Security Policies and Procedures

EIDR (Entertainment Identifier Registry – eidr.org) is a service provider for the global media and entertainment industry. Our members include some of the largest media companies in the world (eidr.org/eidr-members) and the identification services we provide are integrated directly into their supply chain operations (eidr.org/about-us). The Motion Picture Association (MPA – motionpictures.org) operates the Trusted Partner Network (TPN – ttpn.org), which provides a set of Content Security Best Practices for the industry (v5.3 – ttpn.org/links-resources). We at EIDR do not handle media directly, but we do manage descriptive metadata related to those programs and our services are used in the pre-release window when content security concerns are at their highest. We’re a small, not-for-profit organization. To date, our focus has been on service delivery, not security. Our security policies, procedures, and training programs have largely consisted of “we’re all professionals, so behave yourselves.” As you can imagine, this is not sufficient to meet the formal TPN security standards. The tasks ahead of us include: Reviewing the TPN Security Best Practices to determine which apply to our operation (providing justifications/explanations for those that do not) Comparing the applicable TPN Security Best Practices to our draft policies and procedures and correcting any identified gaps Developing a prioritized implementation plan that will guide us from current state to verifiable compliance with the applicable TPN Security Best Practices

Language Identification, Transliteration, and Translation Service

Our organization provides identification services for the global media and entertainment industry, (EIDR IDs are to movies and TV as ISBNs are to books, VINs are to cars, and UPC/EAN codes are to consumer products.) Descriptive metadata records for media programs are submitted in a wide variety of languages and scripts. We need to identify the languages used and produced normalized (transliterated and translated) versions for display and de-duplication. We need to develop a service that will read each record in our database and: Determine which language is used for each field If the script is not in the Latin-1 character set, then: Transliterate selected fields to Latin-1 (Romanize) Translate other fields to English Store the updated records in our database This will involve several different steps for the students, including: Familiarizing themselves with commercial language translation and transliteration tools Familiarizing themselves with our XML-based API Developing an architecture that will review and update our existing records and act as a testbed for future language tool development Selecting the best technologies and tools for this project, given our existing technology stack and available resources Building, testing, tuning, and deploying the service Developing comprehensive documentation describing the service for operations and ongoing maintenance

Python API

Our organization provides identification services for the global media and entertainment industry, (EIDR IDs are to movies and TV as ISBNs are to books, VINs are to cars, and UPC/EAN codes are to consumer products.) Media companies use our APIs to integrate EIDR identifiers and other services into their internal operations. We currently offer Java and .NET (C#) SDKs and XML- and JSON-based APIs. We want to develop a Python library equivalent to our existing SDKs to facilitation EIDR automation and integration so that EIDR services can be extended to a wider audience. Determine which language is used for each field If the script is not in the Latin-1 character set, then: Transliterate selected fields to Latin-1 (Romanize) Translate other fields to English Store the updated records in our database This will involve several different steps for the students, including: Familiarizing themselves with the current EIDR XML- and JSON-based APIs Familiarizing themselves with the features and functions of the current EIDR Java and .NET SDKs Familiarizing themselves with our suite of command-line tools that demonstrate EIDR SDK integration Defining the various packages, functions, and objects that will populate the Python SDK library Developing the Python SDK library and accompanying documentation Publishing the completed Python SDK library to GitHub

Service Security and Vulnerability Assessment & Report

We operate an ID registry (database) that is critical to the media & entertainment global supply chain. In addition to our public-facing Web site, we also have a Web-based User Interface for data entry and retrieval and a public-facing REST API connected to the ID registry.   We need a complete security assessment, encompassing all of our systems, services, policies, and procedures that identifies and quantifies any vulnerabilities or other shortcomings and includes ranked recommendations for changes or improvements. Ideally, this would include vulnerability scans and penetration tests in addition to documentation and practice reviews.   In the end, we either need to provide our member companies assurance that the EIDR service is sufficiently secure and resilient to protect their interests or offer a roadmap that will bring us there.