NCSRA II NCSRA II. National Cyber Security Research Agenda II

Size: px
Start display at page:

Download "NCSRA II NCSRA II. National Cyber Security Research Agenda II"

Transcription

1 NCSRA II NCSRA II 01 PRIVACY CREDIT C National Cyber Security Research Agenda II SECURITY DDoS

2 NCSRA II Living in a cyber-dependent world Computers and the internet are an indispensable part of today s society. We are living in a cyber dependent world! The internet is characterized by a large degree of freedom for all who use it. In our work we also experience the down side: parties with bad intentions also enjoy this freedom. To limit the risks to citizens and companies, we need cyber security. Keeping security at an acceptable level, in an extremely fast developing information society, is a challenging and difficult task. We are in a constant struggle to ensure that we have enough knowledge, expertise and experts to win the battle against adversaries threatening our cyber security In 2011 the ICT Innovation Platform Veilig Verbonden (IIP-VV) released the first Dutch National Cyber Security Research Agenda (NCSRA). Based on this agenda the Netherlands Organization of Scientific Research (NWO) and the Dutch government funded two successful cyber security calls for proposals in This has resulted in a large number of relevant research proposals and feasibility studies. In the meantime the execution of granted projects has started This document is an updated version of the 2011 agenda, focusing at Security and Trust of Citizens and Security and Trustworthiness of Infrastructure Continues on other flap >

3 National Cyber Security Research Agenda II 1

4 Contents 05 A National Research Agenda for Cyber Security 11 Focus and objectives 15 The many aspects of cyber security 21 Technologies, application domains, and research themes 37 Addendum to the NCSRA II 2

5 About this document Editors: prof.dr.ir. Herbert Bos (Vrije Universiteit Amsterdam) prof.dr. Sandro Etalle (Technische Universiteit Eindhoven) ir. Frank Fransen (TNO) dr.ir. Erik Poll (Radboud Universiteit Nijmegen) September 30, 2013 About this document The NCSRA II is the updated version of the National Cyber Security Research Agenda (NCSRA), which was drafted in 2011 and served as the guiding document for the 2012 calls for cyber security research proposals in the Netherlands. This document, like the previous version of the NCSRA, has been edited under the coordination and responsibility of the ICT Innovatie Platform Veilig Verbonden (IIP-VV) 1. NWO and four ministries (EZ, V&J, Def, BZK) requested the IIP-VV to produce an update of the NCSRA, in order for them to use this as a basis for a new cyber security research call in This research agenda is a strategic document that provides a frame of reference for the research challenges and opportunities for the wider field of cyber security, so that it may help to align and synchronise the various ICT security research initiatives in the public and private sector in the Netherlands. It has been produced with a broad involvement of researchers from various disciplines (computer science, law, public administration, cybercrime sciences, and police studies), including experts from universities (incl. RU Nijmegen, TU Delft, TU Eindhoven, University of Tilburg, University of Twente, and VU Amsterdam) and other knowledge institutes and centres of expertise (incl. TNO, NCSC, WODC, NSCR, Novay, and NFI), and through discussions with experts from industry and (semi-)govern mental organizations. For validation, three meetings have been held with representatives of three clusters of applications domains to solicit feedback, discuss comments, and get input on draft versions of this agenda. There were several reasons for publishing a new version of the Research Agenda for Cyber Security. Where the previous agenda focused almost entirely on defense, we now incorporate more offensive operational cyber activities also. Moreover, in the previous research agenda, some research themes lacked both a clear separation and a more precise and complete description. Finally, we added a new addendum, as a (separate) companion document to provide concrete examples of research topics and questions. 1 3

6 Chanpipat, Shutterstock 4

7 A National Research Agenda for Cyber Security 5

8 As our reliance on ICT increases, so do concerns about its security. This is explicitly recognised and addressed by the Dutch government in its first National Cyber Security Strategy (NCSS, 2011) and the updated version, the NCSS II. The growing complexity of ICT systems means that vulnerabilities are harder to avoid, the increased use creates new opportunities for increasingly sophisticated attackers, and chain dependencies between systems and services mean that any disruption can quickly escalate. Rising worries about state-sponsored cyber attacks have led to military cyber task forces in most advanced countries. In 2012 we have seen that the military-grade Stuxnet attack on Iran s uranium enrichment facility was not an isolated event. Similar, equally complex malware such as Flame, Duqu and Gauss have shown that cyber attacks are weaponized to an incredibly advanced level. For example, for Gauss, discovered in the summer of 2012, we still do not know what it does, more than a year later, despite massive efforts by the world s best mal ware research labs! Its main conclusions can be summarized as follows: a) the dependence on ICT for individuals, organisations and society has grown, b) the number of cyber threats has increased (in particular the threats posed by nation states and professional criminals), and c) the resilience has remained about the same because new initiatives and measures do not keep up with vulnerabilities, and basic measures are not always taken. As we cannot afford to let cyber criminals erode the trust we have and need to have Unfortunately, the Netherlands is an important player in the world of cyber crime. As the country with the highest broadband penetration and the best quality broadband in the world, the Netherlands is a prime target for botnets. The 2013 version of the Cyber Security Assessment Netherlands 2 (NCSC, 2013) provides a good insight into our country s interests, the threats that may harm these, and our resilience to defend against these. 2 Figure 1: Unit is the Chinese army s advanced persistent threat unit that has been alleged to be the source of Chinese computer hacking attacks. 6

9 A National Research Agenda for Cyber Security Tudor Catalin Gheorghe, Shutterstock Figure 2: The Stuxnet attack on the uranium enrichment facility in Iran was only the start of a wave of militarygrade malware that includes Flame, Duqu and Gauss. For Gauss, researchers are still trying to discover its exact functionality more than a year after its initial discovery. in the ICT infrastructure and the services it provides, research is needed. Trust is a conditio sine qua non for normal economic transactions and inter-human communication. It is at the core of social order and economic prosperity, and in an increasingly ICTdependent world, the security of ICT plays an ever more important role here. Continued investment in security expertise provides up-to-date and strategically essential knowledge for decision makers to act wisely in complex cases such as electronic passports and online IDs, e-health, cybercrime, cyber warfare, smart grids, public transport, smart cars and roads, and other critical infrastructures. On the positive side, ICT security presents significant economic opportunities, through services and products that provide improved security, and by enabling the continuous growth in the use of ICT (Ernst&Young, 2011). The demand for solutions in this area is huge and growing. Bringing together the key organisations and research groups fosters a community that can address this demand and provide a strong economic impulse. 7

10 Policy Context This research agenda aims to provide a frame of reference to align and synchronise the various ICT security research initiatives in the public and private sector in the Netherlands, and to help in boosting Dutch ICT security expertise through research at universities and knowledge centers, government agencies, and companies, and to foster partnerships between these various partners. In its Top Sector policy, the Dutch government focuses on innovation in nine economic top sectors for growth that have been iden- tified. The aim of this agenda is to serve as leading for all cyber security research, regardless the top sector the research is associated with. At least two top sectors, High Tech Systems and Materials (HTSM) and Energy, directly deal with cyber security, as does the Roadmap ICT which cuts across all Dutch top sectors in recognition of the role of fundamental and strategic ICT research in many domains. The Security Roadmap under HTSM, the Smart Grids Innovation Contract under Energy, and the Roadmap ICT under the theme ICT one can rely on all refer to the NCSRA. Zmkstudio, Shutterstock 8

11 A National Research Agenda for Cyber Security This agenda can also help to position the Dutch research community and industry in the international context, in the EU (European Commission, 2013; Council of the European Union, 2012) and beyond, notably in the US (US Department of Homeland Security, 2009). International collaboration is crucial, since cyber security problems transcend natio nal borders, and new developments in ICT take place in a global research community. The NCSRA II positions itself alongside the NCSS II and complementary activities focused on more short-term and/or operational goals, such as improvements in the legal and law enforcement frameworks to deal with cybercrime, response teams to handle cyber security incidents, threat analyses and protection of existing ICT infrastructure, awareness campaigns (such as Alert Online), etc. Here the goal is to continue the thrust of the research programmes started with calls for proposals in 2012, handled by AgentschapNL for short term applied research in SBIR projects and by Netherlands Organisation for Scientific Research (NWO) for long term applied and fundamental research, which in turn had a precursor in the Sentinels programme

12 Chanpipat, Shutterstock 10

13 Focus and objectives 11

14 The NCSRA II concentrates on two areas: Security and Trust of Citizens: This includes privacy protection, security of mobile services, data and policy management, and accountability. Security and Trustworthiness of Infrastructure: This includes malware detection and removal, intrusion detection and prevention, trustworthiness of networks and hardware, software security, security of SCADA/industrial control systems (ICS), and secure operating systems. This fits well with the National Cyber Security Strategy, and the earlier Digitale Agenda.nl (Ministerie EL&I, 2011), that has Digital security and trust as one of its action lines. Moreover, it is in line with the recommendations of the EU advisory board on Research & Innovation on Security, Privacy, and Trustworthiness in the Information Society (RISEPTIS, 2008) and the newer Red Book produced by the European Network of Excellence SysSec (SysSec, 2013). The objectives of the NCSRA II based research programmes are: To improve the security and trustworthiness of the ICT infrastructure and ICT services. To prepare the Netherlands for the security challenges of the next 6-12 years. To stimulate the Dutch security economy and promote innovation in this sector. To strengthen and broaden Dutch security research by fostering cooperation between knowledge institutions and relevant public and private organizations. This agenda contributes to these objectives by defining themes for cyber security research and education, both in a public and private context. There is a potential for tremendous benefits by bringing together the different sectors and stakeholders: government, industry, knowledge centers, interest groups and universities. Stimulating research will also have a big impact on higher education and help in training the next generations of security experts, incl. PhD students trained as part of research projects, and many more Bachelor and Master students that come into contact with the field. More fundamentally, highly visible research projects and groups help to attract students to the area. Like the previous version, this version of the NCSRA considers cyber security in the broadest sense. Thus, while traditional computer science plays an important role, it also considers the roles of α and γ disciplines. 12

15 Focus and objectives Pushish Donhongsa, Shutterstock Take home message: The NCSRA II sets the strategic research agenda for cyber security research and education in the Netherlands, involving stakeholders from many fields and organisations. The NCSRA II endeavours to improve cyber security through research, leading to the creation of new, high-quality jobs. The NCSRA II identifies the following research themes: 1. Identity, privacy, and trust management 2. Malware and malicious infrastructures 3. Attack detection & prevention, monitoring 4. Forensics and incident management 5. Data, policy and access management 6. Cybercrime and the underground economy 7. Risk management, economics, and regulation 8. Secure design and engineering 9. Offensive cyber-capabilities The NCSRA II chooses a broad perspective, knowing that innovative cyber security solutions are mainly driven by inspiration, not by orchestration. It leaves putting emphasis on one or more research themes to those who provide funding for research programs, formulate research proposals, etc. 13

16 Chanpipat, Shutterstock 14

17 The many aspects of cyber security 15

18 Cyber security issues are no longer limited to traditional computer systems, such as PCs and laptops. Rather, they surface everywhere, from electricity and water supply systems to the health service, from public transport to smart cars, from implants to supply chains, and from banking and logistics to the emergency services. They range from Advanced Persistent Threats, perhaps initiated by governments, to much simpler but still costly cyber vandalism, for instance by script kiddies. Addressing cyber security involves many domains of expertise, or disciplines. We do not just need technical expertise to detect and stop attacks or better still, prevent them. We also need laws and regulations that better fit computer crime, and we need to better understand, the forms and causes of cybercrime, the effectiveness of measures, including law enforcement, also across international borders and legal jurisdictions, the underground economy, and see where economic drivers for implementing security measures are lacking and regulation may be needed. In the disciplines involved in cyber security, we can make a rough distinction between: These disciplines involve very different communities, with radically different backgrounds and traditions. Stimulating collaboration between them is important: combining insights from different fields will be crucial for addressing some of the challenges in cyber security. For example, law enforcement will require a combination of technological, criminological, and legal aspects, while some technical security measures, e.g. Deep Packet Inspection, raise important ethical and legal questions. The NCSRA II provides a real opportunity where the Netherlands can show the way forward by establishing serious collaboration between these communities. technical aspects: the β disciplines of computer science and engineering, and neighbouring areas of mathematics (notably cryptology) and electrical engineering. human (or non-technical) aspects: the α and γ disciplines of law, criminology, (business) economics, (information) management, applied ethics, psycho l ogy and sociology. Carlos E. Santa Maria, Shutterstock 16

19 The many aspects of cyber security We have an information leak. What happened? Develop technology to detect information leakage automatically Develop new forms of cryptography Can we apply IPR protection law to close down USENET groups that host copyrighted material? Is the new public transport card secure? How can access control for SCADA systems be improved? Assess resilience of electricity grid against cyber threats" Develop new legislation to handle security incidents in Cloud computing Develop methodology to assess software security Design a next generation citizen e ID card CONSULTANCY SHORTER TERM APPLIED LONGER TERM APPLIED FUNDAMENTAL RESEARCH AD-HOC AGENTSCHAP S SBIR PROGRAMME NWO CYBER SECURITY SCOPE OF NCSRA Figure 3: The spectrum of ICT security research problems with examples The many aspects of cyber security Cyber security is a complex issue, affecting many application domains and straddling many (scientific) disciplines and fields. Many different dimensions could be used to classify and categorize the research challenges in cyber security, for example: the different scientific disciplines: the β disciplines of computer science and engineering, and neighbouring areas such as cryptology, and the α and γ disciplines such as law, criminology, (business) economics and (information) management, and psychology. the different application domains, such as finance, commerce, government, telecom, transport and logistics, which includes some critical infrastructures. the different stages: prevention, detection, analysis, response & recovery, governance, with risk assessment as the overarching activity to balance these. the different layers: the basic infrastructure of networks, hardware, and software (e.g. for internet, cloud computing, or pervasive systems); the applications, services, and service providers; the content, content providers, and users. 17

20 the different technologies: tools, techniques, systems, and methods to build solutions and applications, cloud computing, mobile devices, embedded systems, pervasive computing, internet of things, etc. All these classifications or dimensions have their pros and cons: no matter which is chosen, there are always some research questions that span multiple categories. After considering the alternatives above (and others), a thematic classification (with nine research themes) mapped on a number of application domains (resulting in a two dimensionial representation), as will be presented in Sections 4.2 and 4.3, was chosen for this agenda as the preferred approach. The research will involve and benefit the entire field: industry, knowledge centers, education, and the various levels of government. Similarly, research will comprise both visionary, long-term aspects of cyber security (how do we prepare for the security issues in 2020 and beyond?), and more immediate goals (how do we deal with a future Stuxnetlike attack on a power plant in the Netherlands, and guarantee sufficient resilience?). Short vs long term research Cyber security research spans a broad range from short-term to long-term, and from applied to fundamental, as illustrated in Fig 3. At one end of the spectrum are short-term consultancy-type projects, e.g. to evaluate security concerns or proposed solutions. Because of their urgent and ad-hoc nature, these do not easily lend themselves to synchronisation in a broader research program. At the other end of the spectrum is fundamental scientic research, carried out at universities. Longer term research, both applied and fundamental, often involves training of PhD students. Intermediate forms are carried out internally inside many companies and organisations, but also occur as separate projects across organisations. Good examples are the projects funded in the 2012 SBIR call for proposals in cyber security supported by AgentschapNL and earlier programs such as the NAVI Sub-arena (which focused on vital ICT infrastructure). Although different types of organisations may typically be involved in more short-term or long-term research, these do not form separate and isolated communities. This is important for sharing knowledge and expertise, but also for sharing challenges and problems a practical immediate problem may pose an interesting scientic challenge and inspire and stimulate more fundamental research and to see to it that the right knowledge is delivered in education, as illustrated in Fig

21 The many aspects of cyber security PUBLIC SECTOR PRIVATE SECTOR SOCIETY AT LARGE Problems Challenges Knowledge opportunities solutions Solutions APPLIED RESEARCH FUNDAMENTAL RESEARCH Problems Problems Challenges Knowledge opportunities solutions COMPANIES GOVERNMENT AGENCIES TNO, NOVAY UNIVERSITIES Knowledge Trained personnel EDUCATION Trained personnel Figure 4: ICT security research 19

22 Chanpipat, Shutterstock 20

23 Technologies, application domains, and research themes 21

24 Concrete research questions typically arise in a specific context, which may involve a certain technology (e.g. cloud computing), or a particular application domain (e.g. finance), or a combination of the two. Still, similar research questions arise across different contexts, representing broader research themes. The next two sections make an inventory of the most important contexts, both regarding technology and application domain. The last section then lists the underlying research themes that represent the central challenges for security across these contexts. 4.1 Technologies A central technology that is at the heart of most applications is of course Internet, fixed or mobile. Telecommunications and the Internet are merging more and more to become an all-ip environment, where traditional telephony (voice), television (video) and data exchange are integrated into a multi-channel system. Services can be provided to large groups of users (broadcasting and information sharing), specific groups (narrowcasting and user communities) as well as single users. As many critical applications have come to rely on Internet, the Internet itself has become an ever more critical infrastructure. An important technology that builds on top of this is cloud computing. Cloud computing uses the communication infrastructure provided by the Internet to provide on-demand computation resources, in the form of raw computing power or more specialised services, by offering infrastructure, platforms or software as a service. Cloud computing is increasingly used by individual citizens and companies to outsource their ICT needs. Cloud computing may offer economic bene- fits, by exploiting economies of scale and releasing users from maintenance tasks. However, cloud computing also introduces extra (communication) costs, and raises serious challenges for security. Rafal Olechowski, Shutterstock Challenges are also raised by the sheer amount of data. More and more organizations are amassing data sets that are so large and so complex that they cannot easily be processed by conventional means of data processing. Finding anomalies that point to security incidents in Big Data is a difficult problem. Another important technological trend is pervasive systems: we are rapidly moving away from the desktop-model, and increasingly 22

25 Technologies, application domains, and research themes government transport & logistics finance telecom Malware & malicious infrastructures Attack detection, attack prevention & monitoring Forensics and incident management industrial control commerce healthcare Identity, privacy, and trust management Offensive cyber capabilities news & media NCSRA II Secure design & engineering domestic Risk management, economics and regulation Data, policy and access management Cybercrime & underground economy law enforcement defense smart grids Figure 5: Application domains (outer ring) and research themes (inner ring) interact with ICT that is integrated into everyday objects and activities, that make up the Internet of things. Some of these devices are fully connected to the wider Internet (e.g. smart phones), but many are not (e.g. wearable computing, or smart insulin pumps). The security of machine to machine (M2M) interactions as seen in modern cars, and manufacturing, is becoming an increasing concern. In some respects, cloud computing and pervasive systems are polar opposites: cloud computing relies on massive centralisation of data and processing power, whereas pervasive systems rely on a massive distribution of processing power. As we are surrounded by ever more devices with embedded electronics, the digital and physical worlds are rapidly converging to form one cyber-physical reality in our homes, our workplaces, in semi-public places such as care homes and hospitals, in public spaces such as the (public) transport systems, and ultimately at a global level. Pervasive systems have important implications for privacy, security, trust and have a deep impact in our social lives. Also, some of the devices, for instance RFID tags, have only very limited capabilities when it comes to information storage, processing and communication, so that traditional methods for providing security are not feasible. 23

26 Besides the location of computation and hardware capabilities, we distinguish a myriad of technologies in the nature of the software that have heavy implications for security. Information exchange no longer has a predominantly client-server nature. Information is exchanged in peer-to-peer fashion, more and more information is shared via social networks, and security sensitive operations (related to banking, health-care, taxes, etc.) all occur via the Internet with a variety of technologies for things like authentication and protection. A research program in security should find its place in this moving technology land scape. Rafal Olechowski, Shutterstock 4.2 Application domains ICT is used in many applications, ranging from generic use of ICT in the office or at home, to more specific applications in industry, each with their own security requirements and threats. Many of these domains are interdependent and incidents in one sector will have cascading effects. Below we highlight some but by no means all of these application domains. Several of these can be considered as critical infrastructures. Domestic. ICT and ICT networks play an increasingly important role in people s private lives, as the way to communicate and socialize (e.g. through social net- work), as source of information and entertainment (e.g. with gaming, and Internet taking over the role of television). This clearly has important security and privacy implications. Also, huge ICT infrastructure collectively provided by the Dutch citizens, with its excellent broadband connections, in itself has proved to be an interesting target for botnets. Commercial. Trust in ICT and Internet is vital for its ongoing and increasing use, and for companies to reap the economic benefits that this brings. Online commerce, or e-commerce, is increasingly important, and lack of trust in ICT and Internet could undermine its growth: Ernst&Young (2011) estimates that in creased trust in Internet by consumers could provide an additional 1.4 billion euro of online trade by Just as private individuals are concerned with privacy, companies are concerned with their intellectual property and confidential information. Companies are faced with a rapid rise of ever more sophisticated cyber attacks aimed at corporate espionage. Industrial Control Systems. SCADA (Supervisory Control and Data Acquisition) systems monitor and control large industrial systems, such as chemical and nuclear plants, and large parts of the national critical infrastructure, such as the water, gas and electricity supply. Disruptions in SCADA systems can have disastrous consequences, but their increasing reliance on ICT including the Internet has made them vulnerable to remote attacks. Stuxnet is the most famous one among numerous examples here. This is especially 24

Research Topics in the National Cyber Security Research Agenda

Research Topics in the National Cyber Security Research Agenda Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber

More information

NCSRA II. National Cyber Security Research Agenda II

NCSRA II. National Cyber Security Research Agenda II National Cyber Security Research Agenda II 1 About this document Contents Editors: prof.dr.ir. Herbert Bos (Vrije Universiteit Amsterdam) prof.dr. Sandro Etalle (Technische Universiteit Eindhoven) ir.

More information

NCSRA II. Editors: September 30, 2013. 1 A National Research Agenda for Cyber Security 3. 2 Focus and objectives 4

NCSRA II. Editors: September 30, 2013. 1 A National Research Agenda for Cyber Security 3. 2 Focus and objectives 4 NCSRA II prof.dr.ir. Herbert Bos prof.dr. Sandro Etalle ir. Frank Fransen dr.ir. Erik Poll Editors: (Vrije Universiteit Amsterdam) (Technische Universiteit Eindhoven) (TNO) (Radboud Universiteit Nijmegen)

More information

2. Cyber security research in the Netherlands

2. Cyber security research in the Netherlands 2. Cyber security research in the Netherlands Jan Piet Barthel MSc Netherlands Organization for Scientific Research A strong motivation to enforce CS research: Absence or lack of cyber security is listed

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

National Cyber Security Research Agenda

National Cyber Security Research Agenda National Cyber Security Research Agenda Trust and Security for our Digital Life Version 1.2 dr.ir. Herbert Bos prof.dr. Sandro Etalle dr.ir. Erik Poll Editors: (Vrije Universiteit Amsterdam) (Technische

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Computer. Welcome to the Faculty of Electrical Engineering, Mathematics and Computer Science! master s degree

Computer. Welcome to the Faculty of Electrical Engineering, Mathematics and Computer Science! master s degree master s degree Computer Science Welcome to the Faculty of Electrical Engineering, Mathematics and Computer Science! For us the world is flat. Electrical Engineering, Mathematics and Computer Science have

More information

Fostering Incident Response and Digital Forensics Research

Fostering Incident Response and Digital Forensics Research Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital

More information

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation. Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE AIIA Response 14 November 2011 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

Promoting a cyber security culture and demand compliance with minimum security standards;

Promoting a cyber security culture and demand compliance with minimum security standards; Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Protecting Organizations from Cyber Attack

Protecting Organizations from Cyber Attack Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics

More information

The UK cyber security strategy: Landscape review. Cross-government

The UK cyber security strategy: Landscape review. Cross-government REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape

More information

Cyber security in an organization-transcending way

Cyber security in an organization-transcending way Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Getting real about cyber threats: where are you headed?

Getting real about cyber threats: where are you headed? Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely

More information

Gregg Gerber. Strategic Engagement, Emerging Markets

Gregg Gerber. Strategic Engagement, Emerging Markets Government of Mauritius Gregg Gerber Strategic Engagement, Emerging Markets 2 (Advanced) Persistent Targeted attacks 2010 2011 2012 Time 1986-1991 Era of Discovery 1992-1998 Era of Transition 1999-2005

More information

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015 Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are

More information

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote

More information

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services

AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services TACTICAL FLEX, INC. AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF Aanval for Financial Services Aanval is a product of Tactical FLEX, Inc. - Copyright 2012 - All Rights Reserved Challenge for IT in Today s Financial

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

Terms of Reference for the Review of the OECD Guidelines for the Security of Information Systems and Networks

Terms of Reference for the Review of the OECD Guidelines for the Security of Information Systems and Networks Please cite this paper as: OECD (2012), Terms of Reference for the Review of the OECD Guidelines for the Security of Information Systems and Networks, OECD Digital Economy Papers, No. 210, OECD Publishing.

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM Information & Security: An International Journal Valentyn Petrov, vol.31, 2014, 73-77 http://dx.doi.org/10.11610/isij.3104 ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY

More information

Cyber security trends & strategy for business (digital?)

Cyber security trends & strategy for business (digital?) Cyber security trends & strategy for business (digital?) Presentation by Anwer Yusoff Head, Industry & Business Development C y b e r S e c u r i t y M a l a y s i a NATIONAL CYBERSECURITY TECHNICAL SPECIALIST

More information

Cyber security guide for boardroom members

Cyber security guide for boardroom members Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country

More information

The Dow Chemical Company. statement for the record. David E. Kepler. before

The Dow Chemical Company. statement for the record. David E. Kepler. before The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION 1. Introduction E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION Australia s national security and economic and social well-being rely upon the use and availability of a range of Information

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

Intelligent. Buildings: Understanding and managing the security risks

Intelligent. Buildings: Understanding and managing the security risks Version 2 IET Sector Insights Intelligent Buildings: Understanding and managing the security risks More efficient and cost-effective use of the built environment is increasingly being driven by economic

More information

Protecting critical infrastructure from Cyber-attack

Protecting critical infrastructure from Cyber-attack Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale

More information

Bridging the gap between COTS tool alerting and raw data analysis

Bridging the gap between COTS tool alerting and raw data analysis Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading

More information

Cybersecurity at the Nexus of a Hyper- Connected World

Cybersecurity at the Nexus of a Hyper- Connected World Cybersecurity at the Nexus of a Hyper- Connected World Azer Bestavros, Wayne Burleson, Frans Kaashoek, Greg Morrisett, and Engin Kirda Draft of April 4, 2012 This document identifies a number of major

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

The Danish Cyber and Information Security Strategy

The Danish Cyber and Information Security Strategy February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

COMMISSION OF THE EUROPEAN COMMUNITIES

COMMISSION OF THE EUROPEAN COMMUNITIES EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, [ ] COM(2006) 251 COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE

More information

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

Hacking the Industrial SCADA Network II The Latest Threats to Automated Production and Process Management Networks

Hacking the Industrial SCADA Network II The Latest Threats to Automated Production and Process Management Networks SCADA Threat Assessment: Hacking the Industrial SCADA Network II The Latest Threats to Automated Production and Process Management Networks Highly Automated Production Networks Editor s Note: The original

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

ICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE

ICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE OVERVIEW Critial infrastructures are increasingly dependent on information and communication technology. ICT-systems are getting more and more complex, and to enable the implementation of secure applications

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

NEW ZEALAND S CYBER SECURITY STRATEGY

NEW ZEALAND S CYBER SECURITY STRATEGY Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

Solving for the Future: Addressing Major Societal Challenges Through Innovative Technology and Cloud Computing

Solving for the Future: Addressing Major Societal Challenges Through Innovative Technology and Cloud Computing Solving for the Future: Addressing Major Societal Challenges Through Innovative Technology and Cloud Computing As economic challenges persist in communities, nations, and regions around the world, the

More information

Are you prepared to be next? Invensys Cyber Security

Are you prepared to be next? Invensys Cyber Security Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

Cyber Security. A professional qualification awarded in association with University of Manchester Business School ICA Advanced Certificate in Cyber Security A professional qualification awarded in association with University of Manchester Business School An Introduction to the ICA Advanced Certificate In Cyber Security

More information

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, 28-29 JUNE 2011 The Seoul Declaration on the Future of the Internet Economy adopted at the 2008 OECD

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

European Commission Per email: CNECT-H4@ec.europa.eu

European Commission Per email: CNECT-H4@ec.europa.eu Post Bits of Freedom Bank 55 47 06 512 M +31(0)646282693 Postbus 10746 KvK 34 12 12 86 E simone.halink@bof.nl 1001 ES Amsterdam W https://www.bof.nl European Commission Per email: CNECT-H4@ec.europa.eu

More information

Big Data and Security: At the Edge of Prediction

Big Data and Security: At the Edge of Prediction Big Data and Security: At the Edge of Prediction Mark Seward Splunk Inc. Fred Wilmot Splunk Inc. Session ID: Session Classification: SPO2-T17 Intermediate The Way Cyber Adversaries Think Where is the most

More information

Network Security Landscape

Network Security Landscape Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing

More information

idata Improving Defences Against Targeted Attack

idata Improving Defences Against Targeted Attack idata Improving Defences Against Targeted Attack Summary JULY 2014 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does

More information

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security

More information

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013 Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory

More information

In an age where so many businesses and systems are reliant on computer systems,

In an age where so many businesses and systems are reliant on computer systems, Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

Information Security Summit 2005

Information Security Summit 2005 Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government

More information

A Cyber Security Integrator s perspective and approach

A Cyber Security Integrator s perspective and approach A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

An Open and Safe Europe What s next?

An Open and Safe Europe What s next? An Open and Safe Europe What s next? Private Security Services Industry views to the European Commission public consultation on the Future of DG HOME Policies The Confederation of European Security Services

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information