Strategic Platforms Information Security 2014

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Strategic Platforms Information Security 2014"

Transcription

1 Strategic Platforms Information Security Data Mining for security process monitoring New authentication mechanism for System Information Call for «Expression of Interest» Submission form Deadline: 16 June 2014 at 14:00 pm T: F: Page 1 / 15

2 Strategic Platforms Security Information2014 Data mining for Security process monitoring & New authentication mechanism for system information Introduction The Regional Plan for Innovation (RPI), approved by the Government in Brussels in 2006, defines the regional strategy in scientific research and technological innovation for the period Specifically, the strategy aims to combine a balanced way, on the one hand, the development of the competitiveness of existing industrial base in the Brussels-Capital, on the other hand, the concentration of resources on three areas: ICT (information and communication) Health Environment Among the strategic areas developed under the RPI, the stimulation of innovation is one of the essential pillars. Concrete actions at this level involve upstream interventions by strengthening the technological potential of research units. The action Strategic Platforms funds research projects with a short/medium valorisation perspective and performed in a collaborative and multidisciplinary way within universities, colleges and research centres located on the regional territory. In 2011, the Minister in charge of the economy, the employment and the scientific research has initiated an update of the RPI presenting concrete actions for The short-term ( ) concrete actions of this updated RPI strengthen and perpetuate existing tools. Hence, the updated version of the RPI planned to set up a strategic platforms programme in the Civil Security field in In the document from the consultant that was at the basis of this updated version of the RPI, the recommendations propose in the linked actions (strategic platform included) to focus on the most promising niche in Brussels, being Information Security. T: F: Page 2 / 15

3 Content The first semester of 2014, Innoviris performed a consultation of the main actors involved in the Information Security sector. The objective was to determine the relevant subthemes in Information Security for both the enterprises and academics knowing that the enterprises have specific needs and academics have different capabilities. Therefore, Innoviris created a Framework categorizing the different topics in Information Security encountered by the enterprises and academics. The framework gives as output the most relevant domains for both types of actors. Figure 1: Every capacity or need can be classified in the 3-axes framework The different axes used in the framework to classify the data are the following: 1 st level Policy and Procedure The topic is about solutions to organizational challenges Technology The topic is about solutions to technical challenges Education The topic is about educating stakeholders on information security 2 nd level Confidentiality Confidentiality is a set of rules or a promise that limits access to certain types of information Integrity Integrity is the assurance that information can only be accessed and modified by those authorized Availability Availability is the quality of being at hand when needed Authentication Authentication is the process of determining whether someone or something is, who or what it is declared to be Non-Repudiation Non-Repudiation is the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature T: F: Page 3 / 15

4 3 rd level Storage ( ) The topic is about how information is stored Processing ( ) The topic is about how information is processed Transmission ( ) The topic is about how information is transmitted With this framework, Innoviris met various organizations, institutions and companies of different sizes (from Small & Medium Enterprise to large companies) in different sectors (e.g. Finance, Telecom, Security, Public ) to determine their current needs. Figure 2: The results of the needs for the business side shows an additional focus on Policy & Procedure and Education, on Authentication and on Transmission Innoviris also met different universities and research centres from Brussels to determine the topics in Information Security on which they have research capabilities. Figure 3: The results of the capabilities in the universities and research centres shows a high focus on Technology, Authentication and on Transmission The most relevant domains given by the framework for both enterprises and academics are centred on securing transmission and improving authentication confidentiality and integrity measures. From this analysis, three themes were chosen from the top domains. T: F: Page 4 / 15

5 Figure 4: The topic where most capabilities from the research side and most needs from the business side emerge on the 2 nd level is authentication After this round of consultation, Innoviris organised a workshop with a cluster of enterprise to fine-tune the three themes that emerged from the first round. During this workshop, the three initial themes were presented and challenged by the participants to evolve to the themes presented in this call for Expression of interest. The two identified themes are: New Authentication mechanism for information systems Data mining for Security process monitoring New Authentication mechanism for information systems Authentication in information security systems have been in place for more than 30 years mainly as login password combinations. As this method is deeply rooted in the products, the change to safer authentication methods is happening only slowly and mostly in the realm of online services. This creates multiple challenges. The user s credentials are often the last line of defence for company s assets. Weak passwords, password reusage and noncompliant use puts information at risk. Multiple attack vectors exist and are regularly used by criminals and law agencies. Code cracking abilities are rising due to cheap computational power Ideally authentication systems need to be easier to use than to bypass. Example for topics: Create secure protocols or cryptographic solutions (e.g. quantum cryptography) Develop login interfaces or mechanism with optimized adoption rates Optimize Multi-factor authentication mechanisms Develop Drop-In replacement solutions for changing authentication mechanisms Secure implementations of cryptographic token Automated Quality Assessment Authentication using Watermarking and Perceptual Hashing Implement security mechanisms for the Internet of things limited resources T: F: Page 5 / 15

6 Data mining for Security process monitoring Due to the widespread use of information systems an avalanche of data ( and more particularly raw data of log files or event logs generated by various networking devices, Operating Systems and Application Servers ) continues to grow in systems. While law enforcement agencies have been able to upgrade their capabilities in the last decade, individuals and corporations have yet to find an answer to the increasing amount and orchestration of attacks of their information assets. This risk is enhanced by the unbalance of power of criminal organisations vs. information security resources available. The internet of things will provide even more data in less time, which needs to be analysed to identify attacks. Therefore there is a need of automating data mining and thus facilitating the task of information security officers. There is also an opportunity to use already existing data that is currently not or not enough valorised due to the difficulty to get information out of it. The processing of various raw data with data mining and machine-learning techniques can also anticipate and predict security problem, vulnerabilities and attack. Examples for topics: Internet of things real time risk assessments Embedded platforms security fuzzing approaches (energy, automotive, e-health, ) Multimodal distributed node data aggregation and attack pattern recognition Fail-safe implementations and actionable alert reports Detect issues/risks/trends from existing data (e.g. aggregation and analysis of logs) T: F: Page 6 / 15

7 Platform Sponsorship Each project must be sponsored by at least one organisation representing the end users and/or stakeholders (a company, a non-profit association or an institutional organization). The sponsor will be involved all along the project to validate the valorisation, the exploitation or the dissemination of the results. It is upon the sponsor to clearly describe the way he will be involved. Consortium The consortium of partners must Be composed of at least 2 institutions Duration The duration of the project will last minimum 2 years and maximum 3 years. Valorisation The project will be an applied research project with a short/mid-term economical and/or social valorisation. To show the economic value of the project, the number and the level of involvement of the companies interested in the project can be followed using the framework displayed in Figure 5. Figure 5: Depending on the number of partners and their level of interest, different ways to valorise the project can be applied T: F: Page 7 / 15

8 Each level of involvement, and the number of companies at each level, gives information on the economic value of the project: Inspiration/Sensibilisation This level shows all the companies that are interested by the project. Challenging At the challenging level, the organizations give their active feedback on the project Collaboration Deeper on the collaboration level, the organizations start to work together on the project Pilot Case These companies accept to be the first pilots for the project Innovation project together At this level, the organizations are fully integrated in the innovation project. Some examples of economical valorisation are Spin-off creation Transfer of knowledge through IRD (Industrial Research & Development ) projects, outsourcing,... Technology transfer to companies Sale / licensing of IP to companies Some examples of social valorisation are Easier security for everyone Increased security of personal data Reduction of fraud/phishing Unsuccessful industrial espionage leads to safer jobs due to economic advantages Critical infrastructures become more resilient T: F: Page 8 / 15

9 Evaluation Process May June July August September October November December January Express of Interest Selection of proposals Elaboration and submission of projects for selected proposals Projects evaluation and selection Governmental decision Start T: F: Page 9 / 15

10 Partners information Title: Applications topics (choose the topic(s) of the research) New Authentication mechanism for information systems Data mining for Security process monitoring Applicant information: indicate the data of the proposed research centers (min 2). Research Unit 1 (Coordinator): Name, forename: , Phone Profile: Institution: Research Unit: Signature of applicant: T: F: Page 10 / 15

11 Research Unit 2: Name, forename: , Phone Profile: Institution: Research Unit: Signature of applicant: T: F: Page 11 / 15

12 Description of the research proposal Summary (objectives/scientific strategy) (max. 1 page) 1. Describe the project objective and research goals. 2. Define briefly the addressed problems by relating them to the current state of knowledge. 3. Justify the originality of the proposal and its innovative character. 4. Emphasize the quality of the proposal by exposing the proposed approaches and methods T: F: Page 12 / 15

13 Potential valorization of the results Summary (max. 1 page) Explain how the project outcome will be valorized. T: F: Page 13 / 15

14 Sponsorship Summary (max. 1 page) Describe briefly how the sponsor will be involved. T: F: Page 14 / 15

15 Major publications of the applicant in the field of the proposed research (max. 3) Listing (max. 1 page) Give a list of maximum 3 most relevant recent publications of the partners in direct relation with the proposed research. T: F: Page 15 / 15

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

Pass-the-Hash. Solution Brief

Pass-the-Hash. Solution Brief Solution Brief What is Pass-the-Hash? The tools and techniques that hackers use to infiltrate an organization are constantly evolving. Credential theft is a consistent concern as compromised credentials

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America 1 Top Ten Security and Privacy Challenges for Big Data and Smartgrids Arnab Roy Fujitsu Laboratories of America 2 User Roles and Security Concerns [SKCP11] Users and Security Concerns [SKCP10] Utilities:

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Weighted Total Mark. Weighted Exam Mark

Weighted Total Mark. Weighted Exam Mark CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU

More information

Swivel Multi-factor Authentication

Swivel Multi-factor Authentication Swivel Multi-factor Authentication White Paper Abstract Swivel is a flexible authentication solution that offers a wide range of authentication models. The use of the Swivel patented one-time code extraction

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

Business Process Automation through Application Software

Business Process Automation through Application Software 5 Business Process Automation through Application Software 5.1 Introduction The speed of automation of all activities, whether they be connected to business directly or not has surprised the stakeholders

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

DIVISION OF INFORMATION SECURITY (DIS)

DIVISION OF INFORMATION SECURITY (DIS) DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Information Systems Acquisitions, Development, and Maintenance v1.0 October 15, 2013 Revision History Update this table every time a new

More information

Building Secure Multi-Factor Authentication

Building Secure Multi-Factor Authentication Building Secure Multi-Factor Authentication Three best practices for engineering and product leaders Okta Inc. I 301 Brannan Street, Suite 300 I San Francisco CA, 94107 info@okta.com I 1-888-722-7871 Introduction

More information

Central Desktop Enterprise Edition (Security Pack)

Central Desktop Enterprise Edition (Security Pack) Central Desktop Enterprise Edition (Security Pack) The Central Desktop Security Pack is included in the Enterprise Edition of Central Desktop. The Enterprise Edition is for companies and organizations

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

Master of Science in Information Systems & Security Management. Courses Descriptions

Master of Science in Information Systems & Security Management. Courses Descriptions Master of Science in Information Systems & Security Management Security Related Courses Courses Descriptions ISSM 530. Information Security. 1 st Semester. Lect. 3, 3 credits. This is an introductory course

More information

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:

More information

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu CIS 6930/4930 Computer and Network Security Dr. Yao Liu About Instructor Dr. Yao Liu, Office: ENB 336 Phone: 813-974-1079 Email: yliu@cse.usf.edu URL: http://www.cse.usf.edu/~yliu/ Office hour: TR 2:00pm

More information

Security Implications Associated with Mass Notification Systems

Security Implications Associated with Mass Notification Systems Security Implications Associated with Mass Notification Systems Overview Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these

More information

Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19

Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Andrew Sessions, Abel Sussman Biometrics Consortium Conference Agenda

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

OWASP Cornucopia. Ecommerce Website Edition. The OWASP Foundation. OWASP London https://www.owasp.org. 3rd June 2013

OWASP Cornucopia. Ecommerce Website Edition. The OWASP Foundation. OWASP London https://www.owasp.org. 3rd June 2013 The OWASP Foundation OWASP London https://www.owasp.org 3rd June 2013 OWASP Cornucopia Ecommerce Website Edition OWASP Cornucopia - Ecommerce Website Edition helps developers identify security requirements

More information

PINsafe Multifactor Authentication Solution. Technical White Paper

PINsafe Multifactor Authentication Solution. Technical White Paper PINsafe Multifactor Authentication Solution Technical White Paper Abstract PINsafe is a flexible authentication solution that offers a wide range of authentication models. The use of the patented one-time

More information

PROTECTING SYSTEMS AND DATA PASSWORD ADVICE

PROTECTING SYSTEMS AND DATA PASSWORD ADVICE PROTECTING SYSTEMS AND DATA PASSWORD ADVICE DECEMBER 2012 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does not constitute

More information

FTA Computer Security Workshop. Secure Email

FTA Computer Security Workshop. Secure Email FTA Computer Security Workshop Secure Email March 8, 2007 Stan Wiechert, KDOR IS Security Officer Outline of Presentation The Risks associated with Email Business Constraints Secure Email Features Some

More information

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments

Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments A Secure Shell Key Management White Paper Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments Emerging trends impacting PCI-DSS compliance requirements in secure shell deployments

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

Egyptian Best Practices Securing E-Services

Egyptian Best Practices Securing E-Services Egyptian Best Practices Securing E-Services Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA Agenda Security Measures for E-Services Examples of E- Services Threats

More information

Application Reviews and Web Application Firewalls Clarified. Information Supplement: PCI Data Security Standard (PCI DSS) Requirement:

Application Reviews and Web Application Firewalls Clarified. Information Supplement: PCI Data Security Standard (PCI DSS) Requirement: Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls

More information

Cyber Security VTT and the Finnish Approach

Cyber Security VTT and the Finnish Approach Cyber Security VTT and the Finnish Approach September 22, 2015 Reijo Savola, Principal Scientist CHALLENGES Explosive increase in number and impact of cyber security attacks Use of Internet technologies

More information

CSC 474 Information Systems Security

CSC 474 Information Systems Security CSC 474 Information Systems Security Introduction About Instructor Dr. Peng Ning, assistant professor of computer science http://www.csc.ncsu.edu/faculty/ning pning@ncsu.edu (919)513-4457 Office: Room

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

GOVERNMENT OF THE REPUBLIC OF LITHUANIA GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For

More information

New Systems and Services Security Guidance

New Systems and Services Security Guidance New Systems and Services Security Guidance Version Version Number Date Author Type of modification / Notes 0.1 29/05/2012 Donna Waymouth First draft 0.2 21/06/2012 Donna Waymouth Update re certificates

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Why the Global Cyber Security Landscape Paints a Concerning Picture

Why the Global Cyber Security Landscape Paints a Concerning Picture SESSION ID: SPO-W07A Why the Global Cyber Security Landscape Paints a Concerning Picture Simon Goldsmith Director of Cyber Security (Commercial Sectors) BAE Systems @BAE_AI Today s Discussion PART 1 THE

More information

e-governance Password Management Guidelines Draft 0.1

e-governance Password Management Guidelines Draft 0.1 e-governance Password Management Guidelines Draft 0.1 DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S.

More information

πωχ Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers

πωχ Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers Lotus Domino is inherently secure...a Misconception!!! Security is Not Automatic!!!! Slide #2 Security Requires Planning Design

More information

Online Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice

Online Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice Online Data Services Security Guidelines Online Data Services by Esri UK Security Best Practice 28 November 2014 Contents Contents... 1 1. Introduction... 2 2. Data Service Accounts, Security and Fair

More information

Glossary of Key Terms

Glossary of Key Terms and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

NCSRA-II Workshop. Event X. Critical Infrastructures. Cyber Security Research. Aug 29, July 3, Erik, Herbert, Frank, Sandro,

NCSRA-II Workshop. Event X. Critical Infrastructures. Cyber Security Research. Aug 29, July 3, Erik, Herbert, Frank, Sandro, NCSRA-II Workshop Event X Critical Infrastructures Cyber Security Research Aug 29, 2013 July 3, 2013 Erik, Herbert, Frank, Sandro, Herbert Bos (VU) Sandro Etalle(TUE) Frank Fransen (TNO) Erik Poll (RU)

More information

LEAP Local Employment Access Project: Low Cost Innovative Solutions to unemployment at a local level

LEAP Local Employment Access Project: Low Cost Innovative Solutions to unemployment at a local level LEAP Local Employment Access Project: Low Cost Innovative Solutions to unemployment at a local level Preliminary project outline for the RE-BLOCK Partnership Budapest, February 2015 1 Background The current

More information

HabEat - FP7-245012. HabEat

HabEat - FP7-245012. HabEat HabEat Determining factors and critical periods in food habit formation and breaking in early childhood: a multidisciplinary approach Grant agreement number: FP7-245012 Medium-scale Collaborative Project

More information

Submission and selection procedures

Submission and selection procedures Submission and selection procedures Luciano Di Fonzo Education, Audiovisual and Culture Executive Agency 1 Purpose of the presentation Maximise your chances of submitting a high quality application by:

More information

Security Characteristics of Cryptographic Mobility Solutions

Security Characteristics of Cryptographic Mobility Solutions Security Characteristics of Cryptographic Mobility Solutions Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 sarbari@electrosoft-inc.com http://www.electrosoft-inc.com Agenda What is a Cryptographic

More information

Interim Threat / Risk Assessment. Student E- Communications Outsourcing Project

Interim Threat / Risk Assessment. Student E- Communications Outsourcing Project Interim Threat / Risk Assessment Student E- Communications Outsourcing Project Martin Loeffler Information Security, I+TS Creation Date: Version 1.0 June 24, 2010 Last Updated: Version 2.0 July 6, 2010

More information

Check list for web developers

Check list for web developers Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

SANS Security 528 CASP Practice Exam

SANS Security 528 CASP Practice Exam SANS Security 528 CASP Practice Exam Number: CAS-001 Passing Score: 750 Time Limit: 60 min File Version: 1.1 Join us in Washington DC the week of July 22nd for SEC528: SANS Training Program for the CompTIA

More information

Securing Remote Vendor Access with Privileged Account Security

Securing Remote Vendor Access with Privileged Account Security Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials

More information

DIRECT DATA FLOW CHANNEL (SECURE FILE TRANSFER)/ IBM CONNECT:DIRECT GUIDE

DIRECT DATA FLOW CHANNEL (SECURE FILE TRANSFER)/ IBM CONNECT:DIRECT GUIDE DIRECT DATA FLOW CHANNEL (SECURE FILE TRANSFER)/ IBM CONNECT:DIRECT GUIDE DIRECT DATA FLOW CHANNEL (SECURE FILE TRANSFER) / IBM CONNECT:DIRECT GUIDE JANUARY 2012 1 1. PURPOSE The purpose of this guide

More information

privileged identities management best practices

privileged identities management best practices privileged identities management best practices abstract The threat landscape today requires continuous monitoring of risks be it industrial espionage, cybercrime, cyber-attacks, Advanced Persistent Threat

More information

TRIPWIRE NERC SOLUTION SUITE

TRIPWIRE NERC SOLUTION SUITE CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering

More information

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

solutions Biometrics integration

solutions Biometrics integration Biometrics integration Challenges Demanding access control and identity authentication requirements drive the need for biometrics. Regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability

More information

Kentico CMS security facts

Kentico CMS security facts Kentico CMS security facts ELSE 1 www.kentico.com Preface The document provides the reader an overview of how security is handled by Kentico CMS. It does not give a full list of all possibilities in the

More information

Compliance Guide: PCI DSS

Compliance Guide: PCI DSS Compliance Guide: PCI DSS PCI DSS Compliance Compliance mapping using Huntsman INTRODUCTION The Payment Card Industry Data Security Standard (PCI DSS) was developed with industry support by the PCI Security

More information

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Five Steps to Improve Internal Network Security. Chattanooga ISSA Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical

More information

Network Security Innovation Platform

Network Security Innovation Platform Technology Strategy Innovation Platform Andrew Tyrer Innovation Platform Manager Office of Science and Innovation DTI Innovation Platform Technology Programme ICT opportunities Andrew Tyrer Innovation

More information

THE OPEN UNIVERSITY OF TANZANIA

THE OPEN UNIVERSITY OF TANZANIA THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

Europol Public Information VACANCY NOTICE

Europol Public Information VACANCY NOTICE The Hague, 21 April 2015 Reg. nº: Europol/2015/TA/AD8/193 VACANCY NOTICE Name of the Post: Senior Specialist Enterprise Infrastructure Architect (AD8), within the ICT Business Area, Architecture Team of

More information

6. Exercise: Writing Security Advisories

6. Exercise: Writing Security Advisories CERT Exercises Toolset 49 49 6. Exercise: Writing Security Advisories Main Objective Targeted Audience Total Duration Time Schedule Frequency The objective of the exercise is to provide a practical overview

More information

ICT USER ACCOUNT MANAGEMENT POLICY

ICT USER ACCOUNT MANAGEMENT POLICY ICT USER ACCOUNT MANAGEMENT POLICY Version Control Version Date Author(s) Details 1.1 23/03/2015 Yaw New Policy ICT User Account Management Policy 2 Contents 1. Preamble... 4 2. Terms and definitions...

More information

CMP3002 Advanced Web Technology

CMP3002 Advanced Web Technology CMP3002 Advanced Web Technology Assignment 1: Web Security Audit A web security audit on a proposed eshop website By Adam Wright Table of Contents Table of Contents... 2 Table of Tables... 2 Introduction...

More information

Internet of Things EUROPEAN RESEARCH CLUSTER ON THE INTERNET OF THINGS. October, Pan European Research and Innovation Vision

Internet of Things EUROPEAN RESEARCH CLUSTER ON THE INTERNET OF THINGS. October, Pan European Research and Innovation Vision Internet of Things Pan European Research and Innovation Vision EUROPEAN RESEARCH CLUSTER ON THE INTERNET OF THINGS October, 2011 Without change there is no innovation, creativity, or incentive for improvement.

More information

Oracle WebCenter Content

Oracle WebCenter Content Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was

More information

Erasmus+ General Information. Application Form Call: 2015. KA2 Cooperation and Innovation for Good Practices

Erasmus+ General Information. Application Form Call: 2015. KA2 Cooperation and Innovation for Good Practices General Information This application form consists of the following main sections: - Context: this section asks for general information about the type of project proposal you want to submit; - Participating

More information

Apache Milagro (incubating) An Introduction ApacheCon North America

Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the

More information

1. Introduction to ehealth:

1. Introduction to ehealth: 1. Introduction to ehealth: E-Health is one of the fastest growing areas within the health sector. The scope of e- Health involves application of the knowledge, skills and tools, which enable information

More information

PCI DSS Requirements - Security Controls and Processes

PCI DSS Requirements - Security Controls and Processes 1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data

More information

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI

More information

Guidelines for applicants for the 1 st Transnational Call for Proposals (pre-proposal phase)

Guidelines for applicants for the 1 st Transnational Call for Proposals (pre-proposal phase) SUSFOOD - An FP7 ERA-NET on Sustainable Food Production and Consumption Guidelines for applicants for the 1 st Transnational Call for Proposals (pre-proposal phase) Closing date for pre-proposals: 03 May

More information

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

MSc Cyber Security. identity. hacker. virus. network. information

MSc Cyber Security. identity. hacker. virus. network. information identity MSc Cyber Security hacker virus QA is the foremost provider of education in the UK. We work with individuals at all stages of their careers, from our award-winning apprenticeship programmes, through

More information

D 1.1 Project Toolbox

D 1.1 Project Toolbox 1 D 1.1 Project Toolbox Union s Horizon 2020 research and innovation programme under grant agreement No 644367. 2 Project no. 644367 Project acronym: MY-WAY Project title: Strengthening the web entrepreneurship

More information

Service Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin

Service Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin Service Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin Purpose of document The purpose of this document is to assist users in reset their USD passwords

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...

More information

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Future cybersecurity threats and research needs.

Future cybersecurity threats and research needs. www.thalesgroup.com Future cybersecurity threats and research needs. 3 rd Franco-American Workshop on Cybersecurity Lyon Kreshnik Musaraj kreshnik.musaraj@thalesgroup.com December 9. 2014 2 / Challenges

More information

ITL BULLETIN FOR JANUARY 2011

ITL BULLETIN FOR JANUARY 2011 ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

QuickBooks Online: Security & Infrastructure

QuickBooks Online: Security & Infrastructure QuickBooks Online: Security & Infrastructure May 2014 Contents Introduction: QuickBooks Online Security and Infrastructure... 3 Security of Your Data... 3 Access Control... 3 Privacy... 4 Availability...

More information