Risk Assessment Methods For Cloud Computing Platforms
Tools and Techniques Using ISO StandardsRisk Assessment Methods for Cloud Computing PlatformsTim Weil – CISSP/CCSP, CISA, PMPAudit and Compliance ManagerAlcohol Monitoring Systems (AMS)IEEE Communications Society (Denver Chapter)http://comsoc.ieee-Denver.orgDine and LearnWestminst6er, CO 10Sept199/10/2019Tech Day VI1
Table of Contents Introduction – What are the Risks in the Age of Cloud Computing? Taking Compliance to the Cloud Risk Assessment Methods for Cloud Applications ISO Standards for Cloud Security and Privacy Tools and Techniques for Cloud Security Risk Assessments References Q&A2
How we got to the cloud9/10/2019Tech Day VI3
Context of the Risk Assessment – AMS Products and Services – http://www.scramsystems.comJudicial Management Services are new cloud-hostedapplications developed by SCRAM Systems.Components include NEXUS (Parole EvidenceBased Decision Support), 24x7 Sobriety Service plususer interface and mobility services provided byOptix , and TouchPoint applications.These SaaS products have been developed in theMicrosoft Azure cloud and complement existing backend (on premises, data center) electronic monitoringsystems for alcohol monitoring and offendermanagement (SCRAMnet and SCRAM GPS ).Since 2016, SCRAM Systems has received ISO/IEC27001:2013 certification for Alcohol Monitoring,Offender Management, and Judicial Managementservices in SCRAMnet for these SaaS programs.Recently, a private cloud IaaS data center has beenintegrated into the ISO 27001 ISMS and will becertified later this year.9/10/2019Tech Day VI4
Context of the Risk Assessment – AMS Products and Services – http://www.scramsystems.comAfter a thorough independent audit, SCRAM Systemshas received ISO/IEC 27001:2013 certification foralcohol monitoring, offender management, andjudicial management services in SCRAMnet, ourSoftware as a Service (SaaS) program. Thisconfirms that SCRAM Systems has implementedinternationally-recognized best practices andstandards for its Information Security ManagementSystem (ISMS).The certification complements the ISO 9001certification for quality management systems (QMS)acquired previously.ISO is an independent, international organization thatdevelops standards to help businesses create anddeliver quality products, services, and systems. TheInternational Electrotechnical Commission (IEC)develops standards for information technology (IT) andinformation and communications technology (ICT).nt.9/10/2019Tech Day VI5
Now What?IT 101 – What Problems Are We Trying to Solve?VirtualizationEncryption Identify ‘Fix-It’ areas in the programUnderstand Current State (Remediation)Improve ‘ad hoc’, ‘not my problem’ stateManage Information Security RiskImprove Continuous Monitoring ProcessITGovernance9/10/2019Tech Day VI6
Table of Contents Introduction – What are the Risks in the Age of Cloud Computing? Taking Compliance to the Cloud Risk Assessment Methods for Cloud Applications ISO Standards for Cloud Security and Privacy Tools and Techniques for Cloud Security Risk Assessments References Q&A7
NIST Cloud Computing Reference Model9/10/2019Tech Day VI8
General Cloud Structure (SaaS PaaS, IaaS)9/10/2019Tech Day VI9
13 Effective Security Controls for ISO 27001 ComplianceWhen using Microsoft AzureCloud Security Shared ResponsibilitiesKey principles and recommendations for secure development & operations1. Enable identity and authentication solutions2. Use appropriate access controls3. Use an industry-recommended, enterprise-wide antimalware solution4. Effective certificate acquisition and management5. Encrypt all customer data6. Penetration testing7. Threat modeling services and applications8. Log security events, implement monitoring and visualization capabilities9. Determine the root cause of incidents10. Train all staff in cyber security11. Patch all systems and ensure security updates are deployed12. Keep service and server inventory current and up-to-date13. Maintain clear server configuration with security in mindThe three primary cloud service models are infrastructure as a service(IaaS), platform as a service (PaaS), and software as a service (SaaS).9/10/2019Tech Day VI10
Cloud Resources and Services (examples)9/10/2019Tech Day VI11
Microsoft Azure Resources and Services (examples)9/10/2019Tech Day VI12
Amazon Cloud Resources and Services (examples)9/10/2019Tech Day VI13
European Union Agency for Network & Information Security (ENISA)Cloud Security Guidelines – Top 8 Cloud Security RisksENISA Cloud Computing Risk Assessment (2009) Loss of GovernanceVendor Lock-InIsolation Failure (multi-tenancy)Compliance RiskoCloud Provider Compliance EvidenceoCloud Provider Audit by Cloud CustomerManagement Interface CompromiseData ProtectionInsecure or Incomplete Data DeletionMalicious InsiderProduced by ENISA with contributions from a group of subject matter expert comprisingrepresentatives from Industry, Academia and Governmental Organizations, a riskassessment of cloud computing business model and technologies The report providealso a set of practical recommendations. 125 Pages9/10/2019Tech Day VI14
Cloud Security Alliance – The Dirty Dozen: 12 top cloud security threats (2018)2018 Top 12 Cloud Security Threats Data BreachesInsufficient Identity, Credential and Access ManagementInsecurity Interfaces and APIsSystem VulnerabilitiesAccount HijackingMalicious InsiderAdvanced Persistent ThreatsData LossInsufficient Due DiligenceAbuse and Nefarious Use of Cloud ServicesDenial of ServiceShared Technology VulnerabilitiesCSA Report on the Treacherous 12 – Top Threats9/10/2019Tech Day VI15
National Cyber Security Centre (UK)Implementing the Cloud Security Principles For each of the 14 principles, we answer three questions:Data in Transit ProtectionAsset Protection and Resilience1. What is the principle? A description giving the principle some contextSeparation Between Users (Multi-tenancy) 2. What are the goals of the principle? Concrete objectives for theimplementation to achieveGovernance Framework3. How is the principle implemented? Details for a set of possibleOperational SecurityimplementationsPersonnel SecuritySupply Chain SecurityCloud Security PrincipleSecure User ManagementData in transit protectionIdentity and AuthenticationDescription of the PrincipleWhy this is ImportantExternal Interface ProtectionUser data transiting networks should beIf this principle is not implemented, thenadequately protected against tamperingthe integrity or confidentiality of the dataSecure Service Administrationand eavesdropping.may be compromised whilst in transit.Audit Information for UsersSecure Use of the Service9/10/2019Tech Day VI16
Table of Contents Introduction – What are the Risks in the Age of Cloud Computing? Top 10 Security & Privacy Threats in the Cloud Risk Assessment Methods for Cloud Applications ISO Standards for Cloud Security and Privacy Tools and Techniques for Cloud Security Risk Assessments References Q&A17
Risk Management Principles (IT Risk Foundation)NIST SP 800-30 RiskAssessment9/10/2019Tech Day VIISO 27005 InformationSecurity RiskManagementSystem CharacterizationContext EstablishmentThreat IdentificationRisk AssessmentVulnerabilityIdentificationRisk Analysis – RiskIdentificationControl AnalysisRisk Analysis – Risk EstimationLikelihood DeterminationRisk EvaluationImpact AnalysisRisk TreatmentRisk DeterminationRisk Acceptance orControl RecommendationRisk Monitoring and Review,Communication and Redo18
Risk Assessment Methods in the ISO 27001 Implementation (PDCA)9/10/2019Tech Day VI19
Risk Assessments for Cloud Applications – where to get started?ComplianceSpecific Context – Commercial Control Frameworks (ISO 27001/27002,, PCI, NIST, NERC.CIP). Governmental Compliance Standards (FISMA, FedRAMP, NIST, DFARS, CJIS, HIPAA)FISMA, FARS,CJIS,NIST SP 800-30 Risk Model9/10/2019Tech Day VI20
The Failure of Asset-Based Risk Assessments (Walt /Most people don’t understand that asset management risk management models have been failingus for years, and we’re seeing the consequences of that failure in various laws and regulations.Assets are owned by an organization and have value. It makes sense to protect your assets,regardless of how you define what an asset is.The GDPR, and other data privacy laws have been introduced over the last decade preciselybecause the data that is in scope for the data privacy laws is not an asset for anyorganization. It is an asset for various individuals. This information doesn’t bring theorganization any value, and because of that, it is often not protected.Until the GDPR is enforced there is no incentive to protect name & email address. Organizationsconsider these data items to have no value. Individuals, on the other hand, expect that the value ofthe information is understood and properly protected by organizations that the data is entrusted to.The data simply hasn’t been an asset to the organization, not worth protecting. Until organizationscease using an asset based approach to risk management, you will see governments stepping withimpactful regulations because asset based risk management frameworks don’t lead toorganizations protecting all the data. Just the data that drives business value. And this iswhy we fail.9/10/2019Tech Day VI21
Risk Assessments for Cloud Applications – definition of terms (per ISO Standards)IISO/IEC 27000:2017defines risk in vague and not-very helpful terms for defining Risk:.effect of uncertainty on objectives (3.49)Note 1 to entry: An effect is a deviation from the expected — positive or negative.Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, itsconsequence, or likelihood.Note 3 to entry: Risk is often characterized by reference to potential “events” and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3),or a combination of these.Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) andthe associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.Note 5 to entry: In the context of information security management systems (ISMS), information security risks can be expressed aseffect of uncertainty on information security objectives.Note 6 to entry: Information security risk is associated with the potential that threats will exploit vulnerabilities of an informationasset or group of information assets and thereby cause harm to an organization.ISO 31010:2009 says “Risk analysis consists of determining the consequences and their probabilities for identified risk events, taking intoaccount the presence (or not) and the effectiveness of any existing controls. The consequences and their probabilities are then combined todetermine a level of risk.” So consequences and probabilities (determine who-knows-how) are “combined” (in some unspecified manner),“taking into account” the controls (somehow). It could hardly be any more vague!9/10/2019Tech Day VI22
Risk Methodologies Continued (Gary Hinson)A definition of information risk (specifically) as “riskpertaining to information” which can be assessed andcompared visually using the Analog Risk Assessmentmethod implying Risk Likelihood x Severity.ARA method is simply a visual device to get people ‘onthe same page’, considering and discussing informationrisks on a comparable basis to reach a consensus which then forms a rational basis for prioritizing theirtreatment.9/10/2019Tech Day VI23
Table of Contents Introduction – What are the Risks in the Age of Cloud Computing? Top 10 Security & Privacy Threats in the Cloud Risk Assessment Methods for Cloud Applications ISO Standards for Cloud Security and Privacy Tools and Techniques for Cloud Security Risk Assessments References Q&A24
ISO Codes of Practice ISO27001 is part of a family of information security guidance which providesenhanced and additional controls. Examples:– ISO27002 – More detail on all of the ISO27001 controls– ISO27005 – Risk assessment– ISO27017 – Application to cloud services– ISO27018 – Protection of Personally Identifiable Information (PII) in the cloud– ISO31000 – Risk Management – Principles and Guidelines– ISO31010 – Risk Management – Risk Assessment Techniques– ISO22031 – Business Continuity ManagementThe ISO 27001 Forum - http://iso27001security.com/index.htmlThe primary purpose of this website is to describe, promote and share the information risk and securitypractices described in the ISO/IEC 27000-series information security management systems standards.9/10/2019Tech Day VI25
Benefits of ISO 27001 - ISO /IEC 27001:2013 Structure and ContentISO/IEC 27001:2013 Implementation, Certification from a certification body demonstrates that the securityof organization information has been addressed, valuable data and information assets properly controlled.Also there is List of benefits By achieving certification to ISO/IEC 27001:2013 organization will be able toacquire numerous benefits including:Ahmed Riad, BlueKaizen Magazine, Benefits of ISO 27001- Tech Day VI26
The ISO/IEC 27001 standard9/10/2019Tech Day VIISO/IEC 27001 Controls27
ISO/IEC 27017 standard – Information Security Controls based onISO 27002 for Cloud ServicesBSI White Paper - rces/ISO-27017-overview.pdf9/10/2019Tech Day VI28
Protection of personally identifiable information (PII) in public cloudsacting as PII processors9/10/2019Tech Day VI29
Table of Contents Introduction – What are the Risks in the Age of Cloud Computing? Top 10 Security & Privacy Threats in the Cloud Risk Assessment Methods for Cloud Applications ISO Standards for Cloud Security and Privacy Tools and Techniques for Cloud Security Risk Assessments References Q&A30
Expanding ISO 27001 With a Cloud Risk Assessment.ApplicationsCloud DeploymentTarget DomainRisk Assessment ApproachAlcohol MonitoringHybrid Cloud - SaaSCorrections IndustryISO 27005 - Scenario Based RAISO 27005 - Scenario Based RACorrections IndustryNational Self-AssessmentJudicial Management Services Hybrid Cloud - SaaSState GovernmentISO 27005 - Scenario Based RAInterface ServicesPublic Cloud - SaaSAll SectorsISO 27005 - Scenario Based RAInternational Data CenterCommunity Cloud IaaSInternationalCorrections IndustryISO 27005 - Asset Based RAOffender ManagementPublic Cloud - SaaSInternationalGovernmentCorrections IndustryISO 27005 - Asset Based RAOffender Management9/10/2019Tech Day VIHybrid Cloud - SaaSNational Self-Assessment31
Use Cases For Cloud Risk Assessment (1 if 2)Hybrid CloudAsset InventoryFrom ISO 27017, a new cloud control, CLD.13.1.4alignment of security management for virtual andphysical networks, presents the risk that virtualnetworks are configured differently from physical onesand as a consequence do not provide the samerequired level of security.The initial risk assessment for Alcohol Monitoring and OffenderManagement ISMS systems includes asset management forservers, workstations, storage and backup, network equipment,network segments, applications, data repositories, virtualtechnologies, and service providers. Although an asset-basedrisk assessment has not performed, data center systemsconfigurations have been maintained and updated annually.Application Program Interface (API)Asset-based Risk AssessmentMultiple controls from the Cloud Security Alliance (CSA)cloud control matrix examine the APIs which may transitcloud applications and on-premises data resources AIS-01 - Application & Interface Security Application Security CCC-05 - Change Control & Configuration ManagementProduction Changes IAM-02 - Identity & Access Management Credential Lifecycle /Provision Management IPY-03 - Interoperability & Portability Policy & Legal9/10/2019Tech Day VIAn asset-based inventory for cloud systems is not widely adoptedin the industry. ISO 27001 asset definition might deal withcomponents like ‘an IaaS system’ rather than examining thedetailed components of a cloud deployment comparable to datacenter inventories. This topic was highlighted in ‘TakingCompliance to the Cloud’ [1] only to suggest that protection ofdata assets may have more scope in a cloud RA.32
Use Cases For Cloud Risk Assessment (2 of 2)Private CloudCommunity Cloud (SaaS Deployment)The ascendancy of ‘infrastructure as code’ has beenadopted for emerging systems at AMS. This includesmodeling complete data center services in an IaaSsystem. An assessment of this type of delivery networkhas emerged in companies like Soft Layer for which theISMS scope statement reads – “SoftLayer’s operationalfunctions are integrated into its proprietary managementsystem, known as IMS. IMS automates all criticalaspects of the business, such as dedicated servers,power strips, firewalls, load balancers, updates,accounting, compliance controls, inventory, contracts,etc.”.Worth mentioning in the Government Cloud (Azure GovCloud)are the more restrictive controls of advanced data protection,security identity, data at rest protection using data at restencryption, managed secrets and dedicated cloud infrastructureresources for hosting PaaS objects and providing SaaS service togovernment agencies. In providing services to governmentcommunities, GovCloud uses physically isolated datacenters andnetworks (located in U.S. only9/10/2019Tech Day VIInternational Cloud DeploymentsIn scaling cloud solutions to national and internationaldeployments companies will be complying to global, government,industry and regional regulatory requirements. This attestationcan be typically found on compliance portals maintained by majorCloud Service Providers (CSP) such as Azure, Google and AWS .A good example of a National Cloud Security Risk SelfAssessment is available on the New Zealand governments ICTportal33
Summary Cloud Risk Findings and MitigationsRisk SummaryRisk DescriptionProposed controlData in transit protection Tthe integrity or confidentiality of the data may be compromised User data transiting networks is adequately protected againstwhile in transit.tampering and eavesdropping by (SSL, TLS, VPN)Asset protection andresilienceInappropriately protected consumer data could be compromised User data, and the assets storing or processing it, shall bewhich may result in legal and regulatory sanction, or reputational protected against physical tampering, loss, damage or seizure.damage.ISO 27018 (PII Protection in the Cloud)Separation between users Service providers cannot prevent a consumer of the serviceaffecting the confidentiality or integrity of another consumer’sdata or service.Governance frameworkAny procedural, personnel, physical and technical controls inplace will not remain effective when responding to changes inthe service and to threat and technology developments.A malicious or compromised user of the service shall not be ableto affect the service or data of another.ISO 27017 (Cloud Security) and ISO 27018 (PII Protection in theCloud) are recommended for adoption. The service provider shallhave a security governance framework which coordinates anddirects its management of the service and information within it.Operational securityThe service can’t be operated and managed securely in order to The service needs to be operated and managed securely in orderimpede, detect or prevent attacks against it.to impede, detect or prevent attacks. Good operational securityshall not require complex, bureaucratic, time consuming orexpensive processes.Supply chain securityIt is possible that supply chain compromise can undermine thesecurity of the service and affect the implementation of othersecurity principles.The service provider shall ensure that its supply chainsatisfactorily supports all of the security principles which theservice claims to implement.Secure user management Unauthorised people may be able to access and alterconsumers’ resources, applications and data.Your provider shall make the tools available for you to securelymanage your use of their service.Identity and authentication Unauthorized changes to a consumer’s service, theft ormodification of data, or denial of service may occur.All access to service interfaces shall be constrained toauthenticated and authorized individuals.9/10/2019Tech Day VIAnnex A / ISO 27017-18 ReferenceA.10.1 Cryptographic controlsA.8.1.1 Inventory of Assets (PII)A.8.2.1 Classification of Information(PII)A.8.2.2 Labelling of Information (PII)CLD.9.5.1 Segregation in VirtualEnvironments Multi-tenancyprotectionA.5 Information security policiesCLD.12.1.5 Administrator’sOperational SecurityCLD.12.4.5 Monitoring of CloudServicesA.15 Supplier relationshipsA.9 Access controlCLD.12.1.5 Administrator's OperationalSecurity34
Summary Cloud Risk Scoring (Pre-Treatment)Risk SummaryRisk DescriptionData in transitprotectionTthe integrity or confidentiality of the data may becompromised while in transit.Asset protection and Inappropriately protected consumer data could beresiliencecompromised which may result in legal and regulatorysanction, or reputational damage.Separation between Service providers cannot prevent a consumer of theusersservice affecting the confidentiality or integrity ofanother consumer’s data or service.GovernanceAny procedural, personnel, physical and technicalframeworkcontrols in place will not remain effective whenresponding to changes in the service and to threat andtechnology developments.RiskLikeliRisk RiskExisting ControlsImpactOwnerhoodScore LevelNetOps, User data transiting networks isConfidentiality NetDev adequately protected against tampering236 MEDIUMand eavesdropping by (SSL, TLS, VPN)NetOps, Access controls for MongoDB and SQLNetDev Server PII data in AzureIntegrity4416HIGHRisk TypeNetOps, Microsoft Azure Risk AssessmentConfidentiality NetDev Diagnostic toolIntegrityNetOps, Application Insights (Azure) is used forNetDev cloud monitoring in developmentSupply chain security It is possible that supply chain compromise canundermine the security of the service and affect theimplementation of other security principles.AvailabilityNetOps, Contract with Microsoft Azure servicesNetDev Microsoft Azure Risk AssessmentDiagnostic toolSecure usermanagementNetOps, Microsoft Azure Risk AssessmentConfidentiality NetDev Diagnostic tool9/10/2019Tech Day , ISO 27001 ISMS for Cloud ApplicationsNetDevOperational security The service can’t be operated and managed securely inorder to impede, detect or prevent attacks against it.IntegrityUnauthorised people may be able to access and alterconsumers’ resources, applications and data.235
New Zealand National Cloud Security Risk Assessment – Example9/10/2019Tech Day VI36
Table of Contents Introduction – What are the Risks in the Age of Cloud Computing? Top 10 Security & Privacy Threats in the Cloud Risk Assessment Methods for Cloud Applications ISO Standards for Cloud Security and Privacy Tools and Techniques for Cloud Security Risk Assessments References Q&A37
References - Risk Assessment Methods for Cloud T. Weil, "Taking Compliance to the Cloud—Using ISO Standards (Tools and Techniques)," in IT Professional, vol. 20,no. 6, pp. 20-30, 1 Nov.-Dec. 2018. M. Iorga and A. Karmel, "Managing Risk in a Cloud Ecosystem," in IEEE Cloud Computing, vol. 2, no. 6, pp. 51-57,Nov.-Dec. 2015 B. Grobauer, T. Walloschek and E. Stocker, "Understanding Cloud Computing Vulnerabilities," in IEEE Security &Privacy, vol. 9, no. 2, pp. 50-57, March-April 2011. Raymond Choo, "Cloud Attack and Risk Assessment Taxonomy”, in IEEE Cloud Computing, vol. 2, no. 1, pp. 14-20,Jan-Feb. 2015. G. Wangen, "Information Security Risk Assessment: A Method Comparison," in Computer, vol. 50, no. 4,pp. 52-61, April 2017. Khogali, I. M. A., & Ammar, P. H. (2017). A Scenario-Based Methodology for Cloud Computing SecurityRisk Assessment. International Journal of Innovation Education and Research, 5(12),127-155. Soft Layer ISO 27001 certifcation, online s/SoftLayer ISO Certificate.pdf New Zealand National Cloud Security Risk Assessment, online available-NZ ICT Portal rvices/ Risk.net 2018 IT Risk Survey of Financial Business Executives online available- h Day VI38
References Used in This Presentation European Union Agency for Network & Information Security (ENISA) Cloud Security Guidelines ata/cloud-security Cloud Security Alliance – The Dirty Dozen: 12 top cloud security threats df Managing Privacy Risk in the Cloud -cloud-pov.pdf Why Don’t Risk Management Programs Work (Network World 5/20/13) – RSA Panel Discussion html 13 Effective Security Controls for ISO 27001 Compliance (Microsoft Azure White ails.aspx?id 50742 Implementing the Cloud Security Principles g-cloud-security-principles Cloud Risk Assessment Using FAIR (Rastogi, Chandra, Singh) - Online available http://ijcst.com/vol41/1/adesh.pdf9/10/2019Tech Day VI39
Tim Weil – Network Program ManagerTim is a Security Architect/IT Security Manager with over twenty five years of ITmanagement, consulting and engineering experience in the U.S. Government andCommunications Industry. His technical areas of expertise includesFedRAMP/FISMA compliance for federal agencies and cloud service providers, ITService Management, cloud security, enterprise risk management (NIST) forfederal agencies and ISO 27001 compliance for commercial clients.He is a Senior Member of the IEEE and has served in several IEEE positions Chair of the Denver Section (2013); Chair of the Washington Section (2009);Cybersecurity Editor for IEEE IT Professional magazine. General Chair - IEEEGREENTECH Conference (2013)His publications, blogs and speaking engagements are available from the website http://securityfeeds.com9/10/2019Tech Day VI40
A Writer’s Life –9/10/2019Tech Day VI41
IT Professional Security Issue (2015 vs 2018)9/10/2019Tech Day VI42
Certifying Cloud Security Practices9/10/2019Tech Day VI43
Assessing Security and Privacy in the Cloud – Blue Sky or Rain?9/10/2019Tech Day VI44
Thank you for joining us!Tim Weil – CISSP/CCSP, CISA, PMPNetwork Project ManagerAlcohol Monitoring ms.comLinkedin - https://www.linkedin.com/in/tim-weil-a8b1952Tech Day VI45
ISO 27005 Information Security Risk Management System Characterization Context Establishment Threat Identification Risk Assessment Vulnerability Identification Risk Analysis –Risk Identification Control Analysis Risk Analysis –Risk Estimation Likelihood Determination Risk Evaluation
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan
service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största
Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid
LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .
sites cloud mobile cloud social network iot cloud developer cloud java cloud node.js cloud app builder cloud cloud ng cloud cs oud database cloudinfrastructureexadata cloud database backup cloud block storage object storage compute nosql
Risk is the effect of uncertainty on objectives (e.g. the objectives of an event). Risk management Risk management is the process of identifying hazards and controlling risks. The risk management process involves four main steps: 1. risk assessment; 2. risk control and risk rating; 3. risk transfer; and 4. risk review. Risk assessment
och krav. Maskinerna skriver ut upp till fyra tum breda etiketter med direkt termoteknik och termotransferteknik och är lämpliga för en lång rad användningsområden på vertikala marknader. TD-seriens professionella etikettskrivare för . skrivbordet. Brothers nya avancerade 4-tums etikettskrivare för skrivbordet är effektiva och enkla att
