Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

Slides:

Advertisements

Similar presentations

Module N° 4 – ICAO SSP framework

Advertisements

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.

1 © Cooley Godward 2001 PKI A SSESSMENT The process of evaluating, verifying, and certifying your PKI Presented by: Randy V. Sabett Vanguard Enterprise.

B-BBEE VERIFICATION FRAMEWORK.  The BEE Verification process evolved since the release of the B- BBEE strategy in 2003  The dti was requested to provide.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft David L.

National Smartcard Project Work Package 8 – Card Governance Report.

Auditing of a Certification Authority Patrick Cain, CISA, CISM The Cooper-Cain Group, Inc.

Security Controls – What Works

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Information Security Policies and Standards

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.

Internal Auditing and Outsourcing

National Smartcard Project Work Package 8 – Security Issues Report.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Contracts: Negotiations and Key Elements Belinda Vandersluis Operations Director, NCIC CTG.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Responsible Conduct of Research (RCR) Farida Lada October 16, 2013

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Geospatial Enterprise Architecture Community of Practice Working Group Geospatial Community of Practice: Development of an FEA Geospatial Profile Briefing.

Agency Risk Management & Internal Control Standards (ARMICS)

State Alliance for e-Health Conference Meeting January 26, 2007.

+1 (801) Standards for Registration Practices Statements IGTF Considerations.

Compliance Audit related to the Audit of Financial Statements Seminar on Financial Audit Standards October 2008 Deputy Director General Kelly Ånerud, Technical.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Protocol Privacy Considerations Russ Housley IETF Chair 8 December 2010.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

1 PARCC Data Privacy & Security Policy December 2013.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

2002 CLRS - Arlington, VA Reserve/Opinion Issues from a Regulatory Perspective Proposed Revision to the NAIC Annual Statement Instructions Richard Marcks,

Chapter 8 Auditing in an E-commerce Environment

Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

California Department of Public Health / 1 CALIFORNIA DEPARTMENT OF PUBLIC HEALTH Standards and Guidelines for Healthcare Surge during Emergencies How.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Understanding Privacy An Overview of our Responsibilities.

Wisconsin Department of Health Services Purchase of Services Contract Guide Julie Anstett and Lucinda Champion Friday, May 6, 2016 Wisconsin Department.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Alternative Governance Models for PKI

Current Privacy Issues That May Affect Your Credit Union

State CP Model (“Discussion Draft”)

Presentation transcript:

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology University of Maryland

Higher Education PKI Summit Meeting August 8, 2001 Background  American Bar Association Section of Science and Technology Law  Electronic Commerce Division –Information Security Committee  1996 Digital Signature Guidelines  DRAFT PKI Assessment Guidelines (PAG) DRAFT developed over a period of 5 years  Developed As An Educational Resource  Comments are due by October 18, 2001

Higher Education PKI Summit Meeting August 8, 2001 ABA Information Security Committee A group of lawyers and non-lawyers who are practicing attorneys in corporate, private, and government practice, information technologists, auditors, notaries from various legal regimes, trade experts, academics, and others dedicated to exploring and advancing the legal and information security aspects of e-commerce and information technology.

Higher Education PKI Summit Meeting August 8, 2001 Digital Signature Guidelines Provided basic technical and legal guidelines regarding the rights and responsibilities of certification authorities, certificate subscribers, and relying parties for digital signature applications of PKI.

Higher Education PKI Summit Meeting August 8, 2001 PKI Assessment Guidelines DRAFT The draft PAG provides an overview of PKI, discusses specific technical, legal, business, and policy issues related to PKI operations, and provides guidelines for the assessment of particular PKIs and their components.

Higher Education PKI Summit Meeting August 8, 2001 Goals of the PAG  Provide a tool by which people can assess a PKI and its trustworthiness  Explain basic PKI assessment models, PKI assessment terminology, and the interface among, and implications of business, legal, and technical issues in PKI  Provide guidance for the selection of policies, standards, and legal agreements, including certificate policies (CPs), certification practice statements (CPSs), relying party agreements, and subscriber agreements

Higher Education PKI Summit Meeting August 8, 2001 Goals (cont’d)  Promote smooth interoperation among different PKIs and their components; and  Provide an intellectual framework and educational resource for understanding PKI services, products, technologies, and emerging legal concepts

Higher Education PKI Summit Meeting August 8, 2001 PAG is not intended:  dictate policies, processes, or legal doctrines  Mandate any particular models for assessment  Remain static  Be self-contained

Higher Education PKI Summit Meeting August 8, 2001 Overview of Contents  PKI Overview Glossary of Definitions and Acronyms Tutorial on Public Key Technology  Legal Preface  PAG Provisions  Appendices Bibliography with Online URLs

Higher Education PKI Summit Meeting August 8, 2001 Legal Issues  Sources of Law  Agency Principles  Evidence and Expert Witnesses  Foundations and Presumptions  Consumer and Privacy Issues  Risk Management and Insurance

Higher Education PKI Summit Meeting August 8, 2001 PAG Provisions  General, Legal, and Business Provisions  Initial Validation of Identity, Authority, and/or Other Attributes  Certificate Life Cycle Operational Requirements  Management, Operational and Physical security Controls  Technical Security Controls  Certificate, CRL, And OCSP Profiles  Specific Administration

Higher Education PKI Summit Meeting August 8, 2001 Privacy, Confidentiality, and Security  Privacy: Within the realm of information security, refers to a reasonable expectation that personally identifiable information and sensitive information will only be collected and used only for the purposes for which it was collected and not disclosed without the opportunity to exercise some choice regarding futher use of the information.  Confidentiality: Reasonable expectation that information will not be viewed or accessed or viewed by unauthorized parties.  Security: Technological measures taken to prevent theft, disclosure, improper use, and/or unauthorized access to information.

Higher Education PKI Summit Meeting August 8, 2001 General, Legal, and Business Provisions  Apportioning Legal Responsibilities and Potential Liability Issue Summary Relevant Considerations Appropriate Requirements and Practices  Risk Management and Insurance  Financial Responsibility

Higher Education PKI Summit Meeting August 8, 2001 Provisions (cont’d)  Interpretation and Enforcement  Fees  Publication and Repositories  Compliance Audit and Other Assessments  Consumer Issues, Information Practices, Privacy  Intellectual Property Rights

Higher Education PKI Summit Meeting August 8, 2001 PKI Documentation  Policy Documents Convey at a high level the requirements to which a PKI adheres and the practices the PKI employs to meet these requirements  “Certificate Policy”  “Certification Practice Statement”  Agreements Bind participants to the requirements of the PKI  “Subscriber Agreement”  “Relying Party Agreement”  Security, Operational, and Auditing Practices Detailed policies, guidelines, and procedures

Higher Education PKI Summit Meeting August 8, 2001 Implications for Higher Ed  Policies and Procedures PKI Working Group EDUCAUSE Security Task Force  Policy and Legal Issues Committee  Contracts and Agreements  Academic Culture and Traditions  Practical Uses and Simplification  Coordination Across Communities

Higher Education PKI Summit Meeting August 8, 2001 For more information, contact: Rodney Petersen Phone: URL: URL: