IT Security of Commercial Vehicles

Save this PDF as:

Size: px
Start display at page:

Download "IT Security of Commercial Vehicles"

Transcription

1 IT Security of Commercial Vehicles Public Key Infrastructures and their Contribution to Safety and New Business Models Hakan Cankaya 1, Daniel Estor 2, and Moritz Minzlaff 1 1 ESCRYPT GmbH, Bismarckstr. 71, Berlin 2 ESCRYPT GmbH, Leopoldstr. 244, München Abstract. Driven by the goals to improve efficiency and safety, commercial vehicles become increasingly interconnected. In addition, new features and business models such as selling or leasing feature sets are based on ever larger amounts of software. If these and similar developements are not accompanied by appropriate IT security measures, then they expose OEMs, drivers, and other users to uneccessary risks. Therefore, public key infrastructures (PKI) which serve as a central ingredient to many protective measures become increasingly relevant. This article contains three contributions to a discussion of PKIs: First, to clarify the impact a PKI can have, we consider its applications to commercial vehicles from a use-case point of view. Second, we highlight the required components, actors, and the roles they play, and give examples from other industries where PKIs are already or are becoming established. Based on these considerations, we finally discuss specific aspects of a PKI deployment for commercial vehicles referring to the previously mentioned examples. 1 Introduction In many industries, computerization and digitalization of production processes are major factors to reduce costs, increase saefty and quality, and protect the environment, e.g. through more efficient use of chemicals [1]. Commercial vehicles are no exception to these trends. Increasingly, these efficieny gains are made through connecting formerly isolated systems. The aim is to not only optimize processes at a single production step but throughout the whole production chain. For example, what started with so-called precision farming, e.g. using sensors in each tractor to find the ideal amount of fertilizer for a particular patch of farmland, is becoming smart farming [2], i.e. the integration of all vehicles on a farm to better coordinate their joint work. Along with this trend for more networked vehicles, new approaches to safety such as conditional safety certificates are developed. Their goal is to keep (or increase) safety levels in face of a very diverse network of machines where many decisions need to be made at runtime [3]. This computerization also allows to save production cost for OEMs or even allows new business models. It becomes possible to differentiate various models in software only, thus saving the high costs of developing multiple hardware platforms. On-demand feature activation takes this one step further: The leaser or owner of a construction vehicle, for example, may need additional power for only a certain amount of time. Upon calling the OEM and paying a fee, the software in the vehicle will then unlock

2 the desired feature. It also becomes possible to sell features sets which the customer may keep while upgrading from one vehicle to a new model. It is clear that feature activation (or selling feature sets) only makes sense when it is sufficiently secure, i.e. when only the OEM is able to unlock new/for-pay features. But the same also applies to the overall trend of increasing computerization: As software is much easier to manipulate than hardware, the number of potential attack points grows together with the amount of software in commercial vehicles. Moreover, as vehicles get more and more connected, a potential attacker does not even have to be physically close to carry out an attack. Worse, a single attack might affect or be easily ported to many vehicles at once. Machine-to-machine communication needs protective measure for another reason as well: For example, when safety assurances are calculated and communicated based on conditional safety certificates, then those same certificates must be authentic and be protected against manipulation. Whenever a given vehicle or component needs to process information from an unknown source (such as in open networks of multiple machines) or delivered via unsecure interfaces (such as ISOBUS) [4], public key infrastructures (PKI) can play a major role in providing the desired security properties. The central task of such a PKI is to bind information, for example ownership or permissible use cases, to cryptographic keys in so-called certificates. This enables the automated verficiation of, say, origin or content of a message with the help of cryptographic mechanisms and the information in these certificates. Further tasks of a PKI are key generation in a secure environment, key and certificate distribution, secure storage and more. These PKIs in the context of commercial vehicles, their applications and setup, are the focus of this article. Related work PKIs as a means to improve efficiency and safety have been discussed for some time now. The primary focus so far has been in the context of V2X applications, which are largely driven by the Car 2 Car Communication Consortium in Europe [5] and by the Department of transportation in the USA [6], [7]. The concepts in this area are already quite mature resulting in the NHTSA considering to make V2X technologoy mandatory [8]. With regard to commercial vehicles, one major use case of a V2X PKI is finding suitable parking for highway trucks in order find the optimal available parking space that drivers can reach within their regulated hours of service, thus increasing both efficiency and safety [9]. Further V2X PKI use cases include bridge height warnings, or increasing the fuel efficiency by providing detailed congestion or traffic light information [10]. Our contribution Motivated by the scenarios and use cases mentioned above and others such as tuning protection, software update, and securing of diagnosis interfaces, we describe potential roles a PKI can play in the area of commercial vehicles. Based on these considerations, we discuss the details of a potential PKI deployment. We will highlight the different components and actors that are involved in a PKI setup. To this end, we also analyze similarities and differences with other industries where PKI use is already established.

3 Finally, we sketch concrete concepts for certain applications of a PKI for commercial vehicles. Our ideas may be used as a starting point for an actual deployment. 2 PKI applications for commercial vehicles In the introduction we remarked that certificates of a PKI bind information to cryptographic keys. This in turn allows to put meaning to certain cryptographic operations thus enabling security measures that protect assets. We will now discuss various examples, grouped according to a common theme, e.g. protection of OEM interestes. 2.1 Protection of OEM interests One major application of PKIs in vehicle production is tuning protection. Take for example the case of a construction vehicle OEM that offer variously priced and powered models based on the same hardware platform. To protect the firmware of the vehicle against unauthorized manipulation (say, by the user who wants to gain unauthorized access to a more powerful vehicle), a PKI could provide certificates that prove that a certain cryptographic key belongs to the OEM s firmware developer. Assume it is known that a certain key belongs to a developer of the tractor implement manufacturer. A digital signature created with this key under the vehicle s firmware can then be used as a mechanism to verify the authenticity and integrity of the firmware. When this verification is done during the flashing of the firmware, this is often called secure flashing. A similar situation arises with unprotected diagnostic interfaces. Not everyone should necessarily be allowed to access the diagnostic readouts of an ECU or to flash new firmware. To this end, an ECU with secure access would send a challenge to the user. Only when the user presents a valid signature together with a certificate from the PKI that proves the user s authority will the ECU open its diagnostic interface. Another application is theft protection. Obviously, the owner of a vehicle or a tractor implement suffers financial damage from theft to replace the stolen equipment. The owner might also miss an important (harvesting, construction project) deadline when the equipment could not be replaced in time. This also reflects badly on the OEM who in turn has incentive to take precautions against theft. One such measure, known as component identification, can do much more than theft protection and also prevent the use of counterfeit parts [11]. Here, components use certificates to prove that they are original parts and to allow them to form closed groups, for example, all components belonging to a given vehicle. With such a setup, it also becomes possible to protect against theft of the whole vehicle: The basic idea is that one of the vehicle s components is a smart card that is not kept with the vehicle when the vehicle is not in use, but without which all other components refuse to work. 2.2 Support of new business models Similar to tuning protection discussed in the previous section, secure feature activation protects a vehicle s software against unauthorized changes. This time, however, there is the explicit option to change some key parameters against payment. Such options

4 could include unlocking additional horse power in a construction vehicle or additional sensors in a tractor implement. To this end, the user would pay the OEM who runs a PKI backend server that in turn sends a freshly generated certificate to the vehicle (either directly or via the user as proxy). The vehicle then verifies the certificate s signature and unlocks the paid features as stated within the certificate. The certificate can also contain additional information to limit the use of those features to a certain usage time or location. Taking this idea one step further, an OEM could start selling feature sets : The OEM could offer contracts that upgrade the user to the latest vehicle hardware in regular intervals and the user can take their desired features from one vehicle to the next. The basic idea, that certificates protect the feature set, is as before. In both cases there are clearly additional details to take care of to prevent, e.g. double use of a given certificate. 2.3 Efficiency improvements So far we discussed PKI applications that benefit the OEM. In this subsection we discuss efficieny improvements that primarily benefit the operator of the vehicle. In the final section of this article, we will see that this change in focus also affects the architecture of the PKI. Machine-to-machine communication can save both time and costs through higher precision, tighter integration of construction or farming processes ( smart farming ), or advanced fleet management systems. The savings can lead to drastic reduction in fuel consumption and pesticide use, thus not only benefiting the farmer, but also the environment [12]. While the benefits are many, each interface of a vehicle to the outside world also opens new attack paths an attacker might exploit. Be it for fun, fame, or competition: With wireless communication interfaces, often connected to the public internet, the attacker does not have to be physically close to their target, thus drastically reducing the likelihood of their discovery. A PKI can counterbalance this advantage of the attacker, by raising the costs of the attack: Similar to component protection, all vehicles in one farming system, commercial fleet, or construction project need to be programmed in such a way that they require the counterparts to identify themselves through the use of digital signatures and certificates. Now if an attacker wants to interfere with a system by sending fake messages, the vehicles can identify and reject the fakes as they will not include authorized signatures. 2.4 Safety improvements Finally, modern information technology can improve safety. We already mentioned conditional safety certificates and V2X in the introduction. Both try to raise safety levels in an open system of machines of various OEMs and operators interact with each other and infrastructure. For example, a V2X system may provide bridge height or collision warnings. Of course, these system can only be effective when they can be trusted, in particular, when the information contained in conditional safety certificates and V2X messages is authentic and not manipulated. As we have discussed before, a PKI can provide the necessary trust: Through digital signatures under the conditional safety certificates or messages along with certificates that bind identities to those cryptographic keys that are used to create these signatures.

5 3 Components and roles of an embedded PKI Although Public Key Infrastructures exist in various realizations, they typically incorporate similar building blocks. In the following, we specially focus on PKIs in embedded environments and if possible, we refer to already existing deployments mainly in the automotive industry. 3.1 Technical components Common to all PKIs is the main task of providing certification of cryptographic keys and optionally further information about an entity by issuing a digital certificate. This is performed by a Certification Authority (CA) that generates digital signatures over the respective data. Typically, a PKI comprises multiple CAs which are hierarchically ordered meaning that there is one root CA that can issue certificates for other CAs who can then issue certificates for further CAs or for the actual users. The technical foundation of each CA is a module to perform cryptographic operations, which is clearly also the most sensitive part of the CA. A high level of security, especially with regard to cryptographic keys, can be achieved by using a dedicated hardware security module (HSM), whoose use is strongly recommended for every PKI. Depending on the scope of the PKI, requirements regarding the HSM may differ. For vehicle-to-vehicle (V2V) communication, for instance, huge numbers of certificates must be issued resulting in high performance requirements, whereas the HSM of a root CA must primarily satisfy maximum security requirements. Having an appropriate HSM in place, the next step is to establish technical means to control access to cryptographic keys and the respective operations. Especially if a PKI targets embedded devices, the user and permission management must be tailored to the specific usage scenario and is often much more complex than in classical IT systems. Contrary to a user-centric PKI issuing authentication certificates to be used outside of the PKI, a device-centric embedded PKI offers further functionality to different kinds of users. Software developers can be allowed to sign firmware, workers at a production site can be allowed to export keys from the PKI and inject them into devices or to authenticate at protected diagnostics interfaces, and even non-human, autonomous applications may be allowed to perform cryptographic operations for various use cases. The challenge of user and permission management is to realize mechanisms which can technically enforce these organizational requirements. Often, this functionality is performed by a separate component called registration authority (RA). Finally, the functionality of the PKI must be accessible by the intended users and thus provide multiple external interfaces that are optimized for the respective use case and accessing entity. Software developers can be provided with a web interface to sign firmware, but also machine-to-machine (M2M) interfaces are common, e.g. for provisioning vehicles with certificates for V2V communication. Furthermore, specialized client tools like e.g. a local registration authority (LRA) to avoid the requirement of an online connection during production processes, and tools for key injection and secured access to diagnostics interfaces increase usability and are often an essential requirement when realizing sophisticated embedded security mechanisms.

6 3.2 User roles The task of a trusted authority can only be carried out if a proper technical implementation goes along with well-founded organizational rules that all involved people strictly follow. A precise definition of possible user roles and the respective authorizations is the foundation of all rules and policies. First and foremost, administrative tasks have to be assigned to certain roles. To minimize the threat of insider attacks, a split of duties should be established if possible. A simple but effective approach is to split the administrative role into an IT administrator for technical tasks, an auditor who may read and evaluate audit logs about the operational usage of the PKI, and a user administrator who may create and delete users, modify user properties, and assign authorizations to users. Besides, there may be various roles for the actual users of the PKI which are, technically speaken, pre-defined collections of permissions. In the previous chapter, some possible roles like software developer, workshop staff, or staff at the production line were introduced. In an embedded PKI user roles can also represent non-human entities such as entities participating in V2V communication. The role concept must be carefully developed and adapted to the specific application scenario. At the one hand, each user should be assigned least permissions as possible to protect against unauthorized actions, but at the other hand, a role concept which is too scrict may undermine the user s acceptance and could also lead to problems in the regular business operation. Another aspect that must be taken into account is the granularity of the role concept. A fine-grained concept with many different permissions is flexible but may quickly become very complex and difficult to manage. All in all, care must be taken to find the right balance between strict access control and usability. 3.3 Life cycle management Finally, all process of a CA life cycle must be secured against attacks by external people and, if possible, also against internal attackers. The most critical process is the instantiation of the CA, which includes generation and backup of the CAs signature key. Rules regarding CA instantiation should demand sufficient logging to ensure accountability of the involved persons and enforce a foureye-principle meaning that at least two people are required for the process. This process is to be separated from operational processes such as registration of users and the usage of the CA keys to sign certificates. From a security perspective, operational processes do not have as strict security requirements as the instantiation of a CA and thus require different policies. While an attacker who mounts a successful attack during the instantiation could read the CAs private key or could replace the CA key by an own key, this is not possible during operational processes as long as the technical requirements are met. Hence, attacks during operational processes are limited to single users or certificates whereas attacks on the instantiation phase have impact on all users and the CA as such. At the other hand, policies for operational processes must allow for efficient execution of requests while preserving the required security properties. These policies include regulations on how the identity of users must be verified and under which circumstances a certificate may be issued. They strongly depend on the specific usage scenario.

7 4 Model deployments for commercial vehicles The previous sections focused on potential PKI related use-cases and the individual components and roles required for a publick key infrastructure in general. In this section we will introduce three possible PKI deployments targeting commercial vehicles, an OEM controlled, a customer controlled and a public PKI. The description of each deployment defines the objectives of the setup and lists possible use-cases which can be realized with this setup. Afterwards, a possible deployment of the setup is introduced summarizing the individual components and roles for exemplary use-cases. 4.1 OEM controlled PKI In an OEM controlled PKI, the complete PKI is operated by the OEM back-end, which manages the relevant entities. The term entity is used in a broad sense and can refer to vehicles, coworkers of the OEM, technicians, third-party back-ends or coworkers of the customer. This setup is necessary when the OEM requires secure authentication among the entities and needs to grant privileges for the different roles depending on the use-cases. Typical scenarios for such a setup are Secure Flashing, Feature Activation, Secure Diagnostic Services, or Tuning Protection. The essential component of the setup is the OEM back-end which at the one hand acts as a trust anchor for the PKI, and at the other hand manages the registered entities and their respective cryptographic keys and privileges. The back-end hosts a database where all users of the PKI are registered and their authentication (e.g. symmetric key, public key, passwords) and authorization (e.g. privileges like access rights to vehicles or register other users etc.) information is stored. The back-end must be organizationally and technically protected by the OEM against unauthorized access. The most important issue regarding client interaction is a secure method for authentication. A password authentication is a simple method to create an access control mechanism, yet is prone to several weaknesses (e.g. password too simple, can be handed over to other persons etc.). A very secure method is the use of smart cards for human users and HSMs for HW components. This enables a secure authentication with assymmetric cryptography since the user or HW component can sign any message with its smart card and the signature of the message can be verified (for integrity and authenticity) by anyone owning the public certificate. Nevertheless, the selection of the authentication methods usually depends on the required security, cost and organizational requirements. More secure authentication methods may be requested for security critical services by the back-end, and more basic authentication methods are accepted for non-critical services. Figure 1 shows an exemplary setup and serves as an example to provide an insight into a realization of an OEM controlled PKI. The use case considered here is secure access to an ECU of a vehicle (e.g. for accessing diagnostic services). Two imaginary users are depicted in the setup. A PKI management officer is a user with the privileges of adding new users to the PKI and setting their access rights to the diagnostic services of the ECU s. The other user is a service technician who accesses the diagnostic interface of the ECU for maintenance work. The technician uses a PC and a diagnostic tool to connect to the vehicle s diagnostic interface. The tool, in turn, is connected to the

8 OEM s PKI, which in fact performs the authentication of the service technician and authorizes him to access the diagnostics interface. For authentication, the technician possesses a smart card that contains a digital certificate. The PKI server authenticates at the ECU either with a digital certificate which is stored securely or with a secret symmetric key that is shared between the PKI server and the ECU. If the technician wants to access the diagnostics interface, he first authenticates at the PKI server using his smart card. The PKI then checks whether the technician is authorized and in case of success triggers the ECU to grant access to the interface. Fig. 1. Exemplary PKI setup for secure vehicle access 4.2 Customer controlled PKI In a customer controlled PKI, the customer hosts a back-end which acts as a sub CA. It has a similar architecture and functionality as the OEM controlled PKI, with the difference that the root CA (OEM back-end) issues a certificate for the sub CA (customer back-end) to create a chain of trust. This certificate lists the privileges and the public key of the sub CA and is signed by the root CA. This setup fits use cases like fleet tracking, smart farming or configuration of the vehicle (e.g. due to added peripherals).

9 Figure 2 shows an exemplary setup. The setup is not related to a specific use-case but rather serves as an overview about how the CAs are related to each other. The functionality within the customer PKI is the same as the example given in secton 4.1. The same technical and organizational measures for the back-end security, storage of security critical data, authentication mechanisms and assignment of privileges have to be provided. As stated in section 4.1, the vehicle ECUs (or any other entity in the PKI) know the public key of the OEM back-end (root CA) and can verify a certificate issued by the root CA. The entitites in the customer PKI must be provided with the certificate issued by the root CA with the privileges and public key of the sub CA. With this certificate, all entities can trust the sub CA, verify certificates from the sub CA, and are aware of the privileges assigned to the sub CA by the root CA. Fig. 2. Exemplary PKI setup for a customer controlled PKI Multiple methods exist to deploy the issued certificates from the root CA. The certificates can either be sent to the entities during the authentication/authorization sequence for accessing a service (e.g. see section 4.1 secure access use-case) or the certificates can be deployed to the ECUs over the diagnostic interface with a dedicated service. 4.3 Public PKI A public PKI covers the situation where permission management and the usage of cryptographic keys is not exclusively controlled by an OEM or by a customer. A typical

10 setup which is also used in V2X communication is shown in figure 3. A common root CA is the trust anchor for all involved OEMs or other participants and issues certificates to other CAs. It defines common policies that all participants have to adhere to and can be operated commonly by the involved participants or by an independent organization. The sub CAs may be operated by an OEM, a customer or even an independent company. This is possible because the root CA audits the operators of each CA and issues certificates only if the CA fulfills all requirements stated in the respective policies. Fig. 3. Exemplary PKI setup for a public PKI A public PKI is necessary when vehicles of different manufacturers should interact and common policies are to be enforced. In this case, the common or independently operated root CA acts a trust anchor and additionally defines those policies that all participants have to adhere to. Regarding commercial vehicles, the integrity of Conditional Safety Certificates could be protected by such a public PKI. A common root CA would

11 have the role to define policies under which circumstances certain safety statements may be made in such a conditional safety certificate. 5 Conclusion Fortunately, developers of hardware and software become increasingly aware of the importance of IT security for their products. As pointed out in the beginning of this paper, there already exist some concepts that also include security mechanisms with the most significant example being V2X communication. However, we also identified use cases and deployment scenarios whoose security could be considerably increased by making use of a specially adapted public key infrastructure. Besides, implementation of security mechanisms not only protects against malicous attacks but may also increase efficiency by e.g., smart farming, fleet management tools, or traffic flow optimization and even enable new business models such as feature activation or leasing. In this paper, we present a general overview of potential use cases. It goes without saying that before an actual deployment of any of the presented use case, more detailed questions have to be solved. Finally, it is to be stressed that a PKI is a major but not the only component of a well-founded security concept. References 1. K. Köller. Landtechnische Innovationen auf der Agritechnica Website, Available online at visited on December 19th J. Knodel and D. Schneider. Sicher vernetzt. Funktionssicherheit am Beispiel Smart Farming. Mobile Maschinen 3/2013, D. Schneider, M. Becker, and M. Trapp. Approaching Runtime Trust Assurance in Open Adaptive Systems. Website, Available online at 7a Becker.pdf; visited on December 19th P. Fellmeth. CAN-based tractor - agricultural implement communication ISO CAN Newsletter September 2003, CAR 2 CAR Communication Consortium. Manifesto. Overview of the C2C-CC System, U.S. Department of Transportation. Connected Vehicles Applications. Vehicle-to- Vehicle (V2V) Communications for Safety. Website, Available online at visited on December 19th U.S. Department of Transportation. Connected Vehicles Applications. Vehicle-to- Infrastructure (V2I) Communications for Safety. Website, Available online at visited on December 19th T.P. Jeffrey. NHTSA May Mandate That New Cars Broadcast Location, Direction and Speed. Website, Available online at visited on December 19th European Commission. Directive 2010/40/EU. Framework for the Deployment of Intelligent Transport Systems, 2010.

12 10. Telematics update. V2X for Auto Safety & Mobility USA Website, Available online at visited on December 19th K. Höper, C. Paar, A. Weimerskirch, and M. Wolf. Cryptographic Component Identification: Enabler for Secure Vehicles. Proceedings 62nd IEEE Semiannual Vehicular Technology Conference, Carbon War Room. Machine to Machine Technologies: Unlocking the Potential of a $1 Trillion Industry. Website, Available online at visited on December 20th 2013.

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

The relevance of cyber-security to functional safety of connected and automated vehicles

The relevance of cyber-security to functional safety of connected and automated vehicles The relevance of cyber-security to functional safety of connected and automated vehicles André Weimerskirch University of Michigan Transportation Research Institute (UMTRI) February 12, 2014 Introduction

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

THIRD REGIONAL TRAINING WORKSHOP ON TAXATION. Brasilia, Brazil, December 3 5, 2002. Topic 4

THIRD REGIONAL TRAINING WORKSHOP ON TAXATION. Brasilia, Brazil, December 3 5, 2002. Topic 4 THIRD REGIONAL TRAINING WORKSHOP ON TAXATION Brasilia, Brazil, December 3 5, 2002 Topic 4 INFORMATION TECHNOLOGY IN SUPPORT OF THE TAX ADMINISTRATION FUNCTIONS AND TAXPAYER ASSISTANCE Nelson Gutierrez

More information

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9

More information

Secure Web Access Solution

Secure Web Access Solution Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

Vehicular On-board Security: EVITA Project

Vehicular On-board Security: EVITA Project C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security

More information

Information Technology Branch Access Control Technical Standard

Information Technology Branch Access Control Technical Standard Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,

More information

Secure Key Management A Key Feature for Modern Vehicle Electronics

Secure Key Management A Key Feature for Modern Vehicle Electronics 13AE-0069 Secure Key Management A Key Feature for Modern Vehicle Electronics Christian Schleiffer, Marko Wolf, André Weimerskirch, and Lars Wolleschensky ESCRYPT Copyright 2012 SAE International ABSTRACT

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Remote Access Security

Remote Access Security Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

IFS-8000 V2.0 INFORMATION FUSION SYSTEM

IFS-8000 V2.0 INFORMATION FUSION SYSTEM IFS-8000 V2.0 INFORMATION FUSION SYSTEM IFS-8000 V2.0 Overview IFS-8000 v2.0 is a flexible, scalable and modular IT system to support the processes of aggregation of information from intercepts to intelligence

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Automotive and Industrial Data Security

Automotive and Industrial Data Security André Weimerskirch Cybersecurity for Cyber-Physical Systems Workshop April 23-24, 2012 Overview Introduction and Motivation Risk analysis Current and future security solutions Conclusions Communication

More information

TOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT

TOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT TOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT Go beyond error detection to ensure safety and security TABLE OF CONTENTS The Three Biggest Challenges...4 Ensure compliance

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

Host-based Protection for ATM's

Host-based Protection for ATM's SOLUTION BRIEF:........................................ Host-based Protection for ATM's Who should read this paper ATM manufacturers, system integrators and operators. Content Introduction...........................................................................................................

More information

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS André Groll, Jan Holle University of Siegen, Institute for Data Communications Systems {andre.groll,jan.holle}@uni-siegen.de

More information

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's: Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure Expert Reference Series of White Papers Fundamentals of the PKI Infrastructure 1-800-COURSES www.globalknowledge.com Fundamentals of the PKI Infrastructure Boris Gigovic, Global Knowledge Instructor, CEI,

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS Embedded Systems White Paper GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS September 2009 ABSTRACT Android is an open source platform built by Google that includes an operating system,

More information

Introduction CHAPTER 1

Introduction CHAPTER 1 CHAPTER 1 Introduction Ever since the development of the first integrated circuits in the late 1950s the complexity of such devices doubled every 20 months. A development which has been anticipated by

More information

A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities.

A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities. A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities. 8.1.1 Inventory of assets. Tripwire IP360 provides comprehensive host

More information

Lecture VII : Public Key Infrastructure (PKI)

Lecture VII : Public Key Infrastructure (PKI) Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public

More information

CipherShare Features and Benefits

CipherShare Features and Benefits CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application

More information

CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY

CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY 2.1 Introduction In this chapter, I am going to introduce Database Management Systems (DBMS) and the Structured Query Language (SQL), its syntax and usage.

More information

In the pursuit of becoming smart

In the pursuit of becoming smart WHITE PAPER In the pursuit of becoming smart The business insight into Comarch IoT Platform Introduction Businesses around the world are seeking the direction for the future, trying to find the right solution

More information

Common Criteria Web Application Security Scoring CCWAPSS

Common Criteria Web Application Security Scoring CCWAPSS Criteria Web Application Security Scoring CCWAPSS Author Frédéric Charpentier, security pentester. France. Fcharpentier@xmcopartners.com Releases Version 1.0 : First public release September 2007 Version

More information

Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION

Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise

More information

FAQ: (Data) security and privacy

FAQ: (Data) security and privacy Shockwave Traffic Jams A58 FAQ: (Data) security and privacy The strength of the shockwave traffic jam service developed in the project Shockwave Traffic Jams A58 is that the participants receive customized

More information

In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that. plays a key role. J1939 networks are based on the CAN bus (high-speed

In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that. plays a key role. J1939 networks are based on the CAN bus (high-speed Networking Heavy-Duty Vehicles Based on SAE J1939 From Parameter Group to plug-and-play Application In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that plays a key role. J1939 networks

More information

Embracing Microsoft Vista for Enhanced Network Security

Embracing Microsoft Vista for Enhanced Network Security Embracing Microsoft Vista for Enhanced Network Security Effective Implementation of Server & Domain Isolation Requires Complete Network Visibility throughout the OS Migration Process For questions on this

More information

THE DOZEN CHALLENGES. to success with enterprise mobility. ebook

THE DOZEN CHALLENGES. to success with enterprise mobility. ebook THE DOZEN CHALLENGES to success with enterprise mobility ebook THE DOZEN CHALLENGES to successful mobile deployments ebook #1 #2 #3 #4 #5 #6 IT SERVICE DELIVERY Automate Patch Management and Upgrades Keep

More information

A Model for Context-dependent Access Control for Web-based Services with Role-based Approach

A Model for Context-dependent Access Control for Web-based Services with Role-based Approach A Model for Context-dependent Access Control for Web-based Services with Role-based Approach Ruben Wolf, Thomas Keinz, Markus Schneider FhG Institute for Secure Telecooperation (SIT), 64293 Darmstadt,

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Smarter wireless networks

Smarter wireless networks IBM Software Telecommunications Thought Leadership White Paper Smarter wireless networks Add intelligence to the mobile network edge 2 Smarter wireless networks Contents 2 Introduction 3 Intelligent base

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

BRING YOUR OWN DEVICE

BRING YOUR OWN DEVICE BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues

More information

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software

More information

IPv6 First Hop Security Protecting Your IPv6 Access Network

IPv6 First Hop Security Protecting Your IPv6 Access Network IPv6 First Hop Security Protecting Your IPv6 Access Network What You Will Learn This paper provides a brief introduction to common security threats on IPv6 campus access networks and will explain the value

More information

Anonymous CPS 182s 9/20/2003. ISP-3: The Rise of the Internet Service Providers

Anonymous CPS 182s 9/20/2003. ISP-3: The Rise of the Internet Service Providers Anonymous CPS 182s 9/20/2003 ISP-3: The Rise of the Internet Service Providers ISP-3: The Rise of the Internet Service Providers Special effects in movies have captivated audiences by growing exponentially

More information

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for

More information

Prepare an IT security policy... 4. How are users accessing the system?... 5. How many powerful users are on the system?... 6

Prepare an IT security policy... 4. How are users accessing the system?... 5. How many powerful users are on the system?... 6 ROADMAP TO COMPLIANCE ON THE IBM SYSTEM i WHITE PAPER APRIL 2009 Table of Contents Prepare an IT security policy... 4 How are users accessing the system?... 5 How many powerful users are on the system?...

More information

SECURE DIGITAL SIGNATURES FOR APPRAISERS

SECURE DIGITAL SIGNATURES FOR APPRAISERS ABSTRACT An appraiser s credibility is represented by a valid license and the signature affixed to a report. Providing a common requirement for the creation of digital signatures for licensed or certified

More information

Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments

Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments A Secure Shell Key Management White Paper Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments Emerging trends impacting PCI-DSS compliance requirements in secure shell deployments

More information

Meet The Family. Payment Security Standards

Meet The Family. Payment Security Standards Meet The Family Payment Security Standards Meet The Family Payment Security Standards Payment Processing Electronic payments are increasingly becoming part of our everyday lives. For most people, it can

More information

SHARPCLOUD SECURITY STATEMENT

SHARPCLOUD SECURITY STATEMENT SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

1.1.1 Introduction to Cloud Computing

1.1.1 Introduction to Cloud Computing 1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the

More information

Mitigating Bring Your Own Device (BYOD) Risk for Organisations

Mitigating Bring Your Own Device (BYOD) Risk for Organisations Mitigating Bring Your Own Device (BYOD) Risk for Organisations Harness the benefits and mitigate the risks of BYOD espiongroup.com Executive Summary Mobile devices such as smart phones, tablets, or laptops

More information

GoodData Corporation Security White Paper

GoodData Corporation Security White Paper GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share

More information

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems Page 1 of 5 Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems In July the Payment Card Industry Security Standards Council (PCI SSC) published

More information

Maintain Fleet Management Solutions Using Wide Area Wireless Technology

Maintain Fleet Management Solutions Using Wide Area Wireless Technology Maintain Fleet Management Solutions Using Wide Area Wireless Technology Andreas Kohn Sierra Wireless, Inc. August, 2010 1 Introduction Wireless technology can provide a competitive advantage in today s

More information

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 11: Active Directory Certificate Services Objectives Describe the components of a PKI system Deploy the Active Directory

More information

Pervasive Computing und. Informationssicherheit

Pervasive Computing und. Informationssicherheit Pervasive Computing und 11. Symposium on Privacy and Security Rüschlikon, 13. September 2006 Prof. Christof Paar European Competence Center for IT Security www.crypto.rub.de Contents 1. Pervasive Computing

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Why organizations need to archive email? The underlying reasons why corporate email archiving is important

Why organizations need to archive email? The underlying reasons why corporate email archiving is important Why organizations need to archive email? The underlying reasons why corporate email archiving is important Over the past few years, email has become an integral part of the business workflow. This document

More information

Embedded Security for Modern Building Automation Systems

Embedded Security for Modern Building Automation Systems Embedded Security for Modern Building Automation Systems Daniel Höttges, ESCRYPT GmbH Embedded Security, Bochum, Germany Marko Wolf, ESCRYPT GmbH Embedded Security, München, Germany Digitalization and

More information

Remote Management White Paper 27th June, 2012

Remote Management White Paper 27th June, 2012 Remote Management White Paper 27th June, 2012 Contents Page 3 Page 4 Page 5 Page 8 Page 10 Page 11 Executive Summary The rise of wireless M2M The need Remote monitoring and control Borderless networks

More information

"Secure insight, anytime, anywhere."

Secure insight, anytime, anywhere. "Secure insight, anytime, anywhere." THE MOBILE PARADIGM Mobile technology is revolutionizing the way information is accessed, distributed and consumed. This 5th way of computing will dwarf all others

More information

YubiKey Authentication Module Design Guideline

YubiKey Authentication Module Design Guideline YubiKey Authentication Module Design Guideline Yubico Application Note Version 1.0 May 7, 2012 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company

More information

Symphony Plus Cyber security for the power and water industries

Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

Multi-Factor Authentication

Multi-Factor Authentication Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on

More information

Car Connections. Johan Lukkien. System Architecture and Networking

Car Connections. Johan Lukkien. System Architecture and Networking Car Connections Johan Lukkien System Architecture and Networking 1 Smart mobility, TU/e wide Cooperative Driving (platooning), A270: Helmond-Eindhoven, 2011 (Mechanical Engineering/TNO) Full electric:

More information

Security in Vehicle Networks

Security in Vehicle Networks Security in Vehicle Networks Armin Happel, Christof Ebert Stuttgart, 17. March 2015 V1.1 2015-04-28 Introduction Vector Consulting Services supports clients worldwide in improving their product development

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

How Technology Executives are Managing the Shift to BYOD

How Technology Executives are Managing the Shift to BYOD A UBM TECHWEB WHITE PAPER SEPTEMBER 2012 How Technology Executives are Managing the Shift to BYOD An analysis of the benefits and hurdles of enabling employees to use their own consumer devices in the

More information

Leveraging Privileged Identity Governance to Improve Security Posture

Leveraging Privileged Identity Governance to Improve Security Posture Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both

More information

Test du CISM. Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais.

Test du CISM. Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais. Test du CISM Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais. 1. Which of the following would BEST ensure the success of information security governance within an organization?

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

A Framework for Secure and Verifiable Logging in Public Communication Networks

A Framework for Secure and Verifiable Logging in Public Communication Networks A Framework for Secure and Verifiable Logging in Public Communication Networks Vassilios Stathopoulos, Panayiotis Kotzanikolaou and Emmanouil Magkos {v.stathopoulos, p.kotzanikolaou}@adae.gr emagos@ionio.gr

More information

Protection profile of an industrial firewall

Protection profile of an industrial firewall Version 1.0 mid-term GTCSI July 13, 2015 Preface In the whole document, the acronym ToE (Target of Evaluation) designates the component being evaluated. Text in red differs from the short-term version

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

MovieLabs Specification for Enhanced Content Protection Version 1.0

MovieLabs Specification for Enhanced Content Protection Version 1.0 MovieLabs Specification for Enhanced Content Protection Version 1.0 Introduction Digital content distribution technologies are evolving and advancing at a rapid pace. Content creators are using these technologies

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Autodesk PLM 360 Security Whitepaper

Autodesk PLM 360 Security Whitepaper Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure

More information

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

White Paper. What is an Identity Provider, and Why Should My Organization Become One? White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today

More information

IoT Security Concerns and Renesas Synergy Solutions

IoT Security Concerns and Renesas Synergy Solutions IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas

More information

How much do you pay for your PKI solution?

How much do you pay for your PKI solution? Information Paper Understand the total cost of your PKI How much do you pay for your PKI? A closer look into the real costs associated with building and running your own Public Key Infrastructure and 3SKey.

More information

CMB 207 1I Citrix XenApp and XenDesktop Fast Track

CMB 207 1I Citrix XenApp and XenDesktop Fast Track CMB 207 1I Citrix XenApp and XenDesktop Fast Track This fast paced course provides the foundation necessary for students to effectively centralize and manage desktops and applications in the datacenter

More information

Feedback Ferret. Security Incident Response Plan

Feedback Ferret. Security Incident Response Plan Feedback Ferret Security Incident Response Plan Document Reference Feedback Ferret Security Incident Response Plan Version 3.0 Date Created June 2013 Effective From 20 June 2013 Issued By Feedback Ferret

More information

NIST ITL July 2012 CA Compromise

NIST ITL July 2012 CA Compromise NIST ITL July 2012 CA Compromise Prepared for: Intelligent People paul.turner@venafi.com 1 NIST ITL Bulletin on CA Compromise http://csrc.nist.gov/publications/nistbul/july-2012_itl-bulletin.pdf These

More information

10 Hidden IT Risks That Might Threaten Your Law Firm

10 Hidden IT Risks That Might Threaten Your Law Firm (Plus 1 Fast Way to Find Them) Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

INDUSTRY REPORT ON AIRBAG INDUSTRY

INDUSTRY REPORT ON AIRBAG INDUSTRY INDUSTRY REPORT ON AIRBAG INDUSTRY AIRBAG MARKET GROWTH DRIVERS: Key drivers for airbags industry are: Federal regulation-first and foremost Public awareness General increase in concerns for safety Development

More information

10 TIPS. for better Fleet Management WHITE PAPER. Who should read this paper? CEOs CFOs COOs Fleet managers Finance executives

10 TIPS. for better Fleet Management WHITE PAPER. Who should read this paper? CEOs CFOs COOs Fleet managers Finance executives WHITE PAPER 10 TIPS for better Fleet Management by Valério Marques CEO, Frotcom International Who should read this paper? CEOs CFOs COOs Fleet managers Finance executives This paper shows that with a few

More information

1 Public Key Cryptography and Information Security

1 Public Key Cryptography and Information Security International Carpathian Control Conference ICCC 2002 MALENOVICE, CZECH REPUBLIC May 27-30, 2002 IMPLEMENTATION ISSUES OF PKI TECHNOLOGY Victor-Valeriu PATRICIU, Marin BICA and Ion BICA Department of Computer

More information