Industrial Control Systems Security. Denny Gregianin_Sales Area Manager

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Industrial Control Systems Security. Denny Gregianin_Sales Area Manager"

Transcription

1 Industrial Control Systems Security Denny Gregianin_Sales Area Manager

2 VEM in Numbers

3 Dipendenti e Fatturato

4 Design & Delivery NOC SOC HR & Quality Operations Custom Application Development IT Advisory Sales & Marketing Finance & Admin

5 Des& Delivery Design & Delivery Solutions Network & Data Center Infrastructure Building Efficiency & Controls Cloud Technologies Security & IT Governance Collaboration

6 Security & IT Governance Network Security Content Security Cyber Security Assessment IT Governance & Business Continuity

7 Comprendere le nuove minacce Ransomware on the rise Mobile Malware Social Media Malware & Malvertising Defacement Distributed Denial of Service (DDoS) Nuove forme di pagamento elettronico (i.e. Mobile, Digital Wallets, etc.) ICS e SCADA on the rise

8 Response Risk Anticipation Detection Prevention Identificare rapidamente i tentativi e gli attacchi informatici che riguardano gli asset del Cliente; Elaborare le procedure di risposta più idonee per contenere l attacco, rimuovere l infezione e ridurre gli impatti sul business; Supportare il Cliente nelle attività di gestione dell incidente riconducendo il problema di sicurezza ad una attività di IT Administration; Ottimizzare i sistemi di sicurezza del Cliente grazie ad una analisi del rischio basata sulle evidenze (Evidence-Based Risk Management);

9 Data Breach Detection, Investigation & Response Sensors Customer Collectors & Correlator Certego Incident Response Team Service Portal IRT Tools

10 Certego: la cybersecurity certificata Certego è l'unica azienda italiana ad essere citata come Regional Player per i servizi di Threat Intelligence nel report Competitive Landscape: Threat Intelligence Services, Worldwide, 2015 di Gartner. La qualifica di CERT, rilasciata dal SEI (Software Engineering Institute) della Carnegie Mellon University, ufficializza il nostro impegno nella protezione delle reti connesse ad Internet e ci permette di collaborare con gli altri team CERT internazionali nella gestione degli incidenti di sicurezza informatica.

11 Industrial Control Systems (ICS) & SCADA Security

12 ICS: Vulnerabilità rilevate THREAT INTELLIGENCE REPORT Up and to the Right ICS/ SCADA Vulnerabilities by the Numbers Summary Capabilities for attacks on ICS/SCADA 1 systems (collectively referred to as ICS below) are growing. The number of publicly disclosed vulnerabilities and off-the-shelf exploits targeting ICS systems continues to grow over time and well into 2015, even as awareness of dangers for critical infrastructure is improving. Vulnerability patterns are improving for some vendors but not for others. Our assumption is that investments in application and control logic security along with active threat intelligence efforts, are paying dividends for some vendors. Siemens and Schneider, the largest and fourth largest industrial automation vendors 2, account for the largest number of reported vulnerabilities, with close to 50% of the total. Of note, Siemens PLC product was the target of STUXNET, the predominant example of ICS/SCADA attacks. The combination of continued growth in ICS vulnerabilities along with off-the shelf exploits targeting these as well as credentials for critical infrastructure companies being routinely accessible in public forums leaves critical infrastructure open to potentially more aggressive motivations. Historically few cyber attacks on ICS have been observed; STUXNET continues to be the predominant example. Recently we ve seen novel patterns of attacks that are destructive and extortionist in nature such as the Sony attack, bank extortion by the Rex Mundi hacker group, and the more prevalent Cryptolocker strain of malware. Destructive/extortionist attacks on ICS are a potentially logical continuation, if yet observed in the wild. Introduction The capabilities for ICS attacks are growing and actual ICS probes and attacks are growing as well. Dell SecureWorks states in their 2015 Annual Threat Report, In 2014, Dell saw a 2X increase in SCADA attacks compared with Further, in terms of motivations, Dell states, SCADA attacks tend to be political in nature, since they target operational capabilities within power plants, factories, and refineries, rather than credit card information. DigitalBond introduces some alternative motivations in their blog Monetizing SCADA Attacks. Trend Micro very nicely lays out results of honeypots designed to catch ICS attacks in their report The SCADA That Didn t Cry Wolf. To study risks to ICS infrastructure we analyze a few datasets including the NIST Vulnerability database as well as the Recorded Future Web intelligence holdings, which includes data from the open, deep, and dark Web. The totality of the NIST Vulnerability database at the time of this analysis included over 71,500 vulnerabilities across many types of software systems. We used a series of search criteria to identify a subset of ICS vulnerabilities (such as SCADA, ICS, PLC, as well as a series of key vendor names, but then filtering out non-scada records for example, PLC is an overloaded term and some vendors are in multiple industries). Our result set was about 400 records in size.

13 Prevenire non è più sufficiente Le tecnologie di tipo Preventivo (Firewall, Antivirus, UTM, etc.) hanno progressivamente perso la capacità di contrastare in modo efficace le nuove minacce.

14

15 L evoluzione della security. Non abbiamo più un problema di Malware, abbiamo piuttosto un problema di confronto con un avversario. Shawn Henry, FBI Executive Assistant Director

16

17 Certego BDIR for ICS/SCADA SITUATIONAL AWARENESS CONTINOUS CONTROL ACTIONABLE SECURITY Capire cosa sta accadendo Rilevare anomalie Elaborare le procedure di risposta

18 Certego PanOptikon Architecture CSA + PanOptikon Service Portal Modbus/TCP EtherNet/IP DNP3 SNMP Cliente Incident Response Team

19

SCADA / Smart Grid Security Who is really in control of our Control Systems?

SCADA / Smart Grid Security Who is really in control of our Control Systems? SCADA / Smart Grid Security Who is really in control of our Control Systems? Simone Riccetti Certified SCADA Security Architect Agenda Overview of Security landscape SCADA security problem How to protect

More information

Dall Information Security alla Cyber Security, e ritorno

Dall Information Security alla Cyber Security, e ritorno Dall Information Security alla Cyber Security, e ritorno (Come migliorare la sicurezza dell azienda attraverso un efficace governo degli incidenti) Luca Bechelli (CLUSIT) Marco Di Leo (HP) Fabio Vernacotola

More information

Sicurezza Data Center 22 giugno 2015. Fabio Paravani Regional Account Manager

Sicurezza Data Center 22 giugno 2015. Fabio Paravani Regional Account Manager Sicurezza Data Center 22 giugno 2015 Fabio Paravani Regional Account Manager A world safe for exchanging digital information CEO Founded Headquarters Employees Offices 2012 Sales Eva Chen 1988, United

More information

Alberto Meneghini! Security Leader, IBM Italia! IBM Security. 2015 IBM Corporation. 12015 IBM Corporation

Alberto Meneghini! Security Leader, IBM Italia! IBM Security. 2015 IBM Corporation. 12015 IBM Corporation Alberto Meneghini! Security Leader, IBM Italia! 12015 IBM Corporation Esistono istituzioni finanziarie che sanno cosa significa essere attaccate ed altre che neppure lo immaginano. In quale vi riconoscete?!

More information

IBM Security Services

IBM Security Services IBM Security Services - Penetration Testing - July 15, 2014 12014 IBM Corporation THE EVOLVING THREAT LANDSCAPE 2 Success in today s dynamic, data driven global marketplace requires effective enterprise

More information

Beyond the Box: A Strategic Approach Against APTs

Beyond the Box: A Strategic Approach Against APTs Beyond the Box: A Strategic Approach Against APTs Filippo Monticelli Regional Director Italy & Malta CYBERSECURITY SUMMIT 2015 Roma 20/05/2015 Copyright Fortinet Inc. All rights reserved. Complexity of

More information

Source code security testing

Source code security testing Source code security testing Simone Riccetti EMEA PSS Security Services All information represents IBM's current intent, is subject to change or withdrawal without notice, and represents only IBM ISS goals

More information

Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti. Sr. IT Security Architect

Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti. Sr. IT Security Architect Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti Sr. IT Security Architect Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 2 The

More information

The Hacker's Corner. Privacy e sicurezza.. ..per giornalisti in rete. Igor Falcomatà koba@sikurezza.org

The Hacker's Corner. Privacy e sicurezza.. ..per giornalisti in rete. Igor Falcomatà koba@sikurezza.org The Hacker's Corner International Journalism Festival Perugia 2 maggio 2014 Privacy e sicurezza....per giornalisti in rete Igor Falcomatà koba@sikurezza.org Sempre più spesso emerge come i giornalisti

More information

Test di sicurezza in ambienti Smart Grid e SCADA

Test di sicurezza in ambienti Smart Grid e SCADA Test di sicurezza in ambienti Smart Grid e SCADA Simone Riccetti, IBM Italy simone.riccetti@it.ibm.com Agenda SCADA/Smart Grid overview SCADA/Smart Grid security issues Security test challenges Testing

More information

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati Patrick Gada 18 March 2015 Senior Sales Engineer CryptoLocker Rossi Mario, CryptoLocker CryptoLocker Attacco del 27 gennaio

More information

Client Side Cross Site Scripting

Client Side Cross Site Scripting Client Side Cross Site Scripting 1 Client Side Cross Site Scripting CLIENT SIDE XSS - DI PAOLA 2 Soluzioni e sicurezza per applicazioni mobile e payments Consorzio Triveneto, azienda leader nei sistemi

More information

Cyber Risk Management with COBIT 5

Cyber Risk Management with COBIT 5 Cyber Risk Management with COBIT 5 Marco Salvato CISA, CISM, CGEIT, CRISC, COBIT 5 Approved Trainer 1 Agenda Common definition of Cyber Risk and related topics Differences between Cyber Security and IS

More information

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion

More information

OPC & Security Agenda

OPC & Security Agenda OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

Enterprise Risk Management: Strategie e Soluzioni a confronto

Enterprise Risk Management: Strategie e Soluzioni a confronto Enterprise Risk Management: Strategie e Soluzioni a confronto - Milano 25 Settembre 2008 Fabio Battelli, CISSP, CISA Practice Manager - Advisory Services Symantec Consulting Services Symantec Global Services

More information

0wn1ng the Enterprise 2.0

0wn1ng the Enterprise 2.0 0wn1ng the Enterprise 2.0 relatore: Igor Falcomatà nuove tipologie di attacco alle reti aziendali nell'epoca dei social network e del web 2.0 Broadband Business Forum 25 nov 09 - Roma free advertising

More information

The New Luxury World: l identità digitale nel lusso fa la differenza

The New Luxury World: l identità digitale nel lusso fa la differenza The New Luxury World: l identità digitale nel lusso fa la differenza Massimo Fubini Founder & CEO di ContactLab 7 Luxury Summit, Il Sole 24ORE, 10 giugno 2015 It may not be modified, organized or reutilized

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

The New Luxury World: l identità digitale nel lusso fa la differenza

The New Luxury World: l identità digitale nel lusso fa la differenza The New Luxury World: l identità digitale nel lusso fa la differenza Massimo Fubini Founder & CEO di ContactLab 7 Luxury Summit, Il Sole 24ORE, 10 giugno 2015 It may not be modified, organized or reutilized

More information

AppGuard. Defeats Malware

AppGuard. Defeats Malware AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

Security Event Monitoring (SEM) Working Group

Security Event Monitoring (SEM) Working Group Security Event Monitoring (SEM) Working Group Dale Peterson, SEM WG Chair Digital Bond, Inc. Collaborating to Advance Control System Security Control Systems Are Being Monitored Detecting Intrusions and

More information

Using ISA/IEC 62443 Standards to Improve Control System Security

Using ISA/IEC 62443 Standards to Improve Control System Security Tofino Security White Paper Version 1.2 Published May 2014 Using ISA/IEC 62443 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. What s New in this Version... 1 3. Why

More information

The Four-Step Guide to Understanding Cyber Risk

The Four-Step Guide to Understanding Cyber Risk Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection Critical Infrastructure Protection Technical White Paper ICS CYBER SECURITY Protecting Industrial Control Systems: An Integrated Approach The purpose of this white paper is to present a novel cyber security

More information

Presented By: Corporate Security Information Security Treasury Management

Presented By: Corporate Security Information Security Treasury Management Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical

More information

Titoli delle qualifiche

Titoli delle qualifiche Level 1: Level 1 Award in Selling lawfully and ethically (Legalità ed etica della vendita) Level 1 Award in Understanding the sales cycle (Capire il processo di vendita) Level 1 Award in Understanding

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Data Analytics & Information Security

Data Analytics & Information Security Data Analytics & Information Security About The Speaker Practice Director at ERM M.S. Information Networking and Security CERT Coordination Center - Carnegie Mellon University Carnegie Mellon CyLab Agenda

More information

APC-Pro sa Computer Service

APC-Pro sa Computer Service Configuring, Managing and Troubleshooting Microsoft Exchange Service Pack 2 (10135B) Durata: 5 giorni Orario: 8:30 12:00 / 13:30-17.00 Costo per persona: CHF 1 900.-- (Min. 5 partecipanti) Obiettivi di

More information

Samuele Battistoni (IBM Security Services) sbattistoni@it.ibm.com. Andrea Zapparoli Manzoni (Direttivo Clusit) a.zmanzoni@idialoghi.

Samuele Battistoni (IBM Security Services) sbattistoni@it.ibm.com. Andrea Zapparoli Manzoni (Direttivo Clusit) a.zmanzoni@idialoghi. Samuele Battistoni (IBM Security Services) sbattistoni@it.ibm.com vs Andrea Zapparoli Manzoni (Direttivo Clusit) a.zmanzoni@idialoghi.com Cyber Attack vs Security Intelligence vs Security Summit 2014 2

More information

Risk boils down to two things Assets and People.

Risk boils down to two things Assets and People. 1 Risk boils down to two things Assets and People. It is the interaction of People and Assets that creates risk Assets without anyone accessing them No Risk but there is no business to be transacted either

More information

Structuring the Chief Information Security Officer Organization

Structuring the Chief Information Security Officer Organization Structuring the Chief Information Security Officer Organization December 1, 2015 Julia Allen Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie

More information

Summary of the State of Security

Summary of the State of Security Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing

More information

Prevenzione e Monitoraggio: le sentinelle per la sicurezza del dato

Prevenzione e Monitoraggio: le sentinelle per la sicurezza del dato Prevenzione e Monitoraggio: le sentinelle per la sicurezza del dato Denis Valter Cassinerio Security BU Director & Sales North Director 17/02/2016 IT SECURITY DRIVERS THREATS LANDSCAPE Infected USB sticks

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section

More information

II Workshop: Nuove prospettive per comunicare la sicurezza in modo efficace

II Workshop: Nuove prospettive per comunicare la sicurezza in modo efficace II Workshop: Nuove prospettive per comunicare la sicurezza in modo efficace Prevenire gli infortuni: la Piramide di Heinrich e l azione sul comportamento Ugo Cardamone EHS MANAGER Who We Are A global semiconductor

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Christopher T. Van Marter Senior Deputy Prosecuting Attorney Chief White Collar Crime Unit Department of the Prosecuting Attorney

More information

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things Sid Snitkin Vice-President & GM Enterprise Advisory Services ARC Advisory Group srsnitkin@arcweb.com Session Overview ARC Presentation

More information

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation

More information

Cybersecurity in the Water Sector. Copyright 2015 American Water Works Association

Cybersecurity in the Water Sector. Copyright 2015 American Water Works Association Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process

More information

L informatica nel mondo industriale

L informatica nel mondo industriale Gian Luca Sacco - Marketing Director South & Central Europe L informatica nel mondo industriale Page 1 Smarter decisions, better products. Today s Product Challenges are More Difficult Than Ever Before

More information

MAY 7, 2015 AND THEN THE ACCOUNTANTS SHOWED UP HOW THE INSURANCE INDUSTRY WILL DRIVE CYBER SECURITY. CHIP BLOCK EVOLVER, INC Reston, VA

MAY 7, 2015 AND THEN THE ACCOUNTANTS SHOWED UP HOW THE INSURANCE INDUSTRY WILL DRIVE CYBER SECURITY. CHIP BLOCK EVOLVER, INC Reston, VA MAY 7, 2015 AND THEN THE ACCOUNTANTS SHOWED UP HOW THE INSURANCE INDUSTRY WILL DRIVE CYBER SECURITY CHIP BLOCK EVOLVER, INC Reston, VA For those of us that have been involved in the information technology

More information

Security Camp Conference Fine Art of Balancing Security & Privacy

Security Camp Conference Fine Art of Balancing Security & Privacy Security Camp Conference Fine Art of Balancing Security & Privacy Kim Bilderback AT&T Director GovEd Cybersecurity Services kb7459@att.com August 21, 2014 Cybersecurity - The Threats Increase AT&T DDoS

More information

Cyber Risk to Help Shape Industry Trends in 2014

Cyber Risk to Help Shape Industry Trends in 2014 Cyber Risk to Help Shape Industry Trends in 2014 Rigzone Staff 12/18/2013 URL: http://www.rigzone.com/news/oil_gas/a/130621/cyber_risk_to_help_shape_industry_trends_i n_2014 The oil and gas industry s

More information

CYBER SECURITY OPERATIONS CENTRE

CYBER SECURITY OPERATIONS CENTRE CYBER SECURITY OPERATIONS CENTRE Security Monitoring for protecting Business and supporting Cyber Defense Strategy Dr Cyril Onwubiko Intelligence & Security Assurance Research Series Limited CYBER SECURITY

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Le sfide e le opportunità dell internet mobile nelle aziende

Le sfide e le opportunità dell internet mobile nelle aziende Davide Albo MobileFirst Solution Executive IBM SWG Europe Ottobre 2014 Le sfide e le opportunità dell internet mobile nelle aziende Il fattore tecnologico è tornato come prima priorità CIO 2009 CIO 2011

More information

Cyber Security for SCADA/ICS Networks

Cyber Security for SCADA/ICS Networks Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And

More information

WEBINARS. Realtà Aumentata e casi studio rilevanti nel settore industriale. Mauro Rubin. Copyright 2015 by InfoComm International

WEBINARS. Realtà Aumentata e casi studio rilevanti nel settore industriale. Mauro Rubin. Copyright 2015 by InfoComm International WEBINARS Realtà Aumentata e casi studio rilevanti nel settore industriale Mauro Rubin Copyright 2015 by InfoComm International About Mauro Rubin JoinPad President & Founder Tags: #Geek #VR #Entrepreneur

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations

More information

Energy Industry Cybersecurity Report. July 2015

Energy Industry Cybersecurity Report. July 2015 Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.

More information

Protecting critical infrastructure from Cyber-attack

Protecting critical infrastructure from Cyber-attack Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.

More information

security changes with Orange focus on your business, we focus on your security

security changes with Orange focus on your business, we focus on your security security changes with Orange focus on your business, we focus on your security the only constant in security is change New uses and new technologies, proliferation of platforms and new workspaces in a

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

Symantec Managed Security Services The Power To Protect

Symantec Managed Security Services The Power To Protect Symantec Managed Security Services The Power To Protect Peter Sparkes Senior Director, Cyber Security Services Asia Pacific & Japan Symantec Managed Security Services Cyber Security Services 1 Expanding

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Igor Nai Fovino-Head of Research GCSEC The last two years will surely enter in the history of IT Security. 2010 was the year

More information

Cybersecurity. Regional and Community Banks. Inherent Risks and Preparedness. www.bostonfed.org

Cybersecurity. Regional and Community Banks. Inherent Risks and Preparedness. www.bostonfed.org Cybersecurity Inherent Risks and Preparedness Regional and Community Banks www.bostonfed.org Disclaimer The opinions expressed in this presentation are intended for informational purposes, and are not

More information

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department

More information

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

More information

What is Management Responsible For?

What is Management Responsible For? What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

Patching & Malicious Software Prevention CIP-007 R3 & R4

Patching & Malicious Software Prevention CIP-007 R3 & R4 Patching & Malicious Software Prevention CIP-007 R3 & R4 Scope Compliance Assessment Summary Introspection & Analysis Program-In Review Maturity Model review Control Design review Process Components of

More information

Cloud Services: cosa sono e quali vantaggi portano alle aziende manifatturiere

Cloud Services: cosa sono e quali vantaggi portano alle aziende manifatturiere Cloud Services: cosa sono e quali vantaggi portano alle aziende manifatturiere Sergio Gimelli Sales Consulting Director Oracle Italy Fabbrica Futuro Verona, 27 Giugno 2013 1 2 Cosa è il Cloud? il Cloud

More information

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Anatomy of Cyber Threats, Vulnerabilities, and Attacks Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,

More information

Distributed Denial of Service protection

Distributed Denial of Service protection Distributed Denial of Service protection The cost in terms of lost business caused by a successful DDoS attacks can be significant. Our solution recognises when a DDoS attack is happening and identifies

More information

DDL ed SQL Compravendite Immobiliari

DDL ed SQL Compravendite Immobiliari DDL ed SQL Compravendite Immobiliari Soluzione DDL /* Database : Compravendite Immobiliari Created: 27/03/2009 Modified: 27/03/2009 Model: Oracle 10g Database: Oracle 10g */ -- Create tables section -------------------------------------------------

More information

Stephen Coty Director, Threat Research

Stephen Coty Director, Threat Research Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

Cyber-Security Risk in the Global Organization:

Cyber-Security Risk in the Global Organization: Cyber-Security Risk in the Global Organization: Trends, Challenges and Strategies for Effective Management David Childers, CCEP, CIPP CEO, Compli Todd Carroll Assistant Special Agent in Charge, FBI Three

More information

Perspectives on Cyber Security Strategies & Tactics

Perspectives on Cyber Security Strategies & Tactics Perspectives on Cyber Security Strategies & Tactics Joshua Schmookler, Passaic County NJ MIS Department Security Administrator Micah Hassinger, Bergen County NJ Communications Director of Information Technology

More information

The CERT Top 10 List for Winning the Battle Against Insider Threats

The CERT Top 10 List for Winning the Battle Against Insider Threats The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:

More information

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single

More information

Protecting Critical Infrastructure

Protecting Critical Infrastructure Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security

More information

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1 Rise Of The Cyber Threat Enterprises and Governments are experiencing

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

<Insert Picture Here> Oracle oggi

<Insert Picture Here> Oracle oggi Oracle oggi Roberto Zampese Business Development Manager Core Technology - Oracle Italia AGENDA 9:30-10:00 Oracle Oggi Roberto Zampese, Business Developer Manager 10.00-10:20 Oracle

More information

CyberSheath s Security Forecast Report for 2015

CyberSheath s Security Forecast Report for 2015 CyberSheath Annual Security Report www.cybersheath.com CyberSheath s Security Forecast Report for 2015 Top 10 Security Forecasts for 2015 and Beyond CyberSheath Legal Disclaimer The information provided

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Proč a jak splnit literu kybernetického zákona

Proč a jak splnit literu kybernetického zákona Proč a jak splnit literu kybernetického zákona Ondrej Stahlavsky Regional Director, CEE 1 PROBLEM: GROWING ATTACK SURFACE 2 PROBLEM: GROWING ATTACK VECTORS An Extensive, Poisoned, Dark, Deep Web 3 PROBLEM:

More information

Technologies and systems for business integration. www.xdatanet.com

Technologies and systems for business integration. www.xdatanet.com Technologies and systems for business integration www.xdatanet.com X DataNet, X software DataNet, builders software builders We have been We building, have been creating, building, and creating, developing

More information

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014 Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,

More information

CGI Cyber Risk Advisory and Management Services for Insurers

CGI Cyber Risk Advisory and Management Services for Insurers CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their

More information