SIG ISM WORKSHOP LONDON Alf Moens

Size: px
Start display at page:

Download "SIG ISM WORKSHOP LONDON 2015. Alf Moens"

Transcription

1 SIG ISM WORKSHOP LONDON 2015 Alf Moens

2 SIG ISM The aims of the SIG-ISM are: * Establish a community of NREN security management professionals develop, maintain and promote trust framework between NRENs based on international standards * promote the use of international security standards and share best practices for security management within NRENs * discuss and promote issues of information security management of particular interest to NRENs In the direction of these fundamental points, the 1st SIG-ISM that will be held at the Imperial College in London wishes to bring together CISOs and all people interested on ISM to develop and strengthen the ISM Community around the globe.

3 Agenda Tuesday 12:30-13:30 Arrival and registration 13:30-13:45 Welcome and introduction Alf Moens (SURF) 13:45-14:15 How to gain and maintain ISO certification Urpo Kaila (CSC) 14:15-14:45 Jisc and the ISO27001 James Davis (Jisc) 14:15-14:45 Coffee break 14:45-16:45 Round-table discussions What do NREN need to implement as a standard? The aim of this discussion is to generate a document to highlight the basic steps NRENS should follow to implement security management. 16:45-17:00 Summary of the day 17:00-19:00 Checking in... 19:00-21:00 Joint dinner

4 Introduction SIG ISM Steering committee: Started autumn 2014, at workshop in Utrecht, monthly VC meetings: James, Rolf, Wayne, Alf Charter: approved! Participation: free for anyone but aimed at security opfficers of NRENs It s not about incidents, it s about security management. Reach out to other Task forces and SIGs Maintain register of security officers Should we work on a trust framework?

5 Agenda Wednesday 09:00-9:30 Risk Registers, the good and the bad Making Real Change Wayne Routly (GEANT) 9:30-10:30 Round-table discussions Risk analysis The aim of this discussion is to generate a short paper around the current risks and the new threads coming up. 10:30-11:00 Coffee break 11:00-11:30 Finalising the discussion on Risks 11:30-12:20 REFEDS and SIG-ISM Nicole Harris (GEANT) 12:20-12:30 Discussion about future meetings and Wrap-up

6 Participants Alf Moens - SURFnet bv Wayne Routly - DANTE Alessandra Scicchitano - GEANT Association Dominique Launay - GIP RENATER Maciej Milostan - PSNC / PIONIER John Chapman - Jisc Antonio Fuentes Bermejo - RedIRIS Fernand De Decker - BELNET Rolf Sture Normann - UNINETT AS Cynthia Wagner - Fondation RESTENA Thomas Tam - Canada's Advanced Research and Innovation Network Jacob Asbæk Wolf - NORDUnet A/S Øivind Høiem - UNINETT AS James Davis - Jisc Urpo Kaila - CSC - IT Center for Science Ltd. Nicole Harris - GÉANT Association apologized [4] Aidan Carty - HEAnet David Simonsen - WAYF - Where are you from Vlado Pribolsan - - Croatian Research and Education Federation Ralf Groeper - DFN

7 Standards and certifications Inventory - Do you have a security officer? An approved security policy? - Which standard for information security are you using? - Are you implementing any certifications? - Which? - Who is asking for this? - How much effort is it? Discussion - What standard should a NREN use for information security?

8 Risk Identification and Management Do you perform any risk analysis? Company wide, for a project or for an information system? What do you need to protect? What are the core assets of a NREN? What are the main threats for a NREN? What are the main threats for a university?

9 Type of Threath Example sof Threath Relevance (chance * imoact) # Type of Threath Event Actor Example incidents Education Research Operations 1" Accessing"or"(unautorised)"" publishing""data" Theft"of"reasearch"data" Privacysensitive"information""is"leaked"and"published" Design"of"a"research"lab"falls"into"wrong"hands"" Cybercriminals" Activists" States" Tentamenfraude" door" openbaarmaking" van" tentamenopgaven"" Privacygevoelige" gegevens" over" students" en" leerlingen"op"straat"beland" MIDDLE HIGH MIDDLE Fraude"bij"gaining"access"to""information"abouth"exams"and" test"questions"" Employees" Kamervragen"over"intranetlek"Hogeschool" 2" Identity"fraude" Student"has"someone"else"do"his"examn" Student"poses"as"other"student"or"employee"to"gain"access" to"exams." Activist"poses"as"a"researcher" Student"poses"as"an"employee"and"changes"examresults" Students" Cybercriminals" Activists" " Kamervragen" naar" identiteitsfraude" Hogeschool" Windesheim" Fraude"in"toelating"examens" HIGH MIDDLE LOW 3" Manipulation"of""data" Studieresultaten"worden"vervalst" Manipulatie"van"research"data" Aanpassing"van"bedrijfsvoering"data" " Students" Employees" Student" krijgt" vier" jaar" celstraf" voor" het" wijzigen" van"zijn"cijfers" Massale"fraude"economiestudents" Student" hackt" website" en" inleversysteem" Informatica" HIGH LOW LOW 4" Espionage" Research"data"worden"afgetapt" Via"een"derde"partij"wordt"intellectueel"eigendom"gestolen" States" Companies" &" commercial"partners" MI5" waarschuwde" Britse" universiteiten" voor" cyberattacklen" NSA"hackt"Belgische"cyberprofessor" LOW HIGH LOW Cybercriminals" Chinezen"bespioneren"denk"tanks"met"expertise"in" Irak" 5" Disruption"of"ICT" DDoSVattack"legt"ITVinfrastructuur"plat" Kritieke""research"data"of"examendata"wordt"vernietigd" Opzet"van"onderzoeksinstellingen"wordt"gesaboteerd" Onderwijsmiddelen" worden" onbruikbaar" door" malware" (bijv."elearning"of"het"netwerk)" Cyberresearchers" Activists" Students" Employees" Distributed" Denial" of" Service" attack" treft" SETI" project" Dorifelvirus"treft"ook"universiteiten" Server"legde"netwerk"Universiteit"Utrecht"plat" MIDDLE MIDDLE MIDDLE 6" Take"over"or"abuse"ofCT" Opstelling"van"onderzoeksinstellingen"overgenomen" Systemen" of" accounts" worden" misbruikt" voor" andere" doeleinden"(botnet,"mining,"spam)" Cybercriminals" Students" Employees" Yahoo" blokkeert" Universiteit" Maastricht" wegens" spam" Student" gebruikt" universiteit" computers" om" dogecoin"te"minen" LOW MIDDLE MIDDLE 7" Create"negative"image"on" purpose" Defacement"of"website" Social"media"account"hacked"and"abused" Activists" Students" Homepage"Faculteit"Letteren"beklad" Hackers"bekladden"website"van"MIT" Cyberresearchers" LOW LOW LOW Cybervandalen" Legenda relevantie - Bron:-Cybersecuritybeeld-Nederland"(Nationaal"Cyber"Security"Centrum,"2014)" LOW MIDDLE HIGH

10 Sources for threat information SURF Cyberdreigingsbeeld 2014 https://www.surf.nl/nieuws/2014/11/handvatten-omcybersecurity-instellingen-te-verbeteren.html Cyber Security Beeld Nederland 4 (NCSC) https://www.ncsc.nl/dienstverlening/expertise-advies/ kennisdeling/trendrapporten/cybersecuritybeeldnederland-4.html Dutch Cyber Security Council (CSR) (cyber security guide for the board room) _VENJ_Cybersecurity_UK_vdef.pdf Enisa Threat Landscape evolving-threat-environment/enisa-threat-landscape-midyear-2013/at_download/fullreport World Economic Forum evolving-threat-environment/enisa-threat-landscape-midyear-2013/at_download/fullreport 10

11 Threat types Threats Asset types Threat Landscape and Good Practice Guide Unauthorised physical access/unauthorised entries to Hardware, Infrastructure premises for Internet Infrastructure Physical attacks Sabotage Hardware, Infrastructure Disasters Natural disasters Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Environmental disasters Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Failures/Malfunctions Failures of parts of devices Protocols, Hardware, Software, Information, Services Configuration errors Protocols, Hardware, Software, Information, Services Outages Lack of resources Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Network outages Hardware, Software, Information, Services Unintentional damages (accidental) Information leakage/sharing Hardware, Software, Information, Services, Interconnection Unintentional change of data in an information systems Protocols, Hardware, Software, Information, Services Damage/Loss (IT assets) Damage caused by a third parties Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Loss of reputation Interconnection, Human resources Nefarious activity/abuse Manipulation of hardware and software Protocols, Hardware, Software, Information, Services Denial of service attacks (DoS/DDoS) Hardware, Software, Information, Services Eavesdropping /Interception/Hijacking Interception compromising emissions Protocols, Software, Information, Services Man in the middle/session hijacking Software, Information, Services Legal Violations of law or regulation/breaches of legislation Software, Information, Interconnection, Human resources Failure to meet contractual requirements Software, Information, Interconnection, Human resources Source: Enisa Threat Landscape and Good Practice Guide for Internet Infrastructure, jan. 2015

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually

More information

Cyber Security for Railway Signalling

Cyber Security for Railway Signalling Cyber Security for Railway Signalling Dr. Cédric LÉVY-BENCHETON Network and Information Security Expert European Union Agency for Network and Information Security How to protect signalling system against

More information

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world

More information

Security Officer: An NREN Secondee Perspective

Security Officer: An NREN Secondee Perspective Security Officer: An NREN Secondee Perspective Jan Kohlrausch, DANTE TF-CSIRT Meeting 18/19 September 2014 Rome Background About me: Senior Incident Handler and Researcher with DFN-CERT Currently member

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

SA3: Support for Multi-Domain Services Plenary

SA3: Support for Multi-Domain Services Plenary SA3: Support for Multi-Domain Services Plenary Toby Rodwell, DANTE 3 rd GÉANT2 Technical Workshop Cambridge, 9 January 2007 Overview SA3 Reminder Achievements Current Work Tech Workshop sessions What SA3

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

what can we do with botnet data?

what can we do with botnet data? what can we do with botnet data? prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society background SURFnet (Dutch NREN) was offered 700 GB of data obtained from

More information

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org Measures to Protect (University) Domain Registrations and DNS Against Attacks Dave Piscitello, ICANN dave.piscitello@icann.org Why are we talking about Domain names and DNS? Domain names and URLs define

More information

Forth TF- Mobility meeting. Minutes

Forth TF- Mobility meeting. Minutes Forth TF- Mobility meeting Date: 30th January 2004 Venue: TERENA, Amsterdam Minutes Attendees Hansruedi Born (HB) Tim Chown (TC) (streaming) Licia Florio (LC) Carles Fragoso (CF) Jan Furman (JF) Luis Guido

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

UK Networks & Security An Overview. Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008

UK Networks & Security An Overview. Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008 UK Networks & Security An Overview Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008 Objectives The structure of your public communication networks The threat landscape these networks face

More information

3. The Task Force will be open to any individual who can offer appropriate expertise, manpower, equipment or services.

3. The Task Force will be open to any individual who can offer appropriate expertise, manpower, equipment or services. Task Force on Network Operation Centres Terms of Reference 1. A task force is established under the auspices of the TERENA Technical Programme with the primary aim to offer a forum for leading staff members

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN s NOC

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN s NOC GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN s NOC 10 th TF NOC meeting (Cambridge) Friday, 21 March 2014 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan

More information

Cyber Security. perspective of an operator of a critical infrastructure. 1st CAMINO Workshop. Rolf Brunner Fachstelle IT-Sicherheit

Cyber Security. perspective of an operator of a critical infrastructure. 1st CAMINO Workshop. Rolf Brunner Fachstelle IT-Sicherheit Cyber Security perspective of an operator of a critical infrastructure 1st CAMINO Workshop Rolf Brunner Fachstelle IT-Sicherheit CH-5325 Leibstadt Telefon +41(0)56 267 71 11 www.kkl.ch Agenda Leibstadt

More information

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security

More information

15 JAAR VOOROP IN ICT SECURITY

15 JAAR VOOROP IN ICT SECURITY NEXT GENERATION MOTIV BIEDT WEERBAARHEID EN MONITORING VOOR UW GEBRUIKERSNETWERK OF DATACENTER CHALLENGES CHALLENGES MALWARE FOUND CHALLENGES BOTNETS ATTACK CHALLENGES GEBRUIK VAN DIVERSE APPLICATIES CHALLENGES

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Trial of the Infinera PXM. Guy Roberts, Mian Usman

Trial of the Infinera PXM. Guy Roberts, Mian Usman Trial of the Infinera PXM Guy Roberts, Mian Usman LHC Workshop Recap Rather than maintaining distinct networks, the LHC community should aim to unify its network infrastructure Traffic aggregation on few

More information

GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services. Utrecht October 14 2015

GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services. Utrecht October 14 2015 GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services Utrecht October 14 2015 Why and what TODAY More information about IaaS delivery through GÉANT Tender Provider GÉANT interaction Opportunity

More information

TERENA Task Force TF-MSP Meeting Thursday 27th and Friday 28th November 2014 Hosted by University of Malta, Valletta. Notes by Magda Haver, TERENA

TERENA Task Force TF-MSP Meeting Thursday 27th and Friday 28th November 2014 Hosted by University of Malta, Valletta. Notes by Magda Haver, TERENA Page 1/n TERENA Task Force TF-MSP Meeting Thursday 27th and Friday 28th November 2014 Hosted by University of Malta, Valletta Notes by Magda Haver, TERENA 1. Introduction Martin Bech chair of TF-MSP opened

More information

Some Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org

Some Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org Some Perspectives On Cybersecurity Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org Agenda What is the Internet Society (ISOC) On the IETF Cyber Security Themes

More information

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business Qualification Specification Level 4 Certificate in Cyber Security and Intrusion For Business ProQual 2015 Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates

More information

DANCERT RFC2350 Description Date: 10-10-2014 Dissemination Level:

DANCERT RFC2350 Description Date: 10-10-2014 Dissemination Level: 10-10-2014 Date: 10-10-2014 Dissemination Level: Owner: Authors: Public DANCERT DANTE Document Revision History Version Date Description of change Person 1.0 10-10-14 First version issued Jan Kohlrausch

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Information Services. The University of Kent Information Technology Security Policy

Information Services. The University of Kent Information Technology Security Policy Information Services The University of Kent Information Technology Security Policy 1. General The University IT Security Policy (the Policy) shall be approved by the Information Services Committee (ISC)

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

Thresholds for annual reporting

Thresholds for annual reporting Thresholds for annual reporting 1h-2h 2h-4h 4h-6h 6h-8h >8h 1% - 2% 2% - 5% 5% - 10% 10% - 15% > 15% 1 Annual reporting 2012 for the first time in the EU, national authorities report about cyber security

More information

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online

More information

Dublin Institute of Technology IT Security Policy

Dublin Institute of Technology IT Security Policy Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David

More information

Building National and Regional Cybersecurity Competences through the UbuntuNet Alliance NRENS

Building National and Regional Cybersecurity Competences through the UbuntuNet Alliance NRENS Building National and Regional Cybersecurity Competences through the UbuntuNet Alliance NRENS UbuntuNet Connect 2015 F.F. Tusubira & A. Ndiwalana Knowledge Consulting Ltd Outline Background Current reality

More information

Cyber security in an organization-transcending way

Cyber security in an organization-transcending way Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security

More information

Information Incident Management Policy

Information Incident Management Policy Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit

More information

Clouducation. Andy Brauer CTO Business Connexion

Clouducation. Andy Brauer CTO Business Connexion Clouducation Andy Brauer CTO Business Connexion Agenda The evolution of Cloud and Internet has brought about new models and opportunities both for Study and Research in Education We take a look at how

More information

Cybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013

Cybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013 Cybersecurity and the Cloud 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013 Well, I'll hazard I can do more damage on my laptop sitting in my

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Supplier Vigilance: A Critical Layer of Defense

Supplier Vigilance: A Critical Layer of Defense Supplier Vigilance: A Critical Layer of Defense Lockheed Martin Information Security 1 Supply Chain Cyber Security Lockheed Martin October 23, 2013 Debbie Stuckey Waide Jones, CISSP 2 Synopsis Lockheed

More information

Cyber security guide for boardroom members

Cyber security guide for boardroom members Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country

More information

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.

More information

How to gain and maintain ISO 27001 certification

How to gain and maintain ISO 27001 certification Public How to gain and maintain ISO 27001 certification Urpo Kaila, Head of Security CSC IT Center for Science ltd. urpo.kaila@csc.fi, security@csc.fi GÉANT SIG ISM 1 st Workshop, 2015-05-12, imperial.ac.uk

More information

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure A risky business Why you can t afford to gamble on the resilience of business-critical infrastructure Banking on a computer system that never fails? Recent failures in the retail banking system show how

More information

Network Security. Intertech Associates, Inc.

Network Security. Intertech Associates, Inc. Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture

More information

CYBER SECURITY FOUNDATION - OUTLINE

CYBER SECURITY FOUNDATION - OUTLINE CYBER SECURITY FOUNDATION - OUTLINE Cyber security - Foundation - Outline Document Administration Copyright: QT&C Group Ltd, 2014 Document version: 0.2 Author: N R Landman (MD and Principal Consultant)

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

North Texas ISSA CISO Roundtable

North Texas ISSA CISO Roundtable North Texas ISSA CISO Roundtable Roundtable Topic Threat Against Our Well Being The Most Effective Methods in Combating and Responding to the Cyber Attack Event Sponsor Moderator and Panelists David Stanton

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

Project 2020: Preparing Your Organization for Future Cyber Threats Today

Project 2020: Preparing Your Organization for Future Cyber Threats Today Project 2020: Preparing Your Organization for Future Cyber Threats Today SESSION ID: CLE-T08 Ken Low CISSP GSLC Director of Cybersecurity Programs, Asia Pacific TREND MICRO 2 PROJECT 2020 An initiative

More information

D2.2 Executive summary and brief: Cyber crime inventory and networks in non-ict sectors

D2.2 Executive summary and brief: Cyber crime inventory and networks in non-ict sectors FP7-SEC-2013.2.5-2 Grant Agreement Number 607775 Collaborative Project E-CRIME The economic impacts of cyber crime D2.2 Executive summary and brief: Cyber crime inventory and networks in non-ict sectors

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review

Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review About auda.au Domain Administration Ltd (auda) is the industry self regulatory, not for profit

More information

Introduction to perfsonar

Introduction to perfsonar Introduction to perfsonar Loukik Kudarimoti, DANTE 27 th September, 2006 SEEREN2 Summer School, Heraklion Overview of this talk Answers to some basic questions The need for Multi-domain monitoring What

More information

CYBERSECURITY EXAMINATION SWEEP SUMMARY

CYBERSECURITY EXAMINATION SWEEP SUMMARY This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

The conference agenda is attached.

The conference agenda is attached. Greetings to all, You are all invited to the 2nd ANNUAL INDIAN HEALTH SERVICE (IHS) CYBER SECURITY CONFERENCE to be held at the Mystic Lake Casino Hotel, Prior Lake, MN during 12-14 July 2010. Additionally,

More information

SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CONSIDERATIONS FOR LAW FIRMS SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,

More information

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Assuring the Cloud Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Need for Assurance in Cloud Computing Demand Fast go to market Support innovation Lower costs Access everywhere

More information

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research 2 3 6 7 9 9 Issue 1 Welcome From the Gartner Files Definition:

More information

Information System Audit Guide

Information System Audit Guide Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Commonwealth of Australia 2011 Page 1 TABLE OF CONTENTS 1. INTRODUCTION TO ACCREDITATION...4 2. THE

More information

2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.

2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report. REPORT TO: SCRUTINY COMMITTEE 25 JUNE 2013 REPORT ON: REPORT BY: INTERNAL AUDIT REPORTS CHIEF INTERNAL AUDITOR REPORT NO: 280-2013 1.0 PURPOSE OF REPORT To submit to Members of the Scrutiny Committee a

More information

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6 to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

U07 Information Security Incident Policy

U07 Information Security Incident Policy Dartmoor National Park Authority U07 Information Security Incident Policy June 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without

More information

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015 BACKGROUND CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015 On 26-30 October 2015 Lowlands Solutions Netherlands (LSN) will be presenting

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

University of Kent Information Services Information Technology Security Policy

University of Kent Information Services Information Technology Security Policy University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee

More information

Presented by Frederick J. Santarsiere

Presented by Frederick J. Santarsiere http://cinoltd.com/ Presented by Frederick J. Santarsiere CHFI, CISSP, CISM, CISA, CEH, CEI, CAP, SSCP Sec+, Net+, A+, MCSA, MCSE, MCITP, MCT CCENT, CCNA, CCNA Wireless, CCNA Voice CISCO SMBEN, SMBAM,

More information

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

CYBER-ATTACKS THE GLOBAL RESPONSE

CYBER-ATTACKS THE GLOBAL RESPONSE R E P R I N T CYBER-ATTACKS THE GLOBAL RESPONSE REPRINTED FROM: Risk, Governance & Compliance for Financial Institutions 2015 RISK GOVERNANCE & COMPLIANCE for F I N A N C I A L INSTITUTIONS 2 0 1 5 Visit

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

Holistic Data Security. How to defend your sensitive data against all threats

Holistic Data Security. How to defend your sensitive data against all threats How to defend your sensitive data against all threats Holistic Data Security How to defend your sensitive data against all threats When dealing with national security information, it is of paramount importance

More information

Type Threats Origin. Destruction of equipment or media. Dust, corrosion, freezing. Climatic phenomenon. Seismic phenomenon. Volcanic phenomenon

Type Threats Origin. Destruction of equipment or media. Dust, corrosion, freezing. Climatic phenomenon. Seismic phenomenon. Volcanic phenomenon nnex C (informative) xamples of typical threats The following table gives examples of typical threats. The list can be used during the threat assessment process. Threats may be deliberate, accidental or

More information

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9

More information

Informatiebeveiliging volgens ISO/IEC 27001:2013

Informatiebeveiliging volgens ISO/IEC 27001:2013 Informatiebeveiliging volgens ISO/IEC 27001:2013 Dave Hagenaars, directeur BSI Group Nederland Copyright 2012 BSI. All rights reserved. Inhoud Wie zijn wij? Waarom informatiebeveiliging? Wat is de relevantie

More information

Audit summary of Security of Infrastructure Control Systems for Water and Transport

Audit summary of Security of Infrastructure Control Systems for Water and Transport V I C T O R I A Victorian Auditor-General Audit summary of Security of Infrastructure Control Systems for Water and Transport Tabled in Parliament 6 October 2010 Background Infrastructure critical to the

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

CYBER RISK INTERNATIONAL COMPANY PROFILE

CYBER RISK INTERNATIONAL COMPANY PROFILE CYBER RISK INTERNATIONAL COMPANY PROFILE About Us Robert Madelin, the EU Commission s director general overseeing digital matters, has warned about a clear and present danger of cyber attacks in Europe.

More information

ICT Security. High-Quality Information and Know How Protection. Design and implementation of security. Covering almost all of ICT security

ICT Security. High-Quality Information and Know How Protection. Design and implementation of security. Covering almost all of ICT security ICT High-Quality Information and Know How Protection Design and implementation of security solutions optimised to meet the client s needs Implementing state-of-the-art hardware and software security products

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Exchanging new ideas

Exchanging new ideas Exchanging new ideas New Ideas: Sharing and cooperating within NRENs Maurice.vandenAkker@surfnet.nl 15 december 2006 1 High quality internet for higher Education and Research Today s to-do list Background

More information

Testbeds as a Service Building Future Networks A view into a new GEANT Service. Jerry Sobieski (NORDUnet) GLIF Tech Atlanta, Mar 18, 2014

Testbeds as a Service Building Future Networks A view into a new GEANT Service. Jerry Sobieski (NORDUnet) GLIF Tech Atlanta, Mar 18, 2014 Testbeds as a Service Building Future Networks A view into a new GEANT Service Jerry Sobieski (NORDUnet) GLIF Tech Atlanta, Mar 18, 2014 From Innovation to Infrastructure! Network Innovation requires testing

More information

Managing Mobile: BYOD, MDM, MAM, and more acronyms. John H Sawyer Senior Security Analyst InGuardians, Inc.

Managing Mobile: BYOD, MDM, MAM, and more acronyms. John H Sawyer Senior Security Analyst InGuardians, Inc. Managing Mobile: BYOD, MDM, MAM, and more acronyms John H Sawyer Senior Security Analyst InGuardians, Inc. Who Am I? InGuardians Senior Security Analyst Penetration Testing Web, Network, Smart Grid, Mobile,

More information