The Software Defined Perimeter working grouped launched with the goal to develop a solution to stop network attacks against application infrastructure. With the adoption of cloud services the threat of network attacks against application infrastructure increases since servers can not be protected with traditional perimeter defense techniques.
The Cloud Key Management Working Group aims to facilitate the standards for seamless integration between CSPs and key broker services. Standardization will take place across key management lifecycle operations and a common set of APIs, enabling consistent implementation of enterprise key policies. Customer-centric in principle, the goal will be for data stored or traversing the cloud and requiring encryption the corresponding encryption keys will be protected and their lifecycle managed by the customer. The purpose of the Cloud Key Management Working Group is to align cloud key management interoperability standards across service providers, maintain and develop API and key interoperability specifications, develop business model templates and specifications for standardized key interoperability, promote the adoption of key management standards and key brokering interoperability, and provide well documented guidelines and a standard approach to vendors to ensure seamless interoperability and compliance to those guidelines/standards.
From a user perspective, Cloud is a service. However, for Cloud Service Providers, integrators and channel partners who construct or build the Cloud, the Cloud architecture is comprised of many Cloud computing components. Examples of these components are hypervisors, Cloud operating systems components such as “Swift”, “Glance” for OpenStack, virtual desktop infrastructure platforms, cloud dedicated firewalls and so on. How can we evaluate the security of these Cloud components? Currently, most of the security standards related to Cloud Computing focus on the information security management system. However, these standards are insufficient to evaluate cloud component security because they focus on management security rather than the technical security requirements of the components. In order to address this gap, the Cloud Component Specifications working group proposes to develop internationally recognized technical security specifications for cloud components.
Given the longstanding and fervent belief in the value for incident sharing, new advancements in enabling technology, and the promising shifts in the legal landscape, the Cloud Security Alliance believes now is the time to act. For this reason we introduce the Cloud Cyber Incident Sharing Center or Cloud-CISC.
The ITU/WHO Focus Group on artificial intelligence for health (FG-AI4H) works in partnership with the World Health Organization (WHO) to establish a standardized assessment framework for the evaluation of AI-based methods for health, diagnosis, triage or treatment decisions. Participation in the FG-AI4H is free of charge and open to all. The group was established by ITU-T Study Group 16 at its meeting in Ljubljana, Slovenia, 9-20 July 2018.
GS ENI 002 Experiential Networked Intelligence (ENI); ENI requirements
GR ENI 001 Experiential Networked Intelligence (ENI); ENI use cases
A key concern over autonomous systems (AS) is that their operation must be transparent to a wide range of stakeholders, for different reasons. (i) For users, transparency is important because it builds trust in the system, by providing a simple way for the user to understand what the system is doing and why. If we take a care robot as an example, transparency means the user can quickly understand what the robot might do in different circumstances, or if the robot should do anything unexpected, the user should be able to ask the robot 'why did you just do that?'. (ii) For validation and certification of an AS transparency is important because it exposes the system's processes for scrutiny. (iii) If accidents occur, the AS will need to be transparent to an accident investigator; the internal process that led to the accident need to be traceable. Following an accident (iv) lawyers or other expert witnesses, who may be required to give evidence, require transparency to inform their evidence. And (v) for disruptive technologies, such as driverless cars, a certain level of transparency to wider society is needed in order to build public confidence in the technology. For designers, the standard will provide a guide for self-assessing transparency during development and suggest mechanisms for improving transparency (for instance the need for secure storage of sensor and internal state data, comparable to a flight data recorder or black box).
The purpose of this standard is to have one overall methodological approach that specifies practices to manage privacy issues within the systems/software engineering life cycle processes.
This standard is designed to provide individuals or organizations creating algorithms, largely in regards to autonomous or intelligent systems, certification-oriented methodologies to provide clearly articulated accountability and clarity around how algorithms are targeting, assessing and influencing the users and stakeholders of said algorithm. Certification under this standard will allow algorithm creators to communicate to users, and regulatory authorities, that up-to-date best practices were used in the design, testing and evaluation of the algorithm to avoid unjustified differential impact on users.
This standard is designed to provide organizations handling child and student data governance-oriented processes and certifications guaranteeing the transparency and accountability of their actions as it relates to the safety and wellbeing of children, their parents, the educational institutions where they are enrolled, and the community and societies where they spend their time, both on and offline. It is also designed to help parents and educators, with an understanding that most individuals may not be tech-savvy enough to understand underlying issues of data usage, but still must be properly informed about the safety of their children's data and provided with tools and services that provide proper opportunities for content based, pre-informed choice regarding their family's data.
Standardization of information, communication and control systems in the field of urban and rural surface transportation, including intermodal and multimodal aspects thereof, traveller information, traffic management, public transport, commercial transport, emergency services and commercial services in the intelligent transport systems (ITS) field.
