CYBER SECURITY INDUSTRY GUIDELINES
|
|
- Nathan Newton
- 7 years ago
- Views:
Transcription
1 CYBER SECURITY INDUSTRY GUIDELINES Aron Sorensen, Chief Marine Technical Officer, BIMCO 1
2 BIMCO Founded in ,300 members in around 130 countries Membership includes shipowners, operators, managers, brokers and agents Developing industry standards, and providing quality technical information, advice and education Advocating the oppinion of our members at IMO, ISO, IALA, IHO etc. 2
3 AGENDA Background for industry guidelines Considerations on cyber Risk based and agile approach 3
4 BIMCO S WORK In 2013, the BIMCO Executive Committee highlighted the importance of cyber security Ø Information gathering - to deal with cyber security needs and challenges in the maritime sector In March 2014, added to the agenda of the Marine Committee and of the Security Committee Ø Decided to develop industry guidance on cyber security for ships 4
5 SHIPS ARE VULNERABLE TO CYBER ATTACKS Ships chartered to 3rd party operators Ø The shipowner does not have control over the IT systems required by the charterer Historically ships have been offline Ø Today cyber security cannot be controlled through avoidance of connectivity 5
6 SHIPS ARE VULNERABLE TO CYBER ATTACKS Critical data pertaining to cargo is passed through numerous land-side entities Ø Penetration of just one entity can result in any data element being compromised A high reliability on IT systems related to safety Ø ECDIS and satellite receivers make a ship susceptible to either penetration or jamming 6
7 RISKS ON BOARD SHIPS Lack of software and system monitoring Insiders introducing malware by storage devices etc. Outdated (Microsoft) software Remote attacks by criminals Unprotected or badly designed hardware and networks 7
8 ATTACKING A SHIP WILL NOT STOP WORD TRADE A ship is an independent unit and a cyber attack may compromise safety of that ship, the marine environment and to some extent, the business continuity of the owner To a large extent the crew will use the same contingency plans as for any other emergency if the ship is compromised 8
9 AGILITY NEEDED Cyber attacks develop constantly so mitigating measurers will also have to change accordingly IMO regulation would be too slow Type approval of software is not the way forward, as it is a static process We see industry best management practice as the way to cope with cyber security 9
10 SPECIAL ATTENTION Cyber security should be carefully considered: Ø When taking over a new building and buying used tonnage Ø In connection with on-board software maintenance Ø When dealing with an always open on-line connection 10
11 IT STARTS DURING CONSTRUCTION OF THE SHIP Producer should have a QA system for software lifecycle activities, which specifies cyber-security considerations Ships networks should be configured to have controlled and uncontrolled networks 11
12 RISK BASED APPROACH NEEDED Some organisations, ships and systems may be more at risk than others, depending on the type and value of data stored To manage risks, ships personnel and owners should understand the probability that an event will occur and the resulting impact 12
13 INDUSTRY GUIDELINES ON CYBER SECURITY ON BOARD SHIPS The guidance to ship owners and operators includes how to: Ø minimize the risk of a cyber-attack through user access management Ø protect on board systems Ø develop contingency plans and Ø manage incidents if they do occur 13
14 IMO PROCESS At MSC 94 (November 2014), proposal for guidelines for ports, ships, and other parts of maritime transportation system Ø BIMCO informed that we were working on guidance for shipowners and crew on operational aspects of cyber security on-board ships Update paper by BIMCO, ICS, INTERTANKO and INTERCARGO submitted to MSC 95 (June 2015) Ø Intention to present the finalized guidelines to MSC 96 14
15 RELATED WORK Working with CIRM since 2013 on a draft industry standard Maintenance and update of onboard programmable electronic systems Ø The cyber work and the CIRM work are interrelated and coordination is essential Manufacturers should develop, manage and update computerbased systems in a secure way 15
16 INDUSTRY SOFTWARE MAINTENANCE GUIDELINES Event initiation Preventative maintenance Corrective maintenance Planning Where and when Best service engineer for the job Onboard software log Execution Execution and control Cyber security After service Service report and onboard software log Evaluation and feedback 16
17 CONCLUSIONS Awareness needed in the industry Ships are exposed to a cyber-threat calling for a risk based approach Ø Industry Guidance will be submitted to MSC 96 Ø Cyber crime is developing all the time and we need to keep up Cyber security considerations should start at the software production stage and cyber robustness considerations should be made when the ship is constructed 17
18 Aron Frank Sørensen Chief Marine Techncal Officer BIMCO Thank you for your attention Questions?
MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO
E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by
More informationSoftware Maintenance from the System Manufacturer s Perspective. Richard Doherty Chief Technical Officer CIRM
Software Maintenance from the System Manufacturer s Perspective Richard Doherty Chief Technical Officer CIRM Introducing CIRM Who are CIRM? CIRM (Comité International Radio-Maritime) is a non-profit trade
More informationENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY
E FACILITATION COMMITTEE 39th session Agenda item 7 FAL 39/7 10 July 2014 Original: ENGLISH ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE Measures toward enhancing maritime cybersecurity Submitted
More informationSOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness
SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached
More informationSkibsteknisk Selskab. Standard on Software Maintenance of Shipboard Equipment. Chief marine technical officer Aron Sørensen
Skibsteknisk Selskab Standard on Software Maintenance of Shipboard Equipment Chief marine technical officer Aron Sørensen Our Members - DWT of Owner Members Our 2,300 Members by Category Owners Brokers
More informationThe Guidelines on Cyber Security onboard Ships
The Guidelines on Cyber Security onboard Ships (Version 1.0 January 2016) Published by BIMCO Bagsvaerdvej 161 Denmark, 2880 Bagsvaerd Marine@bimco.org www.bimco.org 1 Terms of Use The advice and information
More informationThe International Chamber of Shipping (ICS) Representing the Global Shipping Industry
The International Chamber of Shipping (ICS) Representing the Global Shipping Industry The International Chamber of Shipping (ICS) Representing the Global Shipping Industry ICS is the principal international
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationEnvironmental Compliance
Shipping industry guidance on Environmental Compliance A framework for ensuring compliance with MARPOL International Chamber of Shipping and International Shipping Federation Also supported by BIMCO Oil
More informationLiability Management Evolving Cyber and Physical Security Standards and the SAFETY Act
Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act JULY 17, 2014 2013 Venable LLP 1 Agenda 1. Security Risks affecting the Maritime Transportation System (MTS) 2. The
More informationTHE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY
THE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY 8619 Westwood Center Drive Suite 300 Vienna, Virginia 22182, USA Tel: +1 703 790 3434 Fax: +1 703 790 5655 Email: security@liscr.com Web: www.liscr.com
More informationMaritime cybersecurity using ISPS and ISM codes
Maritime cybersecurity using ISPS and ISM codes Alejandro Gómez Bermejo Cybersecurity Manager and Consultant BEng, PMP, CISA, CRISC, ITIL, AMNI, Yachtmaster www.erawat.es Introduction Currently neither
More informationAnnouncement of a new IAEA Co-ordinated Research Programme (CRP)
Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationTRANSERV GLOBAL SERVICE & SUPPORT MAINTENANCE CONTRACTS
TRANSERV GLOBAL SERVICE & SUPPORT MAINTENANCE CONTRACTS TRANSAS SERVICE DEPARTMENT Worldwide Service The Transas Worldwide Service Network guarantees a rapid response to service enquiries 24 hours a day,
More informationSHIPPING BUSINESS Group One Syllabus
SHIPPING BUSINESS Group One Syllabus THE SHIPPING BUSINESS ENTITY Thoroughly understand the concept of Limited Liability as applied to commercial companies. Understand the differences between private and
More informationCybersecurity in the maritime and offshore industry
Cybersecurity in the maritime and offshore industry Where do we stand today - and what is the pathway going forward? Tor E. Svensen, CEO Maritime 24 March 2015 1 DNV GL 24 March 2015 SAFER, SMARTER, GREENER
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationFURTHER TECHNICAL AND OPERATIONAL MEASURES FOR ENHANCING ENERGY EFFICIENCY OF INTERNATIONAL SHIPPING
MARINE ENVIRONMENT PROTECTION COMMITTEE 67th session Agenda item 5 MEPC 67/5/XX [ ] August 2014 Original: ENGLISH FURTHER TECHNICAL AND OPERATIONAL MEASURES FOR ENHANCING ENERGY EFFICIENCY OF INTERNATIONAL
More informationTHE RISK OF CYBER-ATTACK TO THE MARITIME SECTOR
Global Marine Practice JULY 2014 THE RISK OF CYBER-ATTACK TO THE MARITIME SECTOR CONTENT: 2 INTRODUCTION 2 WHY NOW? 4 WHY IS THE MARITIME SECTOR PARTICULARLY VULNERABLE? 5 THE COVERAGE GAP 6 CLOSING THE
More informationHistory of the IMO Effort to Improve Container Safety
History of the IMO Effort to Improve Container Safety 1. Existing Law May 2014 SOLAS Regulation VI/2 requires the shipper of containerized cargo to provide the ship s master or his representative with
More informationSecure by design: taking a strategic approach to cybersecurity
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
More informationMaritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015
Maritime Insurance Cyber Security Framing the Exposure Tony Cowie May 2015 Table of Contents / Agenda What is cyber risk? Exposures - Should we be concerned about "Cyber"? Is Cyber covered under a Marine
More informationThe home of integrated marine energy services
The home of integrated marine energy services Braemar provides expert services to the shipping, marine, insurance industries. Braemar Shipping Services Plc is listed on the London Stock Exchange. With
More informationCyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry
Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry
More informationCybersecurity in the Maritime Domain
Cybersecurity in the Maritime Domain Shipping Company Perspective to Marine Board Spring Meeting Dave Moore Manager, Strategic Planning and Analysis Chevron Shipping Company, LLC Transportation Research
More informationQUALITY MANAGEMENT IN VTS
CHAPTER 18: QUALITY MANAGEMENT IN VTS Background At its twenty-fourth session, the IMO Assembly adopted resolution A.973(24) on the Code for the Implementation of Mandatory IMO Instruments and resolution
More informationPANAMA MARITIME AUTHORITY General Directorate of Merchant Marine. Merchant Marine Circular No. 193
PANAMA MARITIME AUTHORITY General Directorate of Merchant Marine Merchant Marine Circular No. 193 To: Subject: Owners/Operators, Legal Representatives of Panamanian Flagged Vessels, Consuls and Recognized
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationState of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. www.quotium.com 1/11
State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure www.quotium.com 1/11 Table of Contents 1 INTRODUCTION... 3 2 DO APPLICATIONS IN YOUR ORGANIZATION
More informationInternational Chamber of Shipping
International Chamber of Shipping The voice of national shipowners associations, representing all sectors and trades in the global shipping industry www.marisec.org Statement of Purpose The aim of ICS
More informationCYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts
CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationCybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU
Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationKUDELSKI SECURITY DEFENSE. www.kudelskisecurity.com
KUDELSKI SECURITY DEFENSE Cyber Defense Center connection for remote information exchange with local monitoring consoles Satellite link Secure Data Sharing, a data-centric solution protecting documents
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationWHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationESKISP6053.01 Assist security testing, under supervision
Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationCode of Practice for Cyber Security in the Built Environment
Brochure More information from http://www.researchandmarkets.com/reports/3085299/ Code of Practice for Cyber Security in the Built Environment Description: This code of practice explains why and how cyber
More informationCyber attack on Twitter, 250,000 accounts hacked
HEADLINES Impact and Cost At least 19 states have introduced or are considering security breach legislation in 2014. Most of the bills would amend existing security breach laws. According to the Ponemon
More informationinternational centre for advancing the legal protection of seafarers SEAFARER FACT FILE Using Lawyers
international centre for advancing the legal protection of seafarers SEAFARER FACT FILE Using Lawyers Using Lawyers As a seafarer, you may need to consult a lawyer in the course of your employment if you
More informationDepartment of Homeland Security Control Systems Security Program
Department of Homeland Security Control Systems Security Program Transportation Sector David Sawin Program Manager Bob Hoaglund, CSSP - Maritime Transportation Modal Lead Control Systems Security Program
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationInformation Technology Control Framework in the Federal Government Considerations for an Audit Strategy
Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of
More informationAUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationMSC Security Program Security in the Logistics Supply Chain
Maritime Security Council L MSC Security Program Security in the Logistics Supply Chain First Hemispheric Convention on Port Logistics and Competitiveness Ixtapa-Zihuatanejo November 3-5, 2010 Talking
More informationBuilding a More Secure and Prosperous Texas through Expanded Cybersecurity
Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity
More informationOily Water Separators
Shipping industry guidance on the use of Oily Water Separators Ensuring compliance with MARPOL Shipping industry guidance on the use of Oily Water Separators Ensuring compliance with MARPOL The global
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationESKISP6055.01 Manage security testing
Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationSecurity. round table debate
Security round table debate In the latest of our industry round table debates, SMI drew together the leaders in global shipping to debate the one issue which is dominating discussion on the future role
More informationGUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS
IMPA 2009 1 GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS Prepared by IMPA With Technical Input from CIRM IMPA 2009 2 GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS FOREWORD With the
More informationThe State of Industrial Control Systems Security and National Critical Infrastructure Protection
The State of Industrial Control Systems Security and National Critical Infrastructure Protection Emerging Threats Tinuade Adesina, Lulea University of Technology Sweden IT Security for the Next Generation
More informationSAFECode Security Development Lifecycle (SDL)
SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.
Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationTLP WHITE. Denial of service attacks: what you need to know
Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...
More informationBRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION. Sheena Connolly Open Roads Consulting
BRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION Sheena Connolly Open Roads Consulting Your Perspective on Transportation 1. What s your perspective on transportation? (e.g. experience,
More informationHow small and medium-sized enterprises can formulate an information security management system
How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and
More informationImplementing a Ship Energy Efficiency Management Plan (SEEMP) Guidance for shipowners and operators
Implementing a Ship Energy Efficiency Management Plan (SEEMP) Guidance for shipowners and operators Lloyd s Register, its affiliates and subsidiaries and their respective officers, employees or agents
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More information93% of large organisations and 76% of small businesses
innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationCybersecurity..Is your PE Firm Ready? October 30, 2014
Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services
More informationi Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.
Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. 2 Barry Brueseke (619) 401 7334 www.inetwork west.com 4/3/2014 IEEE Cyber Security Workshop
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationStorage Cloud Infrastructures
Storage Cloud Infrastructures Detection and Mitigation of MITM Attacks Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31 January 1 February, 2013 PAGE
More informationCourse 4202: Fraud Awareness and Cyber Security Workshop (3 days)
Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an
More informationCLASSIFICATION SOCIETIES - their key role
CLASSIFICATION SOCIETIES - their key role Leading the way: dedicated to safe ships and clean seas, IACS Members make a unique contribution to maritime safety and regulation through technical support, compliance
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationCloak and Secure Your Critical Infrastructure, ICS and SCADA Systems
Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems Building Security into Your Industrial Internet Phillip Allison Tempered Networks Discussion topics Threats to network security TCP/IP
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationCompany Security Officer (CSO) Training course brochure
Company Security Officer (CSO) Training course brochure Company Security Officer (CSO) A four day course aimed at Company senior operational ship managers who may be designated to perform the duties and
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationProgressive training techniques; meeting the change by a possible solution
Progressive training techniques; meeting the change by a possible solution History by Captain S.V.Subhedar, ExC, B.Sc. (Marine Tech.) U.K. MIQA, Individual Member Formal training of seafarers began early
More informationAs global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
More informationVulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD
Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD whoami? Senior Director of a Red Team PSIRT Case Manager Data Analyst Internet Crime Investigator Security Evangelist
More informationPiracy and Sea Robbery Conference Sharing Information, Enhancing Response
Piracy and Sea Robbery Conference Sharing Information, Enhancing Response Update on the Industry s Best Management Practices (BMP) Singapore 14 April 2011 Tim Wilkins INTERTANKO Regional Manager Asia Pacific
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationMetasploit The Elixir of Network Security
Metasploit The Elixir of Network Security Harish Chowdhary Software Quality Engineer, Aricent Technologies Shubham Mittal Penetration Testing Engineer, Iviz Security And Your Situation Would Be Main Goal
More informationAalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014
Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication
More informationErik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges
Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges ABB Group October 19, 2009 Slide 1 Possibilities and Challenges The open debate of virtualization
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationThe Nautical Institute Seminar on Cargo liquefaction- Hazards and developments
The Nautical Institute Seminar on Cargo liquefaction- Hazards and developments London, December 3rd, 2012 Moin Ahmed, FNI Issues to address What can liquefaction can do to a ship? Which cargoes are prone,
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More information