SlideShare ist ein Scribd-Unternehmen logo

Standards for protection of data on storage device are emerging from both the US and EU

CMG - The Digital Transformation Association
CMG - The Digital Transformation Association

This talk will cover current, and emerging standards and implications.

Technologie
1 von 20
11/24/18 MAXIMIZING DATA'S POTENTIAL 2019 March 14th MSPCMG Meeting Storage – The Final Frontier of Innovation Cybersecurity and Risk Management and World-wide Standards Henry Newman CTO Seagate Government Solutions hsn@seagategov.com
2 Agenda • Digital Disruption • Global Data Explosion • Market Transition to Security • Product Cybersecurity Scope • Security Certification and Standards • Manage / Mitigate Risks • Compliance and Certification Management • Product Security Operations • Summary
3 To understand where we are going, it’s important to understand how we got here.
4 Digital Disruption 1960 - 1970 Mainframe Centralized 1.0 1980 - 2000 Client-Server Distributed 2.0 2005 - 2020 Mobile-Cloud Centralized 3.0 2020 - Rise of the Edge Distributed END POINTS 10 million users 2 billion users 4.0 1+ trillion users 7 billion users
55 GLOBAL DATA EXPLOSION The IDC Data Age 2025 report predicts massive volumes of data creation and a convergence of every industry utilizing the value of data. 163ZB 5
6 Market Transition to Security is Occurring • Majority of data requires at least some form of protection • Actual amount of data protection falls far short • This gap presents an increasing industry need for security and privacy technologies, systems, and processes to address it • Substantial penalties for non- compliance Data created in 2025 that should be protected90% Amount that will actually be protected45% $7.9M* GDPR: 2-4% Annual Revenue • https://www.pcmag.com/news/362543/how-much-does-a-data-breach-cost • Average Cost of Data Breach in US from IBM and Ponemon study.
7 Lines of Protection Cybersecurity Scope Enterprise Cybersecurity Integrated Assurance Management
8 Enabling a Full Lifecycle Data Security Model Cybersecurity Scope Manage Risk
9 Security Certification and Standards Trusted Life-Cycle Security Algorithms Crypto Module Security Functionality Secure Data Disposal Trusted Data Erasure & Privacy Security By-Design Trusted Cryptography Authentic Security & Products Datasphere Protection
10 Security Algorithm Certifications Security Algorithms • Standard and Trusted Security Algorithms • Certifications of all algorithms o Data Encryption o Integrity & Signatures o Random # Generation o Key Derivation… • Required for FIPS 140-2 & Common Criteria Certs Cryptographic Algorithm Validation Program (CAVP) Trusted Cryptography
11 Security Module Certifications: FIPS 140-2 Crypto Module • Fundamental Security Certification • Evaluation by Independent Labs • Required for Information Security Products in Sensitive and Unclassified space in US & Canada • Value recognized in other geographies Security By- Design Cryptographic Module Validation Program (CMVP)
12 Security Module Certifications: Common Criteria (CC) Security Functionality • Security Use-Case (Protection Profile) Certification • Evaluation by Independent Labs • Certification recognized by 28 member nations globally for Information Security acquisition Datasphere Protection Common Criteria for Information Security Evaluation (CC)
13 Sanitization Standard Secure Data Disposal • NIST SP 800-88 (Federal) & ISO 27040 (International) define media sanitization • NIST SP 800-57 Defines Crypto Algorithm Longevity for erasure assurance. Trusted Data Disposal & Privacy NIST Special Pub 800-88 ISO 27040 NIST Special Pub 800-57
14 Trusted Life-Cycle Standards Trusted Life- Cycle • The Open Trusted Technology Provider Standard (O-TTPS) is now a sanctioned ISO Standard • Comprehensive Secure Technology Provider Standard • Sections for Secure Technology Development and Secure Supply Chain • The NIST Cybersecurity Framework Provides for common framework and language for managing Cyber Risk Authentic Security & Products Cybersecurity Framework ISO 20243 Trusted Tech Provider Standard
15 Product Cybersecurity Scope Mitigate Risk Policy-based compliance aligned to OTTPS, ISO and the NIST Cybersecurity Framework (CSF) Policies • Product Development Policy • Product Development 3rd Parties Maturity Staircase to Cybersecurity Compliance • Gap Analysis • Conformance • Certification Preparation • Certification Scalable to Trusted Product Lifecycle • Design, Source, Manufacture, Deliver, Service • Product Security Operations Center (PSOC) • Product Security Incident Response Team (PSIRT) Transparent Compliance and Incident Response Management Integrated Assurance Management
16 Product Security: Manage Risk Maturity Staircase Based Policy Compliance • Product Development Policy • Product Development 3rd Parties Identify Protect Detect Respond RecoverPolicies Gap Analysis Conformance Certification Preparation Certification Increasing Levels of Compliance Maturity
17 Product Security: Certification Trusted Product Life Cycle Certification ISO 20243 Certify Design Source Manufacture Deliver Service Identify Protect Detect Respond Recover
18 Certified Erase - Strong Data Protection Assurance NIST Special Pub 800-88 ISO 27040NIST Special Pub 800-57  Defines Strong Media Sanitization  Defines Security Requirements  Defines Erase Certificate. App. D Cryptographic Module Validation Program (CMVP) Cryptographic Algorithm Validation Program (CAVP)  Independent Lab Validation  Validates 800-88 Security Rqmts  Public Online Policy & Certificate Common Criteria for Information Security Evaluation (CC)  Independent Lab Validation  Validates 800-88 Data Erasure  Public Online Policy & Certificate EE – Encryption Engine Profile AA – Authorization Acquisition Profile  Essential & Certified By Design  Trusted Design & Life-cycle  Verifiable HW Roots of Trust ISO 20243 Trusted Tech Provider Standard
19 Summary Integrity Tainted Product Tampered Product Security Life-Cycle IP Leakage Over-privileged Access & Lack of Controls Confidentiality B2B Network Trust B2B Security Assurance Control / Detection Availability Secure Product Product Security Managed Risk in Digital Enterprises
20Seagate Confidential Thank You

Empfohlen

David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Spring boot-vault
Spring boot-vaultSpring boot-vault
Spring boot-vaultJan Dittberner
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenBitdefender Enterprise
 
PCI presentation
PCI presentationPCI presentation
PCI presentationMahmoud Salaheldin
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 

Empfohlen

David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Spring boot-vault
Spring boot-vaultSpring boot-vault
Spring boot-vaultJan Dittberner
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenBitdefender Enterprise
 
PCI presentation
PCI presentationPCI presentation
PCI presentationMahmoud Salaheldin
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
US Roadshow - Introduction to Bitdefender
US Roadshow - Introduction to BitdefenderUS Roadshow - Introduction to Bitdefender
US Roadshow - Introduction to BitdefenderBitdefender Enterprise
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIJavier Tallón
 
Open Source in Application Security
Open Source in Application SecurityOpen Source in Application Security
Open Source in Application SecurityBlack Duck by Synopsys
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter RiskNaut
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsKaspersky
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellNapier University
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
Ministry of Foreign Affairs
Ministry of Foreign AffairsMinistry of Foreign Affairs
Ministry of Foreign AffairsCisco Case Studies
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 

Weitere ähnliche Inhalte

Was ist angesagt?

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
US Roadshow - Introduction to Bitdefender
US Roadshow - Introduction to BitdefenderUS Roadshow - Introduction to Bitdefender
US Roadshow - Introduction to BitdefenderBitdefender Enterprise
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIJavier Tallón
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter RiskNaut
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsKaspersky
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellNapier University
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 

Was ist angesagt? (20)

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
US Roadshow - Introduction to Bitdefender
US Roadshow - Introduction to BitdefenderUS Roadshow - Introduction to Bitdefender
US Roadshow - Introduction to Bitdefender
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
 
Open Source in Application Security
Open Source in Application SecurityOpen Source in Application Security
Open Source in Application Security
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob Campbell
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide Deck
 
Ministry of Foreign Affairs
Ministry of Foreign AffairsMinistry of Foreign Affairs
Ministry of Foreign Affairs
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 

Ähnlich wie Standards for protection of data on storage device are emerging from both the US and EU

Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWithum
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
Endpoint Security for Mobile Devices
Endpoint Security for Mobile DevicesEndpoint Security for Mobile Devices
Endpoint Security for Mobile DevicesDavid Shepherd
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security processUlf Mattsson
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)GTS Learning, Inc.
 
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran GSTF
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Decision Matrix for IoT Product Development
Decision Matrix for IoT Product DevelopmentDecision Matrix for IoT Product Development
Decision Matrix for IoT Product DevelopmentAlexey Pyshkin
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 

Ähnlich wie Standards for protection of data on storage device are emerging from both the US and EU (20)

Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
Endpoint Security for Mobile Devices
Endpoint Security for Mobile DevicesEndpoint Security for Mobile Devices
Endpoint Security for Mobile Devices
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)
 
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Decision Matrix for IoT Product Development
Decision Matrix for IoT Product DevelopmentDecision Matrix for IoT Product Development
Decision Matrix for IoT Product Development
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 

Mehr von CMG - The Digital Transformation Association

Mehr von CMG - The Digital Transformation Association (12)

Bush tag seminar 06 mar12
Bush tag seminar 06 mar12Bush tag seminar 06 mar12
Bush tag seminar 06 mar12
 
Ken Wilson's HIT Leadership Summit Presentation
Ken Wilson's HIT Leadership Summit PresentationKen Wilson's HIT Leadership Summit Presentation
Ken Wilson's HIT Leadership Summit Presentation
 
Mark Dente's Presentation
Mark Dente's PresentationMark Dente's Presentation
Mark Dente's Presentation
 
Certificate Program in Leading Innovation and Growth
Certificate Program in Leading Innovation and GrowthCertificate Program in Leading Innovation and Growth
Certificate Program in Leading Innovation and Growth
 
Integrity Selling Notes
Integrity Selling NotesIntegrity Selling Notes
Integrity Selling Notes
 
The Use of Social Media, Transparency, and The Facebook Generation
The Use of Social Media, Transparency, and The Facebook GenerationThe Use of Social Media, Transparency, and The Facebook Generation
The Use of Social Media, Transparency, and The Facebook Generation
 
CertifiNOW Class Overview
CertifiNOW Class OverviewCertifiNOW Class Overview
CertifiNOW Class Overview
 
Integrity Selling Presentation
Integrity Selling PresentationIntegrity Selling Presentation
Integrity Selling Presentation
 
2011 03 24 tag health public policy presentation - copy
2011 03 24 tag health public policy presentation - copy2011 03 24 tag health public policy presentation - copy
2011 03 24 tag health public policy presentation - copy
 
Actionable Data for an Intelligent Health Delivery System
Actionable Data for an Intelligent Health Delivery SystemActionable Data for an Intelligent Health Delivery System
Actionable Data for an Intelligent Health Delivery System
 
Public Policy: Health Information Exchange (HIE) and Innovative Projects in G...
Public Policy: Health Information Exchange (HIE) and Innovative Projects in G...Public Policy: Health Information Exchange (HIE) and Innovative Projects in G...
Public Policy: Health Information Exchange (HIE) and Innovative Projects in G...
 
TAG Health January Presentation
TAG Health January PresentationTAG Health January Presentation
TAG Health January Presentation
 

Kürzlich hochgeladen

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Kürzlich hochgeladen (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Standards for protection of data on storage device are emerging from both the US and EU

  • 1. 11/24/18 MAXIMIZING DATA'S POTENTIAL 2019 March 14th MSPCMG Meeting Storage – The Final Frontier of Innovation Cybersecurity and Risk Management and World-wide Standards Henry Newman CTO Seagate Government Solutions hsn@seagategov.com
  • 2. 2 Agenda • Digital Disruption • Global Data Explosion • Market Transition to Security • Product Cybersecurity Scope • Security Certification and Standards • Manage / Mitigate Risks • Compliance and Certification Management • Product Security Operations • Summary
  • 3. 3 To understand where we are going, it’s important to understand how we got here.
  • 4. 4 Digital Disruption 1960 - 1970 Mainframe Centralized 1.0 1980 - 2000 Client-Server Distributed 2.0 2005 - 2020 Mobile-Cloud Centralized 3.0 2020 - Rise of the Edge Distributed END POINTS 10 million users 2 billion users 4.0 1+ trillion users 7 billion users
  • 5. 55 GLOBAL DATA EXPLOSION The IDC Data Age 2025 report predicts massive volumes of data creation and a convergence of every industry utilizing the value of data. 163ZB 5
  • 6. 6 Market Transition to Security is Occurring • Majority of data requires at least some form of protection • Actual amount of data protection falls far short • This gap presents an increasing industry need for security and privacy technologies, systems, and processes to address it • Substantial penalties for non- compliance Data created in 2025 that should be protected90% Amount that will actually be protected45% $7.9M* GDPR: 2-4% Annual Revenue • https://www.pcmag.com/news/362543/how-much-does-a-data-breach-cost • Average Cost of Data Breach in US from IBM and Ponemon study.
  • 7. 7 Lines of Protection Cybersecurity Scope Enterprise Cybersecurity Integrated Assurance Management
  • 8. 8 Enabling a Full Lifecycle Data Security Model Cybersecurity Scope Manage Risk
  • 9. 9 Security Certification and Standards Trusted Life-Cycle Security Algorithms Crypto Module Security Functionality Secure Data Disposal Trusted Data Erasure & Privacy Security By-Design Trusted Cryptography Authentic Security & Products Datasphere Protection
  • 10. 10 Security Algorithm Certifications Security Algorithms • Standard and Trusted Security Algorithms • Certifications of all algorithms o Data Encryption o Integrity & Signatures o Random # Generation o Key Derivation… • Required for FIPS 140-2 & Common Criteria Certs Cryptographic Algorithm Validation Program (CAVP) Trusted Cryptography
  • 11. 11 Security Module Certifications: FIPS 140-2 Crypto Module • Fundamental Security Certification • Evaluation by Independent Labs • Required for Information Security Products in Sensitive and Unclassified space in US & Canada • Value recognized in other geographies Security By- Design Cryptographic Module Validation Program (CMVP)
  • 12. 12 Security Module Certifications: Common Criteria (CC) Security Functionality • Security Use-Case (Protection Profile) Certification • Evaluation by Independent Labs • Certification recognized by 28 member nations globally for Information Security acquisition Datasphere Protection Common Criteria for Information Security Evaluation (CC)
  • 13. 13 Sanitization Standard Secure Data Disposal • NIST SP 800-88 (Federal) & ISO 27040 (International) define media sanitization • NIST SP 800-57 Defines Crypto Algorithm Longevity for erasure assurance. Trusted Data Disposal & Privacy NIST Special Pub 800-88 ISO 27040 NIST Special Pub 800-57
  • 14. 14 Trusted Life-Cycle Standards Trusted Life- Cycle • The Open Trusted Technology Provider Standard (O-TTPS) is now a sanctioned ISO Standard • Comprehensive Secure Technology Provider Standard • Sections for Secure Technology Development and Secure Supply Chain • The NIST Cybersecurity Framework Provides for common framework and language for managing Cyber Risk Authentic Security & Products Cybersecurity Framework ISO 20243 Trusted Tech Provider Standard
  • 15. 15 Product Cybersecurity Scope Mitigate Risk Policy-based compliance aligned to OTTPS, ISO and the NIST Cybersecurity Framework (CSF) Policies • Product Development Policy • Product Development 3rd Parties Maturity Staircase to Cybersecurity Compliance • Gap Analysis • Conformance • Certification Preparation • Certification Scalable to Trusted Product Lifecycle • Design, Source, Manufacture, Deliver, Service • Product Security Operations Center (PSOC) • Product Security Incident Response Team (PSIRT) Transparent Compliance and Incident Response Management Integrated Assurance Management
  • 16. 16 Product Security: Manage Risk Maturity Staircase Based Policy Compliance • Product Development Policy • Product Development 3rd Parties Identify Protect Detect Respond RecoverPolicies Gap Analysis Conformance Certification Preparation Certification Increasing Levels of Compliance Maturity
  • 17. 17 Product Security: Certification Trusted Product Life Cycle Certification ISO 20243 Certify Design Source Manufacture Deliver Service Identify Protect Detect Respond Recover
  • 18. 18 Certified Erase - Strong Data Protection Assurance NIST Special Pub 800-88 ISO 27040NIST Special Pub 800-57  Defines Strong Media Sanitization  Defines Security Requirements  Defines Erase Certificate. App. D Cryptographic Module Validation Program (CMVP) Cryptographic Algorithm Validation Program (CAVP)  Independent Lab Validation  Validates 800-88 Security Rqmts  Public Online Policy & Certificate Common Criteria for Information Security Evaluation (CC)  Independent Lab Validation  Validates 800-88 Data Erasure  Public Online Policy & Certificate EE – Encryption Engine Profile AA – Authorization Acquisition Profile  Essential & Certified By Design  Trusted Design & Life-cycle  Verifiable HW Roots of Trust ISO 20243 Trusted Tech Provider Standard
  • 19. 19 Summary Integrity Tainted Product Tampered Product Security Life-Cycle IP Leakage Over-privileged Access & Lack of Controls Confidentiality B2B Network Trust B2B Security Assurance Control / Detection Availability Secure Product Product Security Managed Risk in Digital Enterprises