IT-Security All safe and sound?
|
|
- Helena Adams
- 8 years ago
- Views:
Transcription
1 IT-Security All safe and sound? The building blocks for secure E-Government Dr. Vienna, Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz
2 Contents 1. AT E-Gov Big Picture 2. eid 3. Electronic Signatures 4. Challenges Vienna,
3 E-Government maturity and sophistication Information provision Interactive Fully transactional Vienna,
4 Usage in Austria: HELP.gv.at Source: Bundeskanzleramt Vienna,
5 The Legal Framework SigG (signature) E-GovG (egovernment) AVG (general procedures) ZustG (delivery) secondary legal regulations specifications and recommendations Source: Bundeskanzleramt Vienna,
6 The Big Picture portal application portal register edelivery manager print service officer forms server bank archive edelivery service Source: Bundeskanzleramt Vienna,
7 Core Elements Source: Bundeskanzleramt Vienna,
8 Core Security Building Blocks Authentication Identification / eid Electronic Signatures Registered Electronic Mail Vienna,
9 Part 2: eid Vienna,
10 C2G Vienna,
11 Little security requirement when browsing public data trusted identity reading manipulating data authorizing the transaction Citizen transaction and security transaction integrity eid Source: Reinhard Posch, Major Cities, Wien ? privacy - access S Vienna, esig
12 Little security requirement when browsing public data trusted identity reading manipulating data authorizing the transaction Citizen transaction and security transaction integrity eid Security-relevant phase entered with eid; may be concluded with esig esig eid Source: Reinhard Posch, Major Cities, Wien ? privacy - access S Vienna, esig
13 eid ambitions Personal data = digital currency Digital identity "economic" drive USER ENABLEMENT eid "trust-building" drive USER EMPOWERMENT Personal data = private asset Source: Galler / EK Vienna,
14 Online Identity = CSP + public register Trust Center: Certification Service Provider (CSP) public sector registries CSP A-Trust CSP CRR BMI Supplementary Register Electronic Identity Source: Reinhard Posch Vienna,
15 Citizen Card - Basic functions» The Austrian Citizen Card is a concept, not a specific technology» The Citizen Card combines» qualified electronic signature Authentication» electronic identity Identification Figure: Thomas Rössler Vienna,
16 Sector-specific PIN Sector tax sector-code sourcepin- Reg 4csabB2 Sector health sector-code SA GH No7b99t sspin tax 5cwu4N sspin health Vienna,
17 Major initiatives Citizen Cards Health insurance cards: Rollout Mai-Nov. 2005, is an SSCD 100 % coverage reached end of Nov (~9 mio.) activation free of charge for citizens Other card initiatives: official s service card CSP signature cards student service cards, etc. Mobile phone signatures: relaunched 2009 free of charge for citizens so far, no ID card with chip Source: Herbert Leitold Vienna,
18 Why and where representation Bilateral Representations for explicit actions Companies Associations Link between legal persons and natural persons Source: Thomas Rössler Vienna,
19 Why and where representation Tax Consultant Lawyer Professional Representatives Organwalter (officials) Bilateral Representations for explicit actions Companies Associations Link between legal persons and natural persons Source: Thomas Rössler Vienna,
20 Austrian Online Mandate System Vienna,
21 G2G Vienna,
22 Connecting Portals» Trusted network of PA portals» De-centralized user administration» Access rights» Security classes» Assurance levels» 1-4 (NIST SP , ISO/IEC 29115, STORK)» Security assertions» SAML 2 Vienna,
23 Autorisation Connecting Portals Rights management Policy Decision Point (PDP) Rights validation Policy Enforcement Point (PEP) Ref: PV-Whitepaper Vienna,
24 Ref: iconarchive.com Part 3: Electronic Signatures Vienna,
25 G2C Vienna,
26 Official signature of documents» The Official signature is an advanced electronic signature of an authority.» It facilitates recognition of the fact that a document originates from an authority» The signature certificate includes a specific attribute - egov OID» It has to be visualized with certain elements Vienna,
27 Different implementations rgd visualization Minimum content: logo of the authority Explicit information that it was officially signed Information needed for the verification of the electronic signature and the printout Source: Peter Kustor, PSC Workshop on E-Procedures Stockholm, 31 May 2012 Vienna,
28 Example: Criminal Record Certificate» Frequently needed, e.g. in public procurement» Fully electronic process Vienna,
29 C2G Vienna,
30 Mobile Phone Signature» Core Aspects» Operated by a Certifcation Service Provider (CSP) for qualified certificates (A-Trust)» Signature-creation data (cryptographic keys) kept at CSP but controlled by the signatory» 2-factor authentication (knowledge & possession)» Secure Signature-Creation Device» 1999/93/EC Annex III, confirmed by a notified body Vienna,
31 Components User Mobile phone Vienna, Source: Peter Kustor, Thomas Rössler, IRIS 2010, Salzburg
32 Components Web-Frontend HSM - Creation of crypto-keys - Decryption of signature creation data - Creation of qualified electronic signatures SMS Gateway Signature key DB Signature-creation data (private keys) are encrypted under - Citizen password - Mobile number Vienna, Secret HSM key 32 Source: Peter Kustor, Thomas Rössler, IRIS 2010, Salzburg
33 Simple to use Vienna,
34 Bodies related to esignature Security» Supervision of Certification Service Providers» Telekom-Control-Kommission, assisted by RTR- GmbH» Confirmation Body assesses SSCDs» A-SIT» SSCDs can (but need not) be CC certified» International mutual recognition agreement of CC certificates Vienna,
35 Source: govspace.gov.au Part 4: Challenges Vienna,
36 Trend and strategies >2020 Vienna,
37 All safe and sound?»cloud Computing»Mobile Computing»Interoperability Vienna,
38 Cloud computing CLOUD means contractual and legal challenges. Governments are used to only accept their jurisdiction. With data protection and foreign legislation like the Patriot Act we face a new dimension. Vienna,
39 Technology for cloud 1 Data location 2 Cloud and eid 3 Cloud and encryption 4 Formal correctness even if theoretical work indicates feasibility we are ways off reality Christian Cachin, IBM Vienna,
40 Policies needed DIGITAL:AUSTRIA has developed a first set of recommendations to provide guidance for all government agencies in Austria Vienna,
41 eid and liability In case egovernment or businesses are dealing with values these values will be attacked eid and liability will be the main answers as preventive information security! Vienna,
42 Weak cloud security - consequences In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iphone, ipad, and MacBook. [ ] Had I used two-factor authentication for my Google account, it s possible that none of this would have happened [ ] Source: wired.com / Mat Honan Vienna,
43 capabilities different from PC browsers e.g. flash Mobile devices APPs result very dynamic systems file system and sandbox execution result access limits external devices very limited malware detection very rare Vienna,
44 Interoperability a single legal instrument for e-signature und eid ( eidas regulation )» plus further trust services (e-delivery, )» European regulation» replaces the signature directive (1999)» delegated acts still under discussion as this would centralize several aspects.» Austria well prepared for eidas Vienna,
45 eidas launching event 10/2014 Vienna,
46 Thank you for your attention!
47 Citizen Card Environment Variants Minimum-footprint Mobile Phone Local installation Herbert Leitold Vienna,
The Austrian Citizen Card
The Austrian Citizen Card A European Best Practice The E-Government Innovation Centre is a joint initiative of the Federal Chancellery and the Graz University of Technology Herbert Leitold Innovation Forum
More informationSecure Information Technology Center Signature verification and digital services
Secure Information Technology Center Signature verification and digital services Herbert Leitold, A-SIT Study Visit Georgian Delegation Vienna, 16 th February 2015 Zentrum für sichere Informationstechnologie
More informationThe Austrian Citizen Card
The Austrian Citizen Card The use of the electronic signature International public experiences Thomas Rössler, A-SIT, Austria Austria EU member state approx. 8 mio. citizens 2 3 About us A-SIT Founded:
More informationEuropean Electronic Identity Practices
European Electronic Identity Practices Country Update of Austria Speaker: Herbert Leitold Date: 9 Nov 2004 PART I: Overview Table of contents Overview of Citizen Card initiatives and its status (Summary
More informationThe Mobile Phone Signature in edemocracy and egovernment Applications. Gregor.eibl@bka.gv.at
The Mobile Phone Signature in edemocracy and egovernment Applications Gregor.eibl@bka.gv.at Characteristics of the Citizen Card ( 4 Abs. 1 E-GovG) unique identity authenticity Citizen Card = before authenfication:
More informationProposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market
Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012) 135 final} {SWD(2012) 136 final} Andrea SERVIDA
More informationAK IT-Security 1. E-Government Introduction, Motivation, Demonstration 705.052 (VO) 705.053 (KU)
AK IT-Security 1 E-Government Introduction, Motivation, Demonstration 705.052 (VO) 705.053 (KU), Andreas Fitzek, Christian Maierhofer Graz, 08.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame
More informationtrust and confidence "draw me a sheep" POLICY AND REGULATION FOR EUROPE
trust and confidence "draw me a sheep" POLICY AND REGULATION FOR EUROPE new regulation eidas... "...told him that she was the only one of her kind in all the universe" POLICY AND REGULATION FOR EUROPE
More informationSecure Signature Creation Device Protect & Sign Personal Signature, version 4.1
Zentrum für sichere Informationstechnologie Austria Secure Information Technology Center Austria A-1030 Wien, Seidlgasse 22 / 9 Tel.: (+43 1) 503 19 63 0 Fax: (+43 1) 503 19 63 66 A-8010 Graz, Inffeldgasse
More informationData Privacy in the Cloud E-Government Perspective
Data Privacy in the Cloud E-Government Perspective Herbert Leitold; EGIZ, A-SIT International Cloud Symposium 2011, Panel on Data Privacy and the Role Policy Plays in Defining Trust Requirements Ditton
More informationCommission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market
Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market COM(2012)238 of 4.6.2012 ClubPSCo, Paris, 20.6.2012 Gérard GALLER
More informationProposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market
Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market [COM(2012) 238 final] {SWD(2012) 135 final} {SWD(2012) 136 final} Andrea SERVIDA
More informationLEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION
LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION Aušra Kumetaitienė Head of Information Society Development Division Tomas Jakimavičius Telecommunications and
More informationCurrent Research- Cloud Computing and E-Government
AK IT-Security 1 Current Research- Cloud Computing and E-Government Graz, 12.11.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz Overview»
More informationegovernment 2020 new media and technologies for better citizenship oriented communication and applications
egovernment 2020 new media and technologies for better citizenship oriented communication and applications Christian Rupp, Austrian Federal Chancellery Federal Republic of Austria Area: 83 879 km² - Population:
More informationThe Cloud On A Clear Day. Neal Juern
The Cloud On A Clear Day Neal Juern Alternate Titles The Cloud So what is it anyway? Why is it so cloudy? How To Keep Your Head Out What are the risks? Is it all just marketing fluff? What is The Cloud?
More informationeid and ebanking: get your bank account in Minutes through an online portal!
eid and ebanking: get your bank account in Minutes through an online portal! An example of the cross-border use of eids in the private sector. London, 5 June 2015. Dr. Thomas ROESSLER, CEO PrimeSign GmbH
More informationDS-05-2015: Trust eservices. The policy context: eidas Regulation
DS-05-2015: Trust eservices The policy context: eidas Regulation Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28 April 2015 Andrea SERVIDA DG CONNECT, European Commission Head of eidas Task
More informationProposed Framework for an Interoperable Electronic Identity Management System
page 1 Proposed Framework for an Interoperable Electronic Identity Management System Amir Hayat 1, Thomas Rössler 1 Several Member States in the European Union (EU)have rolled out electronic identity (eid)
More informationAK IT-Sicherheit 1. Identity Management. Bernd Zwattendorfer Graz, 29.10.2014
AK IT-Sicherheit 1 Identity Management Graz, 29.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz Motivation Ref: Peter Steiner, The New
More informationAK IT-Security 1. Electronic Delivery. Andreas Fitzek Graz, 05.11.2014
AK IT-Security 1 Electronic Delivery Graz, 05.11.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz Motivation Source: Wikipedia Graz, 05.11.2014
More informationeidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke
eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas
More informationA Privacy-Preserving eid based Single Sign-On Solution
A Privacy-Preserving eid based Single Sign-On Solution Bernd Zwattendorfer, Arne Tauber, Thomas Zefferer E-Government Innovation Center Graz, Austria {Bernd.Zwattendorfer, Arne.Tauber, Thomas.Zefferer}@egiz.gv.at
More informationUSABILITY EVALUATION OF ELECTRONIC SIGNATURE BASED E-GOVERNMENT SOLUTIONS
USABILITY EVALUATION OF ELECTRONIC SIGNATURE BASED E-GOVERNMENT SOLUTIONS Thomas Zefferer Innovation Center (EGIZ) Inffeldgasse 16a, 8010 Graz, Austria Vesna Krnjic Innovation Center (EGIZ) Inffeldgasse
More informationEmpowerment through Electronic Mandates Best Practice Austria
Empowerment through Electronic Mandates Best Practice Austria Thomas Rössler Secure Information Technology Center Austria (A-SIT) thomas.roessler@a-sit.at Abstract. For dealing with electronic identities
More informationMAJOR SHIFTS DRIVEN BY HIGH-SPEED NETWORKS
MAJOR SHIFTS DRIVEN BY HIGH-SPEED NETWORKS Prof. Dr. Reinhard Posch CIO Federal Government AUSTRIA 21.11.14 PILLARS FOR FUTURE COMMUNICATION mobility FUTURE ICT agility SECURITY AND IDENTITY JURISDICTION
More informationSicherheitsaspekte des neuen deutschen Personalausweises
Sicherheitsaspekte des neuen deutschen Personalausweises Dennis Kügler Bundesamt für Sicherheit in der Informationstechnik egov Fokus 2/2013: Identity- und Access Management im E-Government Rethinking
More informationUNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures
Introduction to the law of electronic signatures Luca Castellani Head, Regional Centre for Asia and the Pacific UNCITRAL Secretariat Incheon, Republic of Korea Outline 1. Methods and technologies for electronic
More informationTrustedX: eidas Platform
TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,
More informationELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationSSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informationPerformance Characteristics of Data Security. Fabasoft Cloud
Performance Characteristics of Data Security Valid from October 13 th, 2014 Copyright GmbH, A-4020 Linz, 2014. All rights reserved. All hardware and software names used are registered trade names and/or
More informationCertification Practice Statement
Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require
More informationETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification
TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security
More informationFact sheet: sa Certipost nv. Certipost Panel Presentation European Commission. Company. Activities based on 2 pillars: Clients.
Certipost Panel Presentation European Commission Bart Callens Product and Sales Manager Document Protection Services 1 Fact sheet: sa Certipost nv Company Shareholders De Post/La Poste, 50% Belgacom, 50%
More informationObjectives. What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer
1 Objectives What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer 2 What is Cloud Computing? Not single, agreed upon definition exists yet,
More informationEncryption-based 2FA for Server-side Qualified Signature Creation
S C I E N C E P A S S I O N T E C H N O L O G Y Encryption-based 2FA for Server-side Qualified Signature Creation Christof Rath, christof.rath@iaik.tugraz.at Institute for Applied Information Processing
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationGuidelines for the use of electronic signature
Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature
More informationElectronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012
Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012 DICTAO 152, avenue Malakoff 75116 PARIS, France Tel. : +33 (0)1 73 00 26 10 Internet : www.dictao.com Agenda
More informationNational Authority for Electronic Certification. Electronic Signature in Albania by Eris Asllani- Head of Department
National Authority for Electronic Certification Electronic Signature in Albania by Eris Asllani- Head of Department Roma - - - 2011 *General Statistics Population - 3,200,000 (est.) Area - 28.748 sq/km
More informationResolution Database Privacy preserving based Single-Signon
Resolution Database Privacy preserving based Single-Signon Solution S.S Dhanvantri Divi 1, T.Swapna 2, K.J.Sharma 3 1 Student, TRR ENGINEERING COLLEGE, PATANCHERU, HYDERABAD 2 Associate Professor, TRR
More informationProtecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015
Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationSECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT
SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT Dmitry Barinov SecureKey Technologies Inc. Session ID: MBS-W09 Session Classification: Advanced Session goals Appreciate the superior
More informationImplementation of qualified electronic signatures in the process of creating project and technical documentation. Austria. January 28 th 2016
Implementation of qualified electronic signatures in the process of creating project and technical documentation The experiences of member countries of the ECEC Austria Dr. Herbert Döller January 28 th
More informationAK IT-Security 1. Recap Electronic Signatures. Tobias Kellner Graz, 22.10.2014
AK IT-Security 1 Recap Electronic Signatures Tobias Kellner Graz, 22.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz What can electronic
More informationCEF Building blocks. Informatics. Joao Rodrigues Frade DIGIT.B4. CEF Project and Architecture Office Directorate-General for Informatics
CEF Building blocks Joao Rodrigues Frade DIGIT.B4 CEF Project and Architecture Office Directorate-General for AGENDA CEF at a glance CEF reuse logic CEF building blocks A fully functioning Digital Single
More informationSecure Cloud Identity Wallet
1 CREDENTIAL Secure Cloud Identity Wallet DS-02-2014 Dr. Arne Tauber u 2 CREDENTIAL Research Project Call: H2020-DS-2014-1 Acronym: CREDENTIAL Type of Action: IA Number: 653454 Partners: 12 Duration: 36
More informationDRAFT Pan Canadian Identity Management Steering Committee March 1, 2010
DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010 Pan Canadian Identity Management & Authentication Framework Page 1 1 Introduction This document is intended to describe the forming
More informationView from a European Trust Service Provider Server Signing: Return of experience and certification strategy
View from a European Trust Service Provider Server Signing: Return of experience and certification strategy January 16, 2014 - Berlin Thibault de Valroger VP Strategy & Development OPENTRUST Thibault.devalroger@opentrust.com
More informationE-Government in Austria. Roland Ledinger Austrian Federal Chancellery
E-Government in Austria Roland Ledinger Austrian Federal Chancellery Federal Republic of Austria Area: 83 870.95 km² Population: 8 174 733 12 federal ministries 80 district administrations 2359 municipalities
More informationIdentifying Obstacles in moving towards an Interoperable Electronic Identity Management System
Identifying Obstacles in moving towards an Interoperable Electronic Identity Management System Amir Hayat*, Reinhard Posch, Herbert Leitold Institute for Applied Information Processing and Communication,
More informationSoftware and Cloud Security
1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationPKI - current and future
PKI - current and future Workshop for Japan Germany Information security Yuichi Suzuki yuich-suzuki@secom.co.jp SECOM IS Laboratory Yuichi Suzuki (SECOM IS Lab) 1 Current Status of PKI in Japan Yuichi
More informationRich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association
Navigating the Identity Landscape Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association SAFE-BioPharma Association Overview An overview of US and EU government
More informationSecuring Identities & Trust
Securing Identities & Trust Agenda About Safelayer Identities & Trust eidas (eid, Authentication and Signature) Use case: Izenpe Mobile eidas services Safelayer Demo Portal Q& A? WWW.SAFELAYER.COM 2 About
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationTechnical Guideline eid-server. Part 2: Security Framework
Technical Guideline eid-server Part 2: Security Framework BSI TR-03130-2 Version 2.0.1 January 15, 2014 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899 9582-0 E-Mail:
More informationETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification
TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management
More informationSECURE AND EFFICIENT PROCESSING OF ELECTRONIC DOCUMENTS IN THE CLOUD
SECURE AND EFFICIENT PROCESSING OF ELECTRONIC DOCUMENTS IN THE CLOUD Klaus Stranacher, Bernd Zwattendorfer, Vesna Krnjic Graz University of Technology, E-Government Innovation Center, EGIZ Inffeldgasse
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationWhy Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)
Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationSHORT MESSAGE SERVICE SECURITY
SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationHow To Understand And Understand The Certificate Authority (Ca)
TS 102 042 V1.1.1 (2002-04) Technical Specification Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V1.1.1 (2002-04) Reference DTS/SEC-004006 Keywords e-commerce,
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES
EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 28.11.2008 COM(2008) 798 final COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationDe-Mail. A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information: www.de-mail.de
De-Mail A reliable and secure online communication platform Armin Wappenschmidt (secunet) More information: www.de-mail.de 1 Agenda Overview of De-Mail Implementation aspects Current status and outlook
More informationPROXKey Tool User Manual
PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7
More informationAGENDA ITEM 15-16 : ELECTRONIC SIGNATURE
SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationSecurity framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013
Security framework Guidelines for trust services providers Part 1 Version 1.0 December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Security framework Guidelines
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationWeb Application Security
Web Application Security Erwin Huber Head of Research & Development Web Application Security Web Application Security Unit Strong Focus on Web Application Security since 1996 Protection of Web Applications
More informationDO YOU USE FIREWALLS?
DO YOU USE FIREWALLS? Great! So do we. And nonetheless, websites get hacked, manipulated and messed up. Even if you protect yourself, you can very quickly become a victim of an attack. You probably know
More informationMutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities
Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities Luca Castellani Secretary, Working Group IV (Electronic Commerce)
More informationCertification Report
Certification Report EAL 4+ Evaluation of BlackBerry Enterprise Server version 5.0.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationNIST-Workshop 10 & 11 April 2013
NIST-Workshop 10 & 11 April 2013 EUROPEAN APPROACH TO OVERSIGHT OF "TRUST SERVICE PROVIDERS" Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and
More informationPRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationFEDERAL LAW GAZETTE FOR THE REPUBLIC OF AUSTRIA. Year 2015 Issued on December 11, 2015 Part II
1 of 11 FEDERAL LAW GAZETTE FOR THE REPUBLIC OF AUSTRIA Year 2015 Issued on December 11, 2015 Part II 410th Regulation: Cash Register Security Regulation, [RKSV] 410th Regulation by the Federal Minister
More informationExpert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED. 25-27 March 2015.
Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED 25-27 March 2015 eidas Regulation By Alessandra Sbordoni Legal Officer, eidas Task Force
More information26.3.2014 A7-0365/133
26.3.2014 A7-0365/133 Amendment 133 Amalia Sartori on behalf of the Committee on Industry, Research and Energy Report A7-0365/2013 Marita Ulvskog Electronic identification and trust services for electronic
More informationImplementation of e-signature in the ESCWA Region: Status and Next Steps. By Matthew Perkins
Implementation of e-signature in the ESCWA Region: Status and Next Steps By Matthew Perkins Understanding e-signature How do we identify ourselves online? Electronic records of real-world authenticators
More informationDigital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie
Digital signature and e-government: legal framework and opportunities Raúl Rubio Baker & McKenzie e-government concept Utilization of Information and Communication Technologies (ICTs) to improve and/or
More informationDISCLOSURE STATEMENT PREPARED BY
DISCLOSURE STATEMENT PREPARED BY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationHungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue
Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue Zsolt Sikolya Ministry of Informatics and Communications (IHM) Tel: +3614613366, Fax: +3614613548
More informationPCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationSRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS
More informationWHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords
WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline
More informationEUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 29.04.1999 COM(1999) 195 fmal 98/0191(COD) Amended proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE on a common framework for electronic signatures
More information