Security Secure Information Sharing

Similar documents
Thursday, May 15. Track D Security & Access Control

Simplifying Information Sharing Across Security Boundaries. Deep-Secure Overview 12 th November 2013, Prague. Presentation to.

Introduction to AWS GoldBase

SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE

Digital Health Cyber Security Centre

NIS Standardisation ENISA view

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Security and Architecture SUZANNE GRAHAM

SOC 3 for Security and Availability

Combating Cyber Risk in the Supply Chain

The NIS Directive and Cybersecurity in

Empowering Business Adoption of the Cloud through Intelligent Security Solutions and Active Defense Platforms

Establishing Trust Across International Communities

Accelerating Cloud Adoption

GlobalPlatform Addressing Unique Security Challenges through Standardization

GDPR Update and ENISA guidelines

Reference Framework for the FERMA Certification Programme

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

SOC for cybersecurity

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

_isms_27001_fnd_en_sample_set01_v2, Group A

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

AIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

Manchester Metropolitan University Information Security Strategy

Building a Resilient Security Posture for Effective Breach Prevention

Transglobal Secure Collaboration Program Secure v.1 Technical Specification. Prepared by: TSCP Secure v.

PKI and FICAM Overview and Outlook

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

GovernmentOnline Gatekeeper The Government s Public Key Infrastructure

Cyber Security Strategy

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Accelerate Your Enterprise Private Cloud Initiative

Cybersecurity and Data Protection Developments

Rapid Communications Deployment: Federated Service Management to Support Multi-National Preparedness in Crisis

TEL2813/IS2820 Security Management

Verizon Software Defined Perimeter (SDP).

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Security

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

BIG DATA INDUSTRY PAPER

The Honest Advantage

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Vault Systems. Using IBM NeXtScale to disrupt industry with secure, cost-effective private cloud. Overview. IBM Systems & Technology Case Study

ITIL and IT Service Management

LBI Public Information. Please consider the impact to the environment before printing this.

This document is a preview generated by EVS

Critical Infrastructure Security Vulnerability Assessment. A New Approach. Norman Bird - Senior Technical Lead - Nuclear Security

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Robin Wilson Director. Digital Identifiers Metadata Services

Defining IT Security Requirements for Federal Systems and Networks

Introduction to Device Trust Architecture

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Identity Federation Requirements

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Security Using Digital Signatures & Encryption

ASD CERTIFICATION REPORT

Security and Privacy Governance Program Guidelines

Cybersecurity. Securely enabling transformation and change

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

Cyber Security Technologies

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Objectives of the Security Policy Project for the University of Cyprus

Critical Information Infrastructure Protection Law

Security Management Models And Practices Feb 5, 2008

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

2015 Online Trust Audit & Honor Roll Methodology

2017 NACHA Third-Party Sender Initiatives

How Secure is Blockchain? June 6 th, 2017

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Collaborative Working in Aerospace

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Cloud Security Standards Supplier Survey. Version 1

Effective Strategies for Managing Cybersecurity Risks

nshield GENERAL PURPOSE HARDWARE SECURITY MODULES

Who s Protecting Your Keys? August 2018

U.S. E-Authentication Interoperability Lab Engineer

Cyber security. Strategic delivery: Setting standards Increasing and. Details: Output:

Security Survey Executive Summary October 2008

LESSONS LEARNED IN SMART GRID CYBER SECURITY

CHARTER OUR MISSION OUR OBJECTIVES OUR GUIDING PRINCIPLES

Scottish Wide Area Network (SWAN) update & Partnership Connectivity

Dell helps you simplify IT

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

European Union Agency for Network and Information Security

Cloud solution consultant

Technologies for Securing the Networked Supply Chain. Alex Deacon Advanced Products and Research Group VeriSign, Inc.

Microsoft Office 365 TM & Zix Encryption

Information Security Strategy

RESOLUTION 130 (REV. BUSAN, 2014)

Security+ SY0-501 Study Guide Table of Contents

GM Information Security Controls

Information Security Controls Policy

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

MultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions

Transcription:

ASD Convention Workshop 6 e-standards: a Strategic Asset across the Value Chain Security Secure Information Sharing Steve SHEPHERD Executive Director UK CeB Istanbul, 6 October 2011 1

Information security Aerospace and defence information is often constrained by: National security Export controls Proprietary rights Aggregations of data potentially convey more significant information and often carry a higher classification Integrated data contains significant IP eg 3D visualisation tools rather than CAD models for quotations Advanced Persistent Threats + we have the information explosion across the Extended Enterprise So: E-Business requires standards for Secure Information Sharing Slide 2 2

Secure Information Sharing E-Mail (with attachments) Voice & Teleconferencing Person to Person Web Conferencing Browser access to Applications Person to Application CWEs / SWEs Fax Video Instant Messaging Web Discussion forums Access to Intranets Application to Application Data Exchange + Data Transport Systems + Enablers and Trust Mechanisms Slide 3 3

Secure Information Sharing TSCP Secure E-mail v1 The Transglobal Secure Collaboration Program (TSCP) is a governmentindustry partnership focused on mitigating the risks related to compliance, complexity and cost related to secure information sharing that are inherent in large-scale, collaborative aerospace and defence programs that span national jurisdictions. The TSCP Secure E-mail v1 specification allows organizations to send digitally signed and/or encrypted email over the internet securely The specifications and key supporting documentation are made publicly available and their usage is encouraged by adoption as industry specifications in Europe (ASD SSG) and the US (AIA) Slide 4

Government-industry partnership specifically focused on mitigating the risks related to compliance, complexity, cost and IT that are inherent in large-scale, collaborative programs that span national jurisdictions. To do business in the world today, A&D companies must balance the need to protect intellectual property (IP) while demonstrating willingness and ability to meet contractual requirements from government customers for auditable, identity-based, secure flows of information. PAGE 5 TSCP Common Framework for Federated Collaboration Identity Management & Information Assurance: Provide assurance that collaborative partners can be trusted Meet government agencies emerging requirements for identity assurance across domains Establish common credentialing standards that accommodate and span national jurisdictions Protect personal privacy data of employees Data Protection: Define fine grain access right attributes for data labeling and data right s management Establish Application Awareness Demonstrate compliance with export control regulations Protect corporate IP in collaborative and other information sharing programs Facilitate Secure Collaboration: Provide collaborative toolsets that will interoperate with customers and suppliers Facilitate re-use collaborative capabilities among multiple programs

Secure E-mail V1 Business Drivers Multiple organisations needing to exchange sensitive information Provide: Confidentiality of the message in transit from sender to recipient Assurance of the identity of the sender Confidence in the integrity of the message Using a solution that: Requires minimal user training Scalable across the Aerospace and Defence sector Supportable Enables continuing use of COTS products Exploits digital certificates trusted via bridges Uses the internet as the transport mechanism PAGE 6 TSCP Expo - September 2010

Signature High confidence in the e-mail message Who identity of sender linked to the certificate What content verified by system Out of the box Outlook and Notes client capability Indicated by the rosette symbol PAGE 7 TSCP Expo - September 2010

Encryption Restricts access to the message recipients e-mail encryption is an out-of-the-box capability in Outlook, Notes and RIM clients Encryption for TSCP Secure E-mail V1 S/MIME standard and 3DES 168 bit algorithm Government approved Implementations accreditable for UK RESTRICTED information Encryption indicated by Lock symbol PAGE 8 TSCP Expo - September 2010

Trust path established between organisations Consistent policies across organisations Link provided by bridge rather than directly from organisation to organisation Assured by independent third party Other Bridge CertiPath Other Organisation Other Organisation Other Organisation Northrop Grumman Raytheon BAE Systems PAGE 9 TSCP Expo - September 2010

Secure E-mail V1 Summary The TSCP implementation pattern exploits existing standards for: Simplicity Builds on and works alongside existing infrastructure and practices Supported by COTS products Straightforward user interface Security Government approved encryption standard Implementations accreditable for UK Restricted Trust managed by the enterprise Speed Enterprise deployment in a months User deployment and training in hours Message sending in minutes Implementation and growth in usage continues Production systems are in use and delivering benefit today PAGE 10 TSCP Expo - September 2010

Secure Information Sharing TSCP Secure E-mail v1 is the first TSCP deliverable to be adopted by ASD SSG and by AIA ASD SSG will examine future TSCP deliverables for adoption to provide a suite of Secure Information Sharing capabilities Secure Capabilities use the internet as a transport mechanism Secure Capabilities can be used down the supply chain by small enterprises Slide 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback