: Norbert Pohlmann, Wolfgang Schneider, Helmut Reimer
: Norbert Pohlmann, Helmut Reimer, Wolfgang Schneider
: ISSE/SECURE 2007 Securing Electronic Business Processes Highlights of the Information Security Solutions Europe/SECURE 2007 Conference
: Vieweg+Teubner (GWV)
: 9783834894182
: 1
: CHF 47.50
:
: Informatik
: English
: 446
: Wasserzeichen/DRM
: PC/MAC/eReader/Tablet
: PDF
This book presents the most interesting talks given at ISSE/SECURE 2007 - the forum for the interdisciplinary discussion of how to adequately secure electronic business processes.
The topics include: Identity Management, Information Security Management - PKI-Solutions, Economics of IT-Security - Smart Tokens, eID Cards, Infrastructure Solutions - Critical Information Infrastructure Protection, Data Protection, Legal Aspects.
Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE/SECURE 2007.

Prof. Dr. Norbert Pohlmann is Professor for System and Information Security at the University of Applied Sciences in Gelsenkirchen, Germany.
Prof. Dr. Helmut Reimer is Senior Partner, TeleTrusT, Germany.
Dipl.-Math. Wolfgang Schneider is Deputy Institute Director, Fraunhofer Institute SIT, Germany.
Infrastructure for Identification and Identity Documents (S. 405-406)

Walter Landvogt
Bundesdruckerei GmbH
Systems House Solution Development
landvogt@bdr.deAbstract
The introduction of the new German biometric passport on 1st - quirements for the technical systems at the local passport authorities and the computing departments of the city administration. The capturing of biometric information and the process of assuring the usability of biometric data for the biometric information to the central production facilities of Bundesdruckerei. The identity document application process and the common level of security for the technical environment. However, the local administration bears responsibility for the concrete organization of the process and the kind and type of technical system.

1 Passport ,officies Germany

From a total of 12.400 communities in Germany about 5.300 provide local administration services which run necessary local infrastructural tasks and services for the citizens. Smaller communities in the the administration of the registration data and the enrolment and issuing of passports and identity documents. The two services a closely related, since they are typically based on a single software system that manages the registration database as well as the passport and identity document database. To provide a documents may be applied for and will be delivered to the applicant.

As the local administrations have to bear the cost of purchasing and maintenance for the technical equipment they make their own decision for a software product for registration and passport purposes and for wide range of different requirements concerning the performance of the software for registration and passport enrolment have led to a wide variety of systems and architectures in use.

2 The Application Process

Passports and identity documents are being manufactured at the central high security production facili- application records to the production server. Whereas in the past the passport data records had been mailed on paper formulas to Bundesdruckerei with the introduction of the biometric passport a change has taken place. Nowadays the electronic application process has become standard since the software systems being used at the local authorities have integrated standard software modules for the necessary digitalisation process for portrait photo and the applicant’s signature. By 1st of November 2007 the - gerprints and the digital acquisition of the based way to deliver the biometric information to the passport production.

2.1 Registration ,and Passport Application Software and Biometric Modules

Since the introduction of the new passport the software products were adapted to the new demands. At states each software product had a regional focus. Even more, administration software often had been developed an operated by computing centres, which were part of the state administration and designed business processes to the needs of their regional customers. Thus infrastructures can be found, where the the registration application.

On the other hand personnel computer based registration applications were The passport and identity document application process is above the registration data. For the application process a record set from the registration database is being taken and enriched by passport or - tration software the mandatory digital application process and the acquisition of the increase the requirement to handle multimedia data formats: video streams are transmitted from the multimedia data was not very common for administration software and the software systems and databases were not prepared for managing it.
Contents6
Preface12
About this Book14
Welcome16
Microsoft: A Trustworthy Vision for Computing18
Legal, Technical and Social Aspects of Security20
Regulating Information Security: A Matter of Principle?22
Abstract22
1 Introduction22
2 Working with rules22
3 Making rules25
4 Information security: to serve and protect?27
5 What’s law got to do with it?28
6 A Working Group29
7 Regulatory Principles30
8 Conclusions35
References35
ISTPA Operational Analysis of International Privacy Requirements37
1 Introduction and Background37
1.1 The ISTPA Privacy Framework37
1.2 Drivers for Framework Analysis and Revision40
2 The Analysis of Privacy Principles40
2.1 Overview40
2.2 Selected International Laws and Directives41
2.3 Study Methodology and Key Findings42
2.4 Illustration of Sub-Components 42
2.5 Additional Findings and Observations43
3 Conclusion and Next Steps for Using the Analysis44
The Legal Conflict between Security and Privacy in Addressing Crime and Terrorism on the Internet45
1 Introduction45
2 A brief summary of the evolution of Internet laws in addressing crime and terrorism46
2.1 Introduction 46
2.2 The origin of the Internet and the impact and consequences of the commercialization of the Internet47
2.3 The phases of evolution of Internet legal regulation47
2.4 The ‘driving force’ behind the evolution of Internet legal regulation49
3 Privacy and security on the Internet50
3.1 Introduction50
3.2 The European Union and United States of America’s approach to Internet privacy and security52
3.3 Effect of Internet state control of information on Internet 3.3 privacy and security54
4 Conclusion54
References55
Data Encryption on File Servers57
1 Introduction57
2 Why Encrypt Files on Central File Servers?57
3 Possible Solutions59
4 Microsoft Encrypting File System59
4.1 EFS Principles59
4.1.1 EFS Certificates60
4.1.2 User Profiles60
4.1.3 File Sharing60
4.2 General EFS Recommendations61
5 Decru DataFort61
5.1 Storage Encryption Processor61
5.2 Cryptainer™ Storage Vaults62
5.3 Levels of Virtualization62
5.4 Clustering63
6 Utimaco SafeGuard LAN Crypt63
6.1 SafeGuard LAN Crypt Main Features63
6.2 Keys and Algorithms64
6.3 Encryption Rules65
6.4 Transparent encryption66
6.5 Encryption Profiles66
7 Different Solution Approaches66
7.1 Database encryption66
7.2 Enterprise Rights Management66
7.3 SAN encryption67
8 Conclusion67
Setting up an Effective Information Security Awareness Programme68
1 Introduction68
2 Organising an effective security awareness programme69
3 Organising an awareness programme in practice72
3.1 Defining objective and scope72
3.2 Setting up the project plan 73
3.3 Obtaining senior management commitment73
3.4 Preparing the deliverables74
3.5 Program roll-out 74
3.6 Tracking the programme and its effectiveness76
3.7 Results76
4 Conclusion77
References77
Saferinternet.pl Project – Educational Activities for Internet Safety in Poland78
1 I