4. Trusted site infrastructure Document review Implementation Test Criteria Catalogue Security concept and plans Plans infrastructures Documents Test certificates
5. Trusted site infrastructure 16 20 0 2 12 Report & Confir-mation Implem-entation test Document review With feedback Work Shop Normally 2-3 experts on site On-site orientation Viewing of documents Feasibility About 5-10 days possibility with project meeting Possibly 2 days follow-up audit Estimated work in project days Trusted site project
6. Trusted site infrastructure Evaluation results Level 1 medium protection requirements (according to the BSI infrastructure requirements of the baseline protection manual) Level 2 extended protection requirements (extended requirements to all above mentioned aspects) Level 3 high protection requirements (complete redundancy of essential components, no single point of failures, climate limits according to EN 1047-2) Level 4 very high protection requirements (advanced access control, no adjacent hazard potentials, with minimal intervention time)
7. Creating Trust TÜVit Our Principles Basel ll Market positioning Conditions Persuasion Liability questions Suppliers Insurance Customers and markets Bank Board Courts of law Processing industry IT-operator
8. Trusted site infrastructure Assurance phases 0 Self Made 1 Professional planner 2 Security concept 3 Third party inspection Increase in trust
9. TÜVit Our Principles Certification ... is a measure implemented by a neutral third party indicating that reasonable trust exists that a properly marked product / organization / site .... complies with a certain standard or another type of normative document.
12. Conclusion Practical approach for specific areas Big necessity to protect the critical infrastructure BUT No national or international criteria No national or international scheme No common framework Over 10 years experience within TÜViT Certification list at http://www.tuvit.de/english/46254.asp
13. TÜVit Our Background TUViT combines a nearly 20 years’ experience in IT and Telecommunication with technology and process-specific skills. TUViT provides a full range of services accompanying all project phases - from planning and design to specification and implementation and final operation.
14. TÜVit Our Background Permanent quality control and external audits assure the high quality and reliability of our services. TUViT is accredited and recognised by relevant national and international organisations and authorities in the field of quality and security.
15. National Accreditations Federal Office for Information Security Federal Network Agency German Accreditation Body Technology Central Credit Board of the German Banks Independent Centre for Privacy Protection Schleswig-Holstein
16. International Accreditations National Institute of Standards and Technology, USA Information-technology Promotion Agency (IPA), Japan National Institute of Technology and Evaluation (NITE), Japan Europay, MasterCard and Visa International (EMVCo)
17. TÜViT Our Experience (Special Branches) Certification Services (CA, RA, PKI) Semiconductors IT Security (Developer, Manufacturer) Health Care Energy and Multi Utilities TSI for RWE data centre Government and Public Administration German Parliament Development of IT security concept Banking and Insurance TSI for data centre of German bank (design and installed by IBM) Telecommunication
18. ● improving your quality and security ● increasing your efficiency ● lowering your risks and cost ● adding a significant value to your assets TÜViT Yo ur Benefits
19. TÜV Informationstechnik GmbH Member of TÜV NORD Group Tiger TENG Business development director Asia Pacific area Langemarckstr. 20 45141 Essen, Germany Mobile: +886-9188-15408 (Taiwan) +86-15821934086 (China) Phone: +49 201 8999 – 403 Fax: +49 201 8999 – 888 E-Mail: [email_address] URL: www.tuvit.net