François Chung, Ph.D.

Tag: 2022

ISO 9001 & ISO 27001

ISO 9001 & ISO 27001

Advisera training, MOOC (2022). These 2 online courses provide all of the key information needed to know about both ISO 9001 (quality management) and ISO 27001 (information security) standards, including the requirements, best practices for compliance and how to implement them for any type of business. These courses are made for beginners with no prior knowledge in quality management, information security and ISO standards.

ISO 9001: Quality management

Main topics:

  • Introduction to ISO 9001;
  • The planning phase;
  • Operations;
  • The Check and Act phases.

ISO 27001: Information security

Main topics:

  • Introduction to ISO 27001;
  • The planning phase;
  • Risk management;
  • The Do phase;
  • The Check and Act phases.

References

EAB Research Projects Conference 2022

EAB Research Projects Conference 2022

EAB Conference, Germany (2022). The 9th edition of the EAB Research Projects Conference (EAB-RPC 2022), which is organised by the European Association on Biometrics (EAB), is currently the largest event on research funded by the European Union (EU) in the area of biometrics and identity management. Over the previous editions, EAB-RPC has become the main forum in Europe where attendees can promote research carried out in biometrics.

Day 1

Main topics:

  • Border management and internal security in EU;
  • Electronic Identification, Authentication and Trust Services (eIDAS) app;
  • European Digital Identity Wallet (EUDIW) app;
  • Document and biometric identity verification;
  • Presentation Attack Detection (PAD) technologies.

Day 2

Main topics:

  • PAD framework for facial and voice data;
  • Recognising Covid-19 through biometrics;
  • Generative models for video generation;
  • Biometric usage in smart border control technologies;
  • Predicting and monitoring technology acceptance;
  • Workload reduction in biometric identification;
  • Use and regulation of new biometric data;
  • Spoofing-aware speaker verification;
  • Predicting and managing migration flows.

Day 3

Main topics:

  • Analyzing ID experts in morphing attack detection;
  • Morphing attack potential;
  • Morphing applied to face templates;
  • Including biometrics into blockchain.

References

Conference

Related articles

Digital identity wallet (Zetes project)
Identity proofing (Zetes project)

Summer trainings 2022

Summer trainings 2022

Red Cross training, Belgium (2022). This series of summer training courses, which are divided between face-to-face and virtual sessions, is a learning opportunity offered by the Red Cross to all of its members during the summer. Although these trainings are not necessarily related to a particular activity, they are intended to be useful not only within the activities of the Red Cross, but also in the private lives of its members.

Sketchnoting

Main topics:

  • Basic shapes;
  • Typography;
  • Containers and banners;
  • Visual path;
  • Characters;
  • Pictograms;
  • Effects and colors.

Collective intelligence

Main topics:

  • Improve the effectiveness of meetings;
  • Power of the circular mode;
  • Me, in your place;
  • Participatory cycles;
  • Analysis of the levers of change;
  • Development of a mature proposal;
  • Individual decision with consultation;
  • Collective decision by consent.

Applied salutogenesis

Main topics:

  • Develop your capacity for resilience;
  • Consistency and good health;
  • Salutogenesis as a shield through life;
  • Levels of response to a crisis;
  • Get an individual or a team out of a stressful situation;
  • Nourish the 3 salutogenic dimensions;
  • Veracity vs salutogenic conditions.

Moving forward in uncertainty

Main topics:

  • Volatility, Uncertainty, Complexity, Ambiguity (VUCA);
  • Iterative cycles;
  • Kanban and backlog;
  • Lessons learned;
  • Continuous improvement applied;
  • Client-team relationship;
  • Project brief.

Reference

Learn more

Croix-Rouge de Belgique (Belgian Red Cross)

Cybersecurity specialization

Cybersecurity specialization

Coursera training, MOOC (2022). This specialization from The University of Maryland (US) covers the fundamental concepts underlying the construction of secure systems, including the hardware, the software and the human-computer interface, with the use of cryptography to secure interactions. These concepts are illustrated with examples drawn from modern practice, and augmented with hands-on exercises involving relevant tools and techniques.

Course 1: Usable security

Main topics:

  • Human-Computer Interaction (HCI);
  • Design methodology and prototyping;
  • A/B testing, quantitative and qualitative evaluation;
  • Secure interaction design;
  • Biometrics, two-factor authentication (2FA);
  • Privacy settings, data inference.

Course 2: Software security

Main topics:

  • Low-level security: attacks and exploits;
  • Defending against low-level exploits:
  • Web security: attacks and defenses;
  • Designing and building secure software;
  • Static program analysis;
  • Penetration and fuzz testing.

Course 3: Cryptography

Main topics:

  • Computational secrecy and modern cryptography;
  • Private-key encryption;
  • Message authentication codes;
  • Number theory;
  • Key exchange and public-key encryption;
  • Digital signatures.

Course 4: Hardware security

Main topics:

  • Digital system design: basics and vulnerabilities;
  • Designing intellectual property protection;
  • Physical attacks and modular exponentiation;
  • Side-channel attacks and countermeasures;
  • Hardware trojan detection;
  • Trusted integrated circuit;
  • Good practice and emerging technologies.

References

Training

Usable security (course certificate)
Software security (course certificate)
Cryptography (course certificate)
Hardware security (course certificate)

Related articles

Blockchain essentials (Cognitive Class training)
Bitcoin and cryptocurrency technologies (Coursera training)

Learn more

Digital identity wallet

Digital identity wallet

Zetes project @Brussels, Belgium (2022). For many years, transactional and online services have relied on end users using devices such as desktop computers and laptops. Therefore, solutions for remote identity proofing and digital signatures have been designed to the characteristics of such devices. However, these devices are more and more replaced by mobile devices such as tablets and smartphones, which raises new challenges.

For example, smart cards and tokens, which are typically connected to desktop computers and laptops using USB devices, cannot be easily connected to smartphones, or cannot at all. Furthermore, given developments in cloud computing, solutions have emerged in the last few years where the process of digital signature creation is done in a distributed way by different systems that may be controlled by different actors.

This is why recent standards have introduced the concept of mobile identity (e.g. driving licence in association with a mobile device) and electronic signature created using a remote signature creation device (i.e. electronic signature device is replaced by cloud-based services offered and managed by a trusted service provider), which can be both made available to the end user through a digital identity wallet as a smartphone app.

The related standards are:

  • ISO/IEC 18013-5:2021 - Personal identification, ISO-compliant driving licence, Part 5: Mobile driving licence (mDL) application;
  • ETSI TS 119 432 - Electronic Signatures and Infrastructures (ESI), Protocols for remote digital signature creation;
  • CSC standard - Architectures and protocols for remote signature applications.

In this project, my tasks are first related to the analysis of these standards so as to investigate how they could be implemented in practice and what is their impact on the project scope. Then, my tasks are related to the analysis of business needs (whether internal or from the customer), software implementation (e.g. software releases and documentation) and project management (e.g. project coordination with the customer).

References