|
De-perimeterisation
In information security, de-perimeterisation is the removal of a boundary between an organisation and the outside world. De-perimeterisation is protecting an organization's systems and data on multiple levels by using a mixture of encryption, secure computer protocols, secure computer systems and data-level authentication, rather than the reliance of an organization on its network boundary to the Internet. Successful implementation of a de-perimeterised strategy within an organization implies that the perimeter, or outer security boundary, was removed. Metaphorically, de-perimeterisation is similar to the historic dismantling of city walls to allow the free flow of goods and information. To achieve this there was a shift from city states to nation states and the creation of standing armies, so that city boundaries were extended to surround multiple cities. ''De-perimeterisation'' was coined by Jon Measham, a former employee of the UK's Royal Mail in a 2001 research paper, and sub ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Jericho Forum
The Jericho Forum was an international group working to define and promote de-perimeterisation. It was initiated by David Lacey from the Royal Mail, and grew out of a loose affiliation of interested corporate CISOs (Chief Information Security Officers), discussing the topic from the summer of 2003, after an initial meeting hosted by Cisco, but was officially founded in January 2004. It declared success, and merged with The Open Group industry consortium's Security Forum in 2014. The problem It was created because the founding members claimed that no one else was appropriately discussing the problems surrounding de-perimeterisation. They felt the need to create a forum to define and solve consistently such issues. One of the earlier outputs of the group is a position paper entitled thJericho Forum Commandmentswhich are a set of principles that describe how best to survive in a de-perimeterised world. Membership The Jericho Forum consisted of "user members" and "vendor members". Or ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Zero Trust Security Model
Zero trust architecture (ZTA) or perimeterless security is a design and implementation strategy of IT systems. The principle is that users and devices should not be trusted by default, even if they are connected to a privileged network such as a corporate LAN and even if they were previously verified. ZTA is implemented by establishing identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly-authorized resources. Most modern corporate networks consist of many interconnected zones, cloud services and infrastructure, connections to remote and mobile environments, and connections to non-conventional IT, such as IoT devices. The traditional approach by trusting users and devices within a notional "corporate perimeter" or via a VPN connection is commonly not sufficient in the complex environment of a corporate network. The zero trust approach advocates mutual authentication, including checking the identi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Collaboration Oriented Architecture
Collaboration Oriented Architecture (COA) is a computer system that is designed to collaborate, or use services, from systems that are outside of the operators control. Collaboration Oriented Architecture will often use Service Oriented Architecture to deliver the technical framework. Collaboration Oriented Architecture is the ability to collaborate between systems that are based on the Jericho Forum principles or "Commandments". Bill Gates and Craig Mundie (Microsoft) clearly articulated the need for people to work outside of their organizations in a secure and collaborative manner in their opening keynote to the RSA Security Conference in February 2007. Successful implementation of a Collaboration Oriented Architecture implies the ability to successfully inter-work securely over the Internet and will typically mean the resolution of the problems that come with de-perimeterisation. Etymology The term Collaboration Oriented Architectures was defined and developed in a mee ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information Security
Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, Data breach, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible (e.g., Document, paperwork), or intangible (e.g., knowledge). Information security's primary focus is the balanced protection of data confidentiality, data integrity, integrity, and data availability, availability (also known as the 'CIA' triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process. To stand ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Encryption
In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a pseudo-random encryption Key (cryptography), key generated by an algorithm. It is possible to decrypt the message without possessing the key but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Royal Mail
Royal Mail Group Limited, trading as Royal Mail, is a British postal service and courier company. It is owned by International Distribution Services. It operates the brands Royal Mail (letters and parcels) and Parcelforce Worldwide (parcels). Formed in 2001, the company used the name Consignia for a brief period but changed it soon afterwards. Prior to this date, Royal Mail and Parcelforce were (along with Post Office Counters Ltd) part of the Post Office, a UK state-owned enterprise the history of which is summarised below. Long before it came to be a company name, the 'Royal Mail' brand had been used by the General Post Office to identify its distribution network (which over the centuries included horse-drawn mail coaches, horse carts and hand carts, ships, trains, vans, motorcycle combinations and aircraft). The company provides mail collection and delivery services throughout the UK. Letters and parcels are deposited in post or parcel boxes, or are collected in bul ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cloud Computing
Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to International Organization for Standardization, ISO. Essential characteristics In 2011, the National Institute of Standards and Technology (NIST) identified five "essential characteristics" for cloud systems. Below are the exact definitions according to NIST: * On-demand self-service: "A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider." * Broad network access: "Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations)." * Pooling (resource management), Resource pooling: " The provider' ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
