SlideShare ist ein Scribd-Unternehmen logo

Biznesa infrastruktūras un datu drošības juridiskie aspekti

E
ebuc

Biznesa infrastruktūras un datu drošības juridiskie aspekti. Carlos Trigoso, EY Eiropas, Vidējo Austrumu, Indijas un Āfrikas reģiona vadības konsultāciju centra Informācijas drošības virziena vecākais projektu vadītājs.

Technologie
1 von 41
Risk and Trust in Cloud Computing Through Advanced Network Monitoring Carlos Trigoso EY EMEIA Advisory Centre - Information Security February 5th, 2014
Content ► Introduction: Cyber Security ► A Network of Networks ► Multi-layered Advanced Monitoring ► Summing up: The essence of the EY approach Page 2
Introduction: Cyber Security
Our view of Information Security ► Why: Risk and trust monitoring, reporting and auditing (Pragmatic content of Security) ► How: Risk and trust boundary definition, Security architecture or model (Semantic content of Security) ► Who: Risk sharing and trust allocation, defining functions and roles in and out of the organisation (Structural content of Security ► What: Risk avoidance and trust enforcement, access control (Material content of Security) Page 4
Getting ahead of cyber crime ► The message of the EY Security Practice is: “Anticipating cyber attacks is the only way to be ahead of cyber criminals.” ► It is not only because cyber threats are increasing in their levels of persistence, sophistication and organisation; it is also not only because of the increasing impact cyber attacks can have on business organisations. Page 5
Getting ahead of cyber crime ► Essentially, we know that organisations need to change their way of thinking to stop being simply reactive to future threats. ► Despite this, only 5% of organisations we surveyed have a threat intelligence team with dedicated staff. This applies to all economic sectors. ► We address the Security requirements of the Cloud services and their environment, and talk about how leading organisations can reach a state of readiness, gaining confidence in their assessment of risks and threats and anticipating and getting ahead of cybercrime. Page 6
Looking beyond the borders Page 7 • What is our “security limit;” in other words: with how many partners should we work to enhance overall cybersecurity? • How much can we do to manage the risk in the business ecosystem? • Are we prepared to accept a certain level of risk from the business ecosystem?
Company one Company two Collaboration Climate Collaboration within the ecosystem Page 8
Security operations and threat intelligence ► In this new global context we think it is vital to have processes and technologies supporting the goals of the organisation. These are most effective when centralised, structured and coordinated around the Security Operations Centre (SOC). ► 40% of the organisations we surveyed in 2014 do not have a centralised security function of this kind, and those who have, are not obtaining all the benefits they could from this capability. ► Centralising security functions is not enough, for, if we consider in particular the cutting edge areas of industry, it is by far not clear how to secure these new environments and technologies. ► If your organisation has a SOC, how would this function monitor and enforce Security upon mobile platforms, networks, transport systems, distribution grids and similar complex systems? In what follows we address these challenges . Page 9
Cloud adoption changes the Security landscape Other Suppliers Governm ent Private Consumer s Auxiliary Suppliers Suppliers Contract Manufacturers Distribution Contractors Market s Transportation Providers Partners Joint-Ventures Research Scientists Product Designers Transportation Retail Industry Experts Corporate Clients Distribution Service Providers Support Services Vendors Employees Financial Institutions Consultants External Audit SAAS is adopted massively. Problem: This extends the reach of the business even more, and low-security solutions proliferate. Software as a service Amazon SalesForce Platform as a service Infrastructure as a service Warehouse Network Page 10
Achieving Security, Trust and Auditability 1. Organization. Cloud services impact the organizational behaviors. Organizations need to document roles and responsibilities associated with the use of cloud services and train employees regularly on these protocols. 2. Technology. IT functions should design applications according to industry security standards, encrypt the data, and implement role-based access and identity management solutions. 3. Data. IT functions need to classify and inventory data, assign data owners and securely purge data that is no longer required. 4. Operations. Business continuity management and resiliency program policies and procedures should include periodic review and testing, change management and formalised processes. 5. Audit and compliance. Organizations should plan and execute audits in a way that minimizes business interruption. For maximum assurance, organizations should engage a third party to perform the audit and certify the environment. 6. Governance. There are many cloud options from which organizations may choose, from public cloud services, to building a private cloud, to a hybrid approach. Regardless of the deployment path organizations pursue, governance processes are necessary. Page 11
Information Security challenges Cyber Attacks ► Larger attack surface compared to traditional IT System due to potentially millions of networked end-points in the “wild” i.e. meters in households ► Linking industrial control systems to IP based data networks creates potentially insecure entry points to the grid ► Critical operations such as remote disconnect and firmware upgrades could be compromised creating widespread damage Security vulnerabilities discovered post installation could have significant financial and operational consequences Sophisticated malware attacks on process control systems (e.g. Stuxnet) could severely impact power generation and distribution systems Widespread availability of supply could be impacted through unauthorised generation/replay of critical commands FINANCIAL IMPACT OPERATIONAL IMPACT LOSS OF CONSUMER TRUST LOSS OF ENERGY SUPPLY REGULATORY FINES ICO INVESTIGATIONS Impacts SHARE VALUE DROP ► Uncertainty on ownership and third party access to personal energy usage data ► Secure capture, storage and transmission of large amounts of granular consumption data. The more granular the data the greater the insight into behavioural patterns of consumers Data Privacy ► Uncertainty on ownership and third party access to personal energy usage data ► Secure capture, storage and transmission of large amounts of granular consumption data. The more granular the data the greater the insight into behavioural patterns of consumers Lack of robust data governance framework could results in failure to meet contractual and regulatory requirements Personal data leakage due to insecure data lifecycle process (creation, transmission, storage, destruction) BREACH OF CONTRACT RisksThreats Page 12
Understand your threat environment and establish early detection ► A cyber-threat capability should be able to address the following questions: ► What is happening out there that the organisation needs to learn from? ► How can the organisation become “hardened” against attack? ► How are other organisations dealing with threats and attacks? ► How can the organisation help others deal with these threats and attacks? ► Is the organisation able to distinguish a random attack from a targeted one? ► What would be the economic cost of an attack? ► How would the customers be impacted and what would the legal and regulatory consequences be? ► The emphasis of Security has changed to Threat Intelligence! Page 13
Taking action and getting ahead ► Your organisation may already have strong IT policies, processes and technologies, but, is it prepared for what is coming? To address this you should take action: ► 1. Design and implement a cyber threat intelligence strategy to support strategic business decisions and leverage the value of Security. ► 2. Define and encompass the organisations extended cybersecurity ecosystem including partners, suppliers, services and business networks. ► 3. Take a cyber-economic approach, understanding your vital assets and their value, and consequently investing in their protection. ► 4. Using forensic data analytics and cyber threat intelligence to take analyse and anticipate where the likely threats are coming from and when, increasing your readiness. ► 5. Ensure everyone understands the need for strong governance, user controls and accountability. Page 14
A Network of Networks
A Network of Networks (1) ► Together with the Grid (e.g. Smart Meter) and other mobile and Internet-connected systems, the Cloud ecosystem is a “Network of Networks” (or a System of Systems). ► Focusing on this reality, our proposed approach is to consider the Cloud services and infrastructures as one more aspect of much wider and complex network. ► When taking this point of view, we see the need to shift the emphasis from the Cloud services a cleanly defined system, with clear boundaries and input/output points, and take instead as our object of protection the networks themselves, i.e. the interactions between the users/owners of the applications and the numerous other actors in the ecosystem. ► Security becomes then the security of those interactions and is not limited to the Cloud service or data centre as a “thing.” Page 16
A Network of Networks (2) The Network of Networks is the full-blown Internet of People and Things, where every machine-to-machine connection is actually mediated human interaction. Page 17
A Network of Networks (3) These Networks, are simultaneously networks of collaboration, but also networks of opposition and threat. There is no “inside” or “outside” in this discontinuous, porous space. Page 18
A Network of Networks (4) ► Traditional, proven Risk Management models are essential for the Security function in an organisation; but their own origin and wisdom are still focused in a world where the organisation owns and possesses most if not all of the data assets flowing through the systems. ► Different to this, in a network of networks (consider for example an extended network of partners, suppliers and collaborators) data assets are in possession, are governed and managed by different actors with different policies and assurance requirements. ► Let’s not forget too that these actors have sometimes very different interests and business objectives within the collaboration. ► In the whole, the Risk “Landscape” of the organisation is only a part of a potentially contradictory and opaque “universe” of actual and potential threats. It is not only that the boundary of the enterprise is disappearing: the risk landscape also becomes unbounded. Page 19
► A standard approach to risk management assumes that the trust boundary is already defined. Is this correct? What is the risk incurred by the different participants? ► What is missing in the risk-focused and techno-centric approach is everything related to the management of trust, i.e. the new functions and processes, the new policies and structures required to expand the risk boundary. ► Four key questions (areas) need to be addressed to complete the Security discourse: ► Who owns the data and who authorises, validates access to it? (Verification of Trust) ► What is the structure of the network and what security zones should exist? (Definition of Trust) ► What roles/functions exist in these zones and how is trust allocated? (Allocation of Trust) ► These are then complement by the risk-focused area (Enforcement of Trust) Page 20 A Network of Networks (5)
A Network of Networks (6) ► In the Cloud (and shared infrastructure) environment, a new Risk and Trust space is defined: ► New functions are adopted by the business (for example: operating incrementally as service providers) ► New partners are introduced (for example: application providers and data processors) ► New relationships with the client are necessary (for example: enabling the client to select products and services online) ► The information networks and technologies are extended (for example: establishing mobile connections and access for maintenance and support purposes) ► Previously physically isolated systems are linked under the Cloud services (for example: network gateways for authentication) Page 21
A Network of Networks (7) The fundamental insight: Page 22 The Target of Protection, the object of security is the network of networks, not the particular cloud- connected system. The services “exist” in a much wider network. So all Information Security measures and technologies need to be aligned with this goal in mind.
Multi-Layered Advanced Monitoring
Building trust in the cloud is attainable by leveraging a risk-based framework We have reached the technology tipping point of adoption of the cloud; what once was an emerging technology filled with promises of efficiency, agility and interoperability has become the norm. Early adopters have gained unquestioned competitive advantages due to the ease and acceleration of implementing cloud technologies. However, there is still one lingering question asked by boards, business executives and IT professionals alike: can we trust the cloud? By focusing on access and data control consumers and providers can strive for a secure, trusted and audit-ready environments. The following slides show how to address this challenge. Page 24
Cyber Threat: the Regin Malware http://www.symantec.com/en/uk/outbreak/?id=regin&om_sem_cid=biz_sem_s215343999763367|pcrid|53538324323|pmt|e|plc||pdv|c
The rise of Cyber Threat Information security is changing at a rapidly accelerating rate. In today’s world of ’always on’ technology and not enough security awareness on the part of users, cyber attacks are no longer a matter of “if” but “when.” With the understanding that attacks can never be fully prevented, companies should advance their detection capabilities so they can respond appropriately. • Point solutions, in particular — antivirus, IDS, IPS, patching and encryption — remain a key control for combatting today’s known attacks. However, they become less effective over time as hackers find new ways to circumvent controls. So how do organizations build controls for the security risks they don’t even know about yet? Page 26
How can a Security Operations Centre help? Organizations may not be able to control when information security incidents occur, but they can control how they respond to them. Expanding detection capabilities is a good place to start. A well-functioning Security Operations Centre (SOC) can form the heart of effective detection. It can enable Information Security functions to respond faster, work more collaboratively and share knowledge more effectively. EY not only recommends the SOC approach for common IT operations, but also for Operational Technology Security, considering that these two areas are converging and require an articulated approach. Page 27
Page 28 How we think about threat intelligence … rather than the instigating event and reaction. Threat Actor Precursor Event Pattern of Response Consequence Precursor Event Pattern of Response Consequence • missing patch exploited • malware injected • data exfiltrated Vulnerability Intelligence focuses efforts on studying the consequence … … rather than the instigating event and reaction.
How do I monitor? What do I monitor? Where do I monitor? Four key considerations for Security monitoring ► Targets ► System/operating system ► Identity/accounts ► Network traffic ► Application/database ► Data/file ► Transactions 3 21 ► Environment ► Host-based ► Network-based ► Internal ► External ► Infrastructure ► Algorithms ► Action/behavior based ► Heuristics ► Anomaly ► Attribute based ► Signature ► Approach ► Real-time/near real-time ► Post-event analytics ► Batch data processing How do I monitor?4 Page 29
Multi-Layered Advanced Monitoring (1) ► As the Cloud, Grid and Mobile initiatives change the Security landscape of our clients in all sectors, EY promotes a comprehensive approach to this space. ► Our Security Operations Centre and Cyber Security approaches become more and more relevant as our clients adopt Cloud, Grid, Connected and Mobile business models. ► A decisive part of this direction is the enablement of Threat Management processes and technologies which operate within the SOC framework and become the eyes and the brains of our client’s Security stance. ► Now, centralising security functions is not enough. If your organisation does have a SOC, how would this centre monitor the extended environment and discover or anticipate threats? Page 30
Multi-Layered Advanced Monitoring (2) ► To do so, several conceptual and technical changes are necessary to implement a satisfactory Threat Management system. ► Let’s first recapitulate the conditions of such a solution: ► The environment is articulated in for form of a network of networks or multi-start pattern. ► In this space there are both known and unknown devices, as well as both managed and unmanaged entities whose actions are impossible to predict ► Apparently well-behaved devices are opaque: anomalous behaviour cannot be determined by means of conventional testing of components (*) ► Attacks “from the inside” are equivalent to “attacks from the outside” of the networks ► There is no definite network perimeter ► Risk analysis, based on historical data is not relevant to determine future events or security measures ► There is no frequency data that can be extrapolated to anticipate attack trends ► Attack events are not self-contained, as for example the case when simulated attacks are only a cover for the real objectives of the attacker Page 31
Multi-Layered Advanced Monitoring (3) ► Under these conditions, several requirements arise for any Threat Management solution (comprising organisational and technical processes): ► A shift is necessary both at technical and procedural level, moving from event monitoring (i.e. the capture of known events which assert the status of a system) to pattern monitoring i.e. the analysis and synthesis of behaviour of systems at network level (interactions of systems) ► The concept of Continuous Monitoring needs to be applied but going beyond the customary scope of performance and compliance processes, to adopt criteria of known and desirable patterns, versus unknown and undesirable patterns of interaction. ► Instead of predictive threat modeling, based on supposed event frequencies and expert opinion, each network needs to be surveyed by looking primarily onto the traffic between the nodes, the protocols in use and the patterns of communication or transaction. Page 32
Multi-Layered Advanced Monitoring (4) ► This solution class requires what can only be understood as a deeper and more systematic analysis of the business operations and the networks it lives in. Essential steps include: ► A catalogue or inventory of the protocols used. The solution must implement an active protocol detection capability to validate any traffic. (*) ► An inventory of network, platform and device admissible commands that can be sent over the agreed protocols ► A detailed matrix of access routes specifying user and device types, application and system targets, credentials, data types, traffic patterns, transaction levels, business criticality, assurance requirements and service levels ► A baseline or model of desirable traffic and interaction patterns at network level ► A sensor or agent architecture to filter traffic where possible (in the standard way of systems management) ► A network protocol and packet-level filtering service to analyse traffic at key points of entry and exit of the sub- networks ► Behavioural analysis tools capable of storing and processing data in real time across the collaboration network including partner networks when possible (collaborative security) ► As Security mechanisms should not become a single point of failure, advanced concepts of signal intelligence need to be applied, for example implementing “signal comparison” of filtered and unfiltered traffic. ► Any behavioural change in the network must trigger immediate redundant communications and services in a fashion similar to safety-orientated mechatronics or avionics systems. ► On the process side, the baseline of communications must be recalibrated periodically within the framework of collaborative security. Page 33
Typical Protection Domains Internet Data Center Global WAN Monitoring Network Core Network Remote VPN Access Gateway ICT Data Center E-Government Applications Gov. Agencies Data Link Encrypted connections Out-of-band Management Network Remote Network Insider threats Man-in-the Middle Internet threats Insider threats Remote Network Network Operations Center Main Threat Cases • Traditional External Threat - As worms evolved faster than defense mechanisms like anti-virus solutions, firewalls and intrusion detection systems, their ability to penetrate an infrastructure and propagate rapidly was increasing. • Man-in-the Middle threats – risk of interception of sensitive information or communications • Insider threats - leak risks whenever a sensitive file or database was accessed and then subsequently sent to an external location. • Moreover, APT pose significant threats to MICT. The risk of an attack by the APT is high – therefore MICT requires advanced threat detection and remediation capabilities. Insider threats Page 34
SoC Monitoring Architecture Internet Data Center Global WAN Monitoring Network Core Network Remote VPN Access Gateway ICT Data Center E-Government Applications Gov. Agencies Out-of-band Management Network Remote Network Remote Network Security Operations Center Events Database  SOC requires a Highly Scalable and Intelligent Technology Platform with Real-Time Event Correlation to Effectively Mitigate Business Risk.  Collect event data from various devices and applications, VOIP as well as other communications solutions;  Process and archive streaming data from a globally dispersed network of thousands of event sources “real-time”;  Correlate this event data in order to identify and prioritize threats across the organization;  Provide a centralized easy-to- understand view of these threats and automated response workflow;  Achieve event data for compliance purposes and forensic analysis  Need full-packet capture - to allow data mining and retrospective analysis and nvestigations Network Operations Center Page 35
Summing Up: The essence of the EY approach
Our view of Information Security ► Why: Risk and trust monitoring, reporting and auditing (Pragmatic content of Security) ► How: Risk and trust boundary definition, Security architecture or model (Semantic content of Security) ► Who: Risk sharing and trust allocation, defining functions and roles in and out of the organisation (Structural content of Security ► What: Risk avoidance and trust enforcement, access control (Material content of Security) Page 37
A “data-centric” (data “flow”) Security approach Page 38 • 1 Data Ownership • 7 Reporting • 2 Assurance Levels • 3 Data Classification • 4 Zoning Model • 6 Interfaces & Protocols • 8 Audit & Verification • 5 Access Rights Note The root of Cloud, Grid and Mobile Security is Data ownership. Determining the assurance and data classification levels precede the zoning and access model
Getting started in Threat Intelligence • Security services begin with a Situational Awareness assessment. • Evaluate an organisation’s potential threat actors • Establish a framework of collaborative security • Map available controls to detect and complicate potential events • Baseline the interactions and network flows with and in the collaboration environment • Catalogue the entry and exit points, as well as the allowed access routes and commands • Define a strategy to enhancing Threat Intelligence capabilities for the organisation’s unique threat landscape • Provide a current capability and roadmap to the desired Threat Intelligence capabilities required by each organisation Page 39
Our relevant Security & Data Protection services Security Architecture & Design ► Develop end-to-end security principles and requirements based on your risk acceptance levels. Ensure security is embedded into the design of your smart metering / grid system. ► Specialist advice in areas such as: ► Crypto key management ► Access control / Authentication ► Protection and monitoring of critical commands (e.g. remote disconnection of supply, device firmware upgrades, remote administration, Pre-pay top-up etc.) Privacy & Data Protection ► Perform Privacy Impact Assessment (PIA) on your smart metering activities, looking at areas such as: ► Granularity & frequency of energy consumption data ► Third party access to energy consumption date ► Retention of data across your systems ► Aggregation and/or anonymisation of data ► Develop a privacy framework and associated controls to ensure you comply with your data protection regulatory obligations. Penetration Testing ► Deep technical security expertise (working with specialist partners as required) we offer a range of services to help discover potential vulnerabilities through security penetration testing. ► Covering both software and hardware testing, including: ► Meter communication interfaces ► On-board firmware ► Meter hardware chipsets & circuit board components ► ease of extraction of crypto keys and on-board log data from storage Cyber Threat Monitoring and Management ► SOC design and implementation ► Continuous Monitoring of enterprise and ecosystem networks ► Proactive cyber-attack detection Cyber Security Assessment & Governance ► Focused assessment of security controls in place (or planned) as part of your smart metering or smart grid implementation. We can tailor the assessment based on your requirements. Our expertise covers areas such as: ► Smart meters ► Communication hubs ► Home Area Networks ► Wide Area Networks ► Concentrators ► Develop security governance framework including review and re- adjustment of security controls. ► Head-Ends ► Administration terminals ► Back-end systems storing/ handling consumption data ► Incident Response ► Cyber Threat and Attack investigations ► Information Security Analytics Page 40
EY | Assurance | Tax | Transactions | Advisory Ernst & Young LLP © Ernst & Young LLP. Published in the UK. All Rights Reserved. The UK firm Ernst & Young LLP is a limited liability partnership registered in England and Wales with registered number OC300001 and is a member firm of Ernst & Young Global Limited. Ernst & Young LLP, 1 More London Place, London, SE1 2AF. ey.com

Empfohlen

clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 

Empfohlen

clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectJermund Ottermo
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingEMC
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
 

Weitere ähnliche Inhalte

Was ist angesagt?

2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectJermund Ottermo
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingEMC
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 

Was ist angesagt? (20)

2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in Retrospect
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-Depth
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems Policy
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?
 
develop security policy
develop security policydevelop security policy
develop security policy
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence Sharing
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 

Ähnlich wie Biznesa infrastruktūras un datu drošības juridiskie aspekti

Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economyaccenture
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assetscyberprosocial
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 

Ähnlich wie Biznesa infrastruktūras un datu drošības juridiskie aspekti (20)

Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economy
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
digital marketing
digital marketingdigital marketing
digital marketing
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
16231
1623116231
16231
 

Mehr von ebuc

What's Next for Your Industry and City?
What's Next for Your Industry and City? What's Next for Your Industry and City?
What's Next for Your Industry and City? ebuc
 
Top global mega trends
Top global mega trends Top global mega trends
Top global mega trends ebuc
 
Mobile biometric device trends joe hoerl
Mobile biometric device trends joe hoerlMobile biometric device trends joe hoerl
Mobile biometric device trends joe hoerlebuc
 
Launching great enterprise mobile apps that beat the competition
Launching great enterprise mobile apps that beat the competitionLaunching great enterprise mobile apps that beat the competition
Launching great enterprise mobile apps that beat the competitionebuc
 
Is cloud secure or not
Is cloud secure or notIs cloud secure or not
Is cloud secure or notebuc
 
Is cloud secure or not
Is cloud secure or notIs cloud secure or not
Is cloud secure or notebuc
 
IBM vision for aviation
IBM vision for aviationIBM vision for aviation
IBM vision for aviationebuc
 
CSDD case study
CSDD case studyCSDD case study
CSDD case studyebuc
 
Can you afford (not) moving to the cloud
Can you afford (not) moving to the cloudCan you afford (not) moving to the cloud
Can you afford (not) moving to the cloudebuc
 
Big data – ready for business
Big data – ready for businessBig data – ready for business
Big data – ready for businessebuc
 
Meistarklase efektīvam ikdienas darbam
Meistarklase efektīvam ikdienas darbamMeistarklase efektīvam ikdienas darbam
Meistarklase efektīvam ikdienas darbamebuc
 
Pieredzes stāsti
Pieredzes stāstiPieredzes stāsti
Pieredzes stāstiebuc
 
Smart business - is cloud part of the problem or part of the solution
Smart business - is cloud part of the problem or part of the solutionSmart business - is cloud part of the problem or part of the solution
Smart business - is cloud part of the problem or part of the solutionebuc
 
CITY UP iniciatīva
CITY UP iniciatīvaCITY UP iniciatīva
CITY UP iniciatīvaebuc
 
Programmatūras resursu pārvaldība un optimizācija
Programmatūras resursu pārvaldība un optimizācijaProgrammatūras resursu pārvaldība un optimizācija
Programmatūras resursu pārvaldība un optimizācijaebuc
 
Start up iniciatīva 2014
Start up iniciatīva 2014Start up iniciatīva 2014
Start up iniciatīva 2014ebuc
 
Microsoft Office 365
Microsoft Office 365Microsoft Office 365
Microsoft Office 365ebuc
 
Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.
Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.
Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.ebuc
 
Programmatūras licencēšana. Iespējas un izaicinājumi. SIA DPA
Programmatūras licencēšana. Iespējas un izaicinājumi. SIA DPAProgrammatūras licencēšana. Iespējas un izaicinājumi. SIA DPA
Programmatūras licencēšana. Iespējas un izaicinājumi. SIA DPAebuc
 
Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...
Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...
Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...ebuc
 

Mehr von ebuc (20)

What's Next for Your Industry and City?
What's Next for Your Industry and City? What's Next for Your Industry and City?
What's Next for Your Industry and City?
 
Top global mega trends
Top global mega trends Top global mega trends
Top global mega trends
 
Mobile biometric device trends joe hoerl
Mobile biometric device trends joe hoerlMobile biometric device trends joe hoerl
Mobile biometric device trends joe hoerl
 
Launching great enterprise mobile apps that beat the competition
Launching great enterprise mobile apps that beat the competitionLaunching great enterprise mobile apps that beat the competition
Launching great enterprise mobile apps that beat the competition
 
Is cloud secure or not
Is cloud secure or notIs cloud secure or not
Is cloud secure or not
 
Is cloud secure or not
Is cloud secure or notIs cloud secure or not
Is cloud secure or not
 
IBM vision for aviation
IBM vision for aviationIBM vision for aviation
IBM vision for aviation
 
CSDD case study
CSDD case studyCSDD case study
CSDD case study
 
Can you afford (not) moving to the cloud
Can you afford (not) moving to the cloudCan you afford (not) moving to the cloud
Can you afford (not) moving to the cloud
 
Big data – ready for business
Big data – ready for businessBig data – ready for business
Big data – ready for business
 
Meistarklase efektīvam ikdienas darbam
Meistarklase efektīvam ikdienas darbamMeistarklase efektīvam ikdienas darbam
Meistarklase efektīvam ikdienas darbam
 
Pieredzes stāsti
Pieredzes stāstiPieredzes stāsti
Pieredzes stāsti
 
Smart business - is cloud part of the problem or part of the solution
Smart business - is cloud part of the problem or part of the solutionSmart business - is cloud part of the problem or part of the solution
Smart business - is cloud part of the problem or part of the solution
 
CITY UP iniciatīva
CITY UP iniciatīvaCITY UP iniciatīva
CITY UP iniciatīva
 
Programmatūras resursu pārvaldība un optimizācija
Programmatūras resursu pārvaldība un optimizācijaProgrammatūras resursu pārvaldība un optimizācija
Programmatūras resursu pārvaldība un optimizācija
 
Start up iniciatīva 2014
Start up iniciatīva 2014Start up iniciatīva 2014
Start up iniciatīva 2014
 
Microsoft Office 365
Microsoft Office 365Microsoft Office 365
Microsoft Office 365
 
Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.
Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.
Programmatūras licencēšana. Izaicinājums un iespējas. Kārlis Nīlanders, SIA DPA.
 
Programmatūras licencēšana. Iespējas un izaicinājumi. SIA DPA
Programmatūras licencēšana. Iespējas un izaicinājumi. SIA DPAProgrammatūras licencēšana. Iespējas un izaicinājumi. SIA DPA
Programmatūras licencēšana. Iespējas un izaicinājumi. SIA DPA
 
Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...
Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...
Web lietojumu biežāk pieļautās kļūdas un to risinājumi. Didzis Balodis. DPA K...
 

Kürzlich hochgeladen

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Kürzlich hochgeladen (20)

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Biznesa infrastruktūras un datu drošības juridiskie aspekti

  • 1. Risk and Trust in Cloud Computing Through Advanced Network Monitoring Carlos Trigoso EY EMEIA Advisory Centre - Information Security February 5th, 2014
  • 2. Content ► Introduction: Cyber Security ► A Network of Networks ► Multi-layered Advanced Monitoring ► Summing up: The essence of the EY approach Page 2
  • 4. Our view of Information Security ► Why: Risk and trust monitoring, reporting and auditing (Pragmatic content of Security) ► How: Risk and trust boundary definition, Security architecture or model (Semantic content of Security) ► Who: Risk sharing and trust allocation, defining functions and roles in and out of the organisation (Structural content of Security ► What: Risk avoidance and trust enforcement, access control (Material content of Security) Page 4
  • 5. Getting ahead of cyber crime ► The message of the EY Security Practice is: “Anticipating cyber attacks is the only way to be ahead of cyber criminals.” ► It is not only because cyber threats are increasing in their levels of persistence, sophistication and organisation; it is also not only because of the increasing impact cyber attacks can have on business organisations. Page 5
  • 6. Getting ahead of cyber crime ► Essentially, we know that organisations need to change their way of thinking to stop being simply reactive to future threats. ► Despite this, only 5% of organisations we surveyed have a threat intelligence team with dedicated staff. This applies to all economic sectors. ► We address the Security requirements of the Cloud services and their environment, and talk about how leading organisations can reach a state of readiness, gaining confidence in their assessment of risks and threats and anticipating and getting ahead of cybercrime. Page 6
  • 7. Looking beyond the borders Page 7 • What is our “security limit;” in other words: with how many partners should we work to enhance overall cybersecurity? • How much can we do to manage the risk in the business ecosystem? • Are we prepared to accept a certain level of risk from the business ecosystem?
  • 9. Security operations and threat intelligence ► In this new global context we think it is vital to have processes and technologies supporting the goals of the organisation. These are most effective when centralised, structured and coordinated around the Security Operations Centre (SOC). ► 40% of the organisations we surveyed in 2014 do not have a centralised security function of this kind, and those who have, are not obtaining all the benefits they could from this capability. ► Centralising security functions is not enough, for, if we consider in particular the cutting edge areas of industry, it is by far not clear how to secure these new environments and technologies. ► If your organisation has a SOC, how would this function monitor and enforce Security upon mobile platforms, networks, transport systems, distribution grids and similar complex systems? In what follows we address these challenges . Page 9
  • 10. Cloud adoption changes the Security landscape Other Suppliers Governm ent Private Consumer s Auxiliary Suppliers Suppliers Contract Manufacturers Distribution Contractors Market s Transportation Providers Partners Joint-Ventures Research Scientists Product Designers Transportation Retail Industry Experts Corporate Clients Distribution Service Providers Support Services Vendors Employees Financial Institutions Consultants External Audit SAAS is adopted massively. Problem: This extends the reach of the business even more, and low-security solutions proliferate. Software as a service Amazon SalesForce Platform as a service Infrastructure as a service Warehouse Network Page 10
  • 11. Achieving Security, Trust and Auditability 1. Organization. Cloud services impact the organizational behaviors. Organizations need to document roles and responsibilities associated with the use of cloud services and train employees regularly on these protocols. 2. Technology. IT functions should design applications according to industry security standards, encrypt the data, and implement role-based access and identity management solutions. 3. Data. IT functions need to classify and inventory data, assign data owners and securely purge data that is no longer required. 4. Operations. Business continuity management and resiliency program policies and procedures should include periodic review and testing, change management and formalised processes. 5. Audit and compliance. Organizations should plan and execute audits in a way that minimizes business interruption. For maximum assurance, organizations should engage a third party to perform the audit and certify the environment. 6. Governance. There are many cloud options from which organizations may choose, from public cloud services, to building a private cloud, to a hybrid approach. Regardless of the deployment path organizations pursue, governance processes are necessary. Page 11
  • 12. Information Security challenges Cyber Attacks ► Larger attack surface compared to traditional IT System due to potentially millions of networked end-points in the “wild” i.e. meters in households ► Linking industrial control systems to IP based data networks creates potentially insecure entry points to the grid ► Critical operations such as remote disconnect and firmware upgrades could be compromised creating widespread damage Security vulnerabilities discovered post installation could have significant financial and operational consequences Sophisticated malware attacks on process control systems (e.g. Stuxnet) could severely impact power generation and distribution systems Widespread availability of supply could be impacted through unauthorised generation/replay of critical commands FINANCIAL IMPACT OPERATIONAL IMPACT LOSS OF CONSUMER TRUST LOSS OF ENERGY SUPPLY REGULATORY FINES ICO INVESTIGATIONS Impacts SHARE VALUE DROP ► Uncertainty on ownership and third party access to personal energy usage data ► Secure capture, storage and transmission of large amounts of granular consumption data. The more granular the data the greater the insight into behavioural patterns of consumers Data Privacy ► Uncertainty on ownership and third party access to personal energy usage data ► Secure capture, storage and transmission of large amounts of granular consumption data. The more granular the data the greater the insight into behavioural patterns of consumers Lack of robust data governance framework could results in failure to meet contractual and regulatory requirements Personal data leakage due to insecure data lifecycle process (creation, transmission, storage, destruction) BREACH OF CONTRACT RisksThreats Page 12
  • 13. Understand your threat environment and establish early detection ► A cyber-threat capability should be able to address the following questions: ► What is happening out there that the organisation needs to learn from? ► How can the organisation become “hardened” against attack? ► How are other organisations dealing with threats and attacks? ► How can the organisation help others deal with these threats and attacks? ► Is the organisation able to distinguish a random attack from a targeted one? ► What would be the economic cost of an attack? ► How would the customers be impacted and what would the legal and regulatory consequences be? ► The emphasis of Security has changed to Threat Intelligence! Page 13
  • 14. Taking action and getting ahead ► Your organisation may already have strong IT policies, processes and technologies, but, is it prepared for what is coming? To address this you should take action: ► 1. Design and implement a cyber threat intelligence strategy to support strategic business decisions and leverage the value of Security. ► 2. Define and encompass the organisations extended cybersecurity ecosystem including partners, suppliers, services and business networks. ► 3. Take a cyber-economic approach, understanding your vital assets and their value, and consequently investing in their protection. ► 4. Using forensic data analytics and cyber threat intelligence to take analyse and anticipate where the likely threats are coming from and when, increasing your readiness. ► 5. Ensure everyone understands the need for strong governance, user controls and accountability. Page 14
  • 15. A Network of Networks
  • 16. A Network of Networks (1) ► Together with the Grid (e.g. Smart Meter) and other mobile and Internet-connected systems, the Cloud ecosystem is a “Network of Networks” (or a System of Systems). ► Focusing on this reality, our proposed approach is to consider the Cloud services and infrastructures as one more aspect of much wider and complex network. ► When taking this point of view, we see the need to shift the emphasis from the Cloud services a cleanly defined system, with clear boundaries and input/output points, and take instead as our object of protection the networks themselves, i.e. the interactions between the users/owners of the applications and the numerous other actors in the ecosystem. ► Security becomes then the security of those interactions and is not limited to the Cloud service or data centre as a “thing.” Page 16
  • 17. A Network of Networks (2) The Network of Networks is the full-blown Internet of People and Things, where every machine-to-machine connection is actually mediated human interaction. Page 17
  • 18. A Network of Networks (3) These Networks, are simultaneously networks of collaboration, but also networks of opposition and threat. There is no “inside” or “outside” in this discontinuous, porous space. Page 18
  • 19. A Network of Networks (4) ► Traditional, proven Risk Management models are essential for the Security function in an organisation; but their own origin and wisdom are still focused in a world where the organisation owns and possesses most if not all of the data assets flowing through the systems. ► Different to this, in a network of networks (consider for example an extended network of partners, suppliers and collaborators) data assets are in possession, are governed and managed by different actors with different policies and assurance requirements. ► Let’s not forget too that these actors have sometimes very different interests and business objectives within the collaboration. ► In the whole, the Risk “Landscape” of the organisation is only a part of a potentially contradictory and opaque “universe” of actual and potential threats. It is not only that the boundary of the enterprise is disappearing: the risk landscape also becomes unbounded. Page 19
  • 20. ► A standard approach to risk management assumes that the trust boundary is already defined. Is this correct? What is the risk incurred by the different participants? ► What is missing in the risk-focused and techno-centric approach is everything related to the management of trust, i.e. the new functions and processes, the new policies and structures required to expand the risk boundary. ► Four key questions (areas) need to be addressed to complete the Security discourse: ► Who owns the data and who authorises, validates access to it? (Verification of Trust) ► What is the structure of the network and what security zones should exist? (Definition of Trust) ► What roles/functions exist in these zones and how is trust allocated? (Allocation of Trust) ► These are then complement by the risk-focused area (Enforcement of Trust) Page 20 A Network of Networks (5)
  • 21. A Network of Networks (6) ► In the Cloud (and shared infrastructure) environment, a new Risk and Trust space is defined: ► New functions are adopted by the business (for example: operating incrementally as service providers) ► New partners are introduced (for example: application providers and data processors) ► New relationships with the client are necessary (for example: enabling the client to select products and services online) ► The information networks and technologies are extended (for example: establishing mobile connections and access for maintenance and support purposes) ► Previously physically isolated systems are linked under the Cloud services (for example: network gateways for authentication) Page 21
  • 22. A Network of Networks (7) The fundamental insight: Page 22 The Target of Protection, the object of security is the network of networks, not the particular cloud- connected system. The services “exist” in a much wider network. So all Information Security measures and technologies need to be aligned with this goal in mind.
  • 24. Building trust in the cloud is attainable by leveraging a risk-based framework We have reached the technology tipping point of adoption of the cloud; what once was an emerging technology filled with promises of efficiency, agility and interoperability has become the norm. Early adopters have gained unquestioned competitive advantages due to the ease and acceleration of implementing cloud technologies. However, there is still one lingering question asked by boards, business executives and IT professionals alike: can we trust the cloud? By focusing on access and data control consumers and providers can strive for a secure, trusted and audit-ready environments. The following slides show how to address this challenge. Page 24
  • 25. Cyber Threat: the Regin Malware http://www.symantec.com/en/uk/outbreak/?id=regin&om_sem_cid=biz_sem_s215343999763367|pcrid|53538324323|pmt|e|plc||pdv|c
  • 26. The rise of Cyber Threat Information security is changing at a rapidly accelerating rate. In today’s world of ’always on’ technology and not enough security awareness on the part of users, cyber attacks are no longer a matter of “if” but “when.” With the understanding that attacks can never be fully prevented, companies should advance their detection capabilities so they can respond appropriately. • Point solutions, in particular — antivirus, IDS, IPS, patching and encryption — remain a key control for combatting today’s known attacks. However, they become less effective over time as hackers find new ways to circumvent controls. So how do organizations build controls for the security risks they don’t even know about yet? Page 26
  • 27. How can a Security Operations Centre help? Organizations may not be able to control when information security incidents occur, but they can control how they respond to them. Expanding detection capabilities is a good place to start. A well-functioning Security Operations Centre (SOC) can form the heart of effective detection. It can enable Information Security functions to respond faster, work more collaboratively and share knowledge more effectively. EY not only recommends the SOC approach for common IT operations, but also for Operational Technology Security, considering that these two areas are converging and require an articulated approach. Page 27
  • 28. Page 28 How we think about threat intelligence … rather than the instigating event and reaction. Threat Actor Precursor Event Pattern of Response Consequence Precursor Event Pattern of Response Consequence • missing patch exploited • malware injected • data exfiltrated Vulnerability Intelligence focuses efforts on studying the consequence … … rather than the instigating event and reaction.
  • 29. How do I monitor? What do I monitor? Where do I monitor? Four key considerations for Security monitoring ► Targets ► System/operating system ► Identity/accounts ► Network traffic ► Application/database ► Data/file ► Transactions 3 21 ► Environment ► Host-based ► Network-based ► Internal ► External ► Infrastructure ► Algorithms ► Action/behavior based ► Heuristics ► Anomaly ► Attribute based ► Signature ► Approach ► Real-time/near real-time ► Post-event analytics ► Batch data processing How do I monitor?4 Page 29
  • 30. Multi-Layered Advanced Monitoring (1) ► As the Cloud, Grid and Mobile initiatives change the Security landscape of our clients in all sectors, EY promotes a comprehensive approach to this space. ► Our Security Operations Centre and Cyber Security approaches become more and more relevant as our clients adopt Cloud, Grid, Connected and Mobile business models. ► A decisive part of this direction is the enablement of Threat Management processes and technologies which operate within the SOC framework and become the eyes and the brains of our client’s Security stance. ► Now, centralising security functions is not enough. If your organisation does have a SOC, how would this centre monitor the extended environment and discover or anticipate threats? Page 30
  • 31. Multi-Layered Advanced Monitoring (2) ► To do so, several conceptual and technical changes are necessary to implement a satisfactory Threat Management system. ► Let’s first recapitulate the conditions of such a solution: ► The environment is articulated in for form of a network of networks or multi-start pattern. ► In this space there are both known and unknown devices, as well as both managed and unmanaged entities whose actions are impossible to predict ► Apparently well-behaved devices are opaque: anomalous behaviour cannot be determined by means of conventional testing of components (*) ► Attacks “from the inside” are equivalent to “attacks from the outside” of the networks ► There is no definite network perimeter ► Risk analysis, based on historical data is not relevant to determine future events or security measures ► There is no frequency data that can be extrapolated to anticipate attack trends ► Attack events are not self-contained, as for example the case when simulated attacks are only a cover for the real objectives of the attacker Page 31
  • 32. Multi-Layered Advanced Monitoring (3) ► Under these conditions, several requirements arise for any Threat Management solution (comprising organisational and technical processes): ► A shift is necessary both at technical and procedural level, moving from event monitoring (i.e. the capture of known events which assert the status of a system) to pattern monitoring i.e. the analysis and synthesis of behaviour of systems at network level (interactions of systems) ► The concept of Continuous Monitoring needs to be applied but going beyond the customary scope of performance and compliance processes, to adopt criteria of known and desirable patterns, versus unknown and undesirable patterns of interaction. ► Instead of predictive threat modeling, based on supposed event frequencies and expert opinion, each network needs to be surveyed by looking primarily onto the traffic between the nodes, the protocols in use and the patterns of communication or transaction. Page 32
  • 33. Multi-Layered Advanced Monitoring (4) ► This solution class requires what can only be understood as a deeper and more systematic analysis of the business operations and the networks it lives in. Essential steps include: ► A catalogue or inventory of the protocols used. The solution must implement an active protocol detection capability to validate any traffic. (*) ► An inventory of network, platform and device admissible commands that can be sent over the agreed protocols ► A detailed matrix of access routes specifying user and device types, application and system targets, credentials, data types, traffic patterns, transaction levels, business criticality, assurance requirements and service levels ► A baseline or model of desirable traffic and interaction patterns at network level ► A sensor or agent architecture to filter traffic where possible (in the standard way of systems management) ► A network protocol and packet-level filtering service to analyse traffic at key points of entry and exit of the sub- networks ► Behavioural analysis tools capable of storing and processing data in real time across the collaboration network including partner networks when possible (collaborative security) ► As Security mechanisms should not become a single point of failure, advanced concepts of signal intelligence need to be applied, for example implementing “signal comparison” of filtered and unfiltered traffic. ► Any behavioural change in the network must trigger immediate redundant communications and services in a fashion similar to safety-orientated mechatronics or avionics systems. ► On the process side, the baseline of communications must be recalibrated periodically within the framework of collaborative security. Page 33
  • 34. Typical Protection Domains Internet Data Center Global WAN Monitoring Network Core Network Remote VPN Access Gateway ICT Data Center E-Government Applications Gov. Agencies Data Link Encrypted connections Out-of-band Management Network Remote Network Insider threats Man-in-the Middle Internet threats Insider threats Remote Network Network Operations Center Main Threat Cases • Traditional External Threat - As worms evolved faster than defense mechanisms like anti-virus solutions, firewalls and intrusion detection systems, their ability to penetrate an infrastructure and propagate rapidly was increasing. • Man-in-the Middle threats – risk of interception of sensitive information or communications • Insider threats - leak risks whenever a sensitive file or database was accessed and then subsequently sent to an external location. • Moreover, APT pose significant threats to MICT. The risk of an attack by the APT is high – therefore MICT requires advanced threat detection and remediation capabilities. Insider threats Page 34
  • 35. SoC Monitoring Architecture Internet Data Center Global WAN Monitoring Network Core Network Remote VPN Access Gateway ICT Data Center E-Government Applications Gov. Agencies Out-of-band Management Network Remote Network Remote Network Security Operations Center Events Database  SOC requires a Highly Scalable and Intelligent Technology Platform with Real-Time Event Correlation to Effectively Mitigate Business Risk.  Collect event data from various devices and applications, VOIP as well as other communications solutions;  Process and archive streaming data from a globally dispersed network of thousands of event sources “real-time”;  Correlate this event data in order to identify and prioritize threats across the organization;  Provide a centralized easy-to- understand view of these threats and automated response workflow;  Achieve event data for compliance purposes and forensic analysis  Need full-packet capture - to allow data mining and retrospective analysis and nvestigations Network Operations Center Page 35
  • 36. Summing Up: The essence of the EY approach
  • 37. Our view of Information Security ► Why: Risk and trust monitoring, reporting and auditing (Pragmatic content of Security) ► How: Risk and trust boundary definition, Security architecture or model (Semantic content of Security) ► Who: Risk sharing and trust allocation, defining functions and roles in and out of the organisation (Structural content of Security ► What: Risk avoidance and trust enforcement, access control (Material content of Security) Page 37
  • 38. A “data-centric” (data “flow”) Security approach Page 38 • 1 Data Ownership • 7 Reporting • 2 Assurance Levels • 3 Data Classification • 4 Zoning Model • 6 Interfaces & Protocols • 8 Audit & Verification • 5 Access Rights Note The root of Cloud, Grid and Mobile Security is Data ownership. Determining the assurance and data classification levels precede the zoning and access model
  • 39. Getting started in Threat Intelligence • Security services begin with a Situational Awareness assessment. • Evaluate an organisation’s potential threat actors • Establish a framework of collaborative security • Map available controls to detect and complicate potential events • Baseline the interactions and network flows with and in the collaboration environment • Catalogue the entry and exit points, as well as the allowed access routes and commands • Define a strategy to enhancing Threat Intelligence capabilities for the organisation’s unique threat landscape • Provide a current capability and roadmap to the desired Threat Intelligence capabilities required by each organisation Page 39
  • 40. Our relevant Security & Data Protection services Security Architecture & Design ► Develop end-to-end security principles and requirements based on your risk acceptance levels. Ensure security is embedded into the design of your smart metering / grid system. ► Specialist advice in areas such as: ► Crypto key management ► Access control / Authentication ► Protection and monitoring of critical commands (e.g. remote disconnection of supply, device firmware upgrades, remote administration, Pre-pay top-up etc.) Privacy & Data Protection ► Perform Privacy Impact Assessment (PIA) on your smart metering activities, looking at areas such as: ► Granularity & frequency of energy consumption data ► Third party access to energy consumption date ► Retention of data across your systems ► Aggregation and/or anonymisation of data ► Develop a privacy framework and associated controls to ensure you comply with your data protection regulatory obligations. Penetration Testing ► Deep technical security expertise (working with specialist partners as required) we offer a range of services to help discover potential vulnerabilities through security penetration testing. ► Covering both software and hardware testing, including: ► Meter communication interfaces ► On-board firmware ► Meter hardware chipsets & circuit board components ► ease of extraction of crypto keys and on-board log data from storage Cyber Threat Monitoring and Management ► SOC design and implementation ► Continuous Monitoring of enterprise and ecosystem networks ► Proactive cyber-attack detection Cyber Security Assessment & Governance ► Focused assessment of security controls in place (or planned) as part of your smart metering or smart grid implementation. We can tailor the assessment based on your requirements. Our expertise covers areas such as: ► Smart meters ► Communication hubs ► Home Area Networks ► Wide Area Networks ► Concentrators ► Develop security governance framework including review and re- adjustment of security controls. ► Head-Ends ► Administration terminals ► Back-end systems storing/ handling consumption data ► Incident Response ► Cyber Threat and Attack investigations ► Information Security Analytics Page 40
  • 41. EY | Assurance | Tax | Transactions | Advisory Ernst & Young LLP © Ernst & Young LLP. Published in the UK. All Rights Reserved. The UK firm Ernst & Young LLP is a limited liability partnership registered in England and Wales with registered number OC300001 and is a member firm of Ernst & Young Global Limited. Ernst & Young LLP, 1 More London Place, London, SE1 2AF. ey.com