加载中…

加载中...

个人资料
atsec_中国
atsec_中国 新浪机构认证
  • 博客等级:
  • 博客积分:0
  • 博客访问:15,990
  • 关注人气:9
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
访客
加载中…
好友
加载中…
评论
加载中…
留言
加载中…
分类
博文

Dear Community,

 


It is the second time that I have had the honor and pleasure to open the International Cryptographic Module Conference. This year is very special since it is the fifth anniversary of the conference.



I'd like to welcome you all with an image from the end of the 1st ICMC. Many of you may still remember that we used the flamingos to say 'Thank you,' in many different languages, for your participation.

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

Introduction

Over the past decades’cars have become one of the most complex IT systems. Today each new car has a large number of computer systems interconnected within the car over different bus systems. With the integration of additional assistance systems as required by semi-autonomous or fully autonomous (self driving) cars, the overall complexity of IT systems in the car will increase further as will the requirements for the ability of the car to communicate with cloud services, road-side infrastructure, and other cars.


Communication and its Security Problems&nb

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec


 At the end of October I was once again privileged to be able to  join ISO/IEC JTC 1/SC 27/WG 3 during the latest of their bi-annual working sessions held in April and October.

 Convened by Miguel Bañón, this working group is of particular interest to atsec since it includes work on the international standards and guidance documents relating to ISO/IEC 15408, ISO/IEC 19790 and other documents closely related to evaluation and testing and the provision of security assurance.

 I have w

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

From Monday, September 26th to Thursday, September 29th, 2016, the second annual 27K: The Security Summit for the Americas took place at the South San Francisco Conference Center in South San Francisco, California. The conference brought together experts in the ISO/IEC 27001 Information Security Management System (ISMS) standard along with people on the front lines of international IT security to promote the standard in the Western Hemisphere. See the 27K Summit website for full details on the conference.

Ryan Hill, Community Engagement Manager for
atsec information security manning their booth

The summit was atten

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 



atsec is pleased to announce that it has recently been accredited to work as a Common Criteria evaluation laboratory (LVS - Laboratori per la Valutazione della Sicurezza) under the Italian Common Criteria scheme.


OCSI - Organismo di Certificazione della Sicurezza Informatica, founded in 2004, is the Italian scheme which is a signatory to both the CCRA - Common Criteria Recognition Arrangement as well as SOGIS – the Senior Officials Group Information Systems Security.

This means that atsec’s Common Criteria customers have the opportunity to select from the US, Sw
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
作者:高向东

 

1 前言
按照PCI安全标准委员会(PCI SSC)(以下简称“标委会”)对于支付卡行业数据安全标准(以下简称“PCI DSS”)的更新周期以及伴随信息技术产业发展,在2016年4月正式发布了PCI DSS v3.2版本。作为周期性的新版本发布,该版本主要基于PCI DSS v3.1标准在使用过程中根据定期的社区会议所收集的各种信息反馈,对支付卡行业数据安全标准的要求进行完善,在本更新版本中并未产生重大的变化。PCI DSS标准主要是标委会针对持卡人数据环境可能存在的安全风险制定的一套覆盖数据安全各个方面的安全标准。


本文旨在通过新版本v3.2与旧版本v3.1之间差异变化的角度,对新版本所涉及的主要变化进行解读,使读者能较快地理解和掌握标准变更的主要方面。如需要了解所有的变更,感兴趣的读者可通过PCI标委会网站所提供的“ PCI_DSS_v3-2_Summary_of_Changes”以及“PCI_DSS_v3-2”的相应内容了解全部变更细节。

 

 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

2016428日,支付卡产业数据安全标准(PCI DSS: Payment Card Industry Data Security Standard)最新版本的标准v3.2正式由PCI安全标准委员会(

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

作者:陈雅彬、高向东(atsec中国)
2016年4月

本文为atsec和作者技术共享类文章,旨在共同探讨信息安全业界的相关话题。未经许可,任何单位及个人不得以任何方式或理由对本文的任何内容进行修改。转载请注明:atsec信息安全和作者名称

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
In 1990  ISO/IEC JTC 1 sub committee 27 was formed in order to deal with ICT security, Not long afterwards SC 27 initiated Working Group
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
For several years the value of conformance testing against the FIPS 140-2 specification has been well accepted, and the assurance gained through validated conformance has been specified (with varying degrees of rigor) in several other markets. For example:
  • Other governments that recognize the assurance provided. Most noteworthy is Canada, who partners with NIST in operating the CMVP as a joint endeavor between NIST and the Communications Security Establishment of Canada (CSEC). There are  examples of others, such as the Japan CMVP which is part of the  Information-technology Promotion Agency (IPA). They developed and operate a validation program (similar to that used in the US and Canada) in support of procurement in compliance with the Japanese Standards for Information Security Measures for the Central Government Computer Systems.
  • Several Common Criteria national schemes who may often draw fr
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
  

新浪BLOG意见反馈留言板 不良信息反馈 电话:4006900000 提示音后按1键(按当地市话标准计费) 欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

新浪公司 版权所有