ENISA Threat Landscape:

Similar documents
ISO Controls and Objectives

Cyril Onwubiko Networking and Communications Group ncg.kingston.ac.

ISO27001 Controls and Objectives

How To Protect Decd Information From Harm

U07 Information Security Incident Policy

Information Security Team

INFORMATION TECHNOLOGY SECURITY STANDARDS

Penetration Testing Service. By Comsec Information Security Consulting

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

Overview of computer and communications security

Data Management & Protection: Common Definitions

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Risks and Challenges

SECURITY RISK MANAGEMENT

Security A to Z the most important terms

How to Secure Your Environment

UBC Incident Response Plan

UF Risk IT Assessment Guidelines

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

ISO COMPLIANCE WITH OBSERVEIT

Risk Management Guide for Information Technology Systems. NIST SP Overview

Network Security. Intertech Associates, Inc.

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

FACING SECURITY CHALLENGES

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

CYBER SECURITY CONTROLS CHECKLIST

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Cloud Computing Governance & Security. Security Risks in the Cloud

Security Controls What Works. Southside Virginia Community College: Security Awareness

Chapter 6: Fundamental Cloud Security

Jort Kollerie SonicWALL

California State University, Chico. Information Security Incident Management Plan

Information Security Management. Audit Check List

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Cyber liability threats, trends and pointers for the future

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Cisco SAFE: A Security Reference Architecture

Sytorus Information Security Assessment Overview

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Information Security Incident Management Policy and Procedure

External Supplier Control Requirements

Practical Steps To Securing Process Control Networks

Cybersecurity Awareness. Part 1

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

External Supplier Control Requirements

Security Issues in Cloud Computing

Information Incident Management Policy

SSL and Browsers: The Pillars of Broken Security

Cloud Computing Security Considerations

White Paper. Information Security -- Network Assessment

Technical Standards for Information Security Measures for the Central Government Computer Systems

SECURITY. Risk & Compliance Services

INFORMATION SECURITY PROCEDURES

Thresholds for annual reporting

Storage Cloud Infrastructures

EXIN Information Security Foundation based on ISO/IEC Sample Exam

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

Information Security Services

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ISO 27002:2013 Version Change Summary

Incident Response Plan for PCI-DSS Compliance

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

White Paper. Five Steps to Firewall Planning and Design

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

FRAMEWORK. Continuous Process Improvement Risk, Information Security, and Compliance

Information Technology Policy

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE

Top tips for improved network security

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Information Security Managing The Risk

Global Security Report 2011

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

CompTIA Security+ (Exam SY0-410)

An outline of the security threats that face SIP based VoIP and other real-time applications

Defending Against Data Beaches: Internal Controls for Cybersecurity

ICANWK406A Install, configure and test network security

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Securing end devices

Cloud Security: An Independent Assessent

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

SIG ISM WORKSHOP LONDON Alf Moens

April 21, 2009 Dines Bjørner: MITS: Models of IT Security: 1. c Dines Bjørner 2006, Fredsvej 11, DK 2840 Holte, Denmark

Service Children s Education

Corporate ICT Availability

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

IBM Endpoint Manager for Core Protection

Attacks from the Inside

Third Party Security Requirements Policy

Transcription:

ENISA Threat Landscape: Current and Emerging Threat Assessment Louis Marinos 18 June 2015 European Union Agency For Network And Information Security

Why ENISA Threat Landscape? raising awareness of potential threats in cyberspace..(mandate) Use available expertise to support Stakeholders in UNDERSTANDING the real threat Help developing protection according to the real threats 2

ETL Top Threats Thematic Landscapes Emerging Trends Fast path.. Flash Note ETL State of play 3

Content and quality Strategic (S): the highest level information about threats. Created by humans, consumed by humans Lifespan months Tactical (T): at this level, stakeholders obtain aggregated information about threats, TTPs and their elements. Created and consumed by humans and machines Lifespan weeks, months Operational (O): technical information about incidents, etc. Created by machines, consumed by machines/humans Lifespan days, weeks 4

ETL Top Threats Thematic Landscapes Emerging Trends Fast path.. Flash Note Facilitate input processing 5

Better management of input/output.. DNS spoofing DNS poisoning AS hijacking Power Water Cooling No-IP Microsoft domains seizure Amplification/ Reflection Spoofing Flooding Ping of Death WinNuke XDoS Diginotar Virus Worm Trojan Rootkit Botnets Spyware Scareware Rogueware Nation state espionage Corporate espionage Adware Greyware Volume Application Violation of laws or regulations/ breach of legislation SSL CA infiltration Routing table manipulation DNS manipulation Falsification of configuration AS manipulation IMPI Protocol DNS Registrar Hijacking Judiciary decision/court order Espionage Rogue hardware Software interception Lack of human resources Lack of network capacity Lack of processing power Lack of storage capacity Lack of physical resources Failure to meet contractual requirements Identity fraud Unsolicited & infected e-mail Denial of service Malicious code/software activity Abuse of information leakage Generation and use of rogue certificates Manipulation of hardware & software Manipulation of information Misuse of audit tools Falsification of records Unauthorised use of administration of devices & systems Unauthorised access to information system/network Unauthorised use of software Unauthorised installation of software Compromising confidential information Abuse of authorizations Abuse of personal data Badware Remote activity (execution) Targeted attacks (including ATP) War driving Interception compromising emissions Interception of information Interfering radiations Hoax Replay of messages Network reconnaissance and information gathering Man in the middle/ session hijacking Repudiation of actions Lack of resources/ electricity Internet outage Loss of support services Absense of personnel Strike Network outage Legal Nefarious Activity/ Abuse Eavesdropping/ Interception/ Hijacking Outages Threats Physical attacks Unintentional damages (accidental) Disasters Failures/ Malfunctions Natural disasters Environm ental disasters Damage/ Loss (IT Assets) Information leakage or sharing Erroneous use or administration of devices and systems Using information from an unreliable source Unintentional change of data in an information system Inadequate design and planning or lack of adaption Earthquakes Floods Landslides Tsunamis Lightning strike Heavy rains Heavy snowfalls Heavy winds Wildfire Electromagnetic storm Fires Dangerours radiation leaks Pollution Dust Corrosions Unfavourable climatic conditions Major events in the environment Explosions Damage caused by a third party Loss of (integrity of) sensitive information Loss or destruction of devices, storage media and documents Loss of information in the cloud Information leakage Failures of parts of devices Failures of devices or systems Failures or disruptions of communication links (communication networks) Failures or disruptions of main supply Failures of disruptions of service providers (supply chain) Failures or disruptions of the power supply Malfunctions of devices or systems Malfunctions of parts of devices Failures of hardware Software bugs Loss from DMR conflicts Configuration errors Inadequate specifications Inadequate usability Insecure interfaces (APIs) Policy/procedure flaws Design errors Linecards Connectors Network devices Servers Data centers Cable break Cable cut Power Cooling Water Network devices Servers External case Internal case Data centers Linecards Connectors Misconfiguration 6

ETL Current Threats Thematic Landscapes (Sector) Emerging Technologies Fast path.. Flash Note Recent data modelling 7

Understanding used structures.. Thematic Landscape Attributes-Collection: Threat classification Affected Asset Type Affected Business Sector Emerging technology area Threat Agents Relevant Reference Trend Relevant URL Attributes Current Threats: Description of threat Issues related to threat Overall trend Threat Agents Related threats Position in kill chain Attributes Threat Agents: Description Motives Capabilities References Attributes Emerging Technology Area: Relevance of Emerging Area Possible Vulnerabilities/Weaknesses Top 10 threats (from current) Foreseen Trend Threat Agents Issues related to threat/area References ENISA Threat Landscape Attributes Sector: Asset Inventory Relevant Threats Possible Vulnerabilities/Weaknesses Assessed particular sector threats (from incidents) Threat Agents Threat mitigation practices/controls References 8

ETL Top Threats Thematic Landscapes Emerging Trends Fast path.. Flash Note People are asking 9

Requirements, requirements (mostly presentation, but also content) Provide hooks to risk assessment, based on this information develop a use case Develop landscapes for types of organizations (e.g. prosumers/freelancers, SMEs, and government agencies) Look at main asset types infrastructure (power+ network+ housing), mobile/fixed endpoints, cloud/web servers, cloud/web applications Do a risk assessment for each of the above pointing out the main threats to navigate Consolidate internal information Create various views.. 10

ETL Top Threats Thematic Landscapes Emerging Trends Fast path.. Flash Note The nasty matter with presentation 11

Graphics / Presentation Presentation/Visualization of results increases use/re-use and efficacy It is expected that quite some approaches for presentation of TI will emerge soon. Current: Good practices are: Verizon-DBIR, Hackmageddon, Kill-Chain STIX data format as presentation tool? An interesting/novel approach is project Sinfonier 12

ETL Top Threats Thematic Landscapes Emerging Trends Fast path.. Flash Note Develop realistic use cases 13

What to do with Threat Information?

Why this landscape the painting? Risk oriented Threat oriented Prevention oriented - Threat - Weakness - Impact - Acceptance levels - Controls Risk/Business Intelligence - Threat Agents - Attack vectors - Kill chains - Trends is based on Threat Intelligence - Patterns - Big data - Triage - Actions - Controls is based on Operational Intelligence We need to increase reaction speed at all levels! 15

Takeaways: Great work just released 16

For users: Takeaways Understand the scope of your assessments Identify threat exposure and understand what you can afford Build TI tool usage models according to points above Increase agility of assessments and ISMS Think that current state of TI is still initial BUT has a great potential For providers: Establish usable information according to requirements Increase structuring / follow user needs Facilitate visualization, data re-use, historical data Interconnect with ISMS / increase agility For ENISA: Cooperation Create data Check the hook to ISMS

..thank you for your attention.. L. Marinos louis.marinos@enisa.europa.eu

19

What do others do? Excellent positioning of threat intelligence Content types Life-cycles Flows of information Very good analysis of various parts Types of threat intelligence (detailed) Criteria for external TI providers Checklist 20

Landscape painting tools Content and quality MWR - CERT-UK/CPNI 21

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information