SlideShare a Scribd company logo

09 blockchain-security-information-sharing

C
Christos Laganas

blockchain security information sharing

Economy & Finance
1 of 18
Download to read offline
1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Blockchain Sharing of Security Information for Critical Infrastructures of the Finance Sector 15/04/2020
2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Identify the different components of the security platform architecture ▪ Learn about the approach followed for the microservices architecture Topic ▪ Learn abut the challenges of the digitalization of financial institutions ▪ Identify the different types of security attacks relevant to the financial sector ▪ Understand the reasons needing an integrating approach ▪ Learn about pre-existing solutions ▪ Understand the different components of security threads ▪ Realize how to build a knowledge base Goal Financial Sector & Security Attacks Collaborative Risk Assessment FINSEC Platform
3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Impact of Digitization in FInance Financial Organisations •increasingly digitizing their operations based on the deployment of advanced ICT e.g., BigData, Artificial Intelligence (AI) and the Internet of Things (IoT •including critical infrastructures Benefits •boosts intelligence •enables provocative operations •optimizes resources Drawbacks •Vulnerability to security attacks : cybersecurity attacks + hybrid cybersecurity and physical security attacks (e.g., attacks against smart doors, networked cameras, locks and alarms)
4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Sector & Security Attacks
5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Infrastructures as Cyber Physical Systems Physical dimension • E.g., Automatic Teller Machines (ATM), IT data centers, network infrastructures) • Consequences for consumers and SMEs Cyber dimension • Loss of personal information, reputational damage, costly and unplanned downtimes in business operations • Lack of confidence in the system
6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Implications of the dual nature Today’s model where physical and cyber security are addressed separately has many limitations • E.g., controlling access to plants, protecting financial and product records physically) and cyber (e.g., malware, Trojan horses, denial of service attacks) security concerns are considered in isolation Need for integrated approaches that combines cybersecurity and physical security aspects Integrated solution for the critical infrastructures of the financial sector
7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Solution Guidelines Integrated modelling of the infrastructure • Key to an integrated approach is a data model that captures both cyber and physical aspects of security Integrated data processing and implementation of integrated security policies • Key to a successful implementation of a system that combines cyber and physical security aspects is an integrated architecture
8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Types of Attacks Attacks Attacks with only physical aspects Attacks with only cyber aspects Physical- enabled cyberattacks Cyber- enabled physical attacks
9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Pre-existing integrated solutions Augmented vulnerability assessment methodology for physical security in the cyber domain, Vulnerability Assessment (VA), proven based on simulation and cost-benefit analysis Integrated modelling approach for cyber-physical systems for power grids and critical infrastructures for energy Integrated security methodologies based on various disciplines and techniques e.g., control theory, optimization, game theory • Do not take a holistic data-driven approach • Data driven systems do not provide the non-functional properties (e.g., scalability, performance) needed for their deployment at scale • Rarely address the special requirements of the financial sector: asset modelling, event correlation and regulatory compliance (e.g., MiFID, GDPR, PSD2)
10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment
11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment: Risk Calculation ▪ Metrics at different levels: ▪ Vulnerability level ▪ Impact level ▪ Threat level ▪ Vulnerability & impact levels: ▪ CVSS (Common Vulnerability Scoring System) ▪ Free and open industry standard for assessing the severity of computer system security vulnerabilities. ▪ Assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. ▪ Derived from the CVSS scores of the assets’ vulnerabilities detected ▪ Threat level: ▪ Result of events occurring inside the organization and historical information
12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Services ▪ To initialize a risk calculation suite is the creation of a Service ▪ Services are stored in the FINSEC data-tier hence, the communication with it is critical ▪ Data tier is protected using basic authentication ▪ Creation involves the asset selection as well as the vulnerability definition for each asset ▪ Leveraged by the introduction of a Security Knowledge Base
13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Threats ▪ Threats that may target the service ▪ List of events should be defined ▪ Events affect the level of the threat in real-time ▪ Threats are associated with the Service using the risk configuration object ▪ Threat objects must be stored in the Security Knowledge Base
14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Events ▪ Security officer needs to define event models and then map them to a predefined threat e.g., “invalid login attempt” is related to a “SWIFT compromise threat” ▪ when a probe produces an instance of this model, the platform detects it and if the trigger value is reached for this specific event the overall risk of the related threat is re-calculated
15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Triggers: What triggers risk (re)calculation? ▪ Calculation can be triggered in three ways: ▪ Manually ▪ Vulnerabilities of the assets involved have changed ▪ Event Instances reach a specified threshold.
16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Risk calculations ▪ Service to function properly, certain preconditions need to apply ▪ Service definition, the threat to event mapping and the probe to be up and running ▪ Probe produces a new event which is forwarded through the data collector to the FINSEC data-layer ▪ the Collaboration Service is connected to the data-layer and “listening” for event instances
17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment Inputs/Outputs
18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Sample Risk Visualization in the FINSEC Dashboard Vulnerabilities for the SWIFT service pilot, categorized by their domain (cyber/physical)

Recommended

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelChristos Laganas
 
11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sectorinnov-acts-ltd
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentationKenneth Dorado, CISA, HCISPP
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
___2360_SP_VMAN---Screen
___2360_SP_VMAN---Screen___2360_SP_VMAN---Screen
___2360_SP_VMAN---ScreenManuel Sanchez Lopez
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 

Recommended

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelChristos Laganas
 
11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sectorinnov-acts-ltd
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentationKenneth Dorado, CISA, HCISPP
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
___2360_SP_VMAN---Screen
___2360_SP_VMAN---Screen___2360_SP_VMAN---Screen
___2360_SP_VMAN---ScreenManuel Sanchez Lopez
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkIGF Indonesia
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overviewinnov-acts-ltd
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseKevin Duffey
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliancePECB
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentResilient Systems
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security AspectsPECB
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Ollie Whitehouse
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningPECB
 
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Eventos Creativos
 
Stu w22 b
Stu w22 bStu w22 b
Stu w22 bSelectedPresentations
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales SheetScott Baines
 
10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelinnov-acts-ltd
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on financeinnov-acts-ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 

More Related Content

What's hot

ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkIGF Indonesia
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overviewinnov-acts-ltd
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseKevin Duffey
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliancePECB
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentResilient Systems
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security AspectsPECB
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Ollie Whitehouse
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningPECB
 
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Eventos Creativos
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales SheetScott Baines
 

What's hot (19)

ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security FrameworkID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
ID IGF 2016 - Infrastruktur 3 - Towards National Cyber Security Framework
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overview
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliance
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planning
 
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
Defensa Centralizada contra amenazas multi-vector - Configuración de un centr...
 
Stu w22 b
Stu w22 bStu w22 b
Stu w22 b
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales Sheet
 

Similar to 09 blockchain-security-information-sharing

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelinnov-acts-ltd
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on financeinnov-acts-ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceEffectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceAlireza Ghahrood
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
 
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionCybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionAronson LLC
 
Webinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystWebinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystTuan Yang
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfsri_ias
 

Similar to 09 blockchain-security-information-sharing (20)

10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-model
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceEffectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
 
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionCybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & Construction
 
Webinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystWebinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence Analyst
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
 

Recently uploaded

najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usanajoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usamazhshah570
 
Shrambal_Distributors_Newsletter_May-2024.pdf
Shrambal_Distributors_Newsletter_May-2024.pdfShrambal_Distributors_Newsletter_May-2024.pdf
Shrambal_Distributors_Newsletter_May-2024.pdfvikashdidwania1
 
Production and Cost of the firm with curves
Production and Cost of the firm with curvesProduction and Cost of the firm with curves
Production and Cost of the firm with curvesArifa Saeed
 
Retail sector trends for 2024 | European Business Review
Retail sector trends for 2024 | European Business ReviewRetail sector trends for 2024 | European Business Review
Retail sector trends for 2024 | European Business ReviewAntonis Zairis
 
TriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentationTriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentationAdnet Communications
 
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...rightmanforbloodline
 
amil baba in australia amil baba in canada amil baba in london amil baba in g...
amil baba in australia amil baba in canada amil baba in london amil baba in g...amil baba in australia amil baba in canada amil baba in london amil baba in g...
amil baba in australia amil baba in canada amil baba in london amil baba in g...israjan914
 
Q1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdfQ1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdfAdnet Communications
 
APPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFH
APPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFHAPPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFH
APPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFHgeloencina777
 
Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them
Significant AI Trends for the Financial Industry in 2024 and How to Utilize ThemSignificant AI Trends for the Financial Industry in 2024 and How to Utilize Them
Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them360factors
 
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...batoole333
 
Pension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfPension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfHenry Tapper
 
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...batoole333
 
劳伦森大学毕业证
劳伦森大学毕业证劳伦森大学毕业证
劳伦森大学毕业证yyawb
 
Benefits & Risk Of Stock Loans
Benefits & Risk Of Stock LoansBenefits & Risk Of Stock Loans
Benefits & Risk Of Stock LoansMartinRowse
 
black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...batoole333
 
GIFT City Overview India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global FinanceGIFT City Overview India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global FinanceGaurav Kanudawala
 
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...israjan914
 
The Pfandbrief Roundtable 2024 - Covered Bonds
The Pfandbrief Roundtable 2024 - Covered BondsThe Pfandbrief Roundtable 2024 - Covered Bonds
The Pfandbrief Roundtable 2024 - Covered BondsNeil Day
 

Recently uploaded (20)

najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usanajoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
 
Shrambal_Distributors_Newsletter_May-2024.pdf
Shrambal_Distributors_Newsletter_May-2024.pdfShrambal_Distributors_Newsletter_May-2024.pdf
Shrambal_Distributors_Newsletter_May-2024.pdf
 
Production and Cost of the firm with curves
Production and Cost of the firm with curvesProduction and Cost of the firm with curves
Production and Cost of the firm with curves
 
Retail sector trends for 2024 | European Business Review
Retail sector trends for 2024 | European Business ReviewRetail sector trends for 2024 | European Business Review
Retail sector trends for 2024 | European Business Review
 
TriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentationTriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentation
 
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
 
amil baba in australia amil baba in canada amil baba in london amil baba in g...
amil baba in australia amil baba in canada amil baba in london amil baba in g...amil baba in australia amil baba in canada amil baba in london amil baba in g...
amil baba in australia amil baba in canada amil baba in london amil baba in g...
 
Q1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdfQ1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdf
 
APPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFH
APPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFHAPPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFH
APPLIED ECONOMICS Sept 9FGHFGHFHGFGHFHGFHGFH
 
Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them
Significant AI Trends for the Financial Industry in 2024 and How to Utilize ThemSignificant AI Trends for the Financial Industry in 2024 and How to Utilize Them
Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them
 
DIGITAL COMMERCE SHAPE VIETNAMESE SHOPPING HABIT IN 4.0 INDUSTRY
DIGITAL COMMERCE SHAPE VIETNAMESE SHOPPING HABIT IN 4.0 INDUSTRYDIGITAL COMMERCE SHAPE VIETNAMESE SHOPPING HABIT IN 4.0 INDUSTRY
DIGITAL COMMERCE SHAPE VIETNAMESE SHOPPING HABIT IN 4.0 INDUSTRY
 
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
 
Pension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfPension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdf
 
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
 
劳伦森大学毕业证
劳伦森大学毕业证劳伦森大学毕业证
劳伦森大学毕业证
 
Benefits & Risk Of Stock Loans
Benefits & Risk Of Stock LoansBenefits & Risk Of Stock Loans
Benefits & Risk Of Stock Loans
 
black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...
 
GIFT City Overview India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global FinanceGIFT City Overview India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global Finance
 
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
 
The Pfandbrief Roundtable 2024 - Covered Bonds
The Pfandbrief Roundtable 2024 - Covered BondsThe Pfandbrief Roundtable 2024 - Covered Bonds
The Pfandbrief Roundtable 2024 - Covered Bonds
 

09 blockchain-security-information-sharing

  • 1. 1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Blockchain Sharing of Security Information for Critical Infrastructures of the Finance Sector 15/04/2020
  • 2. 2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Identify the different components of the security platform architecture ▪ Learn about the approach followed for the microservices architecture Topic ▪ Learn abut the challenges of the digitalization of financial institutions ▪ Identify the different types of security attacks relevant to the financial sector ▪ Understand the reasons needing an integrating approach ▪ Learn about pre-existing solutions ▪ Understand the different components of security threads ▪ Realize how to build a knowledge base Goal Financial Sector & Security Attacks Collaborative Risk Assessment FINSEC Platform
  • 3. 3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Impact of Digitization in FInance Financial Organisations •increasingly digitizing their operations based on the deployment of advanced ICT e.g., BigData, Artificial Intelligence (AI) and the Internet of Things (IoT •including critical infrastructures Benefits •boosts intelligence •enables provocative operations •optimizes resources Drawbacks •Vulnerability to security attacks : cybersecurity attacks + hybrid cybersecurity and physical security attacks (e.g., attacks against smart doors, networked cameras, locks and alarms)
  • 4. 4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Sector & Security Attacks
  • 5. 5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Financial Infrastructures as Cyber Physical Systems Physical dimension • E.g., Automatic Teller Machines (ATM), IT data centers, network infrastructures) • Consequences for consumers and SMEs Cyber dimension • Loss of personal information, reputational damage, costly and unplanned downtimes in business operations • Lack of confidence in the system
  • 6. 6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Implications of the dual nature Today’s model where physical and cyber security are addressed separately has many limitations • E.g., controlling access to plants, protecting financial and product records physically) and cyber (e.g., malware, Trojan horses, denial of service attacks) security concerns are considered in isolation Need for integrated approaches that combines cybersecurity and physical security aspects Integrated solution for the critical infrastructures of the financial sector
  • 7. 7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Solution Guidelines Integrated modelling of the infrastructure • Key to an integrated approach is a data model that captures both cyber and physical aspects of security Integrated data processing and implementation of integrated security policies • Key to a successful implementation of a system that combines cyber and physical security aspects is an integrated architecture
  • 8. 8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Types of Attacks Attacks Attacks with only physical aspects Attacks with only cyber aspects Physical- enabled cyberattacks Cyber- enabled physical attacks
  • 9. 9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Pre-existing integrated solutions Augmented vulnerability assessment methodology for physical security in the cyber domain, Vulnerability Assessment (VA), proven based on simulation and cost-benefit analysis Integrated modelling approach for cyber-physical systems for power grids and critical infrastructures for energy Integrated security methodologies based on various disciplines and techniques e.g., control theory, optimization, game theory • Do not take a holistic data-driven approach • Data driven systems do not provide the non-functional properties (e.g., scalability, performance) needed for their deployment at scale • Rarely address the special requirements of the financial sector: asset modelling, event correlation and regulatory compliance (e.g., MiFID, GDPR, PSD2)
  • 10. 10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment
  • 11. 11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment: Risk Calculation ▪ Metrics at different levels: ▪ Vulnerability level ▪ Impact level ▪ Threat level ▪ Vulnerability & impact levels: ▪ CVSS (Common Vulnerability Scoring System) ▪ Free and open industry standard for assessing the severity of computer system security vulnerabilities. ▪ Assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. ▪ Derived from the CVSS scores of the assets’ vulnerabilities detected ▪ Threat level: ▪ Result of events occurring inside the organization and historical information
  • 12. 12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Services ▪ To initialize a risk calculation suite is the creation of a Service ▪ Services are stored in the FINSEC data-tier hence, the communication with it is critical ▪ Data tier is protected using basic authentication ▪ Creation involves the asset selection as well as the vulnerability definition for each asset ▪ Leveraged by the introduction of a Security Knowledge Base
  • 13. 13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Threats ▪ Threats that may target the service ▪ List of events should be defined ▪ Events affect the level of the threat in real-time ▪ Threats are associated with the Service using the risk configuration object ▪ Threat objects must be stored in the Security Knowledge Base
  • 14. 14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Events ▪ Security officer needs to define event models and then map them to a predefined threat e.g., “invalid login attempt” is related to a “SWIFT compromise threat” ▪ when a probe produces an instance of this model, the platform detects it and if the trigger value is reached for this specific event the overall risk of the related threat is re-calculated
  • 15. 15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Triggers: What triggers risk (re)calculation? ▪ Calculation can be triggered in three ways: ▪ Manually ▪ Vulnerabilities of the assets involved have changed ▪ Event Instances reach a specified threshold.
  • 16. 16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Risk calculations ▪ Service to function properly, certain preconditions need to apply ▪ Service definition, the threat to event mapping and the probe to be up and running ▪ Probe produces a new event which is forwarded through the data collector to the FINSEC data-layer ▪ the Collaboration Service is connected to the data-layer and “listening” for event instances
  • 17. 17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Collaborative Risk Assessment Inputs/Outputs
  • 18. 18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Sample Risk Visualization in the FINSEC Dashboard Vulnerabilities for the SWIFT service pilot, categorized by their domain (cyber/physical)