Securing Digital Processes



Similar documents
Content Management Playout Encryption Broadcast Internet. Content Management Services

Trust areas: a security paradigm for the Future Internet

CTS2134 Introduction to Networking. Module Network Security

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE

Project Document Collaboration

IMPLEMENTATION OF AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM

SIP Trunking to Microsoft Lync (Skype for Business) Server

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון טל' פקס בשיתוף עם מכללת הנגב ע"ש ספיר

R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day

IMPLEMENTATION OF AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM TECHNICAL SPECIFICATIONS FOR AGENCIES AND BROKERS ACTING ON THEIR ACCOUNT

Copyright ZYCOO All Rights Reserved 1 / 8

Dooblo SurveyToGo: Security Overview

AND Recorder 5.4. Overview. Benefits. Datenblatt

T141 Computer Systems Technician MTCU Code Program Learning Outcomes

Product Information = = = sales@te-systems.de phone

Information Security

SINGLE COURSE. 136 Total Hours. After completing this course, students will be able to:

High Availability and Clustering

Milestone Solution Partner IT Infrastructure Components Certification Summary

Security Coordination with IF-MAP

Planning and Administering Windows Server 2008 Servers

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

Digital Identity Management

Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days

Recommendations for Provisioning Security

R&S IP-GATE IP gateway for R&S MKS9680 encryption devices

IT Service Continuity Management PinkVERIFY

Managing and Maintaining Windows Server 2008 Servers

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Achieving PCI-Compliance through Cyberoam

Rimage Surveillance Solutions:

Designing and Implementing a Server Infrastructure MOC 20413

Technology Services Strategic Plan Status ITAC February 2011

How Do I Upgrade Firmware and Save Configurations on PowerConnect Switches?

Event Log Monitoring and the PCI DSS

ParkingManagementSystems. Videobased Parking Management System INDOOR and OUTDOOR Description

How To Be A Data Security Analyst

HexaCorp. White Paper. SOA with.net. Ser vice O rient ed Ar c hit ecture

Risk Assessment and Security Testing Johannes Viehmann 2015 of Large Scale Networked Systems with RACOMAT

100% Software that means business

Cisco Integrated Video Surveillance Solution: Expand the Capabilities and Value of Physical Security Investments

Cloud Panel Service Evaluation Scenarios

Planning and Administering Windows Server 2008 Servers

IBM SECURITY QRADAR INCIDENT FORENSICS

The best network information. COPA-DATA know-how: SNMP with zenon

The Alteon Application Switch Overview

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

The Importance of a Resilient DNS and DHCP Infrastructure

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

Reducing Application Vulnerabilities by Security Engineering

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

CSIRT Introduction to Security Incident Handling

RIAS stands for Remote Installation Assistance Service by NT-ware to remotely assist you on-site and on-demand. RIAS sessions are useful to guide you

Using Extensible Metadata Definitions to Create a Vendor-Independent SIEM System

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

CS 356 Lecture 28 Internet Authentication. Spring 2013

Best Practices for PCI DSS V3.0 Network Security Compliance

Next Generation NAS: A market perspective on the recently introduced Snap Server 500 Series

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Virtual Desktop Infrastructure

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

Q-Cam Professional V 1.1 User Manual

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

IIUC Implementing Cisco IOS Unified Communications (IIUC) Version: Demo. Page <<1/9>>

DDoS Protection Technology White Paper

Application Note. Onsight Mobile Collaboration Video Endpoint Interoperability v5.0

TraceSim 3.0: Advanced Measurement Functionality. of Video over IP Traffic

Information Technology Career Field Pathways and Course Structure

Electronic documents questionnaire

Safe and Secure Faxing with Dialogic Brooktrout Fax Boards

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management

Backup in a Data Driven World: Affordable Backup Options for Home and SMB

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

Cisco Virtual Office Express

MS 10972A Administering the Web Server (IIS) Role of Windows Server

Certified Information Systems Auditor (CISA)

Deploying VSaaS and Hosted Solutions Using CompleteView

Use QNAP NAS for Backup

Module: Sharepoint Administrator

FortiVoice Enterprise Phone System GA Release Notes

Internet Telephony PBX System

IBM QRadar Security Intelligence April 2013

Service Pack 1 Fact Sheet

RSS Cloud Solution COMMON QUESTIONS

How to speed up IDENTIKEY DNS lookup of the Windows Logon DAWL client on Windows 7?

Managing Large Imagery Databases via the Web

Transcription:

Securing Digital Processes Carsten Rudolph Carsten Rudolph and Nicolai Kuntze Fraunhofer-Institut for Secure Information Technology Rheinstrasse 75, 64295 Darmstadt, Germany E-Mail: Carsten.Rudolph@sit.fraunhofer.de http://www.sit.fraunhofer.de/ 13.6.2012 Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 1 / 12

Digital Processes Business processes: Procurement Accounting Recruiting Development many other specific processes Industrial processes: Industrial control Automation Production Maintenance Installation Decommissioning Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 2 / 12

Motivation IT security (base-line protection) concentrates on topics like protection of infrastructures, access control, protection on the level of applications. Focus is on recognition of threats, prevention of attacks, risk analysis, reaction and security concepts. Base-line protection provides essential foundations for secure operation of IT systems. Adding the process perspective can provide a better focus for targeted IT security measures. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 3 / 12

Approach Based on processes, positive assertions on IT security can be formulated. 1 Describe/specify process 2 Identify security requirements on the level of the process. 3 Relate process specifications to IT systems. 4 Derive security requirements on level of IT systems. 5 Check if base-line protection is sufficient, targeted risk analysis, add suitable security measures. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 4 / 12

Examples 1. Digital speed control 2. Voice over IP communication Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 5 / 12

Speed control: Camera with centralized data storage? Date, Time, Speed, Location Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 6 / 12

Speed control: Camera with centralized data storage? State of the camera Configuration Correct time Location, Non repudiation Identity (serial number), Owner, etc. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 7 / 12

Summary example1: digital camera for speed control Process (simplified): 1 Installation/configuration 2 Operation/taking measurements and photos 3 Computation of data records 4 Transfer to server 5 Archiving 6 Dispute resolution Security requirement: It must be possible to prove the correctness of measurements with probative force. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 8 / 12

Summary example1: digital camera for speed control IT view of the process (simplified): 1 Installation/configuration done directly on the device 2 Measurment on device 3 Computation on device 4 Transfer via public networks 5 Archiving on server with back-up data-base 6 Check data record on some PC during dispute resolution. Security requirement on IT level: Check of data records needs to prove that the device was in the correct status (valid configuration and software status) when the data record was created. Possible solution: Protect software and configuration on the device and bind data records to status of the device at the time of the measurement. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 9 / 12

Example 2: VoIP communication Scenario: Call-center of a company selling medical equipment. 24h hot-line with experts gives advice on the correct operations of the devices, e.g. parameters to be changed for a particular medication or treatment. Call-center is the main contact for medical personnel working with the machines. Documentation is mandatory, current practice is to record on tape. VoIP communication can be efficiently stored in digital format. Thus, the person-to-person communication gets connected to a digital process. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 10 / 12

Summary example2: VoIP communication Process (simplified): 1. Call comes in with a question 2. Interaction and response 3. Confirmation of response 4. Documentation Security requirement: All steps need to be documented and need to be available in case of a dispute. IT view of the process (simplified): 1.-3. runs over VoIP 4. storing digital records for VoIP communications Security requirement on IT level: VoIP stream must be recorded in a way that integrity and authenticity can be proven in the case of a dispute. Possible solution: Digital signatures on VoIP and secure archiving. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 11 / 12

Additional security measures Protection of digital data records only shows wrong records after they have been produced. Thus, operation with insecure states remains possible. Security monitoring can provide information on the current status of IT systems. One standardized approach is the meta-data access protocol and interfaces to integrate it (IF-MAP). The status of a system or network can be visualized using a meta-data graph. One example is shown in the demonstration after lunch. Carsten Rudolph (Fraunhofer SIT) Securing Digital Processes 13.6.2012 12 / 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information