1 Could your security vulnerabilities cause network gridlock? A discussion paper for Transportation Information Technology leaders and executives
2 2 THE NEED FOR SECURITY IN THE TRANSPORT ECO-SYSTEM Transportation forms an integral part of a nation s critical infrastructure; preserving the integrity, confidentiality and availability of information and services is a leading priority for every transport organisation. It has never been more so with the advent of intelligent transport systems and services (ITS). Connected cars, connected aircraft, automation of passenger journey information, self-service airports, all powered by the adoption of new technologies such as the internet of things which enables tracking of passenger and freight movements. The adoption of these services is underpinned by changes in infrastructure and the greater adoption of new technologies including cloud computing and shared services; but the potential risk to the business increases. Lloyd s Risk Index 2013 Global CXO survey 1 cites cyber security risks as one of the top three priorities on boardroom agendas - failure to identify vulnerabilities and validate the effectiveness of security controls could compromise both the business and entire transport network. The collision of physical and cyber attacks are real threats for which organisations should be prepared and ask the following questions: how prepared is your organisation, could it withstand a cyber attack? how secure are your company processes? how secure are your suppliers and partners cyber security defences? We address these and other questions as we examine the impact of the connected world and subsequent risks in the transport sector. 1 Lloyd s Risk Index based on a global survey of over 500 C-suite and board level executives conducted by Ipsos MORI for Lloyd s during April and May
3 3 TRANSPORTATION TODAY Everyone wants to feel safe when they re travelling, whether it s by road, rail, sea, air or simply on foot. A host of organisations, including government, transport operators and providers are working to ensure this happens and we re right there with them. Moving people and goods is critical to the success of any modern society and means we need intelligence to be built into transport systems to minimise risk whilst maintaining freedom of movement. The customer experience and customer journey are fundamental to the success of many in the sector - at a basic level, the combination of customer experience and risk mitigation policy involves the use of cameras, scanners and other devices to detect and screen objects and people, whilst at a higher level, it also involves carrying out security evaluations, dependent upon the risk profile and risk appetite of the organisation. This paper reflects on the new realities of transportation security and risks. Incidents and events are being reported almost every day which compel businesses to approach transport security as more than a single element of the global networks that move people and goods. Once a routine component of modern transportation, cyber and physical security now represents a vital necessity and an urgent priority. Can you afford for your organisation to be the breach in the transport eco-system? The aim of this paper is to provide insight, thought and analysis for executives and decision makers around the world who view the transportation system s security as a critical element in today s world. CGI in Security CGI helps clients assess the cyber threats and risks, protect the business and operate with confidence. And we do this with a business-focused approach to security. CGI experts work on high-intensity engagements with military and intelligence nerve centres and high-profile multi-national defence programmes, defending government networks, critical infrastructure and corporate intellectual property against 43 million sophisticated attack incidents per day. We have deployed and supported 9,000 plus biometrics systems and devices at a 100 plus worldwide locations, delivering over 4 million biometrics enrolments each year for the U.S. military. We are one of the few providers worldwide with three accredited security certification facilities located in Canada, the U.S. and the UK including our world-class CGI Federal Cyber Innovation Lab. Our nine Security Operations Centers continuously identify and deploy the best solutions to maintain a state-of-the-art infrastructure.
4 4 CGI in Transport CGI works with transport and logistics companies to drive efficiencies, launch innovative offerings and enhance the overall passenger experience. We currently work with over 200 clients providing end-to-end IT transport and logistics services, from consulting to full IT outsourcing, along with specialised IT and security services. During our 30 years working in the sector we have: Implemented automatic gate check in for Lufthansa Operated PCI DSS compliant service for Shell Fuel cards Delivered physical security at Gatwick Airport Handled PCI for the Transport for London Barclays Bike Hire scheme Helped implement the first biometric border control in Europe Conducted security and penetration testing for rail infrastructure owners Provided security management services to BMW Provided software that helps manage 10 airports in Portugal CGI s transport security solutions are designed to deliver clarity to the complex task of protecting passengers, cargo and high risk assets from those intent on doing harm. We work alongside the world s government, military, law enforcement and security services, and face to face with the aviation, maritime, rail industries and public authorities to: Deliver best passenger experience Increase value and efficiencies Protect and enhance reputation Build a strong environmental Health and Safety programme underpinning security requirements Review compliance and governance Examine the security measures of organisations within their wider eco-system Embrace and deploy new technologies such as cloud and mobile apps mindful of the security risk and business impacts Ensure privacy of data of employees, customers and clients Review cost of reputation and cost of money Examine reputational risks and loss of customer loyalty Examine financial cost of crisis management Assess threat levels Examine the countermeasures in place, and Recommend strategies to deal with these threats Provide predictive analytics of threat vectors and countermeasures Provide 24/7/365 monitoring Protect and ensure continuity of operations Security is one of our areas of special expertise we ve carried out more than 60% of UK government security evaluations and provide top-level security solutions for governments and commercial organisations worldwide. In transport we have a track record that spans over three decades where we have supported transportation organisations globally with both operational efficiencies and security improvements. It s this kind of experience that makes us uniquely placed to provide safety and security solutions for the transport sector.
5 5 TRENDS AND RISK FACTORS THE CONNECTED FUTURE OF TRAVEL AND TRANSPORT IS ALREADY HERE. ARE WE READY? Technological advances have delivered automated self-drive cars, connected aircraft and driverless trains, but human acceptance of the reliability and legislation of these technologies delays their widespread adoption. Securing the supply chain and its component parts is a balancing act between cost efficiencies, new technology and compliance. CSOs, CIOs and organisations are discovering this as the threat from cyber and physical attack increases. Improving the passenger experience should not result in a lowering of risk factors. However it is key to recognise that threats and risks no longer just come from individual hackers looking for vulnerable websites, backdoors or compromised software. Every day, headlines report the depths that organisations and organised crime will go to, to gain control of information from targeted attacks. It is estimated that targeted attackers are on average able to operate for some 416 days within an organisation prior to detection 2. These targeted attacks on corporations have widespread consequences on brand, reputation and operational processes. For example Sony lost 6% market share overnight as consumers lost trust when Sony suffered a security breach with the loss of customer sensitive information. The majority of global organisations are likely to have suffered some form of data loss, whilst data breaches have cost organisations multiple millions. Could a public transport organisation recover from such a loss of reputation even if the safety of the network were preserved? Airport scare at Los Angeles In April 2013 passengers at the Los Angeles airport were subjected to flight boards displaying Emergency Leave the Terminal for five minutes. What was initially thought to be a hacking attack, airport officials later explained was an airline contractor with authorised access who had accidently caused the override of the screens. KLM website attacked At 11:00 on 18 April 2013, KLM s website started to experience issues. Online check-in, ticket booking and other information services were nonoperational. A Denial of Service attack was the cause and it wasn t until two days later on 20th April before services started to return to normality. 2 Mandiant M-Trends 2012: mandiant-releases-annual-threat-report-on-advanced-targeted-attacks/
6 6 Car hacking tricks revealed at Vegas hacking conference At Defcon 21 Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive, released their homegrown tools to hack into computerised features of a 2010 Toyota Prius and a 2010 Ford Escape. They demonstrated how easy it is to disarm the car alarm systems and control other GSM and cell-connected devices. They were able to achieve this by a direct attack, by hooking a laptop to the ECU communications network and injecting rogue signals into it included disabling the brakes while the car was in motion, jerking the steering wheel, accelerating, killing the engine, yanking the seat belt, displaying bogus speedometer and fuel gauge readings, turning on and off the car s lights, and blasting the horn. The researchers also found a way to achieve persistent attacks by modifying the ECU firmware to send rogue signals even when they were no longer physically connected to the control units. All of these needed direct access to the vehicle to work. However, in 2011 another research group from the Centre for Automotive Embedded Systems Security found that they could execute a wide range of remote attacks using the vehicles CD or USB player, Bluetooth and cellular radio. What if these direct and remote methods were successful when combined? WHAT DOES THIS IMPLY FOR BUSINESSES? Organisations that are not reviewing and updating their risk profile of vulnerabilities could be subject to reputational damage or worse. They need to consider the probability and impacts of an incident or attack on their infrastructure and services - will they be able to effectively manage and survive a crisis? Consider how many minutes it takes for: a malfunctioning baggage system to interrupt the smooth functioning of a busy international airport the closure of an arterial road system to create traffic jams; act of terrorism or violence to create a crisis situation or the almost instantaneous loss of customer loyalty, brand and reputation. Organisations that are unable to articulate the impact to the business, the probability of the occurrence of threats and a mitigation strategy are not addressing the impact to their brand and the bottom line. THE IMPACT ON THE STREET Our transportation systems are becoming more connected. We already see widespread adoption of real-time passenger information services and mobile ticketing. Data is being released under Government s open data initiatives to allow third party developers access to mash data together, providing predictive analytics, around consumer choices, freight patterns and much more. However this is just the beginning of the connectivity which will prevail. As mobile device applications develop and the advent of the internet of things becomes a reality, a security strategy of isolation is no longer relevant. For example, until recently it was irrelevant and considered unnecessary to worry about the safety of allowing over-the-air updates to a vehicle. Cars today are already becoming connected, it is predicted that by 2030 autonomous vehicles will be commonplace on our roads. With the imminent range of connected vehicles hitting production lines, transport authorities are starting to think about how our traffic management operations centres can gain greater insight into the movement of traffic and the influence of that movement. For example; the control of vehicles to reduce emissions around a hospital where a hotspot has formed; the automatic re-direction of cars when an accident has occurred; the automatic reduction of car speeds during periods of heavy traffic. Personalised micro-navigation requests could be made to drivers routing systems to control this and many more applications in development. However imagine the disruption if this was maliciously compromised, by a disgruntled employee or a terrorist.
7 7 An intelligent connected world of transport The infrastructure upon which we run our transportation is becoming more intelligent and connected, and signalling systems are turning digital and autonomous: this is truly where the physical and cyber worlds collide. WHAT DOES THE FUTURE HOLD FOR US? Rate of of urbanisation urbanization Projected average rate of change in urban population size. 2/3 of the planet by % by 2050 Transport of people and goods How things are set to change Fewer people will maintain a car which is used for only 5% of its life and stays parked for 95% People will want to get from A to B and will worry less about the mode of getting there Journey will become multimodal - walking, trains, car shares will all be valid options Data and applications and personal identity will become the new tools of choice for journey
8 8 Bay Area Rapid Transit targeted by hackers In August 2011 the Anonymous Hacking group attacked San Francisco s Bay Area Rapid Transit (BART) website, mybart.org. The attack came after BART blocked cell phone service to stop a protest the previous week. Hackers defaced the site with Anonymous logos and released personal contact information of at least 2,400 of the site s users including names, passwords, s, addresses and phone numbers. Infrastructure vulnerability exposed In 2008 a teenager derailed a tram in Łódz, Poland injuring 12 people by using a modified remote control to switch points. The ageing rail infrastructure used an infrared control system which wasn t secured in any manner. PHYSICAL WORLD AND CYBER WORLD COLLISION The collision of the physical and cyber worlds brings new challenges to securing the transportation sector including the customer experience, passenger journey and treatment of our freight. These require greater consideration as to the impact of threats on infrastructure and processes calling for deeper attention on the means of attack, their consequences, requiring a visionary thinking to risk mitigation, its impacts and organisational development. The greatest risk that transportation organisations are bracing themselves for is the combination of both physical and cyber attacks on their infrastructure; this is the highest risk factor that many are working to control within corporate risk registers. The explosion of social media applications, on-line technologies and self- service user terminals provide an avenue for increased risk. The resulting risk mitigation matrix needs to take into consideration, aspects of the following: THREATS AND MOTIVATIONS Deliberate and planned: protester, terrorist, criminal, malicious, disgruntled passenger, employee or third party Deliberate and spontaneous: opportunistic criminal, disgruntled passenger, ex-employee or third party Malicious and non-specific : malware, hacking, spoofing Malicious and specific: targeted attack at corporate, industry sector or eco-system Environmental: weather, power loss, hand of god Accidental: unintended consequences MEANS OF ATTACK Physical access Interfaces Cyber-attacks: internet-borne malware Wi-Fi Denial of service Lock out
9 9 POTENTIAL IMPACT Impact on information, confidentiality, integrity or availability Loss of ICT (information and communications technology) Interrupted operations resulting in delays, cancellations Impairment of passenger/freight experience Damage to reputation and brand Incorrect freight, passengers, transport at wrong destinations causing security breaches Crisis management scenarios need to consider not only attacks to the direct organisational infrastructure but also to the wider transportation system. Incidents such as the volcanic ash cloud, fires on airport runways and high speed passenger train crashes demonstrate the need for immediate and effective handling. But when does an incident manifest itself into a crisis? And how do organisations manage events both within and out of their sphere of control? As we highlighted earlier, Mandiant 3 have reported that hackers could be within an organisation s infrastructure for up to 416 days before detection. In order to mitigate risks this needs to be reduced to almost instant recognition. If you secure your environment how can you be assured that your competitors and third party suppliers have also secured their vulnerabilities? 3 Mandiant M-Trends 2012: mandiant-releases-annual-threat-report-on-advanced-targeted-attacks/
10 10 THE THREATS THAT LOOM WHEN THE PHYSICAL AND CYBER WORLDS COLLIDEg Threat/Motivation Planned attack Protester, terrorist, criminal, malicious, disgruntled passenger/ employee/third party Means of attack Interfaces Threat/Motivation Spontaneous attack Opportunistic criminal, disgruntled passenger/ ex-employee/third party Threat/Motivation Disgruntled third party Threat/Motivation Malicious/general Malware, hacking, spoofing Means of attack Cyber-attacks: internet-borne malware Potential impact Interrupted operations resulting in delays, cancellations Threat/Motivation Accidental Unintended consequences Threat/Motivation Environmental Weather, power loss
11 11 Means of attack Lock out Means of attack Collision of physical and cyber attack Potential impact Loss of ICT (information and communications technology) Threat/Motivation Deliberate attack Specific or targeted attack at corporate, industry or eco-system Means of attack Denial of service Potential impact Damage to reputation and brand Means of attack Wi-fi Potential impact Impairment of passenger/freight experience Means of attack Physical access Threat/Motivation Disgruntled employee Potential impact Impact on information, confidentiality, integrity or availability Means of attack Third party compromises
12 12 The world s biggest ITS project Saudi Arabia has a population of 27 million and suffers 18 fatal accidents daily, five times the per capita rate in Europe. The ATVAM (Automated Traffic Violations Administering and Monitoring) programme covers all eight of the kingdom s major cities and addresses the need to improve road safety, improve law enforcement and security, and reduce congestion through better traffic management. The kingdom has been divided into three regions, reporting into the CGI programme management. The programme provides several thousand roadside systems, split between number plate detectors, intelligent surveillance, and fixed and mobile speed and red light cameras. A dozen command and control centres bring together the security and traffic management functions, and attention to process violations. This is a perfect example of the ITS industry demonstrating that it can rise to the challenge of coping with the harsh and unpredictable conditions in Saudi Arabia to make its systems work there as effectively as they do elsewhere in the world, and to raise the bar globally in terms of true system integration. PREVENTION - SECURING AND ASSURING Risk probability and risk treatment provide organisations with risk mitigation frameworks. It provides assurance for today s risks as well as tomorrow s. From connected cars to last mile parcel delivery our transport and logistics systems need to be robust and defended. In similar engagements with organisations such as British Airways, a large UK rail operator and others, we have identified the core components of the service and ensured that every area is tested for vulnerabilities. In addition we have undertaken cyber risk assessments, using the cyber intelligence gleaned from our global Security Operation Centres and applied it to the external cyber vulnerabilities of each organisation. Our methodology and approach has been developed over more than 30 years. Our specialist Penetration Testing Team founded the CESG CHECK scheme; we currently have a green light status. The team comprises highly skilled security consultants who specialise in penetration/vulnerability testing and includes CESG CHECK approved team leaders, and team members. OUR PRIMARY OBJECTIVES FOR SECURITY ASSURANCE: To demonstrate, to the highest level of assurance possible, that a system is either susceptible or not susceptible to particular security weaknesses To provide clear recommendations for vulnerability mitigation that are straightforward to implement and tailored to the system s requirements To validate the solution and identify the weakest security link To ensure the security of the underlying software using CGI s IPR (intellectual property rights) solution SilverKite.
13 13 CGI selected for multiple-award Indefinite Delivery/ Indefinite Quality for technical, acquisition, and business support services with the Department of Homeland Security The Department of Homeland Security (DHS) and the United States Coast Guard (USCG) awarded CGI an indefinite delivery/indefinite quantity (ID/IQ) contract for Technical, Acquisition and Business Support Services (TABSS). TABSS plays a pivotal role in enabling effective support for the planning and administration of programmes, projects and major acquisitions key to advancing DHS s goals and securing the nation. NS gets control over its entire passenger information chain CGI helped Dutch Railway operator, NS orchestrate its efforts to proactively manage its information chain. By doing this they were able to resolve issues before they turn into problems, have one common image on the health of the entire chain, zoom in on specific elements in the chain and solve incidents and problems faster. CGI will compete for task orders to provide missioncritical engineering, programme management and technical services to support the entire acquisition lifecycle from initiation through research, development, production, deployment, operations, upgrade and disposal of essential DHS programmes and assets. Our domain expertise and next-generation solutions enhance DHS s mission capability and improve cost effectiveness across the agency.
14 14 BMW s gets one of Europe s biggest Identity management systems that is also among the top 50 systems of its kind, worldwide More than 1,000 of BMW s applications which supported a user base of 280,000 employees, dealers and suppliers were based on multiple platforms and used different processes and systems. Over time and with increasing business demands these systems became unsustainably complex with correspondingly high support and maintenance costs. BMW looked to CGI to help them meet their evolving security needs and comply with changes in international law. We designed and developed BMW s new ID management systems (IdAS). It integrated formerly disparate management and provisioning processes and automated BMW s need for flexibility, security and speed. IdAS was successfully launched in BMW customers now get more information from dealers as the dealers have direct access to BMW s information systems. TRAVEL, TRANSPORT, AND SECURITY UNDERSTANDING TRUSTED PROJECT RESOURCES AND PROVEN EXPERIENCE WITHIN THE TRANSPORT AND LOGISTICS SECTOR We have worked in the Transport and Logistics sectors for over three decades, with organisations that include major airports, for example London Heathrow, Gatwick Airport, Amsterdam Airport Schiphol and Aeroportos de Portugal. Other key clients with whom we have a close association in the aviation sector include CAA and airlines such as Air Canada, Lufthansa, Air France/KLM, and Finnair. In rail we work with organisations such as Via Rail, ProRail, Network Rail, Queensland Rail, Deutsche Bahn and STM and AMT in Montreal. We provide services to car manufacturers such as BMW, KIA, Ford, Toyota, Jaguar and Land Rover and aircraft manufacturers like Rolls Royce, Bombardier and Airbus. We work with the Transport Ministries of national governments, such as those in Sweden, Finland and Netherlands and transport authorities such as Transport for London, Transport for Greater Manchester, Translink in Vancouver and caltrans. LEADING SECURITY PARTNER We apply many years of security expertise to our decades of travel and transport knowledge to deliver a class-leading security capability. We are trusted with the security needs of governments and blue chip organisations across the world. For over three decades, we have enabled our customers to operate securely across the private and public sectors globally, with a business-focused approach to security. Our integrated team of over 1,200 security professionals delivers to customers locally but leveraging global capability.
15 15 Our solutions integrate consultancy, systems integration and managed services to ensure that the critical people, business process and technology aspects are addressed. Through this we have gained a unique understanding of how the complex security needs of our customers can be met whilst maintaining their business agility, improving their operational excellence, increasing the trust of their customers, suppliers, stakeholders and employees Internationally our security teams support many of the world s leading organisations including Barclaycard, Bombardier, BMW, Carrefour, Czech Post, Daimler Benz, Department of Defence, EADS, Eon, European Space Agency, National Audit Office, Network Rail, Philips, Sagem, SAS, Scania, Shell, SNCF, Scottish and Southern Electric, T-Mobile and Transport for London. We support and assure many critical national infrastructures. Our global methodology supports organisations like Shell as they tackle information risk management for today and tomorrow s technology challenges. SUMMARY AND CONCLUSION Transport systems are attractive targets for individuals seeking to inflict major disruption and economic damage and instil uncertainty. Transport systems are inherently vulnerable to attack, as they are open systems that gather large numbers of people at predictable times in predictable places. CGI is constantly thinking ahead to the next level of protection. For example, CGI helps secure the Galileo Satellite Navigation Programme. On Galileo, we re providing the security and key management facilities to the Ground Control and Ground Mission segments. We re also addressing the thorny issue of achieving a balance between rigorous security checks, passenger convenience and speed of boarding. We ve pioneered automated and biometric border management, with automatic barriers linked to advanced biometric readers and smartcards. This allows travellers to move quickly and comfortably through airports or between countries without compromising security. Major rail operator gets safer We enhanced a major rail operator s security in four phases: 1. Developed a functional view or rich picture that included the as-is and to-be status of the organisation. 2. Created a cyber threat profile from internal and external data sources. 3. Provided a detailed analysis in specific areas i.e. security policy, telecoms, risk management, security operations, SCADA, signaling systems and major projects and systems. 4. Produced a written report and options paper which laid out the options for the future expansion of organisational s cyber defence. The report was disseminated to the Information Security Team and key stakeholders. A formal review and feedback process was initiated. New information was provided and changes were agreed and implemented in the new version of the report. Biometrics is one of our core capabilities; we re one of the world s most experienced biometric implementers. Our systems are already used at football stadia, shopping malls, and many other places with a high concentration of people or high security demands.
16 CGI GROUP INC. cgi.com/cyber With 69,000 professionals operating in 400 offices in 40 countries, CGI fosters local accountability for client success while bringing global delivery capabilities to clients front doors. Founded in 1976, CGI applies a disciplined delivery approach that has achieved an industry-leading track record of on-time, on-budget projects. Our high-quality business consulting, systems integration and outsourcing services help clients leverage current investments while adopting new technology and business strategies that achieve top and bottom line results. As a demonstration of our commitment, our average client satisfaction score for the past 10 years has measured consistently higher than 9 out of CGI GROUP INC. All rights reserved. This document is protected by international copyright law and may not be reprinted, reproduced, copied or utilised in whole or in part by any means including electronic, mechanical, or other means without the prior written consent of CGI. Whilst reasonable care has been taken by CGI to ensure the information contained herein is reasonably accurate, CGI shall not, under any circumstances be liable for any loss or damage (direct or consequential) suffered by any party as a result of the contents of this publication or the reliance of any party thereon or any inaccuracy or omission therein. The information in this document is therefore provided on an as is basis without warranty and is subject to change without further notice and cannot be construed as a commitment by CGI.
Could Your Security Vulnerabilities Cause Network Gridlock? A Discussion Paper for Transportation Information Technology Leaders and Executives 2 THE NEED FOR SECURITY IN THE TRANSPORT ECOSYSTEM Transportation
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
Maximising supply chain throughput with existing infrastructure Improve customer service without capital outlay 1 the CHALLENGE SUPPLY CHAIN AND LOGISTICS Increasing global complexity and uncertainty is
Infrastructure consulting Global Infrastructure Services Operational costs systems availability compliance and security energy and power usage disaster recovery all contribute to today s increasingly complex
Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
LAPS for G3: Transforming your payments journey G3 innovation promises to transform the payments landscape for Singapore. While focused primarily on enabling real-time payment services, G3 has a much broader,
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
Critical infrastructure / transportation Airports Beyond security: ATEC s contribution to Birmingham Airport s management systems As progressive transport hubs such as Birmingham Airport (BAL) invest in
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web
Secure Thinking Bigger Data. Bigger risk? MALWARE HACKERS REPUTATION PROTECTION RISK THEFT There has always been data. What is different now is the scale and speed of data growth. Every day we create 2.5
Physical Security Services The ANVIL Group Physical Security Services The ANVIL Group is an internationally renowned and accredited security company specialising in Crisis Avoidance. Established in 1988,
Supply Chain Acceleration: Our Offering for Enabling Growth Supply Chain Acceleration Services Supply Chain Acceleration (SCA) brings together 30 years of supply chain knowledge and domain expertise, that
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
Connecting things. Creating possibilities. A point of view Is the next technological revolution already here? The Internet of Things is already transforming our daily lives, our health, education and businesses.
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
Connect for new business opportunities The world of connected objects How do we monitor the carbon footprint of a vehicle? How can we track and trace cargo on the move? How do we know when a vending machine
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
INFORMATION SECURITY TESTING SERVICE DESCRIPTION Penetration testing identifies potential weaknesses in a technical infrastructure and provides a level of assurance in the security of that infrastructure.
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat
Global Infrastructure Services Technical service desk As IT environments grow increasingly complex, today s global workforce demands a much higher level of technical support. To be successful, technical
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
Corporate Security in 2016. A QA Report Study Highlights According to ThreatMetrix, businesses in the UK are at greater risk of cybercrime than any other country in the world. In a recent survey carried
Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing
Smarter Transportation Management Smarter Transportation Management An Opportunity for Government to Think and Act in New Ways: Smarter Transportation and Traffic Safety Cate Richards NA Smarter Cities
Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
CGI Payments360 Moving money with greater agility and confidence Experience the commitment Addressing today s payments realities Customers want the ability to buy anything, pay anyone and bank anywhere
Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that
A WIDER SHARING ECOSYSTEM The pivotal role of data in transport solutions October 2015 A MARKET ON THE MOVE CONTENTS 3 TRANSPORT TRENDS 4 THE ROAD AHEAD 5 TRANSPARENCY LEADS TO TRUST 6 DATA LOCATION AND
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
Care Providers Protecting your organisation, supporting its success Risk Management Insurance Employee Benefits Investment Management Care providers are there to help those in need. But who helps the care
innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security August 2014 w w w.r e d s p in.c o m Introduction This paper discusses the relevance and usefulness of security penetration
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
British Airways 2009/10 Annual Report and Accounts 27 Our strategy and objectives our business FOCUSED ON OUTSTANDING CUSTOMER SERVICE Meeting the rising expectations of our customers remains central to
HSE - Safety doesn t happen by accident Oil and gas cgi.com 2 Health Safety and Environment (HSE) Working in the oil and gas industry rarely involves sitting behind a desk all day. The nature of the product
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: firstname.lastname@example.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
Plan Design Enable Holistic Security Capabilities and Experience 2 Why Atkins for security? We have the unique combination of: a depth of understanding of the national security context strength of relationships
Threat Intelligence Pty Ltd email@example.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
Look beyond the horizon A smart back office for the public sector cgi-group.co.uk 2 Since 2002 our Government Procurement Service framework for payroll and HR services has been delivering savings and high
The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational
Fujitsu in rail ticketing Getting you on the right track to business growth To be the best, partner with the best As rail companies increasingly compete with car and air travel for passengers, it is vital
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
Security is one of the biggest concerns today. Ever since the advent of the 21 st century, the world has been facing several challenges regarding the security of people, economy, and infrastructure. One
Computer Network Security for ASCs A Panel Discussion to Raise Awareness Moderator and Panel Member: Dennis Treece, CSO, Massport Panel Member: Ray Boisvert, President / CEO, I-Sec Integrated Strategies
A strategic approach to fraud A continuous cycle of fraud risk management The risk of fraud is rising at an unprecedented rate. Today s tough economic climate is driving a surge in first party fraud for
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
Experience the Commitment IHP360 Insurer Hosted Pricing IHP 360 1 The MIB is committed to managing data for the insurance industry to support accurate pricing, a better customer experience and combatting
1 An Introduction v2.0 September 2015 Document History 2 Version Date Editor Remarks 1.0 06/04/2011 OMAPI Working Group Public release 2.0 27/09/2015 OMAPI Working Group Public release Copyright 2015 SIMalliance
Charities & Not for Profit Protecting your organisation, supporting its success Risk Management Insurance Employee Benefits Investment Management Charities are there to help those in need. But who helps
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country
Digital transformation can help you tame the perfect storm. The digital future for insurance. Following the 2008 financial crisis, the insurance sector has faced tighter regulation, which has made it harder
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must