Good Practices in Social Security. Automatic generation of secure Web services for data exchange A case of the National Social Security Fund
|
|
- Sherman Brett Day
- 6 years ago
- Views:
Transcription
1 Good practice in operation since: 2017 Good Practices in Social Security Automatic generation of secure Web services for data exchange A case of the National Social Security Fund National Social Security Fund Tunisia Published
2 2 Summary The services of the National Social Security Fund (Caisse Nationale de Sécurité Sociale CNSS) interact with each other and with other institutions, contributors and insured persons. They exchange data, which are either provided or used by the CNSS information system. These exchanges create standardization and security problems. In light of this, the CNSS has created a computer-based tool that generates automatically and on demand generic, standard and secure Web services in the implementation of its various roles in these exchanges. A generic Web service, the settings of which are determined by an SQL query and the choice of a security policy, has initially been developed. It is used by the tool to initiate a new service for a given business functionality in a few clicks. The issue or challenge What was the issue or challenge addressed by your good practice? Please provide a short description. The CNSS undertakes various data exchanges internally between its various services, and also externally with its partners: other social funds, contributing businesses and insured persons. These exchanges take place through various media: access points (ad hoc), s and magnetic, optical or paper media sent by courier or by registered post. In them, the CNSS information system may be either a supplier or a user of the data exchanged. The use of the media described above creates standardization problems. This is because, regardless of the medium used, the CNSS must agree in advance possibly with an external partner on the format of the exchange: the structure (syntax) of the exchanged data and their meaning (semantics). This task can be highly complex and involve exchanging a large amount of documentation. Furthermore, most of the media used raise questions about security: How can the origin of the exchange be identified with confidence (authentication)? How can it be proved afterwards that an exchange actually took place (traceability)? How can it be ensured that the exchanged data have not been damaged during the exchange (integrity)? How can it be ensured that only the recipient of the exchange is authorized to read the contents (confidentiality)? Addressing the challenge What were the main objectives of the plan or strategy to resolve the issue or challenge? List and briefly describe the main elements of the plan or strategy, focusing especially on their innovative feature(s) and expected or intended effects. In order to implement the CNSS s role in the exchange of data between its own services or with external partners, the following main objectives were set: A standard framework should be available for the exchange of date, independent of technologies and/or platforms, whether internally (between the various services of the CNSS) or externally (with its partners). This objective was motivated by the need to support exchanges with heterogeneous information systems, whether with external partners of the CNSS or within the CNSS information system itself, in order to ensure interoperability between new and old applications.
3 3 Properties such as authentication, integrity, confidentiality and traceability of exchanges must be guaranteed. These security needs are important whether exchanges are internal or external, because satisfying them has the effect of empowering the different parties and creating an atmosphere of trust among them. The costs of the study and of creating the tools allowing for data exchanges needed to be simplified and minimized. This would allow the CNSS to strengthen its collaboration with its external partners but also to improve the integration and urbanization of its own information system. To achieve these objectives, the CNSS chose to use Web services, which represent a good solution for the standardization and securing of exchanges: Firstly, because they allow us to encapsulate existing business functions and display them via standard and self-described interfaces. (In the case of the CNSS, most of the business expertise is uniformly implemented in databases in the form of stored functions and procedures which, it was felt, would greatly simplify the task). Secondly, because the use of so-called SOAP-oriented Web services provides the benefits of a rich set of (widely used and recognized) standards addressing security and implementing cryptographic techniques (encryption and electronic signature) to guarantee the confidentiality, integrity and authentication of exchanges. With this in mind, it was decided to develop the automatic generator of secure Web services. In concrete terms, the first step was to develop a Web service pattern with the task of executing a given SQL query. To use such a service, a client must call it up, specifying its own values for the query parameters. The service then executes the query with the parameters supplied by the client, and returns a matrix containing the results. This pattern comes in several versions, each corresponding to a given security policy, for instance: a security token authentication: username/password; the signing of the query body (respectively response body) by the service; the encryption of the query body and response body by the service; the signing and encryption of the query body and response body by the service. The next step was to develop a Web services generator that would accept an SQL query, a choice of given security policy and a set of security parameters as its input and generate the corresponding Web service by manipulating the patterns described above. Targets to be achieved What were the quantitative and/or qualitative targets or key performance indicators that were set for the plan or strategy? Please describe briefly. The following objectives were set to validate the solution obtained: The tool must be used to introduce a new integration between two existing applications in the CNSS s application set. The tool must be used to standardize an integration (already in place) between two existing applications in the CNSS s application set.
4 4 A quality objective associated with the previous point was to prove that the effectiveness, reliability and cost in terms of the development of the new integration are better. The tool must be used to display a data access point intended for an external partner (for example, another social security fund). The tool must be used to generate a Web service to be used by a mobile application (for example, insured persons or managers of contributing companies). A quality objective associated with the two preceding points was to submit the Web services obtained to a security analysis. This was necessary given that the services were intended for use in an extranet (and on the Internet). The tool should be used by a manager familiar with the CNSS information system to generate a Web service corresponding to a need of his/her service. Evaluating the results Has there been an evaluation of the good practice? Please provide data on the impact and outcomes of the good practice by comparing targets vs actual performance, before-and-after indicators, and/or other types of statistics or measurements. The solution described in this document was evaluated against a subset of the objectives described in the previous section. As part of a project to set up a medical information system for the CNSS polyclinics, the tool was used to create a new integration between an existing computer application (pharmacy management developed with Oracle Forms) on the one hand and a new application (medical practice management developed with Java JEE that will use the automatically generated Web service to consult medicine stocks) on the other. Automatically generating the Web service in question has saved time and development costs. In order to offer CNSS insured persons the ability to look up career information and their pension estimate, the CNSS developed mobile applications exclusively using the Web services generated by the tool. A security analysis was conducted on the Web services used by the mobile applications described above. The result was conclusive: no attack on the confidentiality or integrity of the data has been encountered. In the context of data exchanges with the National Health Insurance Fund (Caisse Nationale d Assurance Maladie CNAM), Web services concerning the data needed to grant entitlement to care were created using the tool. This new mode of exchange will make it possible to avoid the exchange problems currently encountered in terms of data reliability and timing. The remainder of the objectives that were defined and have not yet been validated will be validated in the very near term: validation scenarios are currently being looked at. Lessons learned Based on the organization s experience, name up to three factors which you consider as indispensable to replicate this good practice. Name up to three risks that arose/could arise in implementing this good practice. Please explain these factors and/or risks briefly.
5 To replicate the good practice described in this document, it is essential to: 5 understand the purpose of the standards, especially as regards all aspects of security, and ensure a standardized context as much as possible: sharing the same references helps maintain interoperability; favour the re-use of existing tools over reinventing the wheel: this reduces costs and takes advantage of the maturity of existing software in the market. However, some risks must be taken into account before using this good practice: The use of Web services to standardize exchanges must have a clear justification and thus correspond to a real need. It would, for example, be counterproductive to use Web services to integrate the modules of the same computer application. Training should be provided for the technical executives who will implement this good practice. While the standards and their implementation are fairly well documented and freely accessible, they are relatively difficult to assimilate and to handle.
A new optimal and secure Cloud infrastructure to reinforce administrative and operational services A case of the National Social Security Fund
Good Practices in Social Security Good practice in operation since: 2012 A new optimal and secure Cloud infrastructure to reinforce administrative and operational services A case of the National Social
More informationEnhancing Security With SQL Server How to balance the risks and rewards of using big data
Enhancing Security With SQL Server 2016 How to balance the risks and rewards of using big data Data s security demands and business opportunities With big data comes both great reward and risk. Every company
More informationTHE FRENCH «DOSSIER MÉDICAL PERSONNEL» (DMP) MAIN INFRASTRUCTURAL FEATURE: SECURITY AND INTEROPERABILITY
Ehealth Conference 2007 Berlin April 17th-19th 2007 THE FRENCH «DOSSIER MÉDICAL PERSONNEL» (DMP) MAIN INFRASTRUCTURAL FEATURE: SECURITY AND INTEROPERABILITY Manuel METZ GIP DMP - France DMP: a French national
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto and/or its subsidiaries who shall have and keep the
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationMULTIPARTY ACCESS CONTROL FOR ONLINE SOCIAL NETWORKS: MODEL AND MECHANISMS
MULTIPARTY ACCESS CONTROL FOR ONLINE SOCIAL NETWORKS: MODEL AND MECHANISMS ABSTRACT Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationThe NIH Collaboratory Distributed Research Network: A Privacy Protecting Method for Sharing Research Data Sets
The NIH Collaboratory Distributed Research Network: A Privacy Protecting Method for Sharing Research Data Sets Jeffrey Brown, Lesley Curtis, and Rich Platt June 13, 2014 Previously The NIH Collaboratory:
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationUniversity of Cincinnati Federated Identity Strategy
University of Cincinnati Federated Identity Strategy Federated identity management (FIM) allows for two or more organizations to link their networks allowing for greater security and access to appropriate
More informationThe Potential for Blockchain to Transform Electronic Health Records ARTICLE TECHNOLOGY. by John D. Halamka, MD, Andrew Lippman and Ariel Ekblaw
REPRINT H03I15 PUBLISHED ON HBR.ORG MARCH 03, 2017 ARTICLE TECHNOLOGY The Potential for Blockchain to Transform Electronic Health Records by John D. Halamka, MD, Andrew Lippman and Ariel Ekblaw This article
More informationHIPAA AND SECURITY. For Healthcare Organizations
HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08
More informationThebes, WS SAML, and Federation
Thebes, WS SAML, and Federation Internet2 Fall Member Meeting November 3, 2010 Thebes Consortium Georgetown University Arnie Miles adm35@georgetown.edu http://code.google.com/p/thebes/ Back story I haven't
More informationSHOW ME THE MONEY SOCIETAL CHALLENGE 1 [ ] 2 nd Oct 2017
SHOW ME THE MONEY SOCIETAL CHALLENGE 1 [2018-2020] 2 nd Oct 2017 H2020 SC1-eHealth Calls (2018). Agenda Appendix A. Lessons Learned From ESRs. Appendix B. A Quick Guide How To Make A Proposal. Appendix
More informationJava EE 7: Back-End Server Application Development
Oracle University Contact Us: Local: 0845 777 7 711 Intl: +44 845 777 7 711 Java EE 7: Back-End Server Application Development Duration: 5 Days What you will learn The Java EE 7: Back-End Server Application
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationCHANGES IN CASE STUDY FORMAT: PAPER P3, BUSINESS ANALYSIS. The Institute of Information Systems Architects (IISA) was founded in 1999 by
CHANGES IN CASE STUDY FORMAT: PAPER P3, BUSINESS ANALYSIS CASE STUDY SCENARIO AND QUESTIONS Case study The Institute of Information Systems Architects (IISA) was founded in 1999 by representatives of a
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationPROGRAMME SPECIFICATION
PROGRAMME SPECIFICATION Master of Computing (Hons) in Computer Security Awarding institution Teaching institution UCAS Code JACS Code Programme Duration Language of Programme Liverpool John Moores University
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationFrench Public Sector Pension Office
French Public Sector Pension Office Deploying Axway API Gateway to enable Web Services in the pension ecosystem and govern the flow of data Headquarters Paris, France Industry Public Sector Challenges
More informationADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI Adaptive Authentication in IBM Tivoli Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationAAI in EGI Current status
AAI in EGI Current status Peter Solagna EGI.eu Operations Manager www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 User authentication
More informationDNS Security DNSSEC. *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html. IT352 Network Security Najwa AlGhamdi
DNS Security DNSSEC *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html 1 IT352 Network Security Najwa AlGhamdi Introduction DNSSEC is a security extensions to the DNS protocol in response to the
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep
More informationTRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model
TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model
More informationOverview of PBI-blockchain cooperation technology
FOR IMMEDIATE RELEASE Biometric authentication technology to realize secure trade on blockchain Enabling IoT payments and automatic transactions through PBI (1) -blockchain cooperation technology Overview
More informationOpen standards: Open authentication and Identity Management tool
Open standards: Open authentication and Identity Management tool Decentralised Citizens ENgagement Technologies Specific Targeted Research Project Collective Awareness Platforms Creative Commons Attribution-NonCommercial-
More informationTrustworthy user authentication, authorization, data integrity AND consent management
RapidQube Solutions Trustworthy user authentication, authorization, data integrity AND consent management I D E N T I T Y A N D A CC E S S M A N A G E M E N T S O L U T I O N RapidQube Solutions 2 IDENTITY
More informationEvaluating Three Scrutability and Three Privacy User Privileges for a Scrutable User Modelling Infrastructure
Evaluating Three Scrutability and Three Privacy User Privileges for a Scrutable User Modelling Infrastructure Demetris Kyriacou, Hugh C Davis, and Thanassis Tiropanis Learning Societies Lab School of Electronics
More informationMINIMUM SYSTEM SPECIFICATION (MSS)
MINIMUM SYSTEM SPECIFICATION (MSS) PROCESSES AND PROCEDURES FOR NHS WALES COMPLIANT SYSTEMS [Summary Document] MSS Scheme Development Processes and Procedures 1.0 PURPOSE This document describes the NHS
More informationRedDot Web Content Management
RedDot Web Content Management Web Content Management Advantages of RedDot CMS: Implement complex Web projects quickly, in a matter of weeks, then expand and maintain them easily Offer potential customers
More informationGuide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com
: HIPPA Compliance GoToMyPC Corporate HIPAA Compliance Privacy, productivity and remote access 2 The healthcare industry has benefited greatly from the ability to use remote access to view patient data
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationData Virtualization Implementation Methodology and Best Practices
White Paper Data Virtualization Implementation Methodology and Best Practices INTRODUCTION Cisco s proven Data Virtualization Implementation Methodology and Best Practices is compiled from our successful
More informationLevel 5 Diploma in Computing
Level 5 Diploma in Computing 1 www.lsib.co.uk Objective of the qualification: It should available to everyone who is capable of reaching the required standards It should be free from any barriers that
More informationRESOLUTION 140 (REV. BUSAN, 2014)
RESOLUTION 140 (REV. BUSAN, 2014) ITU's role in implementing the outcomes of the World Summit on the Information Society and in the overall review by United Nations General Assembly of their implementation
More informationMobilePASS for BlackBerry OS 10
MobilePASS for BlackBerry OS 10 CUSTOMER RELEASE NOTES Version: 8.4 Build: 84 Issue Date: 25 March 2015 Document Part Number: 007-012937-001, Rev. B Contents Product Description... 2 Release Description...
More informationA Risk Management Platform
A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention
More informationBasic Profile 1.0. Promoting Web Services Interoperability Across Platforms, Applications and Programming Languages
Promoting Web Services Interoperability Across Platforms, Applications and Programming Languages Basic Profile 1.0 August 12, 2003 WS-I GOALS Achieve interoperability Integrate specifications Promote consistent
More informationChapter 17 Web Services Additional Topics
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 17 Web Services Additional Topics Prof. Dr.-Ing. Stefan Deßloch
More informationDESIGN OF WEB SERVICE SINGLE SIGN-ON BASED ON TICKET AND ASSERTION
DESIGN OF WEB SERVICE SINGLE SIGN-ON BASED ON TICKET AND ASSERTION Abstract: 1 K.Maithili, 2 R.Ruhin Kouser, 3 K.Suganya, 1,2,3 Assistant Professor, Department of Computer Science Engineering Kingston
More informationArchiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention
Symantec Enterprise Vault TransVault CommonDesk ARCviewer Vault LLC Optimize the management of information by defining a lifecycle strategy for data Backup is for recovery, archiving is for discovery.
More informationMichael Roedeske. Query performance monitoring and graphical analysis [EN]
Michael Roedeske Query performance monitoring and graphical analysis [EN] Michael Roedeske CEO and Technical Architect DBPLUS Germany c/o webtelligence IT consulting GmbH Michael graduated from the State
More informationYour Step-By-Step Registration Guide to the Retirement Scheme Administration Web
Your Step-By-Step Registration Guide to the Retirement Scheme Administration Web This guide is specifically designed for Retirement Scheme Administration services. Should you wish to register for other
More informationSTN Interoperability Test Plan
STN Interoperability Test Plan Contribution and Rollover Transactions Version 2.0 September 2016 For further information or questions, contact the GNGB secretariat via email at contactus@gngb.com.au VERSION
More informationThe Center for Internet Security
The Center for Internet Security The CIS Security Metrics Service July 1 2008 Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely
More informationOTP Server Authentication System Authentication Schemes V1.0. Feitian Technologies Co., Ltd. Website:
OTP Server Authentication System Authentication Schemes V1.0 Feitian Technologies Co., Ltd. Revision History: Date Revision Description Mar. 2010 V1.0 Release of the first version i Software Developer
More informationPAGE - 16 PAGE - 1. Sometimes, the solution is just a benchmark away..
PAGE - 16 PAGE - 1 Sometimes, the solution is just a benchmark away.. Post Box 301532, Riyadh 11372, Kingdom Of Saudi Arabia. Tel: +966 1 229 1819 Fax: +966 1 229 1801 PAGE - 2 PAGE - 3 The base of automation
More informationFLORIDA S PREHOSPITAL EMERGENCY MEDICAL SERVICES TRACKING & REPORTING SYSTEM
FLORIDA S PREHOSPITAL EMERGENCY MEDICAL SERVICES TRACKING & REPORTING SYSTEM END USER SECURITY POLICY MANUAL 1 INTRODUCTION... 3 2 INFORMATION USAGE AND PROTECTION... 3 2.2 PROTECTED HEALTH INFORMATION...
More informationJanuary 16, Re: Request for Comment: Data Access and Data Sharing Policy. Dear Dr. Selby:
Dr. Joe V. Selby, MD, MPH Executive Director Patient-Centered Outcomes Research Institute 1828 L Street, NW, Suite 900 Washington, DC 20036 Submitted electronically at: http://www.pcori.org/webform/data-access-and-data-sharing-policypublic-comment
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationUntraceable Nym Creation on the Freedom 2.0 Network
Russell Samuels Ed Hawco November 1, 2000 Untraceable Nym Creation on the Freedom 2.0 Network Version 2.0 This whitepaper, targeted at users with a basic understanding of Freedom, describes the Freedom
More informationA proposal to solve the patient data problem. (Yes, this is a manifesto)
A proposal to solve the patient data problem (Yes, this is a manifesto) Author: Jeroen W.J. Baten Version: 0.2 Date: April 7th, 2014 Table of Contents Introduction...3 History...3 Ground rules...3 The
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationJeffrey Friedberg. Chief Trust Architect Microsoft Corporation. July 12, 2010 Microsoft Corporation
Jeffrey Friedberg Chief Trust Architect Microsoft Corporation July 2, 200 Microsoft Corporation Secure against attacks Protects confidentiality, integrity and availability of data and systems Manageable
More informationIntel Unite Solution 3.0 and Protected Guest Access. Security Development Summary
Intel Unite Solution 3.0 and Protected Guest Access Security Development Summary June 2016 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY
More informationPost-Quantum Cryptography A Collective Challenge
Post-Quantum Cryptography A Collective Challenge Christophe Petit University of Oxford Mathematical Institute Christophe Petit -Oxford Crypto Day 1 Cryptography is very useful Cryptography is the science
More informationIntroduction to SURE
Introduction to SURE Contents 1. Introduction... 3 2. What is SURE?... 4 3. Aim and objectives of SURE... 4 4. Overview of the facility... 4 5. SURE operations and design... 5 5.1 Logging on and authentication...
More informationGOCO.IO, INC TERMS OF SERVICE
GOCO.IO, INC TERMS OF SERVICE GoCo.io, Inc. ("GoCo", the "Site", "https://www.goco.io") welcomes you! GoCo provides services to you subject of the following terms of service (the "Agreement"). The Agreement
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationCan eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010
Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010 Content eid Primary Functions eid Privacy Features and Security
More informationRegistry Security Proposal
Registry Security Proposal Technical Architecture Security Team May 10, 2001 (This document is the non-normative version formatted for printing, July 2001) This document and translations of it MAY be copied
More informationEnsuring Privacy and Security of Health Information Exchange in Pennsylvania
Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More informationWorkshop 2. > Interoperability <
Workshop 2 21 / 08 / 2011 > Interoperability < Heiko Zimmermann R&D Engineer, AHI CR Santec Heiko.Zimmermann@tudor.lu Interoperability definition Picture from NCI-Wiki (https://wiki.nci.nih.gov) 2 Interoperability
More informationIBM SmartCloud Engage Security
White Paper March 2012 IBM SmartCloud Engage Security 2 IBM SmartCloud Engage Security Contents 3 Introduction 3 Security-rich Infrastructure 4 Policy Enforcement Points Provide Application Security 7
More informationInformation Security Solutions
Information Security Solutions V Kiyotaka Uchida V Noriaki Sugano V Syouichi Andou (Manuscript received December 20, 2006) Now that regulations such as the Japanese Sarbanes-Oxley (J-SOX) act have been
More informationehaction Joint Action to Support the ehealth Network
Stakeholder Engagement - Consultation (22 August 2017) ehaction Joint Action to Support the ehealth Network 3 rd Joint Action to Support the ehealth Network Open Consultation 1 Participants of the 3 rd
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationNational Institute of Standards and Technology
National Institute of Standards and Technology April 2017 1 ITL Mission ITL promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through
More informationIncident Reporting: Quick User Guide
Incident Reporting: Quick User Guide 1455 Bellevue Avenue #300 West Vancouver BC Canada V7T 1C3 Phone 1-888-921-6875 Email info@integritycounts.ca Web www.integritycounts.ca About WhistleBlower Security
More informationINFORMATION GOVERNANCE. Caldicott Approval Procedure
NHS TAYSIDE INFORMATION GOVERNANCE Caldicott Approval Procedure Author: Peter McKenzie Review Group: Information Governance Group Review Date: September 2010 Last Update: September 2009 Document : NHST-ISC-CAP
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Gale_Cengage Learning Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationRSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief
Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout
More informationIS Audit of Stock Brokers
IS Audit of Stock Brokers CA Pranay Kochar B.Com, A.C.A, P.G.D.I.T., C.I.S.A., D.I.S.A (ICAI), ISO 27001 LA, Dip. Cyber Law Partner Kochar & Associates Chartered Accountants Types of IS Audits for Stock
More informationMOBILE ENTERPRISE PILOT PROJECT
MOBILE ENTERPRISE PILOT PROJECT RICHARD ADEYEMO KYLE BLEVINS ANDREW REPP CPET 565/499 PROBLEM STATEMENT After the company s strategic planning meeting, top administration approve a funding of $60,000 for
More informationWHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs
ENSURING SECURITY WITH OPEN APIs Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs The security features that banks must build into their financial solutions
More informationCertificate service General description Implementation project of a national Incomes Register
Version 1.0 Certificate service General description Implementation project of a national Incomes Register Version history Version Date Description 1.0 30.10.2017 Document published. CONTENTS 1 Foreword...
More informationCocoBase Delivers TOP TEN Enterprise Persistence Features For JPA Development! CocoBase Pure POJO
CocoBase Pure POJO Product Information V5 CocoBase Delivers TOP TEN Enterprise Persistence Features For JPA Development! CocoBase Provides A Complete Enterprise Solution For JPA Based Development. CocoBase
More informationOFFICE 365 MIGRATION SERVICES
OFFICE 365 MIGRATION SERVICES END USER BOOKLET EMAIL SHAREPOINT ONE DRIVE WHAT WE DO Insentra s Data Migration practice will automate and manage your email migration to Office 365. Insentra is a Microsoft
More informationBirgit Morlion. DG Communications Networks, Content and Technology (DG CONNECT)
Digital transformation of health and care in the Digital Single Market Harnessing the potential of data to empower citizens and build a healthier society DG Communications Networks, Content and Technology
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationStandard Operating Procedure. Data Management. Adapted with the kind permission of University Hospitals Bristol NHS Foundation Trust
Data Management REFERENCE: VERSION NUMBER: 2.1 EFFECTIVE DATE: 28-03-18 REVIEW DATE: 28-03-20 AUTHOR: Clinical Trials Manager; Clinical Trials Officer REVIEWED BY: R&I Senior Team APPROVED BY: Deputy Director
More informationFormal Methods for Assuring Security of Computer Networks
for Assuring of Computer Networks May 8, 2012 Outline Testing 1 Testing 2 Tools for formal methods Model based software development 3 Principals of security Key security properties Assessing security protocols
More informationComments, Concerns, Compliments and Complaints
i If you need your information in another language or medium (audio, large print, etc) please contact Customer Care on 0800 374 208 or send an email to: customercare@ salisbury.nhs.uk You are entitled
More informationComprehensive Guide to Evaluating Event Stream Processing Engines
Comprehensive Guide to Evaluating Event Stream Processing Engines i Copyright 2006 Coral8, Inc. All rights reserved worldwide. Worldwide Headquarters: Coral8, Inc. 82 Pioneer Way, Suite 106 Mountain View,
More informationJuniper Care Plus Advanced Services Credits
Juniper Care Plus Advanced Services Credits Service Overview Today s organizations are under constant pressure to meet dynamic market demands while increasing their return on investment. IT departments
More informationSecuring SharePoint TASSCC TEC 2009 Web 2.0 Conference
Securing SharePoint TASSCC TEC 2009 Web 2.0 Conference Dan Cornell Email: dan@denimgroup.comd Twitter: @danielcornell March 26 th, 2009 Agenda Background SharePoint Basics Securing SharePoint Common Approaches
More informationOmniRAN Network Reference Model with Backhaul
OmniRAN Network Reference Model with Backhaul Date: 2014-07-15 Author: Name Affiliation Phone Email Roger Marks EthAirNet Associates; ETRI +1 802 capable roger@ethair.net Notice: This document does not
More informationPrivate sector s engagement in the implementation of the Sendai Framework
Private sector s engagement in the implementation of the Sendai Framework Palais des Nations, Geneva, 2 May 2017 Oz Ozturk, PricewaterhouseCoopers Content: Introduction Key messages Sendai Framework and
More informationProfessional Evaluation and Certification Board Frequently Asked Questions
Professional Evaluation and Certification Board Frequently Asked Questions 1. About PECB... 2 2. General... 2 3. PECB Official Training Courses... 4 4. Course Registration... 5 5. Certification... 5 6.
More informationCO Java EE 7: Back-End Server Application Development
CO-85116 Java EE 7: Back-End Server Application Development Summary Duration 5 Days Audience Application Developers, Developers, J2EE Developers, Java Developers and System Integrators Level Professional
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationHIPAA by the Numbers. Presented by: Mark L. Schuweiler Director of Global Information Assurance Services EDS Corporation
HIPAA by the Numbers Presented by: Mark L. Schuweiler Director of Global Information Assurance Services EDS Corporation Security vs Privacy Privacy right of a individual to control his/her personal information
More informationTHE TRIAL MASTER FILE
THE TRIAL MASTER FILE CONFIDENCE IN PROVIDING TMF FOR REGULATORY INSPECTION OR LEGAL DISCOVERY EXECUTIVE SUMMARY FOR EXL PHARMA S 2ND EUROPEAN TRIAL MASTER FILE SUMMIT LONDON OCTOBER 22 23, 2013 CONTENTS
More informationHealth Information Exchange - A Critical Assessment: How Does it Work in the US and What Has Been Achieved?
Health Information Exchange - A Critical Assessment: How Does it Work in the US and What Has Been Achieved? Use cases, best practice and examples for successful implementations 1 Agenda Overview of The
More informationPromoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda
2016 PARTNERSHIP FORUM Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda 31 March 2016 Dialogue Two (3:00 p.m. 5:45 p.m.) ECOSOC CHAMBER,
More information