Presentation is loading. Please wait.

Presentation is loading. Please wait.

Berlin, 15 December 2011 update

Similar presentations


Presentation on theme: "Berlin, 15 December 2011 update"— Presentation transcript:

1 Berlin, 15 December 2011 update
Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011 Berlin, 15 December 2011 update Sphia Antipolis 13 March 2012

2 Presentation Collection Introductory Presentation
Agenda SIG#2 Round Call Presentation Collection Introductory Presentation Motivation & „History“ (SIG#1) Presentation of new contributions Next steps, perspectives: SIG#3, Security workshop Security SIG in MTS, 15 December 2011

3 Discussion and outcome
Recall of SIG#1 meeting Discussion and outcome Short introduction by Fokus (history starts 10/2011) Discussion on the security scope in MTS Presentation by Scott regarding need for security evaluation Presentation by Ian regarding „security testing“ lifecycle (from requirements to maintenance) Discussion on NWI „wording“ Appointment of rapporteurs: Ari T. and Scott C.

4 Recall: Security „scope“ in MTS
Model / Specification, system risks Risk Analysis (paper-based) guidance “Testing” (to break the system) Scanning (libs) “known attacks” Functional / traditional testing Neg. testing, unknown vul., config mistakes fuzzing -> product (units,…) (light) penetration -> system (=deployed product)

5 Recall: Security Work Items
Terminology: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. “Educational” material Case study experiences To assemble case study experiences related to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication. Security design guide enabling test and assurance (V&V) Guidance to the application system designers that enable verification and validation across the lifecycle, including case studies from telecommunication and ICT.

6 Discussion Scott introduces Working document including Operational phase (available on server) Alain presents new views/models to be used in the guideline by Scott (available on server) Ari presents the different areas of the collaboration platform (see next slide) Security SIG in MTS, 4-5 October 2011

7 Wiki initiated by Codenomicon
Security Testing Terminology and Concepts Abstract Introduction Risk Assessment Functional Testing Penetration Testing Vulnerability Testing Performance Testing Fuzzing Security SIG in MTS, 4-5 October 2011

8 Discussion (cont.) Invite people from other ETSI TC‘s: AP: Scott invite OCG_security Wiki text should not only be a list of words, but with text and tutorial character Invite CTI to check Contents Steve: the introduction part should focus/promote new testing areas Security SIG in MTS, 4-5 October 2011

9 Discussion (cont.) Steve: opportunity for ETSI Security workshop
MTS to chair a security testing session Start to plan topics, areas of interests CfP expected in September Discussion on the lifecycle: no normative agreement on penetration testing available, Ian provides new lifecycle diagram Security SIG in MTS, 4-5 October 2011

10 Discussion (cont.) continue rapporteur‘s work towards SIG#3
SIG#3: 15th May morning, before MTS#56 SIG#4 to be decided during SIG#3 Security SIG in MTS, 4-5 October 2011


Download ppt "Berlin, 15 December 2011 update"

Similar presentations


Ads by Google