SIG ISM WORKSHOP LONDON 2015. Alf Moens



Similar documents
Information Security Management Systems

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Cyber Security for Railway Signalling

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

Security Officer: An NREN Secondee Perspective

Defending Against Data Beaches: Internal Controls for Cybersecurity

SA3: Support for Multi-Domain Services Plenary

Cybersecurity Awareness. Part 1

what can we do with botnet data?

Governance and Management of Information Security

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN

Forth TF- Mobility meeting. Minutes

UK Networks & Security An Overview. Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

3. The Task Force will be open to any individual who can offer appropriate expertise, manpower, equipment or services.

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Cyber Security. perspective of an operator of a critical infrastructure. 1st CAMINO Workshop. Rolf Brunner Fachstelle IT-Sicherheit

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN s NOC

ISO27001 Controls and Objectives

15 JAAR VOOROP IN ICT SECURITY

ISO Controls and Objectives

Trial of the Infinera PXM. Guy Roberts, Mian Usman

GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services. Utrecht October

Dublin Institute of Technology IT Security Policy

TERENA Task Force TF-MSP Meeting Thursday 27th and Friday 28th November 2014 Hosted by University of Malta, Valletta. Notes by Magda Haver, TERENA

Some Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean

INFORMATION TECHNOLOGY SECURITY STANDARDS

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

External Supplier Control Requirements

DANCERT RFC2350 Description Date: Dissemination Level:

Information Services. The University of Kent Information Technology Security Policy

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Thresholds for annual reporting

Cyber security in an organization-transcending way

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Information Incident Management Policy

Building National and Regional Cybersecurity Competences through the UbuntuNet Alliance NRENS

Committees Date: Subject: Public Report of: For Information Summary

Clouducation. Andy Brauer CTO Business Connexion

Cybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Cyber security guide for boardroom members

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

How to gain and maintain ISO certification

Network Security. Intertech Associates, Inc.

Supplier Vigilance: A Critical Layer of Defense

CYBER SECURITY FOUNDATION - OUTLINE

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Cloud Computing Governance & Security. Security Risks in the Cloud

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure

Small businesses: What you need to know about cyber security

North Texas ISSA CISO Roundtable

Project 2020: Preparing Your Organization for Future Cyber Threats Today

D2.2 Executive summary and brief: Cyber crime inventory and networks in non-ict sectors

VENDOR MANAGEMENT. General Overview

Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Information security controls. Briefing for clients on Experian information security controls

Introduction to perfsonar

SECURITY CONSIDERATIONS FOR LAW FIRMS

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Information System Audit Guide

CYBERSECURITY EXAMINATION SWEEP SUMMARY

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

Nine Steps to Smart Security for Small Businesses

Assuring the Cloud. Hans Bootsma Deloitte Risk Services +31 (0)

The conference agenda is attached.

2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Cyber Security Issues - Brief Business Report

Managing Cyber Risk through Insurance

Presented by Frederick J. Santarsiere

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

U07 Information Security Incident Policy

CYBER-ATTACKS THE GLOBAL RESPONSE

University of Kent Information Services Information Technology Security Policy

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Informatiebeveiliging volgens ISO/IEC 27001:2013

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Holistic Data Security. How to defend your sensitive data against all threats

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Audit summary of Security of Infrastructure Control Systems for Water and Transport

ICT Security. High-Quality Information and Know How Protection. Design and implementation of security. Covering almost all of ICT security

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Version 1.0. Ratified By

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

CYBER RISK INTERNATIONAL COMPANY PROFILE

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Into the cybersecurity breach

Cybersecurity and internal audit. August 15, 2014

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

TLP WHITE. Denial of service attacks: what you need to know

Testbeds as a Service Building Future Networks A view into a new GEANT Service. Jerry Sobieski (NORDUnet) GLIF Tech Atlanta, Mar 18, 2014

ICASAS505A Review and update disaster recovery and contingency plans

Exchanging new ideas

Transcription:

SIG ISM WORKSHOP LONDON 2015 Alf Moens

SIG ISM The aims of the SIG-ISM are: * Establish a community of NREN security management professionals develop, maintain and promote trust framework between NRENs based on international standards * promote the use of international security standards and share best practices for security management within NRENs * discuss and promote issues of information security management of particular interest to NRENs In the direction of these fundamental points, the 1st SIG-ISM that will be held at the Imperial College in London wishes to bring together CISOs and all people interested on ISM to develop and strengthen the ISM Community around the globe.

Agenda Tuesday 12:30-13:30 Arrival and registration 13:30-13:45 Welcome and introduction Alf Moens (SURF) 13:45-14:15 How to gain and maintain ISO 27001 certification Urpo Kaila (CSC) 14:15-14:45 Jisc and the ISO27001 James Davis (Jisc) 14:15-14:45 Coffee break 14:45-16:45 Round-table discussions What do NREN need to implement as a standard? The aim of this discussion is to generate a document to highlight the basic steps NRENS should follow to implement security management. 16:45-17:00 Summary of the day 17:00-19:00 Checking in... 19:00-21:00 Joint dinner

Introduction SIG ISM Steering committee: Started autumn 2014, at workshop in Utrecht, monthly VC meetings: James, Rolf, Wayne, Alf Charter: approved! Participation: free for anyone but aimed at security opfficers of NRENs It s not about incidents, it s about security management. Reach out to other Task forces and SIGs Maintain register of security officers Should we work on a trust framework?

Agenda Wednesday 09:00-9:30 Risk Registers, the good and the bad Making Real Change Wayne Routly (GEANT) 9:30-10:30 Round-table discussions Risk analysis The aim of this discussion is to generate a short paper around the current risks and the new threads coming up. 10:30-11:00 Coffee break 11:00-11:30 Finalising the discussion on Risks 11:30-12:20 REFEDS and SIG-ISM Nicole Harris (GEANT) 12:20-12:30 Discussion about future meetings and Wrap-up

Participants Alf Moens - SURFnet bv Wayne Routly - DANTE Alessandra Scicchitano - GEANT Association Dominique Launay - GIP RENATER Maciej Milostan - PSNC / PIONIER John Chapman - Jisc Antonio Fuentes Bermejo - RedIRIS Fernand De Decker - BELNET Rolf Sture Normann - UNINETT AS Cynthia Wagner - Fondation RESTENA Thomas Tam - Canada's Advanced Research and Innovation Network Jacob Asbæk Wolf - NORDUnet A/S Øivind Høiem - UNINETT AS James Davis - Jisc Urpo Kaila - CSC - IT Center for Science Ltd. Nicole Harris - GÉANT Association apologized [4] Aidan Carty - HEAnet David Simonsen - WAYF - Where are you from Vlado Pribolsan - AAI@EduHr - Croatian Research and Education Federation Ralf Groeper - DFN

Standards and certifications Inventory - Do you have a security officer? An approved security policy? - Which standard for information security are you using? - Are you implementing any certifications? - Which? - Who is asking for this? - How much effort is it? Discussion - What standard should a NREN use for information security?

Risk Identification and Management Do you perform any risk analysis? Company wide, for a project or for an information system? What do you need to protect? What are the core assets of a NREN? What are the main threats for a NREN? What are the main threats for a university?

Type of Threath Example sof Threath Relevance (chance * imoact) # Type of Threath Event Actor Example incidents Education Research Operations 1" Accessing"or"(unautorised)"" publishing""data" Theft"of"reasearch"data" Privacysensitive"information""is"leaked"and"published" Design"of"a"research"lab"falls"into"wrong"hands"" Cybercriminals" Activists" States" Tentamenfraude" door" openbaarmaking" van" tentamenopgaven"" Privacygevoelige" gegevens" over" students" en" leerlingen"op"straat"beland" MIDDLE HIGH MIDDLE Fraude"bij"gaining"access"to""information"abouth"exams"and" test"questions"" Employees" Kamervragen"over"intranetlek"Hogeschool" 2" Identity"fraude" Student"has"someone"else"do"his"examn" Student"poses"as"other"student"or"employee"to"gain"access" to"exams." Activist"poses"as"a"researcher" Student"poses"as"an"employee"and"changes"examresults" Students" Cybercriminals" Activists" " Kamervragen" naar" identiteitsfraude" Hogeschool" Windesheim" Fraude"in"toelating"examens" HIGH MIDDLE LOW 3" Manipulation"of""data" Studieresultaten"worden"vervalst" Manipulatie"van"research"data" Aanpassing"van"bedrijfsvoering"data" " Students" Employees" Student" krijgt" vier" jaar" celstraf" voor" het" wijzigen" van"zijn"cijfers" Massale"fraude"economiestudents" Student" hackt" website" en" inleversysteem" Informatica" HIGH LOW LOW 4" Espionage" Research"data"worden"afgetapt" Via"een"derde"partij"wordt"intellectueel"eigendom"gestolen" States" Companies" &" commercial"partners" MI5" waarschuwde" Britse" universiteiten" voor" cyberattacklen" NSA"hackt"Belgische"cyberprofessor" LOW HIGH LOW Cybercriminals" Chinezen"bespioneren"denk"tanks"met"expertise"in" Irak" 5" Disruption"of"ICT" DDoSVattack"legt"ITVinfrastructuur"plat" Kritieke""research"data"of"examendata"wordt"vernietigd" Opzet"van"onderzoeksinstellingen"wordt"gesaboteerd" Onderwijsmiddelen" worden" onbruikbaar" door" malware" (bijv."elearning"of"het"netwerk)" Cyberresearchers" Activists" Students" Employees" Distributed" Denial" of" Service" attack" treft" SETI" project" Dorifelvirus"treft"ook"universiteiten" Server"legde"netwerk"Universiteit"Utrecht"plat" MIDDLE MIDDLE MIDDLE 6" Take"over"or"abuse"ofCT" Opstelling"van"onderzoeksinstellingen"overgenomen" Systemen" of" accounts" worden" misbruikt" voor" andere" doeleinden"(botnet,"mining,"spam)" Cybercriminals" Students" Employees" Yahoo" blokkeert" Universiteit" Maastricht" wegens" spam" Student" gebruikt" universiteit" computers" om" dogecoin"te"minen" LOW MIDDLE MIDDLE 7" Create"negative"image"on" purpose" Defacement"of"website" Social"media"account"hacked"and"abused" Activists" Students" Homepage"Faculteit"Letteren"beklad" Hackers"bekladden"website"van"MIT" Cyberresearchers" LOW LOW LOW Cybervandalen" Legenda relevantie - Bron:-Cybersecuritybeeld-Nederland"(Nationaal"Cyber"Security"Centrum,"2014)" LOW MIDDLE HIGH

Sources for threat information SURF Cyberdreigingsbeeld 2014 https://www.surf.nl/nieuws/2014/11/handvatten-omcybersecurity-instellingen-te-verbeteren.html Cyber Security Beeld Nederland 4 (NCSC) https://www.ncsc.nl/dienstverlening/expertise-advies/ kennisdeling/trendrapporten/cybersecuritybeeldnederland-4.html Dutch Cyber Security Council (CSR) (cyber security guide for the board room) http://www.cybersecurityraad.nl/assets/ 1502517_VENJ_Cybersecurity_UK_vdef.pdf Enisa Threat Landscape http://www.enisa.europa.eu/activities/risk-management/ evolving-threat-environment/enisa-threat-landscape-midyear-2013/at_download/fullreport World Economic Forum http://www.enisa.europa.eu/activities/risk-management/ evolving-threat-environment/enisa-threat-landscape-midyear-2013/at_download/fullreport 10

Threat types Threats Asset types Threat Landscape and Good Practice Guide Unauthorised physical access/unauthorised entries to Hardware, Infrastructure premises for Internet Infrastructure Physical attacks Sabotage Hardware, Infrastructure Disasters Natural disasters Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Environmental disasters Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Failures/Malfunctions Failures of parts of devices Protocols, Hardware, Software, Information, Services Configuration errors Protocols, Hardware, Software, Information, Services Outages Lack of resources Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Network outages Hardware, Software, Information, Services Unintentional damages (accidental) Information leakage/sharing Hardware, Software, Information, Services, Interconnection Unintentional change of data in an information systems Protocols, Hardware, Software, Information, Services Damage/Loss (IT assets) Damage caused by a third parties Hardware, Software, Information, Services, Interconnection, Infrastructure, Human resources Loss of reputation Interconnection, Human resources Nefarious activity/abuse Manipulation of hardware and software Protocols, Hardware, Software, Information, Services Denial of service attacks (DoS/DDoS) Hardware, Software, Information, Services Eavesdropping /Interception/Hijacking Interception compromising emissions Protocols, Software, Information, Services Man in the middle/session hijacking Software, Information, Services Legal Violations of law or regulation/breaches of legislation Software, Information, Interconnection, Human resources Failure to meet contractual requirements Software, Information, Interconnection, Human resources Source: Enisa Threat Landscape and Good Practice Guide for Internet Infrastructure, jan. 2015

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information