Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Presentation by Priyanka Sawarkar
Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Information Security Policies and Standards
Licensing Division Reengineering Project Requirements Workshop Copyright Owners 1/26/2011.
Understanding Active Directory
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Stephen S. Yau CSE , Fall Security Strategies.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
New Data Regulation Law 201 CMR TJX Video.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Copyright © 2000 Internet Document Security Alan Weintraub Research Director March 9, 2000.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Module 9 Configuring Messaging Policy and Compliance.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
Module 9 Configuring Messaging Policy and Compliance.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
ECM and Shared Services Overview AITR Meeting April 23, 2009.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 7 Planning and Deploying Messaging Compliance.
Business Productivity Infrastructure Optimization Campaign 1 Agenda: BPIO Partner Sales Readiness Workshop Day 3: Topic: Enterprise Content management.
DIGITAL SIGNATURE.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
An electronic phytosanitary certificate. Is NOT a copy of a printed phytosanitary certificate that is ed. Is a secured data set using XML for transmission.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Supports the development & implementation of a IPPC Global ePhyto Hub to: Utilize modern Cloud technology. Ensure there is a secure folder for each countries’
Computer Security Sample security policy Dr Alexei Vernitski.
ValGenesis Closed Loop Change Management ValGenesis, Inc Christy Street, Fremont, CA Ph:
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
Identity and Access Management
Secure Connected Infrastructure
e-Health Platform End 2 End encryption
S/MIME T ANANDHAN.
Health Care: Privacy in a Digital Age
Installation & User Guide
How to Mitigate the Consequences What are the Countermeasures?
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
How to combine ECM and a collaborative platform in one vision & strategy? Giuseppe Contino Brands & Partners Manager
Business Document Platform
ONLINE SECURE DATA SERVICE
Protect data in core business applications
OU BATTLECARD: Oracle Identity Management Training
Presentation transcript:

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino

Introduction IT has dramatically changed the way we think about security and trust information Electronic information is not seen as trusted as paper information Electronic information is not seen as secured as paper information …but why ? And what’s the operational reality ? What are the options ?

Some example from the real life HR: I prefer to store the HR Files in a secured and locked physical cabinet because I don’t know who can really access my electronic files Sales: I need the physical copy of the proposal sent to the customer because I cannot trust the electronic one (I don’t know if it’s the version sent to the customer) and I need to solve a problem… Banking: Classic or internet communication is not sufficient to exchange trusted information, we have to be sure about the sender identity…

What make you trust an electronic information ? I know the author I know the final approver I can verify the validity I’m able to make a cross-check I’m sure that’s the latest version approved I made myself the information …and I’m sure no one changed it…

When do you consider an electronic information is secured ? I can decide who can access and be sure that’s enforced I’m aware of who do what with this information It’s physically secured (network, storage) When operation can be restricted When information could only be read by the recipient

Security and trust : the ecosystem Actors Content Container Rules Process Audit – Report – Prevention – Live monitoring / alert IT Infrastructure Security Infrastructure

Implementing and secured and trusted information sphere step by step

Step 1 : define requirement Classify critical information (give them a type) For each type of critical information: – What do I need to trust the information ? – When do I considered this information is enough secured ? Gap analysis – What’s already in place ? – What’s the cost to fill the gap ? Decide – What type can be covered Don’t – Do something partially >> trust and partially are not friend

Step 2 : Actors Classical for internal users, have a central directory Classical but not trivial for large companies and groups: Meta directory tools are available on the market to consolidate heterogeneous directory and virtualizes a central directory with all users In extension, PKI solution could be setup to ensure identity and non rejection of a user authentication Login and password could be exchanged but not a physical certificate (on usb key or smartcard) For external users Implement a additional directory Exchange certificate (PKI or PGP), enforce a validation of certificate (disallow outdated, only validated by a recognized certification authority) Implement multi-layer authentication (with SSO) Company -> Network -> Container -> Content

Step 3 : Infrastructure & architecture Define the network topology based on the requirement Do we have to create separate network for very critical information ? Do we need partner access to information that require specific extranet security configuration, software and hardware ? … Define the storage strategy based on the requirements Do I need a physically encrypted storage ? Do I need a secured addressable storage (such as IBM DR550 or Centera) ? you cannot browse the content, you need to know the ID to get the content, it ensure that there’s no access outside the application which created the content Information Security needs a strong expertise in complex ICT Infrastructure.

Step 4 : Content & Container Configure your repository to have a clear distinction for critical type of information Users should not define themselves if it’s critical or not Automate security definition Users should have limited options defining security on critical information Automate process that enforce compliance and risk management Track and enforce trust by getting sure an information is correctly approved If needed, define separate container for very critical information Define audit trail based on the requirement per type of information

Step 5 : Rules & Process Information are critical because, in many case, they are key in some process or decisions and they are subjects to specific rules: Example: A customer contract is critical because it’s the reference if any problem or legal issues come Define rules that protect critical information Example: A contract could not be changed after it has been signed by the customer -> this rule impact the security after a certain point of the document lifecycle Define process that enforce critical information trust Example: A contract must be approved before being sent -> this is a content based processed automated Define rules that restrict operation on critical information Example: this medical report could not be printed or sent This could be achieved combining ECM and DRM platform

Global Review Information security and trust requires: – Network security – Storage architecture – Certificate based authentication – Right Management – Content Management – Process Management A global approach to achieve pragmatically requirements and address all issues

Thanks! Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.