Page 90 - Trust in ICT 2017
P. 90
1 Trust in ICT
(15) Manufacturers must publish and provide timely mechanisms for users to contact the company
regarding issues including but not limited to the loss of the device, device malfunction, account
compromise, etc.
(16) Manufacturers must provide a mechanism for the transfer of ownership including providing updates
for consumer notices and access to documentation and support.
(17) To avoid email frauds, configuration of all security and privacy related communications must adhere
to authentication protocols.
Industry standards include SPF, DKIM and DMARC are some of the technologies to avoid email fraud,
malicious emails and spear phishing exploits. Additionally organizations should consider STARTTLS
and opportunistic Transport Layered Security (TLS) for email to aid in securing communications and
enhancing the privacy and integrity of the message.
9.2.2 Activities in Trusted Computing Group (TCG) for Interoperable Trusted Computing Platforms
Introduction
This sub-section introduces the activities for interoperable trusted computing platforms by the Trusted
Computing Group (TCG).
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global
industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing
platforms.
TCG technologies do not provide an immediate solution to all IoT device and service security needs, but they
enable existing and new IoT solutions to be fundamentally far more robust than today’s state-of the art.
Solutions developed by TCG includes authentication, cloud security, data protection, IoT, mobile security and
end-to-end security. Similar to OTA, TCG has also focused on various solutions from existing security and
privacy issues while taking into account additional concepts of trust.
Activities relating to Trust
TCG has provided the following concepts for trust related terminologies in the architecture’s guide for cyber
security [110], [111].
• Trusted Network Connect (TNC)
TCG’s TNC network security architecture and open standards help businesses create and enforce
security policies as well as facilitating communication between security systems. Using TNC
standards, network managers gain better visibility into who and what is on their network, and
whether devices remain compliant with policies. More than two dozen vendors of commercial and
open source products support TNC standards in their products.
TCG’s TNC network security architecture and open standards enable intelligent policy decisions,
dynamic security enforcement, and communication between security systems. TNC standards
provide network and endpoint visibility, helping network managers know who and what is on their
network, and whether devices are compliant and secure. TNC standards also enable network-based
access control enforcement — granting or blocking access based on authentication, device
compliance, and user behavior — and security automation.
TNC provides security automation, Network Access Control (NAC), and interoperability in multi-
vendor environments. Products from over two dozen commercial and open source vendors support
and help implement TNC standards.
Expanded efforts for enterprise security have resulted in open specifications including the Interface
to a Metadata Access Point (IF-MAP). IF-MAP provides a standard way for information security
products to rapidly share and respond to information about a variety of security-related topics and
events.
82