repository A Signature Repository provides a group of signatures for use by network security tools such
More informationCertificate reputation. Dorottya Papp
Certificate reputation Dorottya Papp Motivation Verification on a digital certificate does not reveal important factors Is it a fake certificate? (Hash collision) Was it mistakenly issued? (Comodo scandal)
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationHF Markets SA (Pty) Ltd Protection of Personal Information Policy
Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and
More informationAn Agency Under MOSTI SECURITY ASSURANCE. Securing Our Cyberspace. Copyright 2008 CyberSecurity Malaysia
An Agency Under MOSTI Understanding Mobile Phone Threat Vectors 4 th th ETSI Mobile Security Workshop Sophia Antipolis, France SECURITY ASSURANCE Creating Trust & Confidence Mohamad Nizam Kassim, GAWN
More informationIT ACCEPTABLE USE POLICY
CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationPRIVACY POLICY Let us summarize this for you...
PRIVACY POLICY Let us summarize this for you... We promise to never sell your personal information. This site collects usage information to provide a better web experience for our users. If you purchase
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27039 First edition 2015-02-15 Corrected version 2016-05-01 Information technology Security techniques Selection, deployment and operations of intrusion detection and prevention
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationCORPME TRUST SERVICE PROVIDER
CORPME TRUST SERVICE PROVIDER QUALIFIED CERTIFICATE OF ADMINISTRATIVE POSITION USE LICENSE In..,.. 20... Mr/Mrs/Ms/Miss.........., with DNI/NIF/National Passport nº., e-mail........., phone number....,
More informationUN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security
UN General Assembly Resolution 68/243 GEORGIA General appreciation of the issues of information security Widely publicized cyber attacks and, to some expert opinions, cyber war - conducted against Georgia
More informationRADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE
ADIAN6 SECUITY, PIVACY, AND ACHITECTUE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this
More informationThreat Assessment Summary. e-voting, Admin, and pvoting TOE s
Threat Assessment Summary e-voting, Admin, and pvoting TOE s, 2011 Page 1 of 22 Source Code, High Level Architecture Documentation and Common Criteria Documentation Copyright (C) 2010-2011 and ownership
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationProcurement Language for Supply Chain Cyber Assurance
Procurement Language for Supply Chain Cyber Assurance Procurement Language for Supply Chain Cyber Assurance Introduction For optimal viewing of this PDF, please view in Adobe Acrobat. This document serves
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationGarry Mukelabai Communications Authority Zambia
Garry Mukelabai Communications Authority Zambia ICT in Zambia. Current and Future Legislations. Way Forward? Pop 12 million. Zambia pioneers of internet in region. Over 10 Internet Service Providers Internet
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationProfessional Training Course - Cybercrime Investigation Body of Knowledge -
Overview The expanded use of the Internet has facilitated rapid advances in communications, systems control, and information sharing. Those advances have created enormous opportunities for society, commerce
More informationITU Model Cybercrime Law: Project Overview
ITU Model Cybercrime Law: Project Overview Jody R. Westby ICT Applications and Cybersecurity Division Policies and Strategies Department, BDT International Telecommunication Union International
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationAcceptable Use Policy
Acceptable Use Policy Preamble This document may be augmented or replaced by relevant sections of other parts of our Agreement, and should be read in conjunction with other supporting documents, so please
More informationETSI TS V ( ) Technical Specification
TS 122 016 V10.0.0 (2011-05) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; International Mobile Equipment Identities
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More information3GPP TS V ( )
TS 22.016 V10.0.0 (2011-03) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; International Mobile station Equipment Identities (IMEI)
More informationXerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers
Xerox FreeFlow Print Server Security White Paper Secure solutions for you and your customers Executive Summary Why is security more important than ever? New government regulations have been implemented
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationFebruary Introduction
Proposed Security Guidelines For Mobile Banking And Payments Introduction PIN Security Transactions Logs Fraud Detection Bank Accounts Store Value Accounts Technology Risk Management... 3 Security Practices...
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationCryptography and Network Security
Security Sixth Edition Chapter 1 Introduction Dr. Ahmed Y. Mahmoud Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms
More informationSecurity Standardization
ISO-ITU ITU Cooperation on Security Standardization Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany 7th ETSI Security Workshop - Sophia Antipolis, January 2012
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationEXABEAM HELPS PROTECT INFORMATION SYSTEMS
WHITE PAPER EXABEAM HELPS PROTECT INFORMATION SYSTEMS Meeting the Latest NIST SP 800-53 Revision 4 Guidelines SECURITY GUIDELINE COMPLIANCE There has been a rapid increase in malicious insider threats,
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationFacing the Challenges of M2M Security and Privacy Phil Hawkes Principal Engineer at Qualcomm Inc. onem2m
Facing the Challenges of M2M Security and Privacy Phil Hawkes Principal Engineer at Qualcomm Inc. phawkes@qti.qualcomm.com onem2m www.onem2m.org 1 Overview onem2m Architecture: a quick review Challenges
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationCyberspace : Privacy and Security Issues
Cyberspace : Privacy and Security Issues Chandan Mazumdar Professor, Dept. of Computer Sc. & Engg Coordinator, Centre for Distributed Computing Jadavpur University November 4, 2017 Agenda Cyberspace Privacy
More informationENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June
ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June European Union Agency for Network and Information Security Summary 01 What's ENISA? 02 Some challenges
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationExhibitor Software and 21 CFR Part 11
Exhibitor Software and 21 CFR Part 11 Subpart B Electronic Records 15 Columbia Drive Amherst, New Hampshire 03031-2334 No. 11.10 11.10(a) Controls for Closed Systems Validation of systems to ensure accuracy,
More informationWorkshop on Addressing the Barriers to IPv6 Deployment Spanish use case
Workshop on Addressing the Barriers to IPv6 Deployment Spanish use case Cristina Ramos cristinapilar.ramos@correo.gob.es Agenda Agenda IPv6 addressing plan Barriers Conclusions 1 Background Digital Agenda
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationSecurity Aspects of Trust Services Providers
Security Aspects of Trust Services Providers Please replace background with image European Union Agency for Network and Information Security 24 th September 2013 www.enisa.europa.eu Today s agenda 09:30-10:00
More informationMarch 2011
Oracle Enterprise Single Sign-on Logon Manager Best Practices: Configuring the ESSO-LM Agent Release 11.1.1.5.0 21004-01 March 2011 Oracle Enterprise Single Sign-on Logon Manager Best Practices: Configuring
More informationDetecting Insider Attacks on Databases using Blockchains
Detecting Insider Attacks on Databases using Blockchains Shubham Sharma, Rahul Gupta, Shubham Sahai Srivastava and Sandeep K. Shukla Department of Computer Science and Engineering Indian Institute of Technology,
More informationSecurity Challenges with ITS : A law enforcement view
Security Challenges with ITS : A law enforcement view Central Observatory for Intelligent Transportation Systems FRENCH MINISTRY OF INTERIOR GENDARMERIE NATIONALE Colonel Franck MARESCAL franck.marescal@gendarmerie.interieur.gouv.fr
More informationETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)
ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More information2. VIOLATIONS OF ACCESSHOSTING.COM S ACCEPTABLE USE POLICY. b. Harm to minors. Using the Services to harm, or attempt to harm, minors in any way.
1. INTRODUCTION Accesshosting.com's ("AUP") is intended to help enhance the use of the Access Hosting Service by preventing unacceptable use. All users of Accesshosting.com s Access Hosting Services (the
More informationMobile Security Fall 2011
Mobile Security 14-829 Fall 2011 Patrick Tague Class #17 Location Security and Privacy HW #3 is due today Announcements Exam is in-class on Nov 9 Agenda Location security Location privacy Location, Location,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationHOLISTIC COMMUNICATIONS SECURITY
HOLISTIC COMMUNICATIONS SECURITY BLACK TIGER COUNTERING CYBER TERRORISM HOLISTIC COMMUNICATIONS SOLUTION LACSMI is leading vendor in telecommunications since 1992 promoting set of security solutions worldwide
More information