Selamat datang di Scribd!

Lewati carousel

00 Security and Privacy

Diunggah oleh

MLastTry

0% menganggap dokumen ini bermanfaat (0 suara)

41 tayangan9 halaman

role for privacy

Hak Cipta

Format Tersedia

PPT, PDF, TXT atau baca online dari Scribd

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Laporkan Dokumen Ini

role for privacy

Hak Cipta:

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

0% menganggap dokumen ini bermanfaat (0 suara)

41 tayangan9 halaman

00 Security and Privacy

Diunggah oleh

MLastTry

role for privacy

Hak Cipta:

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

Lompat ke Halaman

Anda di halaman 1dari 9

Cari di dalam dokumen

Output Break-out Session #1

Security and Privacy

CLOUD STANDARDS COORDINATION

Cannes, 4-5 December 2012
© ETSI 2012. All rights reserved
Session 1

Security and Privacy

Rapporteur: Thomas Haeberlen (ENISA)

Co-Facilitators: Daniele Catteddu (CSA), Michael Fisher (BT)

Participants: ~ 50

2 ETSI/BOARD(12)89_0XX
Functional scope

• The scope covers the creation of a standards landscape and

roadmap applicable to electronic information processed or
stored in the cloud. The context is information security and
privacy/data protection.
• Specifically, five main areas are envisaged
• Governance
• Risk assessment
• Compliance
• Technology-neutral risk treatment + controls
• Frameworks at detail level e.g. encryption, authentication,
accountability, BCM, incident management, etc.
• Consider cloud-relevant standards, not just cloud-specific
Use cases/requirements

Key questions that need to be addressed (bearing in mind the

EU landscape and market)
• Cross-border legal issues
• Both privacy and security issues were cited
• Diversity in Data Privacy laws across EU seems to be a very prominent issue
• Conflict of interest between cloud users and national security of hosting country
• Visibility, transparency
• Assurance and trust
• Certification, Audit and testing
• “Compatibility” and “interoperability” with standards outside Europe
• Identity and Access Management, AAA
• Security along the supply chain
• Virtualization and multi-tenancy risks
• Data location, Secure data deletion

4 ETSI/BOARD(12)89_0XX
Use cases/requirements

Requirements/use cases
• Use cases very diverse, no clear picture emerged during the session
• Defined use cases are essential
• Having a reference architecture would be helpful
• Need to cover the whole spectrum from “consumer” cloud to public
procurement for government clouds and ECP

5 ETSI/BOARD(12)89_0XX
Who does what in this space?

Organizations delivering technical specifications and/or

standards
• ISO/IEC JTC1 SC27
• InfoSec: 27000, 27001, 27002, 27005, 27009 (number TBC), 27017 / 27036-1
/ 27036-5 / Sector Specific Implementation of ISO 27001
• Privacy: 27018, 29100, 29100, 29101, PIMS project, PIA project
• Common Criteria
• ITU-T SG17
• X.ccsec, X.gpim
• BSI (Germany)
• Security Recommendations for Cloud Computing Providers
• IT-Grundschutz plus extensions (e.g. technical guidelines)
• NIST
• SP 800-12, SP 800-14, SP 800-26, SP 800-37, SP 800-53 rev4, SP 800-122, SP
800-144
6 ETSI/BOARD(12)89_0XX
Who does what in this space? (cont’d)

Organizations delivering technical specifications and/or

standards (continued)
• ENISA
• Cloud Assurance Framework, “Procure Secure” guidelines
• ETSI
• Several standards related to electronic signatures etc.
• BSi (UK)
• BS 10012
• UK government
• Published “g-cloud” security & privacy checklists for 27001/2
• Information Security Forum
• Standard of Good Practice
• CSA
• Cloud Control Matrix (CCM) / Open Certification Framework (OCF)
7 ETSI/BOARD(12)89_0XX
Who does what in this space? (cont’d)

Organizations delivering technical specifications and/or

standards (continued)
• Payment Card Industry Security Standards Council: PCI DSS
• IETF: RFC2196, SCIM
• EuroCloud: STAR Audit
• AICPA: SOC 1, SOC 2, SOC 3
• ODCA: requirements
• OASIS: SAML
• OpenID Foundation
• Commonwealth of Massachusetts: Checklist under Massachusetts
General, Law Chapter 93H, 201 CMR 17.00

8 ETSI/BOARD(12)89_0XX
Who does what in this space? (cont’d)

Organizations delivering technical specifications and/or

standards (continued)
• ISACA - Cobit 5
• Shared Assessments Program
• COSO
Other suggestions on relevant standards
• ITIL® V3
• ISAE 3402
• FFIEC
• PMBOK
• Information security rating (www.leetsecurity.com)
• CMMI® for Development, V1.2
• TOGAF 8.1
9 ETSI/BOARD(12)89_0XX

Anda mungkin juga menyukai

00 Security and Privacy
Dokumen9 halaman
00 Security and Privacy
pksbsi
Belum ada peringkat
Atis Cybersecurity: Submission Date
Dokumen9 halaman
Atis Cybersecurity: Submission Date
itshankar
Belum ada peringkat
ITU-T Security Standard Activities PDF
Dokumen95 halaman
ITU-T Security Standard Activities PDF
melankolia370
Belum ada peringkat
Telecommunication Security: Herbert Bertine Chairman, ITU-T Study Group 17
Dokumen92 halaman
Telecommunication Security: Herbert Bertine Chairman, ITU-T Study Group 17
Ashish Shukla
Belum ada peringkat
Unit 2
Dokumen84 halaman
Unit 2
Ashok (Ak)
Belum ada peringkat
The CompTIA Network+ & Security+ Certification: 2 in 1 Book- Simplified Study Guide Eighth Edition (Exam N10-008) | The Complete Exam Prep with Practice Tests and Insider Tips & Tricks | Achieve a 98% Pass Rate on Your First Attempt!
Dari Everand
The CompTIA Network+ & Security+ Certification: 2 in 1 Book- Simplified Study Guide Eighth Edition (Exam N10-008) | The Complete Exam Prep with Practice Tests and Insider Tips & Tricks | Achieve a 98% Pass Rate on Your First Attempt!
Comptia Ace5
Belum ada peringkat
Meitsec Soc NF v11
Dokumen28 halaman
Meitsec Soc NF v11
Digit Oktavianto
Belum ada peringkat
Pass4sure CISSP
Dokumen28 halaman
Pass4sure CISSP
Rhiannon444
50% (2)
IoT and Security-ICACCA-DDn-RSS-16Sep17
Dokumen33 halaman
IoT and Security-ICACCA-DDn-RSS-16Sep17
Rajveer S Shekhawat
Belum ada peringkat
SW 1 Do You Have The Right
Dokumen21 halaman
SW 1 Do You Have The Right
Jayaletchumi Moorthy
Belum ada peringkat
A Security Business Case For Common Criteria
Dokumen34 halaman
A Security Business Case For Common Criteria
Abdul Rasheed
Belum ada peringkat
CCIE Security Tutorial
Dokumen189 halaman
CCIE Security Tutorial
dpsguard-buy8922
Belum ada peringkat
Internet of Things: Iot Protocols and Security
Dokumen66 halaman
Internet of Things: Iot Protocols and Security
Dr Vijayaragavan S
Belum ada peringkat
What Is Cyber Security
Dokumen18 halaman
What Is Cyber Security
devid mandefro
Belum ada peringkat
List of Smart Grid Standards With Cybersecurity
Dokumen11 halaman
List of Smart Grid Standards With Cybersecurity
Angela Jones
Belum ada peringkat
Robert Christian
Dokumen18 halaman
Robert Christian
Christen Castillo
Belum ada peringkat
IOT Unit3
Dokumen71 halaman
IOT Unit3
Rekha Manideep
Belum ada peringkat
Cybersecurity Standards For The Electric Power Industry - A "Survival Kit"
Dokumen9 halaman
Cybersecurity Standards For The Electric Power Industry - A "Survival Kit"
edsonpaveli-1
Belum ada peringkat
Mobilepki
Dokumen48 halaman
Mobilepki
Heta Desai
Belum ada peringkat
ETSI WP 46 - MEC Security
Dokumen26 halaman
ETSI WP 46 - MEC Security
Kriangkrai Butrphakdee
100% (1)
Events - (Paper) Certification Models in Scope of Art. 42 GDPR (ISO 10003-2015) A 15-10-19
Dokumen23 halaman
Events - (Paper) Certification Models in Scope of Art. 42 GDPR (ISO 10003-2015) A 15-10-19
Mario Gomez
Belum ada peringkat
Iot-Protocols-And-Security-1 Unit 2.1
Dokumen112 halaman
Iot-Protocols-And-Security-1 Unit 2.1
GtecEce
Belum ada peringkat
Unit - 4 Iot Protocols and Security
Dokumen65 halaman
Unit - 4 Iot Protocols and Security
Deepa
Belum ada peringkat
Dicom
Dokumen28 halaman
Dicom
Mariane Palomo
100% (1)
Securing Manufacturing Computing and Controller Assets: Rockwell Automation and Cisco Four Key Initiatives
Dokumen10 halaman
Securing Manufacturing Computing and Controller Assets: Rockwell Automation and Cisco Four Key Initiatives
Nilesh Chavan
Belum ada peringkat
7026CEM Security of Emerging Connected Systems: Dr. Basil Elmasri Dr. James Shuttleworth
Dokumen38 halaman
7026CEM Security of Emerging Connected Systems: Dr. Basil Elmasri Dr. James Shuttleworth
Awais Zafar
Belum ada peringkat
MEC Ecosystem Investigation Tiger Team 11092017 Updated
Dokumen31 halaman
MEC Ecosystem Investigation Tiger Team 11092017 Updated
sbabu514
Belum ada peringkat
STREHLE Troopers08-Selfdefendingnetworks
Dokumen21 halaman
STREHLE Troopers08-Selfdefendingnetworks
roshanbhoyar
Belum ada peringkat
Customer Care Management System Project Report
Dokumen74 halaman
Customer Care Management System Project Report
Gokul Krishnan
Belum ada peringkat
21052019finalmulti Factor Hash Based Authentication in Cloud Computing
Dokumen50 halaman
21052019finalmulti Factor Hash Based Authentication in Cloud Computing
Vanathi Andiran
Belum ada peringkat
Intruder Alarms
Dari Everand
Intruder Alarms
Gerard Honey
Penilaian: 5 dari 5 bintang
5/5 (2)
Iot Protocols
Dokumen5 halaman
Iot Protocols
Uma
Belum ada peringkat
Network Security by CISCO
Dokumen0 halaman
Network Security by CISCO
Urvish Shah
Belum ada peringkat
Cybersecurity Frameworks: Dmzcon 09.2023
Dokumen22 halaman
Cybersecurity Frameworks: Dmzcon 09.2023
tmendis
Belum ada peringkat
Telecommunication Security: Herbert Bertine Chairman, ITU-T Study Group 17
Dokumen92 halaman
Telecommunication Security: Herbert Bertine Chairman, ITU-T Study Group 17
Prashant Vithalani
100% (1)
Cyber Security Requirements and Related Standards - ABB
Dokumen11 halaman
Cyber Security Requirements and Related Standards - ABB
sriramv93
Belum ada peringkat
Tybscitsem 5 Archofiotunit 123
Dokumen43 halaman
Tybscitsem 5 Archofiotunit 123
ezra kalekar
Belum ada peringkat
Intro To ISO-IEC SE Standards 02RO
Dokumen75 halaman
Intro To ISO-IEC SE Standards 02RO
Alberto Carlos Peña Palacios
Belum ada peringkat
IT Essentials 8 - Bridge - Scope and Sequence Aug 2022
Dokumen7 halaman
IT Essentials 8 - Bridge - Scope and Sequence Aug 2022
Thasitha
Belum ada peringkat
Bicsi 002 Data Center Design and Implementation Best Practices
Dokumen50 halaman
Bicsi 002 Data Center Design and Implementation Best Practices
mc3imc3
100% (7)
Data Security TUTORIAL
Dokumen24 halaman
Data Security TUTORIAL
Imam Halim Mursyidin
Belum ada peringkat
Security Issues in Cloud Computing: Kalyani D. Kadam Sonia K. Gajre R. L. Paikrao
Dokumen5 halaman
Security Issues in Cloud Computing: Kalyani D. Kadam Sonia K. Gajre R. L. Paikrao
etylr mail
Belum ada peringkat
Wi232 Vs Zigbee
Dokumen29 halaman
Wi232 Vs Zigbee
crennydane
Belum ada peringkat
Ecma Tr/64: Secure Information Processing Versus The Concept of Product Evaluation
Dokumen26 halaman
Ecma Tr/64: Secure Information Processing Versus The Concept of Product Evaluation
netelsrt1298
Belum ada peringkat
Donga Nieuwe Code
Dokumen31 halaman
Donga Nieuwe Code
Steffe Arbini
Belum ada peringkat
DCOM 1100 Chapter 01
Dokumen49 halaman
DCOM 1100 Chapter 01
HammerHand92
Belum ada peringkat
Ecdh Based Security Model For Iot Using Esp8266: December 2016
Dokumen6 halaman
Ecdh Based Security Model For Iot Using Esp8266: December 2016
DươngTK Vlogs
Belum ada peringkat
OACA CMM Analysis Questionaire v4
Dokumen532 halaman
OACA CMM Analysis Questionaire v4
issam Mhamedi
Belum ada peringkat
Ef Netplus Sg073
Dokumen73 halaman
Ef Netplus Sg073
Richard Thortenson
Belum ada peringkat
Data Centre Standards
Dokumen2 halaman
Data Centre Standards
wbyekwaso
Belum ada peringkat
ICSSCADAIToT and Cybersecurity Presentation
Dokumen27 halaman
ICSSCADAIToT and Cybersecurity Presentation
George Carvalho
Belum ada peringkat
5 - ValorUsoStandares PDF
Dokumen5 halaman
5 - ValorUsoStandares PDF
elarmeniok
Belum ada peringkat
Industrial Cybersecurity For Power System and Scada Networks
Dokumen7 halaman
Industrial Cybersecurity For Power System and Scada Networks
Rajib Banerjee
Belum ada peringkat
Part 6 - 2016-05 BICSI 002
Dokumen44 halaman
Part 6 - 2016-05 BICSI 002
Jesus Molina Ylla
Belum ada peringkat
BV Cybersecurity Brochure
Dokumen20 halaman
BV Cybersecurity Brochure
udiptya_papai2007
Belum ada peringkat
IoT M4
Dokumen8 halaman
IoT M4
CrazyYT Gaming channel
Belum ada peringkat
Parallel Session 6 IRF John Pirie HSE
Dokumen36 halaman
Parallel Session 6 IRF John Pirie HSE
asdasd
Belum ada peringkat
Cips 2015 0267
Dokumen35 halaman
Cips 2015 0267
Dhirendra
Belum ada peringkat
Thwarting Attackers Defending Against Growing Security Sophistication While Managing Complexity
Dokumen18 halaman
Thwarting Attackers Defending Against Growing Security Sophistication While Managing Complexity
ducuh
Belum ada peringkat
Isc2 Acceleratedcissp 2018 3 1 18 Security Architecture and Engineering Key Points
Dokumen3 halaman
Isc2 Acceleratedcissp 2018 3 1 18 Security Architecture and Engineering Key Points
trojanbaya
Belum ada peringkat
13-Disaster Guide For Constructionn
Dokumen24 halaman
13-Disaster Guide For Constructionn
MLastTry
Belum ada peringkat
47 Women As Equal Partners
Dokumen60 halaman
47 Women As Equal Partners
MLastTry
Belum ada peringkat
IPCE New Guidance November2020
Dokumen22 halaman
IPCE New Guidance November2020
MLastTry
Belum ada peringkat
RKH Qitarat RFP Is Prog Assur 01mar18
Dokumen8 halaman
RKH Qitarat RFP Is Prog Assur 01mar18
MLastTry
Belum ada peringkat
IR 71.3 Visitor Register
Dokumen2 halaman
IR 71.3 Visitor Register
MLastTry
Belum ada peringkat
XII Test (Death, Ret - Diss)
Dokumen4 halaman
XII Test (Death, Ret - Diss)
MLastTry
Belum ada peringkat
R P (R P) I S A 2009-10: Equest For Roposal F FOR Nformation Ystems Udit
Dokumen32 halaman
R P (R P) I S A 2009-10: Equest For Roposal F FOR Nformation Ystems Udit
MLastTry
Belum ada peringkat
NPV Calculation
Dokumen14 halaman
NPV Calculation
MLastTry
Belum ada peringkat
NPV Calculation
Dokumen11 halaman
NPV Calculation
MLastTry
Belum ada peringkat
Kwality 2nd CoC PDF
Dokumen1 halaman
Kwality 2nd CoC PDF
MLastTry
Belum ada peringkat
Uco Bank AUDIT
Dokumen5 halaman
Uco Bank AUDIT
MLastTry
Belum ada peringkat
Heart Attack Prevention Tips
Dokumen1 halaman
Heart Attack Prevention Tips
MLastTry
Belum ada peringkat
Data Backup Policy
Dokumen4 halaman
Data Backup Policy
MLastTry
Belum ada peringkat
Info - Iec62443 2 1 (Ed1.0) en
Dokumen9 halaman
Info - Iec62443 2 1 (Ed1.0) en
MLastTry
Belum ada peringkat
521 - Download - Prof Murli Annual 2015
Dokumen5 halaman
521 - Download - Prof Murli Annual 2015
MLastTry
Belum ada peringkat
FYBBI
Dokumen69 halaman
FYBBI
MLastTry
Belum ada peringkat
List of Participating Organisations For Campus Placement Programme Aug-Sept 2018 Center Interview Date
Dokumen10 halaman
List of Participating Organisations For Campus Placement Programme Aug-Sept 2018 Center Interview Date
MLastTry
Belum ada peringkat
Time Table of FYJC Science & Commerce Annual Exam 2017 - 18
Dokumen6 halaman
Time Table of FYJC Science & Commerce Annual Exam 2017 - 18
MLastTry
Belum ada peringkat
M. L. Dahanukar College of Commerce B. Com. (Accounting & Finance) Fees Details For The Year 2017-2018
Dokumen1 halaman
M. L. Dahanukar College of Commerce B. Com. (Accounting & Finance) Fees Details For The Year 2017-2018
MLastTry
Belum ada peringkat
Clarifications Required UDC RFP
Dokumen1 halaman
Clarifications Required UDC RFP
MLastTry
Belum ada peringkat
Electronic Data Backup SOP
Dokumen8 halaman
Electronic Data Backup SOP
MLastTry
Belum ada peringkat
S.Y. T.y, & Prof Course Admission Notice 2016 - 2017
Dokumen4 halaman
S.Y. T.y, & Prof Course Admission Notice 2016 - 2017
MLastTry
Belum ada peringkat
Fuel Price History (QR) : Month Gasoline Premium Gasoline Super Diesel
Dokumen1 halaman
Fuel Price History (QR) : Month Gasoline Premium Gasoline Super Diesel
MLastTry
Belum ada peringkat
Honkong English Eltn Lesson Ideas Magic Show
Dokumen7 halaman
Honkong English Eltn Lesson Ideas Magic Show
MLastTry
Belum ada peringkat
Outsourcing DRP BCP
Dokumen4 halaman
Outsourcing DRP BCP
MLastTry
Belum ada peringkat
Heroin
Dokumen24 halaman
Heroin
Lina Linux
Belum ada peringkat
Notch Test Log
Dokumen6.888 halaman
Notch Test Log
Maria Díaz
Belum ada peringkat
5453-Article Text-17110-3-10-20220314
Dokumen8 halaman
5453-Article Text-17110-3-10-20220314
efidian ariska
Belum ada peringkat
Assignment 1
Dokumen2 halaman
Assignment 1
Arsalan
100% (1)
Multiplexer Opt-5107c
Dokumen2 halaman
Multiplexer Opt-5107c
Hubert Reynaldo Chang Escalante
Belum ada peringkat
CRBT Subscriber Lucky Winners-Round 1
Dokumen25 halaman
CRBT Subscriber Lucky Winners-Round 1
Yonas D. Ebren
Belum ada peringkat
Earn With Paidverts Step by Step
Dokumen6 halaman
Earn With Paidverts Step by Step
AlbusSeverus
Belum ada peringkat
Intro To IxNetwork Feb 2012
Dokumen207 halaman
Intro To IxNetwork Feb 2012
Brent Taira
100% (1)
Best RDP Methods 2020
Dokumen2 halaman
Best RDP Methods 2020
Sinister Empire
Belum ada peringkat
Tim Kingsbury Resume
Dokumen1 halaman
Tim Kingsbury Resume
api-304890166
Belum ada peringkat
Full Integration of Matlab Simulink With Control Application Developement Using OPC UA
Dokumen6 halaman
Full Integration of Matlab Simulink With Control Application Developement Using OPC UA
Braian Konzgen
100% (1)
MICREX-SX Programmable Controllers MICREX-SX Series SPH Catalog
Dokumen114 halaman
MICREX-SX Programmable Controllers MICREX-SX Series SPH Catalog
Syed Moiz Naqvi
Belum ada peringkat
Module 1 Introduction To Blockchain
Dokumen45 halaman
Module 1 Introduction To Blockchain
Hitesh Dabur
Belum ada peringkat
ROS Cheat Sheet Indigo
Dokumen1 halaman
ROS Cheat Sheet Indigo
Ronnie Kisor
Belum ada peringkat
Unit 1&2
Dokumen97 halaman
Unit 1&2
manoj3e9329
Belum ada peringkat
SQL Lab
Dokumen68 halaman
SQL Lab
atul
Belum ada peringkat
Industrial Training Report: Submitted By: Puru Govind (02bce070) Btech (Cse)
Dokumen21 halaman
Industrial Training Report: Submitted By: Puru Govind (02bce070) Btech (Cse)
Er Meghvrat Arya
Belum ada peringkat
2 WebPack Windows
Dokumen2 halaman
2 WebPack Windows
Dan Parra-Beratto
Belum ada peringkat
E-Designer For E1000-Series English G
Dokumen322 halaman
E-Designer For E1000-Series English G
tomas
Belum ada peringkat
OpsHi5 DEI Audit Guidelines-V 1 0 June'16
Dokumen56 halaman
OpsHi5 DEI Audit Guidelines-V 1 0 June'16
Ramesh Murali
Belum ada peringkat
Raj Travels BOOKING WESITE POTAL
Dokumen3 halaman
Raj Travels BOOKING WESITE POTAL
Shivam Singh
Belum ada peringkat
Pen Testing Syllabus
Dokumen12 halaman
Pen Testing Syllabus
avinashbaadshah
Belum ada peringkat
Presentation Abstraction Control
Dokumen5 halaman
Presentation Abstraction Control
Vishy Anand
Belum ada peringkat
Aubo I10 Brochure 2019 PDF
Dokumen6 halaman
Aubo I10 Brochure 2019 PDF
Miro Mirach Premrl
Belum ada peringkat
The Game Development Process
Dokumen4 halaman
The Game Development Process
rishi
Belum ada peringkat
Facades - Laravel 10.x - The PHP Framework For Web Artisans
Dokumen13 halaman
Facades - Laravel 10.x - The PHP Framework For Web Artisans
Sam As End
Belum ada peringkat
Documents - MX - Sap As Adapter en PDF
Dokumen37 halaman
Documents - MX - Sap As Adapter en PDF
Kavitha Rajan
Belum ada peringkat
E. Calameo: For The Students: This Is A Great Tool For Learning About Design and Layout
Dokumen3 halaman
E. Calameo: For The Students: This Is A Great Tool For Learning About Design and Layout
Billy Joe
Belum ada peringkat
Nelson Antunes English-4
Dokumen1 halaman
Nelson Antunes English-4
Nelson Antunes Laranjeira Neto
Belum ada peringkat
Lab 10
Dokumen10 halaman
Lab 10
Travis Jon Wheelwright
83% (6)