SlideShare ist ein Scribd-Unternehmen logo

Compliance standards interoperability - Zoltan Precsenyi

e-Democracy Conference
e-Democracy Conference
1 von 28
Compliance Standards Interoperability: Matters of security Zoltán Précsényi, EU Government Relations Manager Symantec Corporation
What are we talking about?
What are we talking about? Hello, I am the citizen I claim I am. Trust Identity Hi, I am the authority you believe you contacted. I want to send you my data electronically. Authenticity Convenience I need to be sure the data you send me is yours. I want to send my data from my smart phone. Interoperability Mobility I need to read your data on my PC. I am moving to the next country. Shall I have to re-send them the data all over again? Standards They ask for the same data, so I should be able to share yours with them. What if they work on Macintosh? Interoperability It should work all the same. Will my data be as protected there as here? Compliance Security If they are as serious about it as we are, then yes. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
Where do we stand? ICT is pervasive
ICT is pervasive ICT creates: • New opportunities e-government, e-services, cloud • New needs: infrastructure, skills, technology • New expectations: availability, resilience, privacy • New challenges: security, interoperability, data protection, trust • New threats: cyber-crime Interoperability calls for standards. Security requires compliance. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 5
Where does Europe stand? ICT is high on the EU’s agenda
ICT is high on the EU’s agenda EU2020 / Digital Agenda: • Digital single market, intellectual property, eSignature • Data protection in the era of ICT • Review of European standardisation policy • European Interoperability Framework 2.0 • e-government, e-health, European e-public services • Critical Information Infrastructure Protection and Resilience • Modernisation of ENISA, European cybercrime platform Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 7
Compliance
Compliance: Insecure policies Data breaches that could lead to identity theft by cause and identities exposed, 2009 Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
Compliance: Well-meaning insiders 2008 figures • Data losses: • Of all data losses, 88% caused by well-meaning insiders. (source: Ponemon Institute, Cost of a Data Breach, February 2009) • Data breaches: • Of all breaches analysed, 20% caused by insiders. • 67% were well-meaning, simply inadvertent. (source: Verizon Business RISK Team, 2009 Data Breach Investigations Report) Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
Standards
Standards: Open or proprietary? That’s not the issue! Vulnerabilities and windows of exposure of main browsers, 2009 Browser Vulnerabilities Window of exposure (Patch time) Mozilla Firefox 169 <1 day Apple Safari 94 13 days Microsoft Internet Explorer 45 <1 day Google Chrome 41 2 days Opera 25 <1 day Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 12
Standards: What’s a good security standard? A good security standard: • Is not a specific technological standard, • But a performance standard, like: 95% DETECTION RATE OF KNOWN AND UNKNOWN MALWARE Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
Interoperability
Interoperability: The more interoperable you get, the more vulnerabilities you may propagate Web browser plug-in vulnerabilities, 2009 (of a total of 424 identified in 2008, and 321 in 2009) Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
Interoperability: We need the upside of it; So let’s face the downside too: Interoperability: • Can introduce new or propagate existing vulnerabilities. • Can be taken advantage of to distribute threats. • Allows access to information from and to multiple sources, so: • It makes protective monitoring more difficult; • It gets more resource-consuming to secure; • It increases the likelihood of data leakage. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
Interoperability: Facing the downside: How? Interoperability requires: • A risk assessment approach in handling security challenges; • Sharing this approach among those interconnected; • Building the security and privacy policies to match the risks; • Drawing and enforcing security measures as appropriate; • Regularly auditing and reviewing them. Compliance with the highest security standards at all times is what it takes to make interoperability actually work. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
What we’re up against: The threat landscape
The threat landscape Objectives: Not fame, but fortune. Goods and services advertised on underground economy servers Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
The threat landscape Targets: Wherever valuable digital data resides Unique brands phished, by sector, 2009 Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
The threat landscape The economics: The Underground Economy On offer in the underground economy: • Botnets • Spam zombies • Crimeware toolkits • Stolen credentials • Stolen identities You need not be a skilled hacker to mount web-based attacks. Conversely however, skilled hackers mount more and more sophisticated attacks. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
The threat landscape The latest: Stuxnet • Nature and propagation: – Worm spreading via removable storage devices • Objective: – Steal confidential SCADA design and usage documents • Modus operandi: – The door: a zero-day vulnerability affecting all versions of an OS. – The cover: a purposely developed rootkit to hide behind. – The map: knowledge of the attacked industrial assets and processes. – The disguise: stolen digital certificates to sign the malicious files as legitimate. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
The threat landscape The latest: Stuxnet “ Stuxnet is the first publicly widespread threat that has shown a possibility of gaining control of industrial processes and placing that control in the wrong hands. It also shows that in this interconnected world, IT security is more important than ever and that even the unthinkable must now “ be considered. Patrick Fitzgerald, Security Response Manager Symantec Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 23
Standards and Interoperability: What the future has in stock
The future • Virtualisation: – Independance from OS, from applications and from platforms. • Software as a Service: – Single standardised services, single delivery medium, over any infrastructures and environments, pay per use. • Cloud computing: – Easier access to data, easier exchange of information via commonly used networks and communication standards. • Mobility: – Anywhere, anytime, on any device. In terms of security, it means new opportunities, but also new threats, and as many new challenges. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
The take away’s
Take away 1 Standards can make technologies compatible. 2 Standards can make processes more efficient. 3 Standards can help interoperability. 4 But compliance ultimately rests with people. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 27
Security is a matter of technology, processes and people. Zoltán Précsényi zoltan_precsenyi@symantec.com +32 (0)2 257 1319 Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation

Empfohlen

Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverviewDavid C. Petty
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 

Empfohlen

Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverviewDavid C. Petty
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On TrainingTonex
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...JoAnna Cheshire
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future InternetFraunhofer Institute for Secure Information Technology
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochureEhab El Barbary
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonPCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonIBM Danmark
 
Antigena Overview
Antigena OverviewAntigena Overview
Antigena OverviewAustin Eppstein
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudSwapna Shetye
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemAustin Eppstein
 
Ci31560566
Ci31560566Ci31560566
Ci31560566IJERA Editor
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
Trabajo
TrabajoTrabajo
Trabajoandreslopezroldan
 
MDresume
MDresumeMDresume
MDresumeMelanie Duke
 

Weitere ähnliche Inhalte

Was ist angesagt?

SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On TrainingTonex
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...JoAnna Cheshire
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonPCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonIBM Danmark
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudSwapna Shetye
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemAustin Eppstein
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 

Was ist angesagt? (20)

SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On Training
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future Internet
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonPCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
 
Antigena Overview
Antigena OverviewAntigena Overview
Antigena Overview
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystem
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
 

Andere mochten auch

Yossie Tchelet - Reccomendation letter
Yossie Tchelet - Reccomendation letterYossie Tchelet - Reccomendation letter
Yossie Tchelet - Reccomendation letterSerena Graziato
 
Rockin rio nova versão
Rockin rio nova versãoRockin rio nova versão
Rockin rio nova versãoTiagoChicoRei
 
MAX Person - Automação de Marketing
MAX Person - Automação de MarketingMAX Person - Automação de Marketing
MAX Person - Automação de MarketingEdimar Rodrigues
 
Third Quarter 2015 Conference Call
Third Quarter 2015 Conference CallThird Quarter 2015 Conference Call
Third Quarter 2015 Conference CallLake Shore Gold
 
Problemas frecuentes del desarrollo ansiedad y apego ute
Problemas frecuentes del desarrollo ansiedad y apego uteProblemas frecuentes del desarrollo ansiedad y apego ute
Problemas frecuentes del desarrollo ansiedad y apego utekarol sacon
 
Elder Care Services
Elder Care ServicesElder Care Services
Elder Care ServicesDucere Group
 
PUC information requests for NextEra and Hawaiian Electric
PUC information requests for NextEra and Hawaiian ElectricPUC information requests for NextEra and Hawaiian Electric
PUC information requests for NextEra and Hawaiian ElectricHonolulu Civil Beat
 
Ebook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do Usual
Ebook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do UsualEbook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do Usual
Ebook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do UsualEdmour Saiani
 
Plan de Medios UnME
Plan de Medios UnMEPlan de Medios UnME
Plan de Medios UnMEJoan Costa
 
Abordagens indisciplinares de comunicação e redes sociais (Aula 4)
Abordagens indisciplinares de comunicação e redes sociais (Aula 4)Abordagens indisciplinares de comunicação e redes sociais (Aula 4)
Abordagens indisciplinares de comunicação e redes sociais (Aula 4)Andre de Abreu
 
Ponto de Referência - no que ajudamos, quem somos, o que fazemos e como
Ponto de Referência - no que ajudamos, quem somos, o que fazemos e comoPonto de Referência - no que ajudamos, quem somos, o que fazemos e como
Ponto de Referência - no que ajudamos, quem somos, o que fazemos e comoEdmour Saiani
 

Andere mochten auch (17)

Trabajo
TrabajoTrabajo
Trabajo
 
MDresume
MDresumeMDresume
MDresume
 
Yossie Tchelet - Reccomendation letter
Yossie Tchelet - Reccomendation letterYossie Tchelet - Reccomendation letter
Yossie Tchelet - Reccomendation letter
 
Rockin rio nova versão
Rockin rio nova versãoRockin rio nova versão
Rockin rio nova versão
 
MAX Person - Automação de Marketing
MAX Person - Automação de MarketingMAX Person - Automação de Marketing
MAX Person - Automação de Marketing
 
Third Quarter 2015 Conference Call
Third Quarter 2015 Conference CallThird Quarter 2015 Conference Call
Third Quarter 2015 Conference Call
 
Institutions
InstitutionsInstitutions
Institutions
 
Problemas frecuentes del desarrollo ansiedad y apego ute
Problemas frecuentes del desarrollo ansiedad y apego uteProblemas frecuentes del desarrollo ansiedad y apego ute
Problemas frecuentes del desarrollo ansiedad y apego ute
 
Elder Care Services
Elder Care ServicesElder Care Services
Elder Care Services
 
PUC information requests for NextEra and Hawaiian Electric
PUC information requests for NextEra and Hawaiian ElectricPUC information requests for NextEra and Hawaiian Electric
PUC information requests for NextEra and Hawaiian Electric
 
Ebook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do Usual
Ebook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do UsualEbook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do Usual
Ebook AAIDDU - Atitude e Atendimento Ins-piradoramente Diferentes Do Usual
 
ICT Today
ICT TodayICT Today
ICT Today
 
Папороті
ПапоротіПапороті
Папороті
 
Plan de Medios UnME
Plan de Medios UnMEPlan de Medios UnME
Plan de Medios UnME
 
Abordagens indisciplinares de comunicação e redes sociais (Aula 4)
Abordagens indisciplinares de comunicação e redes sociais (Aula 4)Abordagens indisciplinares de comunicação e redes sociais (Aula 4)
Abordagens indisciplinares de comunicação e redes sociais (Aula 4)
 
Ponto de Referência - no que ajudamos, quem somos, o que fazemos e como
Ponto de Referência - no que ajudamos, quem somos, o que fazemos e comoPonto de Referência - no que ajudamos, quem somos, o que fazemos e como
Ponto de Referência - no que ajudamos, quem somos, o que fazemos e como
 
my data.PDF
my data.PDFmy data.PDF
my data.PDF
 

Ähnlich wie Compliance standards interoperability - Zoltan Precsenyi

Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricMark Underwood
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxtmbainjr131
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxCNSHacking
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxtmbainjr131
 
The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to SecurityTripwire
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteWork-Bench
 

Ähnlich wie Compliance standards interoperability - Zoltan Precsenyi (20)

Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy Fabric
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
biometrics and cyber security
biometrics and cyber securitybiometrics and cyber security
biometrics and cyber security
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptx
 
The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to Security
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
 

Mehr von e-Democracy Conference

Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...
Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...
Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...e-Democracy Conference
 
Better parliament-to-citizen communication and greater service to constituent...
Better parliament-to-citizen communication and greater service to constituent...Better parliament-to-citizen communication and greater service to constituent...
Better parliament-to-citizen communication and greater service to constituent...e-Democracy Conference
 
Parilaments & democracy in 21st century - Alexander Prosser
Parilaments & democracy in 21st century - Alexander Prosser Parilaments & democracy in 21st century - Alexander Prosser
Parilaments & democracy in 21st century - Alexander Prosser e-Democracy Conference
 
Necessary steps for implementation of e-Democracy solutions - Dijana Simic
Necessary steps for implementation of e-Democracy solutions - Dijana Simic Necessary steps for implementation of e-Democracy solutions - Dijana Simic
Necessary steps for implementation of e-Democracy solutions - Dijana Simic e-Democracy Conference
 
Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...
Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...
Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...e-Democracy Conference
 
Key Note Presentation - Jani Makraduli
Key Note Presentation - Jani MakraduliKey Note Presentation - Jani Makraduli
Key Note Presentation - Jani Makradulie-Democracy Conference
 
Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...e-Democracy Conference
 
Microsoft - Central and East-Europe in the public sector - Dejan Cvetkovic
Microsoft - Central and East-Europe in the public sector - Dejan CvetkovicMicrosoft - Central and East-Europe in the public sector - Dejan Cvetkovic
Microsoft - Central and East-Europe in the public sector - Dejan Cvetkovice-Democracy Conference
 
Official journal (case study 3) - Andon Stefanovski
Official journal (case study 3) - Andon Stefanovski Official journal (case study 3) - Andon Stefanovski
Official journal (case study 3) - Andon Stefanovski e-Democracy Conference
 
e-Cabinet Albania (case study 2 ) - Endri Hasa
e-Cabinet Albania (case study 2 ) - Endri Hasa e-Cabinet Albania (case study 2 ) - Endri Hasa
e-Cabinet Albania (case study 2 ) - Endri Hasa e-Democracy Conference
 
e-Parliament Macedonia (case study) - Jani Makraduli
e-Parliament Macedonia (case study) - Jani Makraduli e-Parliament Macedonia (case study) - Jani Makraduli
e-Parliament Macedonia (case study) - Jani Makraduli e-Democracy Conference
 
e-Governance chalenges for sustanable development - B. Golob
e-Governance chalenges for sustanable development - B. Golob e-Governance chalenges for sustanable development - B. Golob
e-Governance chalenges for sustanable development - B. Golob e-Democracy Conference
 
ICT - A driver for improving democracy - Igor Andonovski
ICT - A driver for improving democracy - Igor Andonovski ICT - A driver for improving democracy - Igor Andonovski
ICT - A driver for improving democracy - Igor Andonovski e-Democracy Conference
 

Mehr von e-Democracy Conference (13)

Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...
Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...
Advanced infrastructure as foundation for e-democracy solutions - Daniel Dani...
 
Better parliament-to-citizen communication and greater service to constituent...
Better parliament-to-citizen communication and greater service to constituent...Better parliament-to-citizen communication and greater service to constituent...
Better parliament-to-citizen communication and greater service to constituent...
 
Parilaments & democracy in 21st century - Alexander Prosser
Parilaments & democracy in 21st century - Alexander Prosser Parilaments & democracy in 21st century - Alexander Prosser
Parilaments & democracy in 21st century - Alexander Prosser
 
Necessary steps for implementation of e-Democracy solutions - Dijana Simic
Necessary steps for implementation of e-Democracy solutions - Dijana Simic Necessary steps for implementation of e-Democracy solutions - Dijana Simic
Necessary steps for implementation of e-Democracy solutions - Dijana Simic
 
Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...
Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...
Key note e-Democracy Microsoft approach, Global strategic accounts - Michele ...
 
Key Note Presentation - Jani Makraduli
Key Note Presentation - Jani MakraduliKey Note Presentation - Jani Makraduli
Key Note Presentation - Jani Makraduli
 
Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...
 
Microsoft - Central and East-Europe in the public sector - Dejan Cvetkovic
Microsoft - Central and East-Europe in the public sector - Dejan CvetkovicMicrosoft - Central and East-Europe in the public sector - Dejan Cvetkovic
Microsoft - Central and East-Europe in the public sector - Dejan Cvetkovic
 
Official journal (case study 3) - Andon Stefanovski
Official journal (case study 3) - Andon Stefanovski Official journal (case study 3) - Andon Stefanovski
Official journal (case study 3) - Andon Stefanovski
 
e-Cabinet Albania (case study 2 ) - Endri Hasa
e-Cabinet Albania (case study 2 ) - Endri Hasa e-Cabinet Albania (case study 2 ) - Endri Hasa
e-Cabinet Albania (case study 2 ) - Endri Hasa
 
e-Parliament Macedonia (case study) - Jani Makraduli
e-Parliament Macedonia (case study) - Jani Makraduli e-Parliament Macedonia (case study) - Jani Makraduli
e-Parliament Macedonia (case study) - Jani Makraduli
 
e-Governance chalenges for sustanable development - B. Golob
e-Governance chalenges for sustanable development - B. Golob e-Governance chalenges for sustanable development - B. Golob
e-Governance chalenges for sustanable development - B. Golob
 
ICT - A driver for improving democracy - Igor Andonovski
ICT - A driver for improving democracy - Igor Andonovski ICT - A driver for improving democracy - Igor Andonovski
ICT - A driver for improving democracy - Igor Andonovski
 

Compliance standards interoperability - Zoltan Precsenyi

  • 1. Compliance Standards Interoperability: Matters of security Zoltán Précsényi, EU Government Relations Manager Symantec Corporation
  • 2. What are we talking about?
  • 3. What are we talking about? Hello, I am the citizen I claim I am. Trust Identity Hi, I am the authority you believe you contacted. I want to send you my data electronically. Authenticity Convenience I need to be sure the data you send me is yours. I want to send my data from my smart phone. Interoperability Mobility I need to read your data on my PC. I am moving to the next country. Shall I have to re-send them the data all over again? Standards They ask for the same data, so I should be able to share yours with them. What if they work on Macintosh? Interoperability It should work all the same. Will my data be as protected there as here? Compliance Security If they are as serious about it as we are, then yes. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 4. Where do we stand? ICT is pervasive
  • 5. ICT is pervasive ICT creates: • New opportunities e-government, e-services, cloud • New needs: infrastructure, skills, technology • New expectations: availability, resilience, privacy • New challenges: security, interoperability, data protection, trust • New threats: cyber-crime Interoperability calls for standards. Security requires compliance. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 5
  • 6. Where does Europe stand? ICT is high on the EU’s agenda
  • 7. ICT is high on the EU’s agenda EU2020 / Digital Agenda: • Digital single market, intellectual property, eSignature • Data protection in the era of ICT • Review of European standardisation policy • European Interoperability Framework 2.0 • e-government, e-health, European e-public services • Critical Information Infrastructure Protection and Resilience • Modernisation of ENISA, European cybercrime platform Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 7
  • 9. Compliance: Insecure policies Data breaches that could lead to identity theft by cause and identities exposed, 2009 Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 10. Compliance: Well-meaning insiders 2008 figures • Data losses: • Of all data losses, 88% caused by well-meaning insiders. (source: Ponemon Institute, Cost of a Data Breach, February 2009) • Data breaches: • Of all breaches analysed, 20% caused by insiders. • 67% were well-meaning, simply inadvertent. (source: Verizon Business RISK Team, 2009 Data Breach Investigations Report) Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 12. Standards: Open or proprietary? That’s not the issue! Vulnerabilities and windows of exposure of main browsers, 2009 Browser Vulnerabilities Window of exposure (Patch time) Mozilla Firefox 169 <1 day Apple Safari 94 13 days Microsoft Internet Explorer 45 <1 day Google Chrome 41 2 days Opera 25 <1 day Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 12
  • 13. Standards: What’s a good security standard? A good security standard: • Is not a specific technological standard, • But a performance standard, like: 95% DETECTION RATE OF KNOWN AND UNKNOWN MALWARE Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 15. Interoperability: The more interoperable you get, the more vulnerabilities you may propagate Web browser plug-in vulnerabilities, 2009 (of a total of 424 identified in 2008, and 321 in 2009) Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 16. Interoperability: We need the upside of it; So let’s face the downside too: Interoperability: • Can introduce new or propagate existing vulnerabilities. • Can be taken advantage of to distribute threats. • Allows access to information from and to multiple sources, so: • It makes protective monitoring more difficult; • It gets more resource-consuming to secure; • It increases the likelihood of data leakage. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 17. Interoperability: Facing the downside: How? Interoperability requires: • A risk assessment approach in handling security challenges; • Sharing this approach among those interconnected; • Building the security and privacy policies to match the risks; • Drawing and enforcing security measures as appropriate; • Regularly auditing and reviewing them. Compliance with the highest security standards at all times is what it takes to make interoperability actually work. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 18. What we’re up against: The threat landscape
  • 19. The threat landscape Objectives: Not fame, but fortune. Goods and services advertised on underground economy servers Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 20. The threat landscape Targets: Wherever valuable digital data resides Unique brands phished, by sector, 2009 Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 21. The threat landscape The economics: The Underground Economy On offer in the underground economy: • Botnets • Spam zombies • Crimeware toolkits • Stolen credentials • Stolen identities You need not be a skilled hacker to mount web-based attacks. Conversely however, skilled hackers mount more and more sophisticated attacks. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 22. The threat landscape The latest: Stuxnet • Nature and propagation: – Worm spreading via removable storage devices • Objective: – Steal confidential SCADA design and usage documents • Modus operandi: – The door: a zero-day vulnerability affecting all versions of an OS. – The cover: a purposely developed rootkit to hide behind. – The map: knowledge of the attacked industrial assets and processes. – The disguise: stolen digital certificates to sign the malicious files as legitimate. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 23. The threat landscape The latest: Stuxnet “ Stuxnet is the first publicly widespread threat that has shown a possibility of gaining control of industrial processes and placing that control in the wrong hands. It also shows that in this interconnected world, IT security is more important than ever and that even the unthinkable must now “ be considered. Patrick Fitzgerald, Security Response Manager Symantec Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 23
  • 24. Standards and Interoperability: What the future has in stock
  • 25. The future • Virtualisation: – Independance from OS, from applications and from platforms. • Software as a Service: – Single standardised services, single delivery medium, over any infrastructures and environments, pay per use. • Cloud computing: – Easier access to data, easier exchange of information via commonly used networks and communication standards. • Mobility: – Anywhere, anytime, on any device. In terms of security, it means new opportunities, but also new threats, and as many new challenges. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation
  • 27. Take away 1 Standards can make technologies compatible. 2 Standards can make processes more efficient. 3 Standards can help interoperability. 4 But compliance ultimately rests with people. Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 27
  • 28. Security is a matter of technology, processes and people. Zoltán Précsényi zoltan_precsenyi@symantec.com +32 (0)2 257 1319 Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation