Your SlideShare is downloading. ×
Valuendo cyberwar and security (okt 2011) handout
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Valuendo cyberwar and security (okt 2011) handout

256

Published on

Presentation on cyberattacks given by Marc Vael at EPSC forum in Brussels on 25th of October 2011

Presentation on cyberattacks given by Marc Vael at EPSC forum in Brussels on 25th of October 2011

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
256
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The vulnerabilityof high hazards plant to cyber attack Marc Vael Director
  • 2. Cybersecurity threats• Cyber-criminals• Malware• Phishers• Spammers• Negligent staff• Hackers• Unethical employees misusing/misconfiguring security functions• Unauthorized access, modification, disclosure of information• Nations attacking critical information infrastructures• Technical advances that can render encryption algorithms obsolete
  • 3. Lessons learned so far Cyberattacks are DIFFICULT to execute.
  • 4. Lessons learned so far Governments do have the resources/skills to conduct cyberattacks.
  • 5. Lessons learned so far Cyberattacks are war.
  • 6. Cyberwarfare is"the fifth domainof warfare“
  • 7. “Cyberspace is a new domain in warfare whichhas become just as critical to military operationsas land, sea, air and space.”
  • 8. “Actions to penetrate computers or networks for thepurposes of causing damage or disruption.”
  • 9. Information warfare is“using & managing ITin the pursuit of acompetitive advantageover an opponent“
  • 10. Lessons learned so far Cyberattacks are a real, clear and present danger to organisations & government agencies.
  • 11. “It’s possible that hackers have gotteninto administrative computer systems ofutility companies, but says those aren’tlinked to the equipment controlling thegrid, at least not in developed countries.I have never heard that the grid itself hasbeen hacked..” Howardt Schmidt, Cyber-Security Coordinator of the US
  • 12. Lessons learned so far Targeted organizations are unprepared.
  • 13. Lessons learned so far Security professionals are at risk.
  • 14. Risk always exists! (whether or not it isdetected / recognisedby the organisation).
  • 15. Impact of an attack on the business
  • 16. Cyberattack mitigating strategies
  • 17. Cyberattack mitigating strategiesCorporate governance : ERM = COSO Support from Board of Directors & Executive Management
  • 18. Cyberattack mitigating strategies Managing risks appropriately
  • 19. Cyberattack mitigating strategies Policies & Standards
  • 20. Cyberattack mitigating strategies Project Management
  • 21. Cyberattack mitigating strategies Supply Chain Management
  • 22. Cyberattack mitigating strategies EDUCATION!
  • 23. Cyberattack mitigating strategiesProviding proper funding
  • 24. Cyberattack mitigating strategiesProviding proper resources
  • 25. Cyberattack mitigating strategies Measuring performance
  • 26. Cyberattack mitigating strategies Review / Audit
  • 27. Cyberattack mitigating strategies Incident/Crisis Management
  • 28. PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness • Efficiency PO4 Define the IT processes, organisation and • Confidentiality relationships • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risksME1 Monitor & evaluate IT performance PO10 Manage projectsME2 Monitor & evaluate internal control IT RESOURCESME3 Ensure compliance with external requirements • ApplicationsME4 Provide IT governance • Information • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE &DS1 Define & manage service levels IMPLEMENTDS2 Manage third-party servicesDS3 Manage performance & capacityDS4 Ensure continuous serviceDS5 Ensure systems securityDS6 Identify & allocate costsDS7 Educate & train users DELIVER & SUPPORT AI1 Identify automated solutionsDS8 Manage service desk and incidents AI2 Acquire & maintain application softwareDS9 Manage the configuration AI3 Acquire & maintain IT infrastructureDS10 Manage problems AI4 Enable operation and useDS11 Manage data AI5 Procure IT resourcesDS12 Manage the physical environment AI6 Manage changesDS13 Manage operations AI7 Install & accredit solutions and changes
  • 29. PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness • Efficiency PO4 Define the IT processes, organisation and • Confidentiality relationships • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risksME1 Monitor & evaluate IT performance PO10 Manage projectsME2 Monitor & evaluate internal control IT RESOURCESME3 Ensure compliance with external requirements • ApplicationsME4 Provide IT governance • Information • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE &DS1 Define & manage service levels IMPLEMENTDS2 Manage third-party servicesDS3 Manage performance & capacityDS4 Ensure continuous serviceDS5 Ensure systems securityDS6 Identify & allocate costs DELIVER &DS7 Educate & train usersDS8 Manage service desk and incidents SUPPORT AI1 Identify automated solutions AI2 Acquire & maintain application softwareDS9 Manage the configuration AI3 Acquire & maintain IT infrastructureDS10 Manage problems AI4 Enable operation and useDS11 Manage data AI5 Procure IT resourcesDS12 Manage the physical environmentDS13 Manage operations AI6 Manage changes AI7 Install & accredit solutions and changes
  • 30. Information Security Management
  • 31. Your security solution is as strong … … as its weakest link
  • 32. “I don’t care how many millions ofdollars you spend on securitytechnology. If you don’t have peopletrained properly, I’m going to get in if Iwant to get in.” Susie Thunder, Cyberpunk
  • 33. Contact information Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2 Director Knowledge Board ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/security marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael

×