Identity Management. An overview of the status of some of the key IdM work (plus some thoughts from the sidelines) Mike Harrop The Cottingham Group
|
|
- Laurence Carpenter
- 5 years ago
- Views:
Transcription
1 Identity Management An overview of the status of some of the key IdM work (plus some thoughts from the sidelines) Mike Harrop The Cottingham Group International Telecommunication Union
2 Overview Review the context of work on IdM Discuss some of the issues and challenges Report on current status of the IdM standards work Offer a few personal observations
3 Identity and IdM: The context of the work International Telecommunication Union
4 What is Identity? Identity is both a real-world concept and a digital construct In the real world: The individual characteristics by which a thing or person is recognized or known. (Wordnet, Princeton University) Note: A person may have a number of different identities In the digital world: Information about an entity that is sufficient to identify that entity in a particular context. (ITU-T Rec. Y.2720) Digital identity refers to a digital representation of a set of claims made by one party and presented to another party A digital identity can be a set of identity information (e.g., an address), as opposed to real-world concept that is tied with a person s sense of who they are. Note: the concept of digital identity applies to service providers and objects as well as individuals.
5 Identities Exist in Many Forms & Places Smart- phone Cellular PDA Whatever you re using (devices) PC Collaboration Video Whatever you re doing (applications) People have multiple identities Work Family Hobby Volunteer Voice Telephony IM, Web Apps At your Desk Wherever you are (across various access types) ERP In the Air Managed Office At Home In Town On the Road
6 Can we agree on a definition of Identity? There was a lengthy on-line discussion within ITU-T SG 17 on the definition of identity over the summer of But there is currently no international agreement on the definition of identity
7 What is Identity Management? The management of the life cycle of the digital identity of entities during which the digital representation of identity is established, used and disposed of when no longer needed IdM involves technology, processes, functions and capabilities (e.g. administration, management and maintenance, discovery, communication exchanges, correlation and binding, policy enforcement, authentication and assertions) in order to: Manage identity information (e.g., identifiers, credentials, attributes); Assure the identity of an entity (e.g., users/subscribers, groups, user devices, organizations, network and service providers, network elements and objects, and virtual objects); and Improve the robustness of business and security applications. IdM must be scalable from internal systems to external applications and processes IdM is considered a fundamental requirement for wide-scale, secure and trusted interconnections (such as NGN)
8 Definitions of Identity Management A broad administrative area that deals with identifying individuals in a system and controlling their access to resources within that system by associating user rights and restrictions with the established identity (WhatIS.com) The set of processes, policies and technologies that enable authoritative sources to accurately identify entities; it helps authoritative sources as well as individual entities to facilitate and control the use of identity information in their respective relations. (ISO, 5 th draft IdM Framework, Nov. 2008) The structured creation, capture, syntactical expression, storage, tagging, maintenance, retrieval, use and destruction of identities by means of diverse arrays of different technical, operational, and legal systems and practices. (ITU-T X.1250)
9 Evolving Definition of IdM What is IdM from a carrier, provider, Telecom Perspective? Infrastructure Application Environments Enterprise Edge devices Internal Gateway Hosted Services Other hubs Partner/Suppliers Networks Burton Group 2003 Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities in online spaces Burton Group 2007 Enterprise IdM is the set of business processes, and a supporting infrastructure, that provides Identity-based access control to systems and resources In accordance with established policies
10 IdM Overview (Rec. Y.2720) Identity Ma anagement Identity Information Business and Security Applications including Identity-based Services Federated Services Application Services Access Control (e.g. Multimedia and IPTV) Single Sign-on/Sign-off Role-based Access to Information, Resources and Assets Protection of Personally Identifiable Information Security Protection of Information and Network Infrastructure Enables IdM Functions and Capabilities Identity Lifecycle Management Identity Information Correlation and Binding Identity Information Authentication, Assurance and Assertions Discovery and Exchange of Identity Information Identifiers (e.g. UserID, address, Telephone Number, URI, IP address) Credentials (e.g. Digital Certificates, Tokens, and Biometrics) Attributes (e.g. Roles, Claims, Context, Privileges, Location) Entities Organizations, Business Enterprises, Government Enterprises Users and Subscribers User Devices Network and Service Providers Network Elements and Objects Virtual Objects R055(08)_F01
11 What s changing? - The shift to Identity Providers International Telecommunication Union
12 Legacy Identity Management Wireli ne Current Identity Management Trends Wireline Source FG IDM Tutorial, September 2007, Geneva
13 Perspectives and Challenges on Identity Management International Telecommunication Union
14 The different perspectives on IdM pose some real challenges Security Services & Policing Individual End Users Network Operators & Service Providers Privacy advocates Government & Business users
15 Perspectives and Interests-1 Network operators and service providers Focused on revenue opportunities, infrastructure protection, network management forensics, fraud mitigation Want to offer new applications and services (e.g. NGN, fixed and mobile convergence) including identity based services to subscribers and other service providers Business and government users Looking to minimize costs, support employees, reduce fraud and control/manage inventory and supply chain Want to enable identity assurance services and capabilities, and enhance the level of trust and confidence to support on-line services (e.g. web-based transactions)
16 Perspectives and Interests-2 Government as service provider To help protect the communication infrastructure against cyber security threats To support Public Safety Services (e.g. Emergency 911 services), Emergency Telecommunications Service (ETS), Early Warning Services To enable federated government services National security services and law enforcement To support mandates in infrastructure protection, homeland security, law enforcement (forensics, lawful interceptions etc) To support need for personal identity credentials and biometrics
17 Perspectives and Interests-3 Individual end users Ease and convenience of use Portability of access Confidence in security of transactions Identity theft protection Protection of sensitive private information Reduction in unwanted intrusions Privacy advocates Protection of sensitive personal information Upholding of privacy laws and codes of practice
18 Status of work on IdM
19 Industry/Consortia work Examples of different approaches Higgins - an extensible, platform-independent, identity protocolindependent, software framework to support existing and new applications that give users more convenience, privacy and control over their identity information. Cardspace is a system in the Windows Communications Foundation (WCF) of WinFX allows users to manage their digital identities from various identity providers, and employ them in different contexts where they are accepted to access online services. Liberty - allows consumers and users of Internet-based services and e- commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Web sites. OpenID - is a decentralized single sign-on system. On OpenID-enabled sites, Internet users do not need to register and manage a new account for every site before being granted access. Instead, they only need to be previously registered on a website with an OpenID "identity
20 ITU-T motivation for IdM work To provide a general framework that incorporates different perspectives and technologies To address the interplay between cybersecurity and IdM (The main issues are strong authentication, interoperability between IdM systems, and the development of common IdM data models to ensure appropriate exchange of IdM attributes and information) To enable service providers to reduce the cost of managing all the partial identities that exist in the network To facilitate revenue-generating NGN identity-based subscription services e.g. single sign-on, presence, location etc
21 Current ITU-T Approach Joint Coordination Activity on IdM and IdM Global Standards Initiative (GSI) established December 2007 Most IdM work is being done in Study Group 17 (Security) and Study Group 13 (Future Networks, including Mobile and NGN)
22 ITU-T IdM results so far include: IdM focus group established in 2006 was open to all and drew wide interest. Six substantial reports from the FG IdM: Report on Activities Completed and Proposed Report on the Deliverables Report on Identity Management Ecosystem and Lexicon Report on Identity Management Use Cases and Gap Analysis Report on Requirements for Global Interoperable Identity Management Report on Identity Management Framework for Global Interoperability Two workshops & one conference
23 Current status of ITU-T work 1 Recommendations now under Determination SG13 NGN: Y.2720 NGN Identity management framework (Approval expected in January 23 rd 2009) SG17 Security: X.1250 Capabilities for enhanced global identity management trust and interoperability X.1251 A framework for user control of digital identity (Approval of X.1250 & X.1251 expected in February 2009)
24 Current status of ITU-T work 2 Recommendations for future Determination X.idm-ifa: Framework architecture for interoperable identity management systems X.idm-dm: Common Identity Data Model X.rfpg: Privacy guideline for RFID X.idmsg: Security guidelines for identity management systems X.priva: Criteria for assessing the level of protection for personally identifiable information in IdM X.eaa: Entity Authentication Assurance
25 ISO/IEC JTC1 SC 27 Work ISO A Framework for Identity Management (5 th Working Draft) The 6 th WD should be available in February 2009
26 OECD Currently developing a Primer on Identity Management (Internal OECD document - now due March 2009) The primer is intended serve as input to an OECD IdM Policy Framework
27 More information IdM Focus Group T/studygroups/com17/fgidm/index.html Global Standards Initiative for Identity Management (IdM-GSI) Joint Coordination Activity for Identity Management
28 The following Thoughts from the Sidelines are personal observations. They are presented here to stimulate discussion. International Telecommunication Union
29 1. What is identity and what is IdM? It is essential that we have a clear definition and understanding of what is meant by the terms identity and identity management if we are to develop IdM standards. Yet, even as the first standards are near to completion there is no agreement on these terms.
30 What is identity and what is IdM? ctd One reason for the difficulty in getting agreement are the different perspectives e.g. ISO JTC1 SC27 deals largely with protection of identity information in information systems; ITU-T deals with the protection and use of telecommunications infrastructures and services. However, the definitions are not yet consistent even in the draft ITU-T Recommendations. The paper A Relationship Layer for the Web... and for Enterprises, Too, Bob Blakley, the Burton Group, June 2008, illustrates the total lack of world-wide agreement on the definition of identity and associated terms Is it possible to manage something (particularly across multiple domains) if you can t agree what it is?
31 2. Needs are not uniform for all potential IdM users Most on-line transactions, require only authorization information, not evidence of identity. Information requested (credit card, telephone number, address etc) authenticates the user on the basis of having that information. It does not provide irrefutable evidence (or any evidence) of identity. However, positive confirmation of identity is required for law enforcement and security agency activities as well as the granting of some rights such as access rights, right to board an aircraft, or enter a country. Does the broad range of needs mean that the identity information collected must satisfy the needs of those users who require the greatest level of detail?
32 3. Privacy concerns There must be protection against inappropriate collection of information Collecting too much information Collecting when not strictly necessary Collecting without consent Invasiveness of collection And against inappropriate use and disclosure Secondary uses (function creep) The data collected must be properly secured and protected against poor information management & handling procedures and practices
33 Privacy concerns ctd Use of global identifiers poses a risk to privacy Neither personal identifiers, nor the risks they pose to privacy are new. E.g. Canadian & US Social insurance/security numbers (SIN & SSN) predate the Internet, electronic commerce and, to a large extent, data communications. The safeguards associated with the SIN and SSN protect the organization, rather than the individual. They were not designed with the protection of personal information (or the risk of identity theft) in mind. Privacy (like security) should be built-in, not added as an afterthought.
34 Privacy concerns ctd Privacy protection is not (so far) a primary objective of the IdM work While privacy needs are recognized and some issues are beginning to be addressed, most emphasis is still on organizational (service provider) needs, rather than personal privacy. ( The purpose and focus of the ITU-T is also that of telecommunications, rather than the protection of personally identifiable information. Annex A to SG 17 Q6 report, April 2008) Thus, the issue of how personal information used in the context of IdM can be protected needs further consideration. This is not just a standards issue. (There are technical, legal and policy issues to be addressed).
35 4. What happens when something goes wrong? With the shift to identity providers, where will the information be kept? (Off shore?) Who is responsible if information is leaked or stolen (either individually or as part of a mass leak)? Will anyone be held accountable under existing laws? What help will there be to resolve the situation in the event of compromise? What recourse will there be for those whose information is compromised?
36 A closing thought An identity is a model of a person. Only an organization which has a close relationship with an individual knows enough about that individual to build an identity which is an accurate model; the more intimate the relationship is, the more accurate the identity will be. Organizations have only casual relationships with most of the individuals they deal with, so they build inaccurate identities which create risks for individuals and for themselves. Building accurate identities on the Internet will require new relationship technology and a new set of intermediaries who have sufficiently intimate relationships with individuals to construct identities for them. Bob Blakley, Burton Group
ISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationUniversal Trusted Service Provider Identity to Reduce Vulnerabilities
1.1 Session 3: Cyber-attacks: Are we ready for the battlefield of the 21st Century? 22 May 2008 Palais des Nations, Geneva Universal Trusted Service Provider Identity to Reduce Vulnerabilities Tony Rutkowski
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationThe Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services
The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services This document was developed by the Smart Card Alliance Health and Human Services Council in response to the GAO
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationITU-T SG 17 Q10/17. Trust Elevation Frameworks
ITU-T SG 17 Q10/17 Trust Elevation Frameworks Abbie Barbir, Ph.D. ITU-T SG 17 Q10 Rapporteur Martin Euchner SG 17 Advisor ITU Workshop on "Future Trust and Knowledge Infrastructure July 1 2016 Contents
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
This is a preview - click here to buy the full publication TECHNICAL REPORT ISO/IEC TR 14516 First edition 2002-06-15 Information technology Security techniques Guidelines for the use and management of
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Entity authentication assurance framework
INTERNATIONAL STANDARD ISO/IEC 29115 First edition 2013-04-01 Information technology Security techniques Entity authentication assurance framework Technologies de l'information Techniques de sécurité Cadre
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCITEL s s Focus on Cybersecurity and Critical Infrastructure Protection CITEL
CITEL s s Focus on Cybersecurity and Critical Infrastructure Protection Wayne Zeuch CITEL (Alcatel-Lucent) ITU Regional Workshop on Frameworks for Cybersecurity and CIIP Buenos Aires, Argentina October
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationCybersecurity Risk Management:
Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov Cybersecurity in the Department of
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationRegulator's involvement in and skills for ITU standardization: an example of Suisse OFCOM
Regulator's involvement in and skills for ITU standardization: an example of Suisse OFCOM Dr. Leo Lehmann Federal Office of Communication (OFCOM) Vice-chair ITU-T Study Group 13 (Future networks including
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationApproved 10/15/2015. IDEF Baseline Functional Requirements v1.0
Approved 10/15/2015 IDEF Baseline Functional Requirements v1.0 IDESG.org IDENTITY ECOSYSTEM STEERING GROUP IDEF Baseline Functional Requirements v1.0 NOTES: (A) The Requirements language is presented in
More informationReport of the Working Group on mhealth Assessment Guidelines February 2016 March 2017
Report of the Working Group on mhealth Assessment Guidelines February 2016 March 2017 1 1 INTRODUCTION 3 2 SUMMARY OF THE PROCESS 3 2.1 WORKING GROUP ACTIVITIES 3 2.2 STAKEHOLDER CONSULTATIONS 5 3 STAKEHOLDERS'
More informationPolicy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy
Policy Title: Binder Association: Author: Review Date: Pomeroy Security Principles PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Joseph Shreve September of each year or as required Purpose:...
More informationCryptologic and Cyber Systems Division
Cryptologic and Cyber Systems Division OVERALL BRIEFING IS Someone Scraped My Identity! Is There a Doctrine in the House? AF Identity, Credential, and Access Management (ICAM) August 2018 Mr. Richard Moon,
More informationDigital (Virtual) Identities in Daidalos and beyond. Amardeo Sarma NEC Laboratories Europe
Digital (Virtual) Identities in Daidalos and beyond Amardeo Sarma NEC Laboratories Europe Who wants to pay for more Bandwidth? More Access Bandwidth? No one pays extra for volume or time plain usage is
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationITU-T FG-DPM: Key Activities and Future Plans
1st ITU Workshop on Data Processing and Management for IoT and Smart Cities & Communities (Brussels, Belgium, 19 February 2018) ITU-T FG-DPM: Key Activities and Future Plans Gyu Myoung Lee Chair, ITU-T
More informationInformation technology Security techniques Code of practice for personally identifiable information protection
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationSecurity Standardization
ISO-ITU ITU Cooperation on Security Standardization Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany 7th ETSI Security Workshop - Sophia Antipolis, January 2012
More informationInformation Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community
Information Security Management Systems Standards ISO/IEC 27001 Global Opportunity for the Business Community Prof. Edward (Ted) Humphreys IPA Global Symposium 2013 23 rd May 2013, Tokyo, Japan CyberSecurity
More informationin a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012
Identity Management and Federation of Identity in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012 HRSDC - National Service Delivery HRSDC and its service
More informationCEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationIntroduction of the Identity Assurance Framework. Defining the framework and its goals
Introduction of the Identity Assurance Framework Defining the framework and its goals 1 IAEG Charter Formed in August of 07 to develop a global standard framework and necessary support programs for validating
More informationManaging Trust in e-health with Federated Identity Management
ehealth Workshop Konolfingen (CH) Dec 4--5, 2007 Managing Trust in e-health with Federated Identity Management Dr. rer. nat. Hellmuth Broda Distinguished Director and CTO, Global Government Strategy, Sun
More informationPromoting Global Cybersecurity
Promoting Global Cybersecurity Presented to ITU-T Study Group 17 Geneva, Switzerland 6 October 2005 Robert Shaw ITU Internet Strategy and Policy Advisor ITU Strategy and Policy Unit 1 Agenda Critical Infrastructures
More informationITU-T Y Next generation network evolution phase 1 Overview
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Y.2340 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2016) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationControl System Security for Social Infrastructure
277 Hitachi Review Vol. 63 (201), No. 5 Featured Articles Control System Security for Social Infrastructure Toshihiko Nakano, Ph.D. Katsuhito Shimizu Tsutomu Yamada Tadashi Kaji, Dr. Info. OVERVIEW: The
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
More informationCloud Security Standards Supplier Survey. Version 1
Cloud Security Standards Supplier Survey Version 1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved Version
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationIdentity Management: Setting Context
Identity Management: Setting Context Joseph Pato Trusted Systems Lab Hewlett-Packard Laboratories One Cambridge Center Cambridge, MA 02412, USA joe.pato@hp.com Identity Management is the set of processes,
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationFrequently Asked Questions
December 2001 Introduction International Standard ISO/IEC 17799:2000 Information Security Management, Code of Practice for Information Security Management Frequently Asked Questions The National Institute
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationBefore the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C
Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C. 20554 In the Matters of Video Device Competition Implementation of Section 304 of the Telecommunications Act of 1996 Commercial Availability
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationInformation technology Security techniques Telebiometric authentication framework using biometric hardware security module
INTERNATIONAL STANDARD ISO/IEC 17922 First edition 2017-09 Information technology Security techniques Telebiometric authentication framework using biometric hardware security module Technologies de l information
More informationCloud Security Standards and Guidelines
Cloud Security Standards and Guidelines V1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved version Review
More informationEnsuring Privacy and Security of Health Information Exchange in Pennsylvania
Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationITU-T Study Group 13 Overview
4 th SG13 Regional Workshop for Africa on Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data (Accra, Ghana, 14-15 March 2016) ITU-T Study Group 13 Overview Leo Lehmann (Dr.
More informationCybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives
Cybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives Wayne Zeuch Rapporteur: Standards, Conformance, and Interoperability CITEL PCC.I ITU /CITEL Regional Cybersecurity Workshop
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: St. Thomas University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationCybersecurity for ALL
Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities OAS Hemispheric Workshop on the Development of a National Framework for Cyber Security 16 in Rio de Janeiro, Brazil Souheil Marine Head,
More informationWhere s My Data? Managing the Data Residency Challenge
Where s My Data? Managing the Data Residency Challenge Claude Baudoin & Geoff Rayner 27 February 2018 2/26/2018 Copyright 2018 OMG. All rights reserved. 1 Speakers Tracie Berardi Director of Program Management,
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 27017 First edition 2015-12-15 Information technology Security techniques Code of practice for information security
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Toronto Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More information[NEC Group Internal Use Only] IoT Security. - Challenges & Standardization status. Sivabalan Arumugam.
[NEC Group Internal Use Only] IoT Security - Challenges & Standardization status Sivabalan Arumugam Outline IoT Security Overview IoT Security Challenges IoT related Threats
More informationMapping to the National Broadband Plan
The National Telecommunications and Information Administration Mapping to the National Broadband Plan 37 th Annual PURC Conference Smart Technology vs. Smart Policy February 3, 2010 1 About NTIA The National
More informationDATA PROTECTION BY DESIGN
DATA PROTECTION BY DESIGN Preparing for Europe s New Security Regulations Summary In 2018, the European Union will begin to enforce the provisions of the General Data Protection Regulation (GDPR), a new
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More information79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90
th OREGON LEGISLATIVE ASSEMBLY-- Regular Session Senate Bill 0 Printed pursuant to Senate Interim Rule. by order of the President of the Senate in conformance with presession filing rules, indicating neither
More informationITU and IPv6. ARIN October, Los Angeles by Richard Hill
ITU and IPv6 ARIN 26-28 October, Los Angeles by Richard Hill Telecommunication Standardization Bureau () International Telecommunication Union, Geneva Place des Nations - CH-1211 Geneva 20 Switzerland
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationDriving Internet of Things (IoT) standardization to build smart sustainable cities. Cristina Bueti, Adviser, ITU
Driving Internet of Things (IoT) standardization to build smart sustainable cities Cristina Bueti, Adviser, ITU The world is Mobile broadband penetration globally is reaching 47% in 2015, a value that
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Gale_Cengage Learning Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 19770-5 Second edition 2015-08-01 Information technology IT asset management Overview and vocabulary Technologies de l information Gestion de biens de logiciel Vue d ensemble
More informationGovernment IT Modernization and the Adoption of Hybrid Cloud
Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments
More informationA Market Solution to Online Identity Trust. Trust Frameworks 101: An Introduction
A Market Solution to Online Identity Trust Background OIX is an Internet scale solution to the problem of how identity credentials can be trusted online. Background "OIX is the organization where different
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: British Columbia Institute of Technology Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationServices Scenarios and Migration to NGN
ITU-D Regional Development Forums 2010 on NGN and Broadband (ARB, EUR & CIS Regions): NGN and Broadband, Opportunities and Challenges Services Scenarios and Migration to NGN John Visser, P.Eng. +1 613
More information