Mitigation Principles PROPOSAL OICA/CLEPA

Slides:



Advertisements
Similar presentations
Protection of personal mobile computer devices Information Security Isaac Fernandes, mci12009 Sofia Nunes, mci12014.
Advertisements

Lecture 1: Overview modified from slides of Lawrie Brown.
Security+ Guide to Network Security Fundamentals
Agenda Scope of Requirement Security Requirements
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Storage Security and Management: Security Framework
Information Security Update CTC 18 March 2015 Julianne Tolson.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Definitions of Business, E- Business, and Risk  Business: An organization involved in trade of goods and/or services to the consumers  E-Business: Application.
MagicNET: Security System for Protection of Mobile Agents.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Information Security What is Information Security?
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Chapter 2 Securing Network Server and User Workstations.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
CIA AAA. C I A Confidentiality I A Confidentiality Integrity A.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Principles Identified - UK DfT -
Security Issues in Information Technology
Security Management in Practice
CS457 Introduction to Information Security Systems
Threat Modeling for Cloud Computing
Web Applications Security Cryptography 1
Suggestion for Summarizing Process of the Principles
Information Security, Theory and Practice.
ISSeG Integrated Site Security for Grids WP2 - Methodology
Manuel Brugnoli, Elisa Heymann UAB
Chapter 9: Security © Len Bass, Paul Clements, Rick Kazman, distributed under Creative Commons Attribution License.
Security+ All-In-One Edition Chapter 1 – General Security Concepts
Design for Security Pepper.
Chapter One: Mastering the Basics of Security
Outcome TFCS-05 // May OICA, Paris
Comments on 18 mitigations proposed by OICA(TFCS-06-11)
COMPUTER SECURITY CONCEPTS
30-31, August 2017 Den Hague, Netherlands)
Main problems of NL proposal for UN Software Regulation
Information Security.
Network security threats
Introduction to Information Security
Concept of ACSF TAN (Type Approval Number)
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Status report on the activities of TF-CS/OTA
NET 311 Information Security
Computer and Network Security
Security Protection Goals
Security in ebXML Messaging
Lecture 1: Foundation of Network Security
INFORMATION SYSTEMS SECURITY and CONTROL
Outcome TFCS-06 // June TIA, Arlington/VA (USA)
How to Mitigate the Consequences What are the Countermeasures?
Chapter 29: Program Security
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Unit 8 Network Security.
Operating System Concepts
Security in SDR & cognitive radio
Informal document GRSG
Cryptography and Network Security
Definition Of Computer Security
Session 1 – Introduction to Information Security
Chapter 5 Computer Security
Presentation transcript:

Mitigation Principles PROPOSAL OICA/CLEPA

Approach Taken Piloted by mapping sample (38) threat examples against the 7 “protection objectives” of the Extended CIA model (see Appendix) Confidentiality Integrity Availability Non-repudiation Authenticity Accountability Authorization Defined mitigation principles for the threat examples based on ‘clusters’ of “protection objectives” combinations (see Appendix) Attempted to pitch the language to not define a specific solution, nor be too high level to appear unconsidered Further work is recommended to reference specific recognized artifacts Extended analysis to all threat examples Communized mitigation principles where feasible

Conclusion 18 ‘individual’ mitigation mechanisms proposed (see next slide) Some are compounded to mitigate specific threat examples Excluded are potential mitigations where the Threat might be considered to be in the scope of ‘Safety’ rather than ‘Security’ Mitigation mechanisms can be used for different threats However, mitigation mechanisms may not be able to be applied to all aspects of the ecosystem It seems to result in a manageable amount of mitigation mechanisms

Proposed Mitigations Mitigations Access to files and data shall be authorized Best practices for backend systems shall be followed (e.g. OWASP, ISO 27000 group) Confidential data shall be encrypted Cybersecurity best practices for software and hardware development shall be followed Cybersecurity best practices shall be followed for storing private keys Data protection best practices shall be followed for storing private and sensitive data. Data protection regulations of individual countries shall be adhered to. Data shall be (end-to-end) authenticated and integrity protected Internal messages shall contain a freshness value Internal/Diagnostic messages shall be authenticated and integrity protected Measures to detect intrusion are recommended Measures to detect unauthorized privileged access are recommended Measures to ensure the availability of data are recommended Organizations shall ensure the defined security procedures are followed Software and configuration shall be authenticated and integrity protected The certification policy for V2X communication shall be followed. V2X messages shall be Authenticated and Integrity protected V2X messages shall contain a freshness value V2X messages should be checked for plausibility

APPENDIX

Mitigation principles for sample (38) Threat examples (first pass) Authentication / Integrity 3x V2X messages shall be authenticated and integrity protected. 5x Software shall be authenticated and integrity protected 1x Only authenticated and integrity protected configuration shall be used 1x Data shall be authenticated and integrity protected 1x Data shall be (end-to-end) authenticated and integrity protected. 1x Data exchanged between the backend and vehicle shall be authen- ticated and integrity protected 1x Internal messages shall be authenticated and integrity protected 1x Diagnostic messages shall be authenticated and integrity protected Authorization 6x Access to files and data shall be authorized Confidentiality 2x Confidential data shall be encrypted Other 1x Internal messages shall contain a freshness value Same? (Software) Same? (Data) Same? (Internal messages)

Mitigation principles for sample (38) Threat examples (consolidated) Authentication / Integrity 3x V2X messages shall be authenticated and integrity protected. 6x Software and configuration shall be authenticated and integrity protected 3x Data shall be (end-to-end) authenticated and integrity protected. 2x Internal/Diagnostic messages shall be authenticated and integrity protected Authorization 6x Access to files and data shall be authorized Confidentiality 2x Confidential data shall be encrypted Other 1x Internal messages shall contain a freshness value

Mitigation principles for sample (38) Threat examples (further review) Best practices 10x Best practices for backend systems shall be followed (e.g. OWASP, ISO 27000 group) 2x Cybersecurity best practices shall be followed for storing private keys Miscellaneous 2x Measures to ensure the availability of data are recommended Measures to detect unauthorized privileged access are recommended Measures to detect intrusion are recommended Organizations shall ensure the defined security procedures are followed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.