Securing the Digital Frontier: The Need For Robust Cyber-Security Standards Dr. Carol Cosgrove-Sacks, Senior Advisor, International Standards Policy OASIS.

Slides:



Advertisements
Similar presentations
A strategy for a Secure Information Society –
Advertisements

ITU Regional Seminar on E-commerce Bucharest, Romania May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.
International Telecommunication Union ITU-D Overview.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Cloud computing security related works in ITU-T SG17
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Geneva, Switzerland, September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.
6th MSDI Working Group Meeting
From devices to governance: ICT as a key enabler in Genoa Smart City Strategy.
Ch. 7. Architecture Standardization for WoT
Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.
(Geneva, Switzerland, September 2014)
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Mainstreaming eSkilling: The Philippine Experience DEPARTMENT OF SCIENCE AND TECHNOLOGY INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE.
Internet of Things: The way to Smart Sustainable Cities Cristina Bueti Adviser (ITU) 1.
Geneva, Switzerland, 4 December 2014 ISO work on Mobile Financial Services Patrice Hertzog, Chairman, ISO T68/SC7 ITU Workshop.
Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
Web Service Standards, Security & Management Chris Peiris
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
ITU-T Focus Group on Digital Financial Services 1st Athens Digital Payments Summit Athens, Greece 30 September 2015 Hiroshi Ota, Study Group Advisor, ITU.
How Federal Data Programs Support Each Other Patrick Gannon – President & COO, Warning Systems, Inc. – OASIS Emergency Management Adoption Committee Christopher.
E-Transformation Turkey Project State Planning Organization March 17, 2005 Interoperability and Metadata Workshop Ankara, Turkey.
Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” ​ Marco Carugi.
Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.
Paulo Lopes Counsellor for Information Society and Media European Union Delegation in Brazil The European Union Approach to the Interoperability of e-Government.
OASIS Organization for the Advancement of Structured Information Standards.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
E-Government Services Some Perspectives Randeep Sudan Global ICT Department.
Forum on Internet of Things: Empowering the New Urban Agenda Geneva, Switzerland, 19 October 2015 Cooperation and Opportunities for Standards in the New.
Geneva, Switzerland, September 2014 ITU-T SG 17 Identity management (IdM) Progress Report Abbie Barbir Ph.D., ITU-T Study Group 17 Q10/17 (Identity.
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
COMMON ALERTING PROTOCOL IMPLEMENTERS WORKSHOP 2008 Dr Carol Cosgrove-Sacks OASIS Advancing open standards for the Information Society
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
© 2013 TM Forum | 1 V Industry Overview eHealth and Smart Grid initiatives Craig Bachmann Sept
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Jeju, 13 – 16 May 2013Standards for Shared ICT Thomas Goode General Counsel ATIS Alliance for Telecommunications Industry Solutions (ATIS) Update Document.
Digital Malta Presentation by Michael Grech - President of The Gozo Business Chamber. Malinska, Island of KrK, Croatia. 6 th November 2015 In March 2014.
Trust in Trust Frameworks, the missing link  Abbie Barbir, Ph.D  OASIS Board of Directors,
Inter-American Telecommunication Commission
ANSI – ESOs meeting Washington February 2017
Inter-American Telecommunication Commission
Privacy and Public Policy Implications of IoT
How Federal Data Programs Support Each Other
Higher Education’s Role in the Identity Ecosystem
Welcome CAP Implementers Workshop September 20, 2017
Building Digital Capacities for Public Administrations
Organization for the Advancement of Structured Information Standards
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
Introduction of ISO/IEC Identity Proofing
ITU-T Study Group 17 Security
Martin Euchner, Advisor, ITU-T Study Group 17
Welcome CAP Implementers Workshop October 31, 2018
Introduction of ISO/IEC Identity Proofing
Alliance for Telecommunications Industry Solutions (ATIS) Update
Presentation transcript:

Securing the Digital Frontier: The Need For Robust Cyber-Security Standards Dr. Carol Cosgrove-Sacks, Senior Advisor, International Standards Policy OASIS Open ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, September 2014)

OASIS is pleased to contribute to the ITU-led debate on ICT Cyber-Security Standardization. OASIS security standards can assist in defending the digital frontier. OASIS works with Governments across the world to promote cyber-security. Thanks and Acknowledgments

Introduction to OASIS OASIS Open is a global, not-for-profit consortium that creates market-driven software standards Founded in 1993 as SGML Open Over the years, from SGML to XML to multiple methods & models (JSON, XML, UML, ASN.1, custom notations, etc.) "The largest standards group for electronic commerce on the Web" - 3

Who is OASIS? 5,000+ participants 600+ organizations & experts 100+ countries 70+ technical committees 4

Meeting the Information Challenges of the 21 st Century Key trends: 1.Traditional Standards are challenged by “disrupters” (Google, Amazon) emphasizing agility, speed and “whatever works” 2.Steady rise in data breaches, cyber-security attacks and unwanted surveillance 3.Increasing collision between the "startup economy" (monetizing personal data) and citizen expectations of privacy (regulation) 4.Societal demands for governments and public administrations to become smarter (Cloud, Smart Cities, sustainability) and more transparent (Opendata, Big Data) 5

OASIS Standards Projects PUBLIC SECTOR CYBER-SECURITY CLOUD and BIG DATA INTERNET of THINGS 6

FOUNDATIONAL PUBLIC SECTOR STANDARDS Oasis public sector standards help governments: Foster interoperability among departments and constituents in alignment with policy Promote efficiency via eProcurement Contain costs Protect cyber frontiers OpenDocument, UBL, LegalXML, ElectionML 7

OASIS CYBER-SECURITY STANDARDS OASIS cyber-security standards help eBusinesses and government agencies secure their transactions from Identity to Key Management, while protecting the privacy of users - and now, they do so in the Cloud 8

CYBER-SECURITY STANDARDS Security Assertions ML (SAML) ITU X.1141: Used globally for identity authorization, including ISO's Livelink Extensible Access Control ML (XACML) ITU X.1142, X.1144: Role-Based Access Control and ID policy; XACML-JSON Key Management Interop Protocol (KMIP) Interoperable methods for enterprise encryption key management 14 Cyber-security: 9

COMMON ALERTING PROTOCOL (AN ITU STANDARD) OASIS Emergency Management TC (ITU.X.1303, X.1303bis) Enabling information exchange to advance incident preparedness and response to emergency situations EDXL Common Alerting Protocol (EDXL-CAP) EDXL Distribution Element (EDXL-DE) EDXL Hospital AVailability Exchange (EDXL-HAVE) EDXL Resource Messaging (EDXL-RM) EDXL Reference Information Model (EDXL-RIM) EDXL Situation Reporting (EDXL-SitRep) EDXL Tracking Emergency Patients (EDXL-TEP) 10

CYBER-SECURITY STANDARDS: BIOMETRICS Biometrics TC Accelerating the use of biometrics through services and enhanced interoperability in distributed environments. IBOPS TC (new) Identity biometrics function calls and mobile device biometrics architecture 11

CYBER-SECURITY STANDARDS: PRIVACY Privacy & identity: Privacy Management Reference Model Standards-based framework + template for business process engineers, IT analysts, architects, and developers to implement privacy and security policies in operations. Analytical tool for assessing completeness of privacy/security solution Privacy by Design for Software Engineers Privacy rule enforcement, from policy to practices to model to code. 7 principles 1.Proactive not Reactive; Preventative Not Remedial 2.Privacy as the Default Setting 3.Privacy Embedded into Design 4.Full Functionality - Positive-Sum, Not Zero-Sum 5.End-to-End Security - Full Lifecycle Protection 6.Visibility and Transparency - Keep It Open 7.Respect for User Privacy - Keep It User-Centric 12

CYBER-SECURITY: CONTRIBUTIONS TO ITAC Information Technology Advisory Council (ITAC) has been advising OECD for 3 years on issues ranging from IPv6 to cyber-security and privacy OASIS is a member (Gershon Janssen) Report being finalized. Recommendations: Implementation of national strategies for digital security risk management Education of all stakeholders Establishing responsibility and accountability for digital security risk management Respect for human rights and fundamental values Implementation of cyber-security and privacy standards as a key part of the culture of security 13

CYBER-SECURITY STANDARDS: TRUST Trust Elevation (EIC-TEM) Identity management methods for handling requests to promote low-level credential data to higher authorization levels WS-Federation & WS-Trust Metadata & token policy control for message exchange, with federation and brokered trust capabilities 14

CLOUD and BIG DATA Advanced Message Queuing Protocol (AMQP) j.mp/oasisAMQP Topology and Orchestration Specification for Cloud Apps (TOSCA) Cloud Application Management for Platforms (CAMP) OASIS Open Data Protocol (OData) /oasisOData Service-Oriented Architecture (SOA) Reference Model Identity in the Cloud (ID-Cloud) Cloud Authorization (Cloud AuthZ)

Internet of Things (IoT) and Mobile (M2M) OASIS IoT and M2M standards at the protocol and transaction level are already helping “things” like cars and buildings to communicate l 16

Internet of Things (IoT) and Mobile (M2M) Message Queuing Telemetry Transport (MQTT) Lightweight transactional protocols specifically for devices OASIS SmartGrid projects Device management, transactional control, pricing and time/duration Open Building Information Exchange (oBIX) TC Building systems and physical security device control l But no one area of standardization stands alone... 19

How OASIS will do its part to meet 21 st century information society challenges in eGovernment and eBusiness – for the next 20 years: 1.Forge a new standardization approach where Open Source incorporates open standards at an earlier stage for robustness, security and privacy 2.Continue to collaborate globally with other SDOs and policy makers such as ITU & ETSI 3.Contribute to interoperability in the Cloud, Identity Management, Privacy, Security and the Internet of Things Conclusions 18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.