20240508 QFM014 Elixir Reading List April 2024.pdf
Automatski - The Internet of Things - Security Standards
1. The Internet of Things – Automatski Corp.
http://www.automatski.com
E: Aditya@automatski.com , Founder & CEO
M:+91-9986574181
E: Shubhadeep.dev@automatski.com , Director - Sales
M: +91-8884074204
2. Automatski is an IoT pioneer in many ways…
With its ground up first principles based IoT Scale Platform
With Infinions.io
Autonomous Compute Platform ®
Autonomous Machine Consumption Certified ®
But Analyst count more than 180 IoT Platforms across the world
An IoT Platform is a tough sell, even if you are cutting edge
Hence we want to eliminate one more possibility of someone choosing others over us.
The IoT Industry is filled with Paranoia about Security & Privacy concerns
Hence we want to address Security and Privacy even within the foundations and early
stages of our Architecture and Existence as a Business
That’s why we are doing this!
3. Automatski is a front runner in addressing IoT Security & Privacy concerns, using
a combination of
Research
Standard Industry Practices
Software Engineering Principles
Operational Excellence
4. SAS 70 is the most commonly adopted security standard among cloud service
providers.
SAS 70 (Statement on Auditing Standards No. 70) is an internationally recognized
auditing standard developed by the American Institute of Certified Public
Accountants (AICPA) that defines the standards an auditor must employ in order
to assess the contracted internal controls of a service organization like a hosted
data center, insurance claims processor or credit processing company, or a
company that provides outsourcing services that can affect the operation of the
contracting enterprise.
5. PCI DSS (Payment Card Industry Data Security Standard) standard, a global
security standard that applies to all organizations that hold, process or exchange
credit card or credit card holder information. The standard was created to give the
payment card industry increased controls around data and to ensure it is not
exposed. It is also designed to ensure that consumers are not exposed to potential
financial or identity fraud and theft when using a credit card.
6. Sarbanes-Oxley (SOX) is a security standard that defines specific mandates and
requirements for financial reporting. SOX spanned from legislation in response to
major financial scandals and is designed to protect shareholders and the public
from account errors and fraudulent practices. Administered by the SEC, SOX
dictates what records are to be stored and for how long. It affects IT departments
that store electronic records by stating that all business records, which include e-
mails and other electronic records, are to be saved for no less than five years.
Failure to comply can result in fines and/or imprisonment.
7. ISO 27001 is a standard published in 2005 that is the specification for an
Information Security Management System (ISMS). The objective of ISO 27001 is
to provide a model for establishing, implementing, operating, monitoring,
reviewing, maintaining and improving ISMS, which is a framework of policies and
procedures that includes all legal, physical and technical controls involved in an
organization's information risk management processes.
8. About one-fourth of cloud service providers adhere to Safe Harbor principles, a process
for organizations in the U.S. and European Union that store customer data. Safe
Harbor was designed to prevent accidental information disclosure or loss.
Companies are certified under Safe Harbor by following seven guidelines:
1. Notice, through which individuals must be informed that their data is being collected and
how it will be used;
2. choice, that individuals have the ability to opt out of data collection and transfer data to
third parties;
3. onward transfer, or transfer data to third parts that can only occur to organizations that
follow adequate data protection principles;
4. security, or reasonable efforts to prevent loss of collected data;
5. data integrity, that relevant data is collected and that the data is reliable for the purpose
for which it was collected;
6. access, which gives individuals access to information about themselves and that they can
correct and delete it if it is inaccurate;
7. and enforcement, which requires the rules are enforced.
9. National Institute of Standards and Technology (NIST) standards, originally
designed for federal agencies, emphasize the importance of security controls and
how to implement them. The
NIST standards started out being aimed specifically at the government, but have
recently been adopted by the private sector as well.
1. NIST covers what should be included in an IT security policy and what can be done to
boost security,
2. how to manage a secure environment,
3. and applying a risk management framework.
10. The HIPAA standard seeks to standardize the handling, security and
confidentiality of health-care-related data.
It mandates standard practices for patient health, administrative and financial
data to ensure security, confidentiality and data integrity for patent information.
11. FISMA, or the Federal Information Security Management Act, was passed in 2002
and created process for federal agencies to certify and accredit the security of
information management systems.
FISMA certification and accreditation indicate that a federal agency has approved
particular solutions for use within its security requirements.
12. COBIT, or Control Objectives for Information Related Technology) is an
international standard that defines the requirements for the security and control
of sensitive data. It also provides a reference framework.
COBIT is a set of best practices for controlling and security sensitive data that
measures security program effectiveness and benchmarks for auditing.
The open standard comprises an executive summary, management guidelines, a
framework, control objectives, an implementation toolset and audit guidelines.
13. The Data Protection Directive is a directive adopted by the European Union that
was designed to protect the privacy of all personal data collected for or about EU
citizens, especially as it relates to processing, using or exchanging that data.
Similar to Safe Harbor in the U.S., Data Protection Directive makes
recommendations based on seven principles: Notice, purpose, consent, security,
disclosure, access and accountability.
14. The largest and arguably most comprehensive player in cloud security standards
is the CSA or Cloud Security Alliance. With corporate members including Amazon
Web Services, Microsoft, Oracle, RackSpace, RedHat and Salesforce (among
dozens more), most blue chip industry cloud services have a stake in the CSA.
The CSA has developed a compliance standard known as the CCM or Cloud
Control Matrix. Published in Excel spreadsheet format, the CCM describes over a
dozen areas of cloud infrastructure including risk management and security. The
CCM goes beyond security itself and includes compliance measures which also
address government and legal regulations and hardware architecture.
17. 10-20+ years of Software Engineering experience each
Global Agile & Technology Consulting, Advisory & Delivery experience of 10-15+ years since Agile and Tech was in
Infancy.
The first computers we worked on were Atari and ZX Spectrum ;-) And yes after Basic we went to C/C++ and then
straight to Assembly Programming and then -> we began our journey as technologists
Globally Distributed Global & Fortune Company work Experience
Worked with companies like BCG, McKinsey, Fidelity, Tesco, Goldman Sachs…
Long 3-5+ year projects & Over 200+ people globally distributed teams
Led Double Digit Multi-Billion US$ Projects
Blended methodology used comprising of Scrum, XP, Lean and Kanban
From there we rode every wave J2EE, RUP, Six Sigma, CMMI, SIP, Mobile, Cloud, Big Data, Data Science etc…
Individually worked with over 300+ Technologies at a time, literally nothing that scares us
Authors, Speakers, Coach’s, Mentors, Scientists, Engineers, Technologists, Marketing, Sales, HR, Finance…
We are Generalists and we Always start with First Principles.
18. Please refer to http://automatski.com for more information
Please go through the 2 minute demo, 5 minute demo…
And the showcase section of the website for more information…
Or email us on aditya@automatski.com
Or just give us a shout on Linkedin, Facebook, Twitter, Email etc.