ETSI blockchain group releases first Reports, targeting industry and governmental bodies

Sophia Antipolis, 15 February 2021

The ETSI Industry Specification Group on Permissioned Distributed Ledger (ISG PDL) has recently released a number of Reports to support industry and government institutions needs for what is commonly known as blockchain. These Reports cover data record compliance to regulation, application scenarios and smart contracts.  

Read More...

ETSI releases a Report to enable MEC deployment in a multi-operator’s environment

Sophia Antipolis, 20 July 2021

The ETSI MEC Industry Specification Group (ETSI ISG MEC) has just released a new Group Report ETSI GR MEC 0035 to enable inter-MEC system deployment and MEC-Cloud system coordination. This Report was motivated by the mobile network operators’ interest in forming federated MEC environments and enabling information exchange in a secure manner, in the event that MEC platforms or applications belong to different MEC systems.

Read More...

ETSI launches new White Paper titled Fibre Development Index: Driving Towards an F5G Gigabit Society

Sophia Antipolis, 19 August 2021

Fibre and fibre-based optical networks are the key technical enablers of our society's twin transitions (green and digital), providing sustainable and cost-effective communication with high bandwidth, stability, reliability, and improved latency. In addition, the fibre evolution enables sustainable economic growth through advanced services and applications for users, businesses, and industries.

The new ETSI White Paper explains the methodology used to define a fibre development index, provides migration path recommendations to countries with different fibre development, and highlights the importance of setting policies to underpin that twin (green and digital) transformation.

Read More...

Draft of ETSI Coordinated vulnerability disclosure guide available for public comments

Sophia Antipolis, 24 August 2021

ETSI will soon release a Guide to Coordinated Vulnerability Disclosure. Before publication, it made the draft publicly available for comments. Please send your feedback by 15 September to the technical committee CYBER at cybersupport@etsi.org 

Read More...

ETSI NFV Release 5 kicks off with increased support for cloud-enabled deployments

Sophia Antipolis, 9 November 2021

The ETSI Industry Specification Group (ISG) for Network Functions Virtualization (NFV) has started working on its next specification release, known as "Release 5”, officially kicking off the new Release technical work after their September meeting.

The Release 5 work program is expected to drive ETSI NFV’s work into two main directions: consolidating the NFV framework and expanding its applicability and functionality set. On the one hand, some aspects of the NFV concepts and functionalities that have been addressed in previous Releases, but need additional work, will be further developed in Release 5. For instance, based on development, deployment experience and feedback collected during testing events such as the “NFV/MEC Plugtests”, additional work on VNF configuration was deemed necessary. Another example is the more detailed specification work related to fault management modelling which aims at further defining faults and alarms information to improve interoperability during network operations, in particular for root cause analysis and fault resolution in multi-vendor environments.

Read More...

ETSI celebrates International Women’s Day

Sophia Antipolis, 8 March 2022

Diversity, equity, and inclusiveness are key pillars of the ETSI community. ETSI is committed to help raise awareness of the value of gender diversity and we wanted to highlight the people behind our standards: #TheStandardsPeople.

To start this campaign and to mark International Women’s Day, we dedicate the month of March to showcase our female contributors.

Read More...

ITU, UN Environment Programme and ETSI celebrate the EU Green Week

Sophia Antipolis, 8 June 2022

On 1 June 2022, during the EU Green Week, ITU in collaboration with UN Environment Programme and ETSI organized a Workshop on “Global Digital ICT Product Passport to achieve a Circular Economy”. Luis Jorge Romero, ETSI Director-General and Malcolm Johnson​, Deputy Secretary General, ITU gave the opening remarks.

Read More...

ETSI Encrypted Traffic Integration group extends term to work on cryptographic and key management models

Sophia Antipolis, 2 August 2022

ETSI has recently extended the term of its Industry Specification Group Encrypted Traffic Integration (ISG ETI) for a two-year period through to mid-2024 to work on specific cryptographic and key management models.

Read More...

Sophia Antipolis, 26 January 2023

The ETSI Industry Specification Group for Network Functions Virtualization (ISG NFV) has just published its next drop of specifications around new enhancements of the NFV architecture that will support cloud-native network functions.

Read More...

Sophia Antipolis, 2 February 2023

ETSI, the organization for globally applicable standards for information and communication technology (ICT), has adopted a new instrument, Software Development Groups (SDGs). This game-changing move will help ETSI adapt to the ever-evolving landscape of technology and standards development. Developing software to accompany standards will accelerate the standardization process, providing faster feedback loops and improving the quality of standards.

Read More...

The implementation of Telecom Infra Project (TIP) Open Optical & Packet Transport (OOPT) Mandatory Use Case Requirements for SDN for Transport (MUST) in ETSI TeraFlowSDN cloud native SDN Controller will make it possible to accelerate network innovation in packet-optical networks.

Sophia Antipolis, 22 February 2023

The ETSI TeraFlowSDN community has announced their commitment to the implementation of TIP’s Mandatory Use Case Requirements for SDN for Transport (MUST) Requirements in their innovative cloud native SDN Controller. This will position TeraFlowSDN as a reference implementation in the Telecom Infra Project Open Optical & Packet Transport group (TIP OOPT). This move will also make it possible to accelerate the adoption of SDN standards for IP/MPLS, Optical and Microwave transport technologies, which is one of the main objectives of MUST.

Read More...

Sophia Antipolis, 24 July 2023

The European Telecommunications Standards Institute (ETSI) and The Critical Communications Association (TCCA) are the proud authorities and custodians of the ETSI TETRA (Terrestrial Trunked Radio) technology standard, one of the world’s most secure and reliable radio communications standards.

Read More...

Sophia Antipolis, 25 July 2023

ETSI is proud to announce the establishment of its first Software Development Group, called OpenSlice. With this group, ETSI positions itself as a focal point for development and experimentation with network slicing.

Read More...

Sophia Antipolis, 27 September 2023

The Telecom Infra Project (TIP) Open Optical & Packet Transport (OOPT) group is making significant strides in advancing network management and interoperability.

Read More...

Sophia Antipolis, 5 October 2023

ETSI is pleased to announce the extension of its Zero touch network and Service Management group (ISG ZSM) for an additional 2 year-period.

Read More...

Sophia Antipolis, 9 November 2023

ETSI is delighted to announce the establishment of a new Software Development Group, called OpenCAPIF. OpenCAPIF is developing an open-source Common API Framework, as defined by 3GPP, allowing for secure and consistent exposure and use of APIs.

Read More...

Sophia Antipolis, 21 February 2024

ETSI’s first LTA Signature Augmentation and Validation Plugtests™ has seen international participants exchange over 35 000 digital signature validation reports.

Held from 23 October - 22 December 2023, the remote interoperability event was organized by the ETSI Centre for Testing and Interoperability (CTI), on behalf of ETSI’s Technical Committee for Electronic Signatures and Trust Infrastructures (TC ESI). This Plugtests™ event was facilitated with the support and co-funding of the European Commission (EC) and the European Free Trade Association (EFTA).

Conducted using a dedicated web portal, sessions over the month-long Plugtests™ attracted the involvement of 190 participants from 121 organizations across 38 countries.

Read More...

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...

Starts: Wed, 20 Nov 2024 19:30:00 -0500
11/20/2024 06:00:00PM
Location: Toronto, Canada

Starts: Mon, 25 Nov 2024 19:00:00 -0500
11/25/2024 05:30:00PM
Location: Montréal, Canada

New essay by Kenneth R. Janken added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

New essay by Trudier Harris added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

New essay by Nancy MacLean, "The Civil Rights Movement: 1968-2008," added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

This document is only available in PDF format.

National Instrument 93-101 Derivatives: Business Conduct (the Rule) will come into force on September 28, 2024 (the Effective Date), pursuant to section 143.4 of the Securities Act (Ontario).

This document is only available as a PDF.

The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to

1. Ontario Securities Commission Rule 91-507 Trade Repositories and Derivatives Data Reporting is amended by this Instrument.

This document is only available in PDF format.

This document is only available as a PDF.

This document is only available in PDF format.

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

• Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
• Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
• Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Infographic: When CNAPP Met DSPM
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management

Vulnerability management remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from vulnerability management to exposure management and effectively prioritize high-risk exposures across their complex attack surface.

A critical vulnerability has been disclosed and attackers worldwide are actively exploiting it in the wild. Your vulnerability management team jumps into action and determines that the vulnerability is present in hundreds of your organization’s assets. Which ones do you patch first? How do you prioritize your remediation efforts? What criteria do you use? The clock is ticking. Hackers are on the prowl.

Historically, your vulnerability management team would rely on severity scores like Vulnerability Priority Rating (VPR). This is a great start, but only gives you one indicator of risk. To prioritize remediation precisely and effectively, you need to consider a variety of other criteria, such as a vulnerable asset’s type, owner, and function; the access-level and privileges on the asset; and critical attack paths into your environment.

This type of comprehensive, holistic context will let you prioritize correctly, but it can only be achieved with a different approach that goes beyond traditional vulnerability management. That approach is exposure management. 

With exposure management, your vulnerability management team would be able to pinpoint the subset of assets affected by our hypothetical vulnerability that, for example, are externally accessible, possess domain-level privileges and are part of a critical attack path. That way they would know where the greatest risk is and what they need to remediate first. Having this deep insight, context and visibility transforms the risk assessment equation, and allows your vulnerability management team to move decisively, quickly and strategically.

In this blog, we’ll outline why it’s imperative for your vulnerability management teams to shift to an exposure management mindset, and we’ll explain how Tenable can help them do it.

To pinpoint riskiest vulns, vulnerability management needs broader exposure context 

In today's evolving cybersecurity landscape, vulnerability management remains one of the foundational pieces of an organization's proactive defense strategy. However, these teams still have difficulty in addressing the increased level of risks posed by the continuous surge of Common Vulnerabilities and Exposures (CVEs) and other flaws.

Many security teams are frequently overwhelmed by the sheer volume of vulnerabilities with limited resources to manage them effectively. The sophistication and speed of threat actors has escalated, with attackers having more entry points and using new tactics, techniques and procedures to access other critical areas of the business - demonstrating that attacks are no longer linear but multifaceted.

It’s common for security teams to struggle with:

• Vulnerability overload - This long-standing problem keeps getting worse. Security teams are finding it more difficult than ever to sift through the avalanche of CVEs and identify the areas of the business that have the most risk.
   
•  Lack of exposure context for prioritization - Your teams are making decisions while missing layers of context. Threat intelligence and vulnerability severity are a great start, but limiting yourself to them doesn’t give you the full context you need to prioritize properly. 
   
• Slow remediation response - Both proactive and reactive security teams devote massive amounts of time to responding to critical vulnerabilities. Resources are spread thin, making it more important than ever for teams to confidently identify the most high risk exposures when recommending remediation efforts.

Need to shift from a vulnerability to an exposure mindset

Knowing the struggles that you are dealing with today can help illuminate the benefits of exposure management. The missing links between a vulnerability and an exposure are the additional layers of context. Having multidimensional context enables you to understand not just the vulnerabilities themselves but their potential impact within the broader attack surface. This approach provides a more comprehensive view of an organization's security posture by considering factors such as threat intelligence, asset criticality, identities and access, as well as other pieces of context. With this additional information, you spend significantly less time sorting through stacks of similar vulnerabilities and you can be more focused on identifying key issues that pose risk - exposures.

For those who have never heard of exposure management or are just getting started, there are many benefits to this discipline. When it comes to Tenable’s approach, we adopt that same mentality with our exposure management platform. The goal is simple: exposure management empowers organizations to prioritize remediation efforts more effectively. It surfaces information that helps develop strategies to address not only the vulnerabilities themselves but the emergence of exposures that could lead to significant breaches.

The jump from vulnerability to exposure

Bridging the gap from vulnerability management to exposure management requires connecting context across the entire attack surface. Vulnerability management provides context that predicts the likelihood of an attack and displays key drivers, age of vulnerability and threat sources. These attributes are helpful, but we can go much further to improve our prioritization effectiveness. This requires having broader visibility and deeper insights across the attack surface to understand the bigger picture of exposures.

Specifically, security teams need additional context around:

• Asset context - There are many levels to an asset that can help drive prioritization decisions. It’s key to understand the criticality of an asset related to its type, function, owner name and its relationships to other assets. Even knowing if the asset is accessible from the internet or not will shape how its remediation is prioritized.
   
• Identities - Identities serve as the cornerstone for successful attacks, so it’s key to contextualize them for exposure management. Understanding user-privilege levels, entitlements and user information can help prevent attackers from gaining privilege escalation and moving laterally. Focusing prioritization efforts on vulnerable assets with domain and admin-level privileges is a critical best practice in order to reduce the likelihood of a breach.
   
• Threat context - Having various levels of threat context is also important to prioritize exposures. We know that threats change over time, so leveraging dynamic scoring like VPR or Asset Exposure Score (AES) can show indicators of risk. We can also bring in context from attack path modeling to influence remediation decisions based on the attacker’s perspective by understanding the number of critical attack paths or choke points in your environment.

When security analysts have this additional information, they can now truly understand the breadth and depth of the exposure. This is how prioritization is done in this new world of exposure management.

Introducing Exposure Signals

To help make it easier for you to shift to this exposure management mindset, we have developed a new prioritization capability called Exposure Signals. Available in Tenable One, Tenable’s exposure management platform, Exposure Signals allows security teams to have more comprehensive context in a centralized place for a focused view of risk. 

There are two ways to use these new Exposure Signals. The first is to access a comprehensive library of high-risk, prebuilt signals. Easy to refer to, they signal potential risk in your environment and create a great starting point for you to get your exposure management juices flowing. For example, you can easily see and refer to: 

• Domain admin group on internet-exposed hosts with critical vulnerabilities
• Devices exposed to the internet via RDP with an associated identity account with a compromised password
• Cloud assets with critical severity findings and asset exposure score above 700

Exposure Signals allow you to track the number of violations that signal high-risk scenarios in your environment. View this list on a regular basis to see how it changes over time with its unique trendline. Take exploration into your own hands by viewing the impacted asset and its contextual intelligence in our Inventory Module. 

The second way to use Exposure Signals is by creating your own signals using a query builder or natural language processing (NLP) search powered by ExposureAI. That way, you can go as broad or as precise as needed. For example, let’s say there is a new zero day vulnerability that sweeps the industry, similar to Log4Shell. You can easily create a signal to target which assets have the vulnerability, are internet facing and have domain admin-level privileges. We are stringing these components together so that you can understand your true risk and better direct your prioritization efforts.

To learn more about Tenable One and Exposure Signals, check out our interactive demo:

TORONTO – The Ontario Securities Commission (OSC) today

TORONTO - The Ontario Securities Commission (OSC) is pleased to announce the release of the 2024 Investment Fund Survey (IFS) data dashboard.

TORONTO – Participating Canadian securities regulators today published the results of their 10th consecutive annual review of disclosures relating to women on boards and in executive officer positions, as well as the underlying data that was used to prepare the report.

TORONTO – The Canadian Securities Administrators (CSA) today published

TORONTO – The Ontario Securities Commission has today published its

In 2021, General Secretary Xi Jinping solemnly declared that China's poverty alleviation battle has achieved a comprehensive victory. However, there is still a long way to go to solve the problem of unbalanced and insufficient development, narrow the development gap between urban and rural areas, and achieve comprehensive human development and common prosperity for all people.

Since the 18th National Congress of the Communist Party of China, China’s economicdevelopment has entered a new stage. Under the circumstances, the goal of “Common Prosperity” has attracted more and more attention over the past several years. China’s long-term implementation of urban-biased policies led to a huge gap between urban and rural areas for a long time and hindered the realization of common prosperity.

قدمة تستعرض هذه المذكرة المشهد السياسي المعاصر في السودان،وكيفية تأثيرهعلى جدوى الاستثماراتفي القطاع الزراعيالتي تشتد الحاجة إليها لتحقيق التحول الزراعي في البلاد. ت ركزالمذكرة بشكل خاص على سلاسل القيمة في قطاعي الثروة الحيوانية والبستنة فيولاية الخرطوم،وإدارة الموارد الطبيعية في ولايتي النيل الأزرق وجنوب كردفان. أهملت الحكومات المتعاقبة إلى حد كبير قطاع الزراعة على الرغم من أنه أكبر قطاع توظيف في السودان ويساهم بنحو 56في المئة من إجمالي الصادرات (بنك السودان المركزي، 2020).