SlideShare a Scribd company logo

Valuendo cyberwar and security (okt 2011) handout

Marc Vael
Marc Vael

Presentation on cyberattacks given by Marc Vael at EPSC forum in Brussels on 25th of October 2011

TechnologyBusiness
1 of 40
Download to read offline
The vulnerability of high hazards plant to cyber attack Marc Vael Director
Cybersecurity threats • Cyber-criminals • Malware • Phishers • Spammers • Negligent staff • Hackers • Unethical employees misusing/misconfiguring security functions • Unauthorized access, modification, disclosure of information • Nations attacking critical information infrastructures • Technical advances that can render encryption algorithms obsolete
Lessons learned so far Cyberattacks are DIFFICULT to execute.
Lessons learned so far Governments do have the resources/skills to conduct cyberattacks.
Lessons learned so far Cyberattacks are war.
Cyberwarfare is "the fifth domain of warfare“
“Cyberspace is a new domain in warfare which has become just as critical to military operations as land, sea, air and space.”
“Actions to penetrate computers or networks for the purposes of causing damage or disruption.”
Information warfare is “using & managing IT in the pursuit of a competitive advantage over an opponent“
Lessons learned so far Cyberattacks are a real, clear and present danger to organisations & government agencies.
“It’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries. I have never heard that the grid itself has been hacked..” Howardt Schmidt, Cyber-Security Coordinator of the US
Lessons learned so far Targeted organizations are unprepared.
Lessons learned so far Security professionals are at risk.
Risk always exists! (whether or not it is detected / recognised by the organisation).
Impact of an attack on the business
Cyberattack mitigating strategies
Cyberattack mitigating strategies Corporate governance : ERM = COSO Support from Board of Directors & Executive Management
Cyberattack mitigating strategies Managing risks appropriately
Cyberattack mitigating strategies Policies & Standards
Cyberattack mitigating strategies Project Management
Cyberattack mitigating strategies Supply Chain Management
Cyberattack mitigating strategies EDUCATION!
Cyberattack mitigating strategies Providing proper funding
Cyberattack mitigating strategies Providing proper resources
Cyberattack mitigating strategies Measuring performance
Cyberattack mitigating strategies Review / Audit
Cyberattack mitigating strategies Incident/Crisis Management
PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness • Efficiency PO4 Define the IT processes, organisation and • Confidentiality relationships • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risks ME1 Monitor & evaluate IT performance PO10 Manage projects ME2 Monitor & evaluate internal control IT RESOURCES ME3 Ensure compliance with external requirements • Applications ME4 Provide IT governance • Information • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE & DS1 Define & manage service levels IMPLEMENT DS2 Manage third-party services DS3 Manage performance & capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify & allocate costs DS7 Educate & train users DELIVER & SUPPORT AI1 Identify automated solutions DS8 Manage service desk and incidents AI2 Acquire & maintain application software DS9 Manage the configuration AI3 Acquire & maintain IT infrastructure DS10 Manage problems AI4 Enable operation and use DS11 Manage data AI5 Procure IT resources DS12 Manage the physical environment AI6 Manage changes DS13 Manage operations AI7 Install & accredit solutions and changes
PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness • Efficiency PO4 Define the IT processes, organisation and • Confidentiality relationships • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risks ME1 Monitor & evaluate IT performance PO10 Manage projects ME2 Monitor & evaluate internal control IT RESOURCES ME3 Ensure compliance with external requirements • Applications ME4 Provide IT governance • Information • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE & DS1 Define & manage service levels IMPLEMENT DS2 Manage third-party services DS3 Manage performance & capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify & allocate costs DELIVER & DS7 Educate & train users DS8 Manage service desk and incidents SUPPORT AI1 Identify automated solutions AI2 Acquire & maintain application software DS9 Manage the configuration AI3 Acquire & maintain IT infrastructure DS10 Manage problems AI4 Enable operation and use DS11 Manage data AI5 Procure IT resources DS12 Manage the physical environment DS13 Manage operations AI6 Manage changes AI7 Install & accredit solutions and changes
Information Security Management
Your security solution is as strong … … as its weakest link
“I don’t care how many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
Contact information Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2 Director Knowledge Board ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/security marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael
Valuendo cyberwar and security (okt 2011) handout

Recommended

E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real WorldE-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
Chris Byrne
 
Information governance process & technology
Information governance process & technologyInformation governance process & technology
Information governance process & technology
GNetadmin
 
Joburg cobit assurance
Joburg cobit assuranceJoburg cobit assurance
Joburg cobit assurance
Aldee2013
 
OWF12/Java Michael hirt
OWF12/Java Michael hirtOWF12/Java Michael hirt
OWF12/Java Michael hirt
Paris Open Source Summit
 
Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2
KBIZEAU
 
Data lifecycle mgmt_destruction
Data lifecycle mgmt_destructionData lifecycle mgmt_destruction
Data lifecycle mgmt_destruction
H Contrex
 
Is SCA aligned?
Is SCA aligned?Is SCA aligned?
Is SCA aligned?
globalsdr
 
G7 tech solutions corporate profile
G7 tech solutions corporate profileG7 tech solutions corporate profile
G7 tech solutions corporate profile
G7TechSolutons
 

Recommended

E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real WorldE-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
Chris Byrne
 
Information governance process & technology
Information governance process & technologyInformation governance process & technology
Information governance process & technology
GNetadmin
 
Joburg cobit assurance
Joburg cobit assuranceJoburg cobit assurance
Joburg cobit assurance
Aldee2013
 
OWF12/Java Michael hirt
OWF12/Java Michael hirtOWF12/Java Michael hirt
OWF12/Java Michael hirt
Paris Open Source Summit
 
Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2
KBIZEAU
 
Data lifecycle mgmt_destruction
Data lifecycle mgmt_destructionData lifecycle mgmt_destruction
Data lifecycle mgmt_destruction
H Contrex
 
Is SCA aligned?
Is SCA aligned?Is SCA aligned?
Is SCA aligned?
globalsdr
 
G7 tech solutions corporate profile
G7 tech solutions corporate profileG7 tech solutions corporate profile
G7 tech solutions corporate profile
G7TechSolutons
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
IBM Sverige
 
Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012
Community IT Innovators
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introduction
yonifine
 
Logicalis BYOD Briefing
Logicalis BYOD BriefingLogicalis BYOD Briefing
Logicalis BYOD Briefing
Logicalis Australia
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
BIOVIA
 
Can Your Desktop Backup Do This?
Can Your Desktop Backup Do This?Can Your Desktop Backup Do This?
Can Your Desktop Backup Do This?
Billy Cripe
 
Data Management within the Smart Grid 2011
Data Management within the Smart Grid 2011Data Management within the Smart Grid 2011
Data Management within the Smart Grid 2011
IQPC Australia
 
Bpr Process Modeling
Bpr Process ModelingBpr Process Modeling
Bpr Process Modeling
rlynes
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
IBM Sverige
 
WICSA 2012 tutorial
WICSA 2012 tutorialWICSA 2012 tutorial
WICSA 2012 tutorial
Len Bass
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
IBM Sverige
 
Improving Findability Inside the Firewall
Improving Findability Inside the FirewallImproving Findability Inside the Firewall
Improving Findability Inside the Firewall
ECM-Search Consultant - EContent Magazine
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 
How to handle multilayered IT security today
How to handle multilayered IT security todayHow to handle multilayered IT security today
How to handle multilayered IT security today
Marc Vael
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
Marc Vael
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
Marc Vael
 
ISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentation
Marc Vael
 
Valuendo Erm In An Extended Environment (March 2007)
Valuendo Erm In An Extended Environment (March 2007)Valuendo Erm In An Extended Environment (March 2007)
Valuendo Erm In An Extended Environment (March 2007)
Marc Vael
 
Valuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutValuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handout
Marc Vael
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) print
Marc Vael
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
Marc Vael
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controls
Marc Vael
 

More Related Content

What's hot

Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introduction
yonifine
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
BIOVIA
 
Bpr Process Modeling
Bpr Process ModelingBpr Process Modeling
Bpr Process Modeling
rlynes
 

What's hot (13)

Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
 
Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introduction
 
Logicalis BYOD Briefing
Logicalis BYOD BriefingLogicalis BYOD Briefing
Logicalis BYOD Briefing
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
 
Can Your Desktop Backup Do This?
Can Your Desktop Backup Do This?Can Your Desktop Backup Do This?
Can Your Desktop Backup Do This?
 
Data Management within the Smart Grid 2011
Data Management within the Smart Grid 2011Data Management within the Smart Grid 2011
Data Management within the Smart Grid 2011
 
Bpr Process Modeling
Bpr Process ModelingBpr Process Modeling
Bpr Process Modeling
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
 
WICSA 2012 tutorial
WICSA 2012 tutorialWICSA 2012 tutorial
WICSA 2012 tutorial
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
 
Improving Findability Inside the Firewall
Improving Findability Inside the FirewallImproving Findability Inside the Firewall
Improving Findability Inside the Firewall
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 

Viewers also liked

Viewers also liked (19)

How to handle multilayered IT security today
How to handle multilayered IT security todayHow to handle multilayered IT security today
How to handle multilayered IT security today
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
ISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentation
 
Valuendo Erm In An Extended Environment (March 2007)
Valuendo Erm In An Extended Environment (March 2007)Valuendo Erm In An Extended Environment (March 2007)
Valuendo Erm In An Extended Environment (March 2007)
 
Valuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutValuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handout
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) print
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controls
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
 
ISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholders
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus vision
 
Securing big data (july 2012)
Securing big data (july 2012)Securing big data (july 2012)
Securing big data (july 2012)
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrime
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
 

Similar to Valuendo cyberwar and security (okt 2011) handout

Improving Quality and Adoption: EIM SQL Server 2012
Improving Quality and Adoption: EIM SQL Server 2012Improving Quality and Adoption: EIM SQL Server 2012
Improving Quality and Adoption: EIM SQL Server 2012
Perficient, Inc.
 
01 data quality-international challenge
01 data quality-international challenge01 data quality-international challenge
01 data quality-international challenge
PiLog
 
Future Focus Infotech
Future Focus InfotechFuture Focus Infotech
Future Focus Infotech
Lyf Ffi
 
Manthan biim services and solutions
Manthan biim services and solutionsManthan biim services and solutions
Manthan biim services and solutions
Jaikumar Karuppannan
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
ddcomeau
 
Metadata Use Cases You Can Use
Metadata Use Cases You Can UseMetadata Use Cases You Can Use
Metadata Use Cases You Can Use
dmurph4
 
Metadata Use Cases
Metadata Use CasesMetadata Use Cases
Metadata Use Cases
dmurph4
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanji
Feisal Nanji
 
Bobby.german
Bobby.germanBobby.german
Bobby.german
NASAPMC
 

Similar to Valuendo cyberwar and security (okt 2011) handout (20)

Tatakelola Teknologi Informasi
Tatakelola Teknologi InformasiTatakelola Teknologi Informasi
Tatakelola Teknologi Informasi
 
ICT Governance
ICT GovernanceICT Governance
ICT Governance
 
Presentation Infra And Cobit
Presentation Infra And CobitPresentation Infra And Cobit
Presentation Infra And Cobit
 
Improving Quality and Adoption: EIM SQL Server 2012
Improving Quality and Adoption: EIM SQL Server 2012Improving Quality and Adoption: EIM SQL Server 2012
Improving Quality and Adoption: EIM SQL Server 2012
 
01 data quality-international challenge
01 data quality-international challenge01 data quality-international challenge
01 data quality-international challenge
 
Future Focus Infotech
Future Focus InfotechFuture Focus Infotech
Future Focus Infotech
 
Manthan biim services and solutions
Manthan biim services and solutionsManthan biim services and solutions
Manthan biim services and solutions
 
Top challenges
Top challengesTop challenges
Top challenges
 
Cobit 4.1 Highlights
Cobit 4.1 HighlightsCobit 4.1 Highlights
Cobit 4.1 Highlights
 
IT governance by Erik Guldentops
IT governance by Erik Guldentops IT governance by Erik Guldentops
IT governance by Erik Guldentops
 
IT Strategy & Planning
IT Strategy & PlanningIT Strategy & Planning
IT Strategy & Planning
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
 
Metadata Use Cases You Can Use
Metadata Use Cases You Can UseMetadata Use Cases You Can Use
Metadata Use Cases You Can Use
 
Metadata Use Cases
Metadata Use CasesMetadata Use Cases
Metadata Use Cases
 
Im information systems
Im information systemsIm information systems
Im information systems
 
FFI PPT
FFI PPT FFI PPT
FFI PPT
 
Nick Patience, Director Product Marketing & Strategy at Recommind - Big Data:...
Nick Patience, Director Product Marketing & Strategy at Recommind - Big Data:...Nick Patience, Director Product Marketing & Strategy at Recommind - Big Data:...
Nick Patience, Director Product Marketing & Strategy at Recommind - Big Data:...
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanji
 
Fisher Practice Areas 2012
Fisher Practice Areas 2012Fisher Practice Areas 2012
Fisher Practice Areas 2012
 
Bobby.german
Bobby.germanBobby.german
Bobby.german
 

More from Marc Vael

CobIT presentation
CobIT presentationCobIT presentation
CobIT presentation
Marc Vael
 

More from Marc Vael (9)

How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf tools
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as ciso
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
Belgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeBelgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programme
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
CobIT presentation
CobIT presentationCobIT presentation
CobIT presentation
 
Valuendo Erm In An Extended Environment (March 2007)
Valuendo Erm In An Extended Environment (March 2007)Valuendo Erm In An Extended Environment (March 2007)
Valuendo Erm In An Extended Environment (March 2007)
 
Valuendo Aiesec Importance Of Planning (2001) Handout
Valuendo Aiesec Importance Of Planning (2001) HandoutValuendo Aiesec Importance Of Planning (2001) Handout
Valuendo Aiesec Importance Of Planning (2001) Handout
 
Valuendo 25 Things Not To Do (March 2009) Handout
Valuendo 25 Things Not To Do (March 2009) HandoutValuendo 25 Things Not To Do (March 2009) Handout
Valuendo 25 Things Not To Do (March 2009) Handout
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Valuendo cyberwar and security (okt 2011) handout

  • 1. The vulnerability of high hazards plant to cyber attack Marc Vael Director
  • 2. Cybersecurity threats • Cyber-criminals • Malware • Phishers • Spammers • Negligent staff • Hackers • Unethical employees misusing/misconfiguring security functions • Unauthorized access, modification, disclosure of information • Nations attacking critical information infrastructures • Technical advances that can render encryption algorithms obsolete
  • 3.
  • 4. Lessons learned so far Cyberattacks are DIFFICULT to execute.
  • 5. Lessons learned so far Governments do have the resources/skills to conduct cyberattacks.
  • 6. Lessons learned so far Cyberattacks are war.
  • 7. Cyberwarfare is "the fifth domain of warfare“
  • 8. “Cyberspace is a new domain in warfare which has become just as critical to military operations as land, sea, air and space.”
  • 9. “Actions to penetrate computers or networks for the purposes of causing damage or disruption.”
  • 10. Information warfare is “using & managing IT in the pursuit of a competitive advantage over an opponent“
  • 11. Lessons learned so far Cyberattacks are a real, clear and present danger to organisations & government agencies.
  • 12. “It’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries. I have never heard that the grid itself has been hacked..” Howardt Schmidt, Cyber-Security Coordinator of the US
  • 13. Lessons learned so far Targeted organizations are unprepared.
  • 14. Lessons learned so far Security professionals are at risk.
  • 15. Risk always exists! (whether or not it is detected / recognised by the organisation).
  • 16. Impact of an attack on the business
  • 18.
  • 19. Cyberattack mitigating strategies Corporate governance : ERM = COSO Support from Board of Directors & Executive Management
  • 20. Cyberattack mitigating strategies Managing risks appropriately
  • 21. Cyberattack mitigating strategies Policies & Standards
  • 22. Cyberattack mitigating strategies Project Management
  • 23. Cyberattack mitigating strategies Supply Chain Management
  • 27. Cyberattack mitigating strategies Measuring performance
  • 29. Cyberattack mitigating strategies Incident/Crisis Management
  • 30. PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness • Efficiency PO4 Define the IT processes, organisation and • Confidentiality relationships • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risks ME1 Monitor & evaluate IT performance PO10 Manage projects ME2 Monitor & evaluate internal control IT RESOURCES ME3 Ensure compliance with external requirements • Applications ME4 Provide IT governance • Information • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE & DS1 Define & manage service levels IMPLEMENT DS2 Manage third-party services DS3 Manage performance & capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify & allocate costs DS7 Educate & train users DELIVER & SUPPORT AI1 Identify automated solutions DS8 Manage service desk and incidents AI2 Acquire & maintain application software DS9 Manage the configuration AI3 Acquire & maintain IT infrastructure DS10 Manage problems AI4 Enable operation and use DS11 Manage data AI5 Procure IT resources DS12 Manage the physical environment AI6 Manage changes DS13 Manage operations AI7 Install & accredit solutions and changes
  • 31. PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness • Efficiency PO4 Define the IT processes, organisation and • Confidentiality relationships • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risks ME1 Monitor & evaluate IT performance PO10 Manage projects ME2 Monitor & evaluate internal control IT RESOURCES ME3 Ensure compliance with external requirements • Applications ME4 Provide IT governance • Information • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE & DS1 Define & manage service levels IMPLEMENT DS2 Manage third-party services DS3 Manage performance & capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify & allocate costs DELIVER & DS7 Educate & train users DS8 Manage service desk and incidents SUPPORT AI1 Identify automated solutions AI2 Acquire & maintain application software DS9 Manage the configuration AI3 Acquire & maintain IT infrastructure DS10 Manage problems AI4 Enable operation and use DS11 Manage data AI5 Procure IT resources DS12 Manage the physical environment DS13 Manage operations AI6 Manage changes AI7 Install & accredit solutions and changes
  • 32.
  • 34.
  • 35. Your security solution is as strong … … as its weakest link
  • 36. “I don’t care how many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
  • 37.
  • 38.
  • 39. Contact information Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2 Director Knowledge Board ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/security marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael