SlideShare a Scribd company logo

09 blockchain-security-information-sharing

C
Christos Laganas

blockchain security information sharing

Economy & Finance
1 of 18
Download to read offline
1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Blockchain Sharing of Security Information for Critical Infrastructures of the Finance Sector 15/04/2020
2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Identify the different components of the security platform architecture ▪ Learn about the approach followed for the microservices architecture Topic ▪ Learn abut the challenges of the digitalization of financial institutions ▪ Identify the different types of security attacks relevant to the financial sector ▪ Understand the reasons needing an integrating approach ▪ Learn about pre-existing solutions ▪ Understand the different components of security threads ▪ Realize how to build a knowledge base Goal Financial Sector & Security Attacks Collaborative Risk Assessment FINSEC Platform
3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Impact of Digitization in FInance Financial Organisations •increasingly digitizing their operations based on the deployment of advanced ICT e.g., BigData, Artificial Intelligence (AI) and the Internet of Things (IoT •including critical infrastructures Benefits •boosts intelligence •enables provocative operations •optimizes resources Drawbacks •Vulnerability to security attacks : cybersecurity attacks + hybrid cybersecurity and physical security attacks (e.g., attacks against smart doors, networked cameras, locks and alarms)
4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Sector & Security Attacks
5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Infrastructures as Cyber Physical Systems Physical dimension • E.g., Automatic Teller Machines (ATM), IT data centers, network infrastructures) • Consequences for consumers and SMEs Cyber dimension • Loss of personal information, reputational damage, costly and unplanned downtimes in business operations • Lack of confidence in the system
6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Implications of the dual nature Today’s model where physical and cyber security are addressed separately has many limitations • E.g., controlling access to plants, protecting financial and product records physically) and cyber (e.g., malware, Trojan horses, denial of service attacks) security concerns are considered in isolation Need for integrated approaches that combines cybersecurity and physical security aspects Integrated solution for the critical infrastructures of the financial sector
7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Solution Guidelines Integrated modelling of the infrastructure • Key to an integrated approach is a data model that captures both cyber and physical aspects of security Integrated data processing and implementation of integrated security policies • Key to a successful implementation of a system that combines cyber and physical security aspects is an integrated architecture
8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Types of Attacks Attacks Attacks with only physical aspects Attacks with only cyber aspects Physical- enabled cyberattacks Cyber- enabled physical attacks
9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Pre-existing integrated solutions Augmented vulnerability assessment methodology for physical security in the cyber domain, Vulnerability Assessment (VA), proven based on simulation and cost-benefit analysis Integrated modelling approach for cyber-physical systems for power grids and critical infrastructures for energy Integrated security methodologies based on various disciplines and techniques e.g., control theory, optimization, game theory • Do not take a holistic data-driven approach • Data driven systems do not provide the non-functional properties (e.g., scalability, performance) needed for their deployment at scale • Rarely address the special requirements of the financial sector: asset modelling, event correlation and regulatory compliance (e.g., MiFID, GDPR, PSD2)
10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment
11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment: Risk Calculation ▪ Metrics at different levels: ▪ Vulnerability level ▪ Impact level ▪ Threat level ▪ Vulnerability & impact levels: ▪ CVSS (Common Vulnerability Scoring System) ▪ Free and open industry standard for assessing the severity of computer system security vulnerabilities. ▪ Assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. ▪ Derived from the CVSS scores of the assets’ vulnerabilities detected ▪ Threat level: ▪ Result of events occurring inside the organization and historical information
12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Services ▪ To initialize a risk calculation suite is the creation of a Service ▪ Services are stored in the FINSEC data-tier hence, the communication with it is critical ▪ Data tier is protected using basic authentication ▪ Creation involves the asset selection as well as the vulnerability definition for each asset ▪ Leveraged by the introduction of a Security Knowledge Base
13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Threats ▪ Threats that may target the service ▪ List of events should be defined ▪ Events affect the level of the threat in real-time ▪ Threats are associated with the Service using the risk configuration object ▪ Threat objects must be stored in the Security Knowledge Base
14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Events ▪ Security officer needs to define event models and then map them to a predefined threat e.g., “invalid login attempt” is related to a “SWIFT compromise threat” ▪ when a probe produces an instance of this model, the platform detects it and if the trigger value is reached for this specific event the overall risk of the related threat is re-calculated
15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Triggers: What triggers risk (re)calculation? ▪ Calculation can be triggered in three ways: ▪ Manually ▪ Vulnerabilities of the assets involved have changed ▪ Event Instances reach a specified threshold.
16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Risk calculations ▪ Service to function properly, certain preconditions need to apply ▪ Service definition, the threat to event mapping and the probe to be up and running ▪ Probe produces a new event which is forwarded through the data collector to the FINSEC data-layer ▪ the Collaboration Service is connected to the data-layer and “listening” for event instances
17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment Inputs/Outputs
18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Sample Risk Visualization in the FINSEC Dashboard Vulnerabilities for the SWIFT service pilot, categorized by their domain (cyber/physical)

Recommended

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelChristos Laganas
 
11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sectorinnov-acts-ltd
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentationKenneth Dorado, CISA, HCISPP
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
___2360_SP_VMAN---Screen
___2360_SP_VMAN---Screen___2360_SP_VMAN---Screen
___2360_SP_VMAN---ScreenManuel Sanchez Lopez
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 

Recommended

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelChristos Laganas
 
11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sectorinnov-acts-ltd
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentationKenneth Dorado, CISA, HCISPP
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
___2360_SP_VMAN---Screen
___2360_SP_VMAN---Screen___2360_SP_VMAN---Screen
___2360_SP_VMAN---ScreenManuel Sanchez Lopez
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkIGF Indonesia
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overviewinnov-acts-ltd
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseKevin Duffey
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliancePECB
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentResilient Systems
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security AspectsPECB
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Ollie Whitehouse
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningPECB
 
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Eventos Creativos
 
Stu w22 b
Stu w22 bStu w22 b
Stu w22 bSelectedPresentations
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales SheetScott Baines
 
10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelinnov-acts-ltd
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on financeinnov-acts-ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 

More Related Content

What's hot

ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkIGF Indonesia
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overviewinnov-acts-ltd
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseKevin Duffey
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliancePECB
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentResilient Systems
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security AspectsPECB
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Ollie Whitehouse
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningPECB
 
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Eventos Creativos
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales SheetScott Baines
 

What's hot (19)

ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overview
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliance
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planning
 
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
 
Stu w22 b
Stu w22 bStu w22 b
Stu w22 b
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales Sheet
 

Similar to 09 blockchain-security-information-sharing

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelinnov-acts-ltd
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on financeinnov-acts-ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceEffectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceAlireza Ghahrood
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
 
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionCybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionAronson LLC
 
Webinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystWebinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystTuan Yang
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfsri_ias
 

Similar to 09 blockchain-security-information-sharing (20)

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-model
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceEffectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
 
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionCybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & Construction
 
Webinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystWebinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence Analyst
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
 

Recently uploaded

VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...Suhani Kapoor
 
Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Modelshematsharma006
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawlmakika9823
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfAdnet Communications
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure servicePooja Nehwal
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Roomdivyansh0kumar0
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxanshikagoel52
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Roomdivyansh0kumar0
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...Henry Tapper
 
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...Suhani Kapoor
 
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
 
Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Models
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdf
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024
 
Monthly Economic Monitoring of Ukraine No 231, April 2024
Monthly Economic Monitoring of Ukraine No 231, April 2024Monthly Economic Monitoring of Ukraine No 231, April 2024
Monthly Economic Monitoring of Ukraine No 231, April 2024
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
 
🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptx
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
 
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
 
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

09 blockchain-security-information-sharing

  • 1. 1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Blockchain Sharing of Security Information for Critical Infrastructures of the Finance Sector 15/04/2020
  • 2. 2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Identify the different components of the security platform architecture ▪ Learn about the approach followed for the microservices architecture Topic ▪ Learn abut the challenges of the digitalization of financial institutions ▪ Identify the different types of security attacks relevant to the financial sector ▪ Understand the reasons needing an integrating approach ▪ Learn about pre-existing solutions ▪ Understand the different components of security threads ▪ Realize how to build a knowledge base Goal Financial Sector & Security Attacks Collaborative Risk Assessment FINSEC Platform
  • 3. 3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Impact of Digitization in FInance Financial Organisations •increasingly digitizing their operations based on the deployment of advanced ICT e.g., BigData, Artificial Intelligence (AI) and the Internet of Things (IoT •including critical infrastructures Benefits •boosts intelligence •enables provocative operations •optimizes resources Drawbacks •Vulnerability to security attacks : cybersecurity attacks + hybrid cybersecurity and physical security attacks (e.g., attacks against smart doors, networked cameras, locks and alarms)
  • 4. 4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Sector & Security Attacks
  • 5. 5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Infrastructures as Cyber Physical Systems Physical dimension • E.g., Automatic Teller Machines (ATM), IT data centers, network infrastructures) • Consequences for consumers and SMEs Cyber dimension • Loss of personal information, reputational damage, costly and unplanned downtimes in business operations • Lack of confidence in the system
  • 6. 6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Implications of the dual nature Today’s model where physical and cyber security are addressed separately has many limitations • E.g., controlling access to plants, protecting financial and product records physically) and cyber (e.g., malware, Trojan horses, denial of service attacks) security concerns are considered in isolation Need for integrated approaches that combines cybersecurity and physical security aspects Integrated solution for the critical infrastructures of the financial sector
  • 7. 7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Solution Guidelines Integrated modelling of the infrastructure • Key to an integrated approach is a data model that captures both cyber and physical aspects of security Integrated data processing and implementation of integrated security policies • Key to a successful implementation of a system that combines cyber and physical security aspects is an integrated architecture
  • 8. 8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Types of Attacks Attacks Attacks with only physical aspects Attacks with only cyber aspects Physical- enabled cyberattacks Cyber- enabled physical attacks
  • 9. 9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Pre-existing integrated solutions Augmented vulnerability assessment methodology for physical security in the cyber domain, Vulnerability Assessment (VA), proven based on simulation and cost-benefit analysis Integrated modelling approach for cyber-physical systems for power grids and critical infrastructures for energy Integrated security methodologies based on various disciplines and techniques e.g., control theory, optimization, game theory • Do not take a holistic data-driven approach • Data driven systems do not provide the non-functional properties (e.g., scalability, performance) needed for their deployment at scale • Rarely address the special requirements of the financial sector: asset modelling, event correlation and regulatory compliance (e.g., MiFID, GDPR, PSD2)
  • 10. 10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment
  • 11. 11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment: Risk Calculation ▪ Metrics at different levels: ▪ Vulnerability level ▪ Impact level ▪ Threat level ▪ Vulnerability & impact levels: ▪ CVSS (Common Vulnerability Scoring System) ▪ Free and open industry standard for assessing the severity of computer system security vulnerabilities. ▪ Assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. ▪ Derived from the CVSS scores of the assets’ vulnerabilities detected ▪ Threat level: ▪ Result of events occurring inside the organization and historical information
  • 12. 12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Services ▪ To initialize a risk calculation suite is the creation of a Service ▪ Services are stored in the FINSEC data-tier hence, the communication with it is critical ▪ Data tier is protected using basic authentication ▪ Creation involves the asset selection as well as the vulnerability definition for each asset ▪ Leveraged by the introduction of a Security Knowledge Base
  • 13. 13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Threats ▪ Threats that may target the service ▪ List of events should be defined ▪ Events affect the level of the threat in real-time ▪ Threats are associated with the Service using the risk configuration object ▪ Threat objects must be stored in the Security Knowledge Base
  • 14. 14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Events ▪ Security officer needs to define event models and then map them to a predefined threat e.g., “invalid login attempt” is related to a “SWIFT compromise threat” ▪ when a probe produces an instance of this model, the platform detects it and if the trigger value is reached for this specific event the overall risk of the related threat is re-calculated
  • 15. 15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Triggers: What triggers risk (re)calculation? ▪ Calculation can be triggered in three ways: ▪ Manually ▪ Vulnerabilities of the assets involved have changed ▪ Event Instances reach a specified threshold.
  • 16. 16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Risk calculations ▪ Service to function properly, certain preconditions need to apply ▪ Service definition, the threat to event mapping and the probe to be up and running ▪ Probe produces a new event which is forwarded through the data collector to the FINSEC data-layer ▪ the Collaboration Service is connected to the data-layer and “listening” for event instances
  • 17. 17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment Inputs/Outputs
  • 18. 18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Sample Risk Visualization in the FINSEC Dashboard Vulnerabilities for the SWIFT service pilot, categorized by their domain (cyber/physical)