Cyber security in an organization-transcending way



Similar documents
The Danish Cyber and Information Security Strategy

Cyber Security, a theme for the boardroom

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

Lessons from Defending Cyberspace

European Distribution System Operators for Smart Grids

Cyber Security solutions

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

How To Manage Risk On A Scada System

On the European experience in critical infrastructure protection

Cyber Security Strategy

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

A NEW APPROACH TO CYBER SECURITY

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

National Cyber Security Policy -2013

Microsoft s cybersecurity commitment

September 20, 2013 Senior IT Examiner Gene Lilienthal

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

El Camino College Homeland Security Spring 2016 Courses

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

S. ll IN THE SENATE OF THE UNITED STATES

CYBER SECURITY GUIDANCE

Qatar Computer Emergency Team

European Commission Per

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

What legal aspects are needed to address specific ICT related issues?

Cyber Security Recommendations October 29, 2002

2. Cyber security research in the Netherlands

ESKISP Conduct security testing, under supervision

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

Supplier Vigilance: A Critical Layer of Defense

2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

Supply Chain Risk: Understanding Emerging Threats to Global Supply Chains

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

National Cyber Security Strategy

National Cyber Security Strategy 2

Cloud Security & Standardization. Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC

Cyber Security Assessment Netherlands CSBN-2

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Legislative Language

Working with the FBI

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

CYBER SECURITY, A GROWING CIO PRIORITY

HMG Security Policy Framework

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

The UK cyber security strategy: Landscape review. Cross-government

The National Cyber Security Strategy (NCSS) Success through cooperation

MANAGED SECURITY SERVICES (MSS)

POLICIES TO MITIGATE CYBER RISK

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security Solutions Integrated. Proactive. Resilient.

National Cyber Security Strategy of Afghanistan (NCSA)

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Defending Against Data Beaches: Internal Controls for Cybersecurity

How To Understand And Understand The European Priorities In Information Security

Cybersecurity Strategy of the Republic of Cyprus

Cyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks

NIPP Partnering for Critical Infrastructure Security and Resilience

Cyber security: it s not just about technology

Developing a National Strategy for Cybersecurity FOUNDATIONS FOR SECURITY, GROWTH, AND INNOVATION. Cristin Flynn Goodwin J.

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB Cyber Risk Management Guidance. Purpose

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Cybersecurity and internal audit. August 15, 2014

Into the cybersecurity breach

Research Topics in the National Cyber Security Research Agenda

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

Managing Cyber Attacks

US-CERT Year in Review. United States Computer Emergency Readiness Team

Comprehensive European Security Approaches: EU Security Programmes. Robert HAVAS EOS Chairman of the Board

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Cybersecurity and Privacy Hot Topics 2015

Cyber security initiatives in European Union and Greece The role of the Regulators

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Addressing Cyber Risk Building robust cyber governance

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cyber Risks and Insurance Solutions Malaysia, November 2013

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Transcription:

Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC

March 19, 2015 2 What to talk about Why is cyber security important, and even interesting? Who cares about cyber security, and who should care? Is there a war on cyber, are we winning it? Is there anything that we can do together on cyber security? Who is we? What happens in the Netherlands on cyber security? And in Europe?

March 19, 2015 3 Cyber security Definition The guarantee on availability, integrity and confidentiality of the information supply Foremost: malicious intent, but also mistakes, potential sloppiness Risk based approach Actors, components of cyber security measures Organization People Technique In this order of importance

March 19, 2015 4 Threats and measures Types of threats Hacker attacks Malware Digital espionage Internal attacks Outage of cyber provisions Types of cyber security measures Prevention Detection Response Detection and response become more and more important Web of measures: defence in depth Different targets, like: networks, servers, workplaces, people Organization, People, Technique Prevention, Detection, Response No measure in itself is perfect, the web of measures delivers

March 19, 2015 5 View on cyber security within the organization Scope The own processes and systems Importance To mitigate the risks on information supply of the organization as a whole For the vital processes: most measures are reasonably to well implemented Increasing need for certifying the cyber security process and policy For instance: ISO 27001 and ISO 27002 Scope, again The measures of the organization, decided by the organization Based on de security policy of that organization

March 19, 2015 6 View on cyber security within the community Starting point for every organization Cyber security is quite well organized within the own organization Initial fear: what have others to do with cyber security of my organization? Changing world Increasing interdependencies of vital processes and systems between organizations: Interfaces as part of supply chains between processes and systems Outsourced services and systems Increasing vulnerabilities of the vital systems: connections to the outer world Increasing malicious actions by professional cyber crime and states: Money, information, disruption Governmental or European requirements on cyber security, by law: The Dutch Gaswet, European privacy regulations Cyber security will not be owned anymore by the individual organizations Desired attitude Interest of the organizations: self-regulation Interest of the community: robustness, resilience of the vital systems Bundling of own interest and common interest Could be done: everybody wants robust, resilient vital systems

March 19, 2015 7 Initiatives in the Netherlands (1) Starting point Public Private Partnership Cooperation between Government, Business, Science Organizations Cyber Security Counsel National Cyber Security Center Documents National Cyber Security Strategy An optimum between Freedom, Security and Social Growth A cooperation between Government, Business, Citizens Yearly Cyber Security Vision of the Netherlands: Cooperation of government and private parties Content: Interests, Threat actors, Threat means, Vulnerabilities, Measures, Manifestations

March 19, 2015 8 Initiatives in the Netherlands (2) National Cyber Security Center (NCSC) Computer Emergency Response Team for central government and vital sectors Security advisories service on cyber threats Support of Information Sharing and Analysis Centers (ISAC s) for several vital sectors, like: Finance, Telecom, Energy, Water, Nuclear, Airport, Multinationals Cyber alert service ICT Response Board Benefits Public and Private sector: Learn and know about each other Are able to cooperate when necessary

March 19, 2015 9 ISAC s in the Netherlands Information Sharing and Analysis Center Unity of sector Unity of common interest, like possession of a vital infrastructure Mission Sharing of information about cyber incidents, best practices, own experiences Trust is of the utmost importance: it takes time Organizations don t compete on cyber security Figures at the end of 2014 12 ISAC s, 156 organizations, about 200 250 members Organization No membership fee: investment in time and information Chairman from the business Secretary from NCSC Meetings 5 7 times a year Sometimes work groups to sort out issues

March 19, 2015 10 Initiatives in Europe High level interest in cyber security Interdependencies of processes are rather on a European scale than a national issue, like: Finance, Energy, Telecom Effects of cyber security incidents can be disastrous Cyber security incidents don t stop at the border of countries Existing initiatives European FI-ISAC Emerging initiatives European Energy-ISAC, starts with electricity Network of Information Security (NIS) Platform, connecting 200 members all over Europe European directives, national laws Privacy Maybe much more to come

March 19, 2015 11 Conclusions Important topics for the near future Shared responsibilities for flawless operation within the supply chain Information sharing about cyber threats, incidents, best practices Accountability on cyber security on a national and European level What to do Pro-active posture on developments Active participation on cyber security related activities with government and organizations in the sector The Netherlands poses a good example of what can be achieved together

Questions: p.a.bloemen@home.nl March 19, 2015 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information