Page 90 - Trust in ICT 2017
P. 90

1                                                    Trust in ICT


            (15)    Manufacturers must  publish  and  provide  timely  mechanisms  for  users  to  contact  the  company
                    regarding issues including but not limited to the loss of the device, device malfunction, account
                    compromise, etc.
            (16)    Manufacturers must provide a mechanism for the transfer of ownership including providing updates
                    for consumer notices and access to documentation and support.
            (17)    To avoid email frauds, configuration of all security and privacy related communications must adhere
                    to authentication protocols.

                    Industry standards include SPF, DKIM and DMARC are some of the technologies to avoid email fraud,
                    malicious emails and spear phishing exploits. Additionally organizations should consider STARTTLS
                    and opportunistic Transport Layered Security (TLS) for email to aid in securing communications and
                    enhancing the privacy and integrity of the message.
            9.2.2   Activities in Trusted Computing Group (TCG) for Interoperable Trusted Computing Platforms

            Introduction
            This  sub-section  introduces  the  activities  for  interoperable  trusted  computing  platforms  by  the  Trusted
            Computing Group (TCG).

            TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global
            industry  standards,  supportive  of  a  hardware-based  root  of  trust,  for  interoperable  trusted  computing
            platforms.
            TCG technologies do not provide an immediate solution to all IoT device and service security needs, but they
            enable existing and new IoT solutions to be fundamentally far more robust than today’s state-of the art.
            Solutions developed by TCG includes authentication, cloud security, data protection, IoT, mobile security and
            end-to-end security. Similar to OTA, TCG has also focused on various solutions from existing security and
            privacy issues while taking into account additional concepts of trust.

            Activities relating to Trust
            TCG has provided the following concepts for trust related terminologies in the architecture’s guide for cyber
            security [110], [111].
            •       Trusted Network Connect (TNC)
                    TCG’s TNC network security architecture and open standards help businesses create and enforce
                    security  policies  as  well  as  facilitating  communication  between  security  systems.  Using  TNC
                    standards,  network  managers  gain  better visibility  into  who  and what  is on  their  network,  and
                    whether devices remain compliant with policies. More than two dozen vendors of commercial and
                    open source products support TNC standards in their products.
                    TCG’s TNC network security architecture and open standards enable intelligent policy decisions,
                    dynamic  security  enforcement,  and  communication  between  security  systems.  TNC  standards
                    provide network and endpoint visibility, helping network managers know who and what is on their
                    network, and whether devices are compliant and secure. TNC standards also enable network-based
                    access  control  enforcement  —  granting  or  blocking  access  based  on  authentication,  device
                    compliance, and user behavior — and security automation.
                    TNC provides security automation, Network Access Control (NAC), and interoperability in multi-
                    vendor environments. Products from over two dozen commercial and open source vendors support
                    and help implement TNC standards.
                    Expanded efforts for enterprise security have resulted in open specifications including the Interface
                    to a Metadata Access Point (IF-MAP). IF-MAP provides a standard way for information security
                    products to rapidly share and respond to information about a variety of security-related topics and
                    events.






            82
   85   86   87   88   89   90   91   92   93   94   95