internet evolution slide, by ETSI

Posted on 10 November 2014 by Admin

The following “Internet evolution” drawing has been on the different slides in ETSI workshops. It can be found in slide 4 in the M2M architecture overview presentation.

evolution

It nicely compares “Internet of content”, “Internet of services”, “Internet of people” and “Internet of things”.

Posted in ETSI, ICT, ICT Terminology, ICT Training and Courses | Comments Off on internet evolution slide, by ETSI

Privacy Impact Assessment

Posted on 15 September 2014 by Admin

For Good Information Sources for Privacy Impact Assessment (PIA), please have a look at ico.org.uk’s PIA page and Guide Conducting privacy impact assessments code of practice.

Steps

  1. Identify the need for a PIA
  2. Describe the information flows
  3. Identify the privacy and related risks
  4. Identify and evaluate the privacy solutions
  5. Sign off and record the PIA outcomes
  6. Integrate the outcomes into the project plan
  7. Consult with internal and external stakeholders as needed throughout the process

PIA0a

PIA0b

PIA0c

Other PIA related links

Posted in ICT Regulation, Privacy, Security Management, Security Training, Awareness and Reports | Comments Off on Privacy Impact Assessment

Cloud Service Level Agreement Standardisation Guidelines, by C-SIG (europe)

Posted on 12 September 2014 by Admin

Interesting document “Cloud SLA standardization guidelines” is available at the Digital Agenda for Europe site. The work has been done by the C-SIG (Cloud Select Industry Group) subgroup, and they are contributing this as input for the new standard ISO/IEC 19086.

Looking the structure below, I think they have well captured different aspects to consider. Worth to have a look while waiting for the ISO and other national&international standards…

  • Performance Service Level Objectives
    • Security Service Level Objectives
    • Service Reliability
    • Authentication & Authorization
    • Cryptography
    • Security Incident management and reporting
    • Logging and Monitoring
    • Auditing and security verification
    • Vulnerability Management
    • Governance
  • Data Management Service Level Objectives
    • Data classification
    • Cloud Service Customer Data Mirroring, Backup & Restore
    • Data Lifecycle
    • Data Portability
  • Personal Data Protection Service Level Objectives
    • Codes of conduct, standards and certification mechanisms
    • Purpose specification
    • Data minimization
    • Use, retention and disclosure limitation
    • Openness, transparency and notice
    • Accountability
    • Geographical location of cloud service customer data
    • Intervenability
Posted in Cloud Standards, ICT Leadership and Management, ICT Standards, Privacy, Security Standardization and Practises | Comments Off on Cloud Service Level Agreement Standardisation Guidelines, by C-SIG (europe)

Cyber Security radar (dashboard) and other online threat level indicators

Posted on 10 September 2014 by Admin

There are some online resources indicating the current threat level related to cyber security.

Radar is explained here.

CyberSecurityLevel1

Cyber Security Index by SecureWorks

CyberSecurityLevel2

Threat Meter by VeriSign

CyberSecurityLevel3

AlertLevel by CERT-EU
“number of cases”

CyberSecurityLevel4

Infocon as part of Dashboard by SANS

Internet Storm Center Infocon Status

Threatcon as part of their Security Response page by Symantec

CyberSecurityLevel5

global computer virus activity level by PCrisk

CyberSecurityLevel7

Cyber Alert Level Indicator by MS-ISAC

CyberSecurityLevel8

National Healthcare & Public Health Cybersecurity Alert Level

CyberSecurityLevel6

Posted in Cybersecurity, Protection, Risk Management, Security Incidents and Cases, Security Threats | Comments Off on Cyber Security radar (dashboard) and other online threat level indicators

State of the Internet Report by Akamai

Posted on 1 July 2014 by Admin

Akamai is publishing State of Internet Report (quaterly) which is worth to have a look.

The latest is report from Q1 2014.

akamai-toporiginatingcountries2014

Posted in Security Management, Security News, Security Threats | Comments Off on State of the Internet Report by Akamai

Tip, creating PDF file from pictures

Posted on 6 June 2014 by Admin

Problem: How to create PDF file from a list of pictures in a folder

Solution: Use IrfanView function “Create multipage PDF file”

  • Solution Alternative: Use PDFill (was much slower)

Step 1: Resize and Crop images as needed by using menu: File->Batch Conversion/Rename…

In this case the folder contains a lit of screenshots taken with ScreenGrab tool

IrfanView-createPDF0

Step 2: Create PDF by using menu: Options -> Multiple images -> Create Multipage PDF… (Plugin)

One can use Sort, set the compression level, and security options

IrfanView-createPDF1

Posted in Basic Tools, For Fun or Interest, Hobbies and Other Interests, Tips | Comments Off on Tip, creating PDF file from pictures

Publicly available ISO standards: security & privacy related

Posted on 26 May 2014 by Admin

It is good to know that some freely available ISO standards are related to security and privacy (Reference: Publicly Available Standards). For example ISO 27000 and ISO 29100 are freely available.

Security Management

  • ISO 27000 Information security management systems – Overview and vocabulary

ISO27000-2014

  • ISO 21827 Information technology – Security techniques – Systems Security Engineering – Capability Maturity Model® (SSE-CMM®)

ISO21827

Trusted Platform Module

  • 11889-1 Information technology – Trusted Platform Module – Part 1: Overview

ISO11889-TPM

Part 2: Design principles
Part 3: Structures
Part 4: Commands

Near Field Communication

  • ISO 18092 Interface and Protocol (NFCIP-1)
  • ISO 13157-1 NFC Security – Part 1: NFC-SEC NFCIP-1 security services and protocol

Business etc

  • 14662 Information technology – Openedi reference model

ISO14662

  • 15944 Information technology — Business Operational View

Part 1: Operational aspects of Open-edi for implementation

ISO15944-1

Part 4: Business transaction scenarios – Accounting and economic ontology

ISO15944-4

Part 6: Technical introduction to e-Business modelling

ISO15944-6

Part 8: Identification of privacy protection requirements as external constraints on business transactions

ISO15944-8

  • ISO 27036-1 Information security for supplier relationships – Part 1: Overview and concepts

ISO27036-1

  • ISO/TR 24714-1 Biometrics – Jurisdictional and societal considerations for commercial applications – Part 1: General guidance

Privacy & Identity

  • ISO 29100 Privacy framework

ISO29100

  • ISO 24760-1 A framework for identity management – Part 1: Terminology and concepts

ISO24760-1

Common Criteria

  • 15408-1 Evaluation criteria for IT security — Part 1: Introduction and general model

ISO15408-1

  • ISO 18045 Methodology for IT security evaluation

ISO18045

  • ISO TR 15446 Guide for the production of Protection Profiles and Security Targets

Other

  • ISO 19464 Advanced Message Queuing Protocol (AMQP) v1.0 specification
  • ISO 18180 Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2

ISO18180

  • ISO 2382-37 Information technology – Vocabulary – Part 37: Biometrics
  • ISO/TR 24772 Information technology – Programming languages – Guidance to avoiding vulnerabilities in programming languages through language selection and use
Posted in Security Management, Security Standardization and Practises, Security Terminology, Security Training, Awareness and Reports | Comments Off on Publicly available ISO standards: security & privacy related