Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Ethical hacking, the way to get product & solution confidence and trust in an hyper connected world

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige

Hier ansehen

1 von 10 Anzeige

Ethical hacking, the way to get product & solution confidence and trust in an hyper connected world

Herunterladen, um offline zu lesen

Presentation by Dr. Detlef Houdeau, Eurosmart Vice-President at the 2018 eID Forum
The Performing Ethical Hacking on critical hardware and software, has allowed main critical sectors such as financial transaction, communication transaction, electronic documents, qualified signature devices and HSM to be immune from significant attacks.
Europe is the worldwide leader in Ethical Hacking for Hardware and Embedded Software thanks to the 20 years of expertise created by the SOGIS MRA.

Presentation by Dr. Detlef Houdeau, Eurosmart Vice-President at the 2018 eID Forum
The Performing Ethical Hacking on critical hardware and software, has allowed main critical sectors such as financial transaction, communication transaction, electronic documents, qualified signature devices and HSM to be immune from significant attacks.
Europe is the worldwide leader in Ethical Hacking for Hardware and Embedded Software thanks to the 20 years of expertise created by the SOGIS MRA.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Ethical hacking, the way to get product & solution confidence and trust in an hyper connected world (20)

Anzeige

Aktuellste (20)

Ethical hacking, the way to get product & solution confidence and trust in an hyper connected world

  1. 1. EID FORUM : TALLINN ESTONIA Ethical hacking, the way to get product & solution confidence and trust in an hyper connected world 19th September 2018 1 Detlef HOUDEAU – Eurosmart Vice president
  2. 2. Why having eVoice session on the Ethical Hacking? The Performing Ethical Hacking on critical hardware and software, has allowed main critical sectors such as financial transaction, communication transaction, electronic documents, qualified signature devices and HSM to be immune from significant attacks. 2 Estonia e.g. ROCA (2018) e.g. Web (2007) Europe e.g. SHA-1 e.g. Mirai e.g. RSA-1028 e.g. Wannacry e.g. Petya Vulnerability Attack
  3. 3. Exposure to potential attacks 3 Threat agent Threat Vulnerabilities Risk Exposure Asset creates exploits leads to can affect and causes Ethical Hacking / Pen-testing confirms SCP: Secure Channel Protocol DDoS: Distributes Denial of Service
  4. 4. Ethical Hacking: Definition 4 Europe is the worldwide leader in Ethical Hacking for Hardware and Embedded Software thanks to the 20 years of expertise created by the SOGIS MRA. “Ethical Hacking” means the act of identifying and locating the weaknesses and vulnerabilities of devices or information systems by anticipating the intent, actions and skills of malicious hackers. It is done on a defensive purpose in order to improve the security of devices and information systems, and to give a level of assurance that once released and operated in a given environment, and they will resist to attacks performed by hackers with similar profile. SOG-IS: Senior Officials Group on Information Systems MRA: Mutual Recognition Agreement
  5. 5. Digital Single Market (2015) & Digital Agenda (2020), included Cybersecurity 5 The Charter of Fundamental Rights of the European Union General Data Protection Regulation NIS Directive (EU) 2016/1148 Cybersecurity Act regulation (ENISA / Cyber Certification) eIDAS Regulation EC/910/2014 European Values Digital IdentitiesCybersecurity Cryptography / Encryption Identification, Authentication, Signature, Biometric Passport EC/2252/2004 Residence Permit EC/13502/2007 * * Trialogues has started on the 13th of September
  6. 6. 6 Typical product or service pillars Seen from the industry : standards, conformity and certification landscape Challenge: • Position products/components certification in the holistic scope of IoT ( including services and processes)
  7. 7. Certification process as per the Cybersecurity Act : The upcoming EU regulation ''Cybersecurity Act'‘ : Regulation proposal on creating the EU Cybersecurity Agency and defining the Information and Communication Technology cybersecurity certification 7 Part 1 & 2 Enhancing ENISA coordination activities amongst the EU national cybersecurity agency Part 3 Defining the EU Cybersecurity certification framework Step 1: Creation & Governance of a new Certification Scheme at EU Level – Voluntary scheme for the industry but mandatory that member states put it into in place Step 2: Enforcement of the new Certification Scheme at the national level (e.g. Actors in France) Step 3: Introduction of new Certification Schemes (created in the Step 1) that could be mandatory based on sectorial regulations with a risk-based approach: Using sectorial regulations from different EC DGs (FISMA, CONNECT, GROW, HOME, MOVE etc.)
  8. 8. Main principles Security Certification Scheme Security Concept 8 TRUST Solutions/ products providers Integrators OperatorsCustomers Third-Party TECHNICAL (assessment, review, validation) LEGAL (regulations, contracts, commitments, liabilities) SOCIAL (reputation, transparency)
  9. 9. ITC Private schemes TCG ITC Apple/NIAP Eurosmart contributes to many certification schemes Promoting Ethical Hacking in all these schemes event is some actors are not favorable ! 9 Many other private schemes Global Platform SOG-IS FIDO alliance ITC
  10. 10. www.eurosmart.com @Eurosmart_EU @Eurosmart Eurosmart | Rue de la Science 14b | 1040 Brussels | Belgium Tel. +32 2 880 36 35 Detlef HOUDEAU Eurosmart – Vice president Detlef.Houdeau@Infineon.com 10

×