Date post: | 29-May-2018 |
Category: |
Documents |
Upload: | otty-naveen-rao |
View: | 224 times |
Download: | 0 times |
of 15
8/9/2019 Smart Cards and the Bigger Picture
1/15
Fiona Pattinson CISSP, CSDP, CQA
Security Assurance:
Smart Cardsand the
Bigger Picture
CT/ST Washington, DC - April 2004
8/9/2019 Smart Cards and the Bigger Picture
2/15
2004 phi solutions
The Problem
How to address security assurance in acomplex system with many components?
MicroSmart Card is a composite product:
I.C., Operating System, Platform, Application
Macro
Smart Card is a component in a system:Card, on-card application, reader, middleware, host software,issuance, network, PKI, biometrics, privacy
8/9/2019 Smart Cards and the Bigger Picture
3/15
2004 phi solutions
8/9/2019 Smart Cards and the Bigger Picture
4/15
2004 phi solutions
8/9/2019 Smart Cards and the Bigger Picture
5/15
8/9/2019 Smart Cards and the Bigger Picture
6/15
2004 phi solutions
Quality Factors - Software
McCall, Richards and Walters (1997)
8/9/2019 Smart Cards and the Bigger Picture
7/15
2004 phi solutions
A Quality View
Assurance gained by
Risk Management
An Information
Security Management
System
A Quality Management
System
8/9/2019 Smart Cards and the Bigger Picture
8/15
2004 phi solutions
ISO 9001
ISO/IEC 9001 a basic quality managementframework for an organization. 2000 version isprocess based, can host specialist models suchas
SoftwareISO/IEC 12207: Software Lifecycle processes
SEI CMMs : Software Maturity
SSE CMM / IA CMM : Software Security engineering
Agile : Software Development Methodologies
ManufacturingJIT / Cellular / Kan Ban / Taguchi
MasterCard, VISA, GSM manufacturing / Persorequirements
8/9/2019 Smart Cards and the Bigger Picture
9/15
2004 phi solutions
BS 7799-2
BS 7799-2 provides a basic information securitymanagement framework for an organization.
2000 version is process based, can supportframeworks such as
ISO/IEC 15408 / Common Criteria
SSE CMM / IA CMM : Software Security engineering
CobIT Assessments
Support Corporate Governance requirements(Sarbanes Oxley)
ISO 17799: Security for Information SystemsMasterCard, VISA, GSM manufacturing / Persorequirements
Privacy , HIPAA , GLB
8/9/2019 Smart Cards and the Bigger Picture
10/15
2004 phi solutions
Risk: Levels of Abstraction
Risks in Society
Organizational Risk
Project Risk
Insurance Industry
Homeland SecurityCorporate Governance
PoliticalLegal
Finance
Cost
Time
Scope
Quality
Reliability
Liability
Product orService Risk
System Risk
Legislation
Privacy
Integrity
8/9/2019 Smart Cards and the Bigger Picture
11/15
8/9/2019 Smart Cards and the Bigger Picture
12/15
2004 phi solutions
Integrated Management Systems
8/9/2019 Smart Cards and the Bigger Picture
13/15
2004 phi solutions
Conclusion
These techniques can facilitate addressing the
complex security assurance needs in the
bigger picture of the smart card industry.
Need to address assurance at EVERY Step and
industry interfaces.
Take a holistic view quality factors!
Emphasize and understand risk managementUse QMS / ISMS certs as baseline assurance
Use integration techniques to create efficiency.
8/9/2019 Smart Cards and the Bigger Picture
14/15
2004 phi solutions
Discover more about
Information Security Management Systems
Join the US Chapter
ISMS International User Group
WWW.US-ISMS.ORG
Membership is free!
8/9/2019 Smart Cards and the Bigger Picture
15/15
2004 phi solutions
Fiona.Pattinson @ phi-solutions.com
www.phi-solutions.com
+1 512 825 3083