logging in or signing up Luoti programme pilot case experiences Pumbaa Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 179 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript LUOTI programme Programme & Pilot case experiences LUOTI is The Finnish Ministry of Transport and Communications’ Development Programme on Trust and Information Security in Electronic Services November 23rd, 2006 IST 2006, Bringing Together the European Stakeholders for Secure Service and Software Engineering: LUOTI programme Programme & Pilot case experiences LUOTI is The Finnish Ministry of Transport and Communications’ Development Programme on Trust and Information Security in Electronic Services November 23rd, 2006 IST 2006, Bringing Together the European Stakeholders for Secure Service and Software EngineeringSlide2: LUOTI Programme in brief Pilot case examples Findings and coclusions II III IFrom where does the programme get the roots?: From where does the programme get the roots?Digital services are going towards multichannel environment...: Digital services are going towards multichannel environment......which will bring a large amount of new challenges to service development: ...which will bring a large amount of new challenges to service development The amount of terminals is growing End users are adopting the technologies The needs of end users are diversifying The amount of content and service producers is growing Value networks are changing Sizes of companies varies; level of skills are diversifying The role of information security in service development is in transition stage: The role of information security in service development is in transition stage Digital convergence brings challenges to information security Security and trust issues are reaching the business agenda The need of information security expertise is growing Responsibilities are transfered from one player to another Companies are requiring more proactivity to manage threats Late reaction leads to growing amount of expenses Security issues are no longer left only to security experts Several factors create challenges to service development:One way of describing transition - ”transition from reactive to proactive service engineering”: One way of describing transition - ”transition from reactive to proactive service engineering” ”The traditional way” to handle security and trust issues in the service development process The importance grows when the process progress The objective for the role of handling security and trust issues in the service engineeringSlide8: What is LUOTI programme ?LUOTI programme: LUOTI programme LUOTI – A Development Programme on Trust and Information Security in Electronic Services for 2005 to 2006. A programme of the Finnish Ministry of Transport and Communications. One of the actions in the National Information Security Strategy in Finland. Aims to promote information security in new multi-channel services by offering expertise into the projects. One of the main objective is to increase end-users confidence towards new electronic services. Works in co-operation with media companies, other content providers, service and network operators, information security sector, research institutes, universities, authorities and legislators.Companies and public organisations that have been involved in the activities of the programme: Companies and public organisations that have been involved in the activities of the programmeSlide11: LUOTI Programme in brief Pilot case examples Findings and coclusions II III ILUOTI provided information security experts to the programme’s pilot projects: LUOTI provided information security experts to the programme’s pilot projects Security expert offered by the LUOTI programme to the selected pilot project. To make risk analysis, to define information security requirements, to make a plan how to handle security issues. Security expert act as a consultant whose role is to make sure that all the actors cover their role concerning the trust and security issues. Security audit before the implementation phase to realize how well the original security plan has been implemented and to recover possible other vulnerabilities. CASE DESCRIPTION P R O J E C T P R O G R A M M E WORKSHOP FINAL REPORT Build a case description to LUOTI programme stakeholders. Possibility to acid test the plan with other security experts who are participating the programme’s pool of experts. Pilot case workshop where security experts are going through the findings and the overall process. The Pilot cases of LUOTI Programme in 2005 and 2006: The Pilot cases of LUOTI Programme in 2005 and 2006 The INDICA2 project of operator Elisa investigated the IP Datacasting Value Chain. In the project a distribution platform for cross-media content has been developed by using DVB-H standard broadcast network as the distribution channel and existing mobile networks as the return channel. Security specialists from KPMG. Habbo Web project’s aim was to develop website around the Habbo Hotel game client to enhance the total Habbo experience by removing some elements currently imbedded in the game client and bringing them to the website (registration, user authentication, buying, etc.). Security specialist from Nixu. Accidental Lovers, a project of the Universtity of Art and Design Helsinki, is a hybrid of mobile phone chat and black comedy series for television and broadband media. Viewer can effect the unfolding drama, its turns and outcomes of the plot, by sending mobile messages to a system that triggers on-screen events based on the keyword recognition. Security specialists from Tietoenator. Interactive digital services in the day care centers is a pilot project of Forum Virium Helsinki implemented together with City of Helsinki, HP, Futurice and Fromdistance. The aim is to offer a service platform to day care centers in order to improve interactivity and communication between the centers and parents. Security Specialists from TietoEnator. Traffic information platform is a project of Finnish Road Enterprise (FRE) and WM-Data. FRE and WM-Data are developing real time information content platform to be used by traffic information service providers. Traffic information platform is collecting information of good quality (covering Finland) using information delivery contracts and information source interfaces both public and private data warehouses and by using automated processes and interactive services. Security specialists from KPMG. Photo source: FRE FINISHED ON GOINGExamples of trust and security questions and challenges in the pilot projects: Examples of trust and security questions and challenges in the pilot projects Identification and authentication issues Secured billing Ensuring usability Denial-of-service attacks Phishing Distribution mechanisms Reliance of interactive services Securing production environment Securing content and user information Information integrity and reliability Secured information transfer interfaces Slide15: LUOTI Programme in brief Pilot case examples Findings and coclusions II III IProactive approach in the service development process prevents threats: Proactive approach in the service development process prevents threats Risk analysis done in the early phase of the service development process helps project workers in planning and implementation of the service. Most of the security threats requires activities already in the initial phases of the development process. More versatile expertise on security issues is needed when the development environment gets more complex (multi-channel, network of actors etc.). Openness, transparency, clear roles and responsibilities in the development community are key issues in building trust and security of the services. Planning should be focused on a) how to manage risks, b) how to manage the service life cycleCase conclusions: Pilot cases validate many prevailing assumptions: Case conclusions: Pilot cases validate many prevailing assumptions Business processes and use case descriptions act as a good basis for evaluating the security risks. Service developers and providers can affect usability issues and functionality of business models through risk assessments. Pilot case companies evaluated that they can better manage and even save costs by focusing on trust and security issues in the early phases of the development process. By taking the development partners earlier into the process it is possible to clarify the roles and agree on the responsibilities.The Traditional Way – Transfering responsibilities in the value chain: The Traditional Way – Transfering responsibilities in the value chain ”After you, Sir”Way to build trust and security in the network by sharing responsibilities : Way to build trust and security in the network by sharing responsibilities ”Join the Team”Programme conclusions: Open network approach is one way to build trust and security: Programme conclusions: Open network approach is one way to build trust and security Transfering responsibility Protect own boundaries Late and slow reaction on problems Growing expenses on late reaction Sharing responsibility Open and transparent way of working Proactive and faster reaction on problems Saving costs due to proactivityContact information: Contact information www.luoti.fi/en/ Programme Coordinator, Kimmo Lehtosalo Email: kimmo.lehtosalo@eera.fi Tel: +358 (0)201 588 631Appendixes: Appendixes Pilot case descriptionsINDICA2 LUOTI pilot project 2005: INDICA2 LUOTI pilot project 2005 The INDICA2 project of operator Elisa Corporation investigates the IP Datacasting Value Chain. In the project a distribution platform for cross-media content has been developed. Aims to develop IP Datacast (IPDC) based content services through value chain co-operation and to prepare for emerging business in this area. Using IPDC technology it will be possible to broadcast television type content to users of mobile media devices. A DVB-H standard broadcast network is used as the distribution channel and existing mobile networks provide the return channel. Developing and managing content, network, and return channel functions for IPDC will create numerous business opportunities, even though the roles of the players still are being defined. In INDICA2 an operator and a broadcaster are developing a cross-media distribution platform for visual radio type of content. The role of information security in the project: Identification and authentication issues, secured billing, DRM, user information. Participants: Operator, BroadcasterHabbo web LUOTI pilot project 2005: Habbo web LUOTI pilot project 2005 Aim is to develop website around the Habbo Hotel game client to enhance the total Habbo experience by removing some elements currently imbedded in game client and bring them to the website (registration, user authentication, buying, etc.) adding web-game interaction from current level adding new web-based services (e.g. web radio, user blogs/diaries, mini flash games) Habbo.com project scope covers both pure online/PC products as well as Sulake company’s wireless/digital products adding to or gaining from online experience As a project deliverable Sulake should have a web framework and service that is scalable, safe (for the users and the company), of high usability. The role of information security in the project: Authentication issues, securing user information, secured billing, usability issues, DoS, phishing. Participants: Online Game Company, Solution Provider Accidental Lovers LUOTI pilot project 2005: Accidental Lovers LUOTI pilot project 2005 Accidental Lovers is a hybrid of mobile phone / PDA messaging chat and black comedy series for television and broadband media. A participatory black comedy about love, introduces a new interactive format and genre for television. Viewer can effect the unfolding drama, its turns and outcomes of the plot, by sending mobile messages to a system that triggers on-screen events based on the keyword recognition. The system responds immediately by audio dialogue of the characters and indirectly through consequential thematic changes on the video images and scenes. A part of the EU's New Media for New Millennium (NM2) IST practice-based R&D project running September 2004 - 2007. The role of information security in the project: DRM, usability, secured billing, distribution mechanisms, securing user information, reliance of interactive services, securing production environment. Participants: Producer (Crucible Studio in Media Centre Lume and Media Lab, University of Art and Design Helsinki), Broadcasters, Operators, Technology providers Interactive digital services in day care centers LUOTI pilot project 2006: Interactive digital services in day care centers LUOTI pilot project 2006 Interactive digital services in day care centers is a pilot project of Forum Virium Helsinki (FVH) to be implemented together with City of Helsinki, Hewlett-Packard, Futurice and Fromdistance. The aim is to offer a service platform to day care centers in order to improve interactivity and communication between the centers and parents. Forum Virium Helsinki together with its partners has developed a new photo and video diary service for day care centres. The day care centres photograph and videotape happenings during the day and send them to secured web site for parents to see. The service was introduced experimentally in May in four day care centres in the Helsinki Metropolitan Area, with promising results. The results of this pilot project will be utilised in developing business and service concept and similar kind of services into different environments and to be used by different commmunities. The role of information security in the project: Identification and authentication issues, securing content and user information. Participants: Service developer, service provider, technology provider Traffic information platform LUOTI pilot project 2006: Traffic information platform is a project of Finnish Road Enterprise (FRE) and WM-Data. FRE and WM-Data are developing real time information content platform to be used by traffic information service providers. Content platform enables customized, quality secured and 24/7 operated distribution of traffic information for service providers. Service providers that are using traffic information platform can deliver real time traffic information to end-users’ (e.g. motorists) mobile and web devices. Traffic information platform is collecting information of good quality (covering Finland) using information delivery contracts and information source interfaces both public and private data warehouses and by using automated processes and interactive services. The role of information security in the project: Information integrity and reliability, secured information transfer interfaces. Participants: Service provider, integrator Traffic information platform LUOTI pilot project 2006 Source: Finnish Road Enterprise You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Luoti programme pilot case experiences Pumbaa Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 179 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript LUOTI programme Programme & Pilot case experiences LUOTI is The Finnish Ministry of Transport and Communications’ Development Programme on Trust and Information Security in Electronic Services November 23rd, 2006 IST 2006, Bringing Together the European Stakeholders for Secure Service and Software Engineering: LUOTI programme Programme & Pilot case experiences LUOTI is The Finnish Ministry of Transport and Communications’ Development Programme on Trust and Information Security in Electronic Services November 23rd, 2006 IST 2006, Bringing Together the European Stakeholders for Secure Service and Software EngineeringSlide2: LUOTI Programme in brief Pilot case examples Findings and coclusions II III IFrom where does the programme get the roots?: From where does the programme get the roots?Digital services are going towards multichannel environment...: Digital services are going towards multichannel environment......which will bring a large amount of new challenges to service development: ...which will bring a large amount of new challenges to service development The amount of terminals is growing End users are adopting the technologies The needs of end users are diversifying The amount of content and service producers is growing Value networks are changing Sizes of companies varies; level of skills are diversifying The role of information security in service development is in transition stage: The role of information security in service development is in transition stage Digital convergence brings challenges to information security Security and trust issues are reaching the business agenda The need of information security expertise is growing Responsibilities are transfered from one player to another Companies are requiring more proactivity to manage threats Late reaction leads to growing amount of expenses Security issues are no longer left only to security experts Several factors create challenges to service development:One way of describing transition - ”transition from reactive to proactive service engineering”: One way of describing transition - ”transition from reactive to proactive service engineering” ”The traditional way” to handle security and trust issues in the service development process The importance grows when the process progress The objective for the role of handling security and trust issues in the service engineeringSlide8: What is LUOTI programme ?LUOTI programme: LUOTI programme LUOTI – A Development Programme on Trust and Information Security in Electronic Services for 2005 to 2006. A programme of the Finnish Ministry of Transport and Communications. One of the actions in the National Information Security Strategy in Finland. Aims to promote information security in new multi-channel services by offering expertise into the projects. One of the main objective is to increase end-users confidence towards new electronic services. Works in co-operation with media companies, other content providers, service and network operators, information security sector, research institutes, universities, authorities and legislators.Companies and public organisations that have been involved in the activities of the programme: Companies and public organisations that have been involved in the activities of the programmeSlide11: LUOTI Programme in brief Pilot case examples Findings and coclusions II III ILUOTI provided information security experts to the programme’s pilot projects: LUOTI provided information security experts to the programme’s pilot projects Security expert offered by the LUOTI programme to the selected pilot project. To make risk analysis, to define information security requirements, to make a plan how to handle security issues. Security expert act as a consultant whose role is to make sure that all the actors cover their role concerning the trust and security issues. Security audit before the implementation phase to realize how well the original security plan has been implemented and to recover possible other vulnerabilities. CASE DESCRIPTION P R O J E C T P R O G R A M M E WORKSHOP FINAL REPORT Build a case description to LUOTI programme stakeholders. Possibility to acid test the plan with other security experts who are participating the programme’s pool of experts. Pilot case workshop where security experts are going through the findings and the overall process. The Pilot cases of LUOTI Programme in 2005 and 2006: The Pilot cases of LUOTI Programme in 2005 and 2006 The INDICA2 project of operator Elisa investigated the IP Datacasting Value Chain. In the project a distribution platform for cross-media content has been developed by using DVB-H standard broadcast network as the distribution channel and existing mobile networks as the return channel. Security specialists from KPMG. Habbo Web project’s aim was to develop website around the Habbo Hotel game client to enhance the total Habbo experience by removing some elements currently imbedded in the game client and bringing them to the website (registration, user authentication, buying, etc.). Security specialist from Nixu. Accidental Lovers, a project of the Universtity of Art and Design Helsinki, is a hybrid of mobile phone chat and black comedy series for television and broadband media. Viewer can effect the unfolding drama, its turns and outcomes of the plot, by sending mobile messages to a system that triggers on-screen events based on the keyword recognition. Security specialists from Tietoenator. Interactive digital services in the day care centers is a pilot project of Forum Virium Helsinki implemented together with City of Helsinki, HP, Futurice and Fromdistance. The aim is to offer a service platform to day care centers in order to improve interactivity and communication between the centers and parents. Security Specialists from TietoEnator. Traffic information platform is a project of Finnish Road Enterprise (FRE) and WM-Data. FRE and WM-Data are developing real time information content platform to be used by traffic information service providers. Traffic information platform is collecting information of good quality (covering Finland) using information delivery contracts and information source interfaces both public and private data warehouses and by using automated processes and interactive services. Security specialists from KPMG. Photo source: FRE FINISHED ON GOINGExamples of trust and security questions and challenges in the pilot projects: Examples of trust and security questions and challenges in the pilot projects Identification and authentication issues Secured billing Ensuring usability Denial-of-service attacks Phishing Distribution mechanisms Reliance of interactive services Securing production environment Securing content and user information Information integrity and reliability Secured information transfer interfaces Slide15: LUOTI Programme in brief Pilot case examples Findings and coclusions II III IProactive approach in the service development process prevents threats: Proactive approach in the service development process prevents threats Risk analysis done in the early phase of the service development process helps project workers in planning and implementation of the service. Most of the security threats requires activities already in the initial phases of the development process. More versatile expertise on security issues is needed when the development environment gets more complex (multi-channel, network of actors etc.). Openness, transparency, clear roles and responsibilities in the development community are key issues in building trust and security of the services. Planning should be focused on a) how to manage risks, b) how to manage the service life cycleCase conclusions: Pilot cases validate many prevailing assumptions: Case conclusions: Pilot cases validate many prevailing assumptions Business processes and use case descriptions act as a good basis for evaluating the security risks. Service developers and providers can affect usability issues and functionality of business models through risk assessments. Pilot case companies evaluated that they can better manage and even save costs by focusing on trust and security issues in the early phases of the development process. By taking the development partners earlier into the process it is possible to clarify the roles and agree on the responsibilities.The Traditional Way – Transfering responsibilities in the value chain: The Traditional Way – Transfering responsibilities in the value chain ”After you, Sir”Way to build trust and security in the network by sharing responsibilities : Way to build trust and security in the network by sharing responsibilities ”Join the Team”Programme conclusions: Open network approach is one way to build trust and security: Programme conclusions: Open network approach is one way to build trust and security Transfering responsibility Protect own boundaries Late and slow reaction on problems Growing expenses on late reaction Sharing responsibility Open and transparent way of working Proactive and faster reaction on problems Saving costs due to proactivityContact information: Contact information www.luoti.fi/en/ Programme Coordinator, Kimmo Lehtosalo Email: kimmo.lehtosalo@eera.fi Tel: +358 (0)201 588 631Appendixes: Appendixes Pilot case descriptionsINDICA2 LUOTI pilot project 2005: INDICA2 LUOTI pilot project 2005 The INDICA2 project of operator Elisa Corporation investigates the IP Datacasting Value Chain. In the project a distribution platform for cross-media content has been developed. Aims to develop IP Datacast (IPDC) based content services through value chain co-operation and to prepare for emerging business in this area. Using IPDC technology it will be possible to broadcast television type content to users of mobile media devices. A DVB-H standard broadcast network is used as the distribution channel and existing mobile networks provide the return channel. Developing and managing content, network, and return channel functions for IPDC will create numerous business opportunities, even though the roles of the players still are being defined. In INDICA2 an operator and a broadcaster are developing a cross-media distribution platform for visual radio type of content. The role of information security in the project: Identification and authentication issues, secured billing, DRM, user information. Participants: Operator, BroadcasterHabbo web LUOTI pilot project 2005: Habbo web LUOTI pilot project 2005 Aim is to develop website around the Habbo Hotel game client to enhance the total Habbo experience by removing some elements currently imbedded in game client and bring them to the website (registration, user authentication, buying, etc.) adding web-game interaction from current level adding new web-based services (e.g. web radio, user blogs/diaries, mini flash games) Habbo.com project scope covers both pure online/PC products as well as Sulake company’s wireless/digital products adding to or gaining from online experience As a project deliverable Sulake should have a web framework and service that is scalable, safe (for the users and the company), of high usability. The role of information security in the project: Authentication issues, securing user information, secured billing, usability issues, DoS, phishing. Participants: Online Game Company, Solution Provider Accidental Lovers LUOTI pilot project 2005: Accidental Lovers LUOTI pilot project 2005 Accidental Lovers is a hybrid of mobile phone / PDA messaging chat and black comedy series for television and broadband media. A participatory black comedy about love, introduces a new interactive format and genre for television. Viewer can effect the unfolding drama, its turns and outcomes of the plot, by sending mobile messages to a system that triggers on-screen events based on the keyword recognition. The system responds immediately by audio dialogue of the characters and indirectly through consequential thematic changes on the video images and scenes. A part of the EU's New Media for New Millennium (NM2) IST practice-based R&D project running September 2004 - 2007. The role of information security in the project: DRM, usability, secured billing, distribution mechanisms, securing user information, reliance of interactive services, securing production environment. Participants: Producer (Crucible Studio in Media Centre Lume and Media Lab, University of Art and Design Helsinki), Broadcasters, Operators, Technology providers Interactive digital services in day care centers LUOTI pilot project 2006: Interactive digital services in day care centers LUOTI pilot project 2006 Interactive digital services in day care centers is a pilot project of Forum Virium Helsinki (FVH) to be implemented together with City of Helsinki, Hewlett-Packard, Futurice and Fromdistance. The aim is to offer a service platform to day care centers in order to improve interactivity and communication between the centers and parents. Forum Virium Helsinki together with its partners has developed a new photo and video diary service for day care centres. The day care centres photograph and videotape happenings during the day and send them to secured web site for parents to see. The service was introduced experimentally in May in four day care centres in the Helsinki Metropolitan Area, with promising results. The results of this pilot project will be utilised in developing business and service concept and similar kind of services into different environments and to be used by different commmunities. The role of information security in the project: Identification and authentication issues, securing content and user information. Participants: Service developer, service provider, technology provider Traffic information platform LUOTI pilot project 2006: Traffic information platform is a project of Finnish Road Enterprise (FRE) and WM-Data. FRE and WM-Data are developing real time information content platform to be used by traffic information service providers. Content platform enables customized, quality secured and 24/7 operated distribution of traffic information for service providers. Service providers that are using traffic information platform can deliver real time traffic information to end-users’ (e.g. motorists) mobile and web devices. Traffic information platform is collecting information of good quality (covering Finland) using information delivery contracts and information source interfaces both public and private data warehouses and by using automated processes and interactive services. The role of information security in the project: Information integrity and reliability, secured information transfer interfaces. Participants: Service provider, integrator Traffic information platform LUOTI pilot project 2006 Source: Finnish Road Enterprise