SlideShare a Scribd company logo

Digital Finance Academy Security Knowledge Base

C
Christos Laganas

The document discusses the FINSEC project's development of a security knowledge base (SKB) called FINSTIX. FINSTIX extends the existing STIX data model to better represent financial sector infrastructure and integrate both cyber and physical security threats. It defines new domain objects and relationships to model organizations, assets, vulnerabilities, and risks. The SKB will collect threat intelligence from multiple sources and integrate it with monitoring data to calculate dynamic risk assessments. Visualizations of the SKB data will help users manage vulnerabilities and risks across their infrastructure services.

Economy & Finance
1 of 27
Download to read offline
1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Consorzio Interuniversitario Nazionale per l'Informatica (CINI) & INNOV-ACTS, Limited E-mail: cini@finsec-project.eu , info@innov-acts.com H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 FINSTIX: A Security Data Model for the Financial Sector 15/04/2020
2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Learn about the security knowledge base model ▪ Understand how STIX was extended to serve the needs of the FINSEC project Topic ▪ Understand what a knowledge base is ▪ Learn about the different types of knowledge bases ▪ Understand the basics of Cyber Threat Intelligence ▪ Discover the relevance of Structured Threat Information eXpression (STIX) Goal Existing solutions - STIX The FINSTIX solution
3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Introduction ▪ Cybersecurity incidents against financial institutions is growing ▪ Benefits - growing sophistication of recent technological innovations - complex processes - multiple organizations - services are becoming more digitized and interconnected ▪ Need for financial institutions - Increase their robustness - Develop integrated approaches for addressing physical and cyber attack FINSEC project: Integrated Framework for Predictive and Collaborative Security of Financial Sector
4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Existing solutions
5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Cyber Threat Intelligence Holistic approach to the automated sharing of threat intelligence Considered one of the most promising strategies in the cyber-security topic Propose a classification and distinction among existing threat intelligence types Summarize and compare the most prevalent information-sharing models Structured Threat Information Expression (STIX) the most commonly used CTI standard
6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Structured Threat Information eXpression (STIX) ▪ STIX: ▪ Provides a modular format that can also efficiently incorporate other standards ▪ Adopted in different contexts of different nature ▪ STIX has been designed with a focus on four different use cases that include: ▪ Analyzing Cyber Threats ▪ Specifying Indicator Patterns for Cyber Threats ▪ Managing Cyber Threat Response Activities ▪ Sharing Cyber Threat Information
7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Structured Threat Information eXpression (STIX) (cont.) Limitations of STIX: ▪very complex to implement ▪lacks support to reasoning FINSTIX ▪includes both cyber and physical security threats ▪enables the description of organization assets ▪accounts for how they are inter-connected
8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY STIX Domain Objects
9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY STIX Domain Objects (cont.)
10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY STIX Relationship Objects
11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Knowledge Base (1) ▪ Definition: Technology is used to collect, organize, share and retrieve complex structured and unstructured information representing facts and assertions about the world. ▪ Difference from a simple database: ▪ Does not consist only of tables with numbers, strings, dates, etc. ▪ Contains objects with pointers to other objects that, in turn, have additional pointers ▪ Two major types of knowledge bases: ▪ human-readable : knowledge base enables the users to access and use the knowledge ▪ machine readable
12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Knowledge Base (2) ▪Two major types of knowledge bases: ▪ Human-readable : ▪ knowledge base enables the users to access and use the knowledge ▪ consist of documents, manuals, troubleshooting information, and frequently answered questions ▪ interactive and can lead the users to the solutions to their problems, relying on the information provided by expert users to guide the process ▪ Machine-readable : ▪ stores knowledge in system-readable forms ▪ limited in interactivity
13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSEC Security Knowledge Base (1) ▪Information from different external sources of Cyber Threat Intelligence is collected ▪Structure of the knowledge base = definition of relationships between the different assets and of their interactions as part of the critical ▪Definitions enable identification and registration of known attack patterns against the infrastructure ▪Type of knowledge base : ▪mixture of human and machine-readable
14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSEC Security Knowledge Base (2) To suit the FINSEC needs, the content of the Security Knowledge Base satisfies two essential requirements: 1. It should be structured in order to enable automatic processing 2. It should include information on the infrastructure and the organization assets, for enabling the FINSEC Platform to perform Cyber and Physical Threat Intelligence
15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The FINSTIX solution
16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Security Knowledge Base Data Model ▪ To realize a knowledge base, need to design the appropriate data model, which is the format used to represent the information contained in the knowledge base ▪ Option #1 : ▪ Define a completely new set of objects coping with the business requirements of the considered use cases ▪ This approach incorporates the risk of missing other relevant cases ▪ Option #2: ▪ Employ an existing standard (or mix of standards) and then extend is such that missing components can be added The Edge Tier contains the Actuation Enabler and a Data Collection module ▪ FINSEC follows option #2
17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY From STIX to FINSTIX ▪STIX limitations: ▪ it does not provide for an accurate representation of the financial institution infrastructure ▪ does not envisage physical systems, but it is rather limited to the cyber ones ▪Two possible extensions of STIX: 1. consists in the definition of custom parameters into STIX Domain Objects already defined by the standard itself 2. consists in the definition of brand-new custom objects. FINSEC follows both approaches
18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSTIX Domain Objects (1) Name Description Organization Financial organization. Asset Organizations’ valuable infrastructure. PCs, server rooms, ATMs, applications, and everything inside an organization that is crucial. Area of Interest Logical/physical area, for example, an indoor area (server room). Service A collection of assets forming a publicly exposed service, for example, a web application. Probe Object used to support monitoring infrastructure. A Probe usually monitors one or more areas of interest. Probe Configuration Data sent to a probe to configure details such as the area under monitoring or the bit rate of the monitoring process. Event Information on something happened/happening.
19H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSTIX Domain Objects (2) Name Description Collected data A group of observed data collected by the network probe. Agent Person involved in the events created by the probes. Risk The calculated risk for a specific asset or service. The upper levels of FINSEC calculate it in real-time. Risk Configuration Parameter specification to optimize the risk assessment process. It defines the triggers and other useful options. Regulation An object used to depict a regulation violation. Vulnerability score Rating used to provide a score to a vulnerability. Cyber-Physical Threat Intelligence Data set fed and enriched by threat information as soon as they are gathered from the probes and processed by the Predictive Analytics module.
20H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Security Knowledge Base Architecture (1) ▪The SKB Database, which stores the knowledge ▪SKB Engine, which manages the operations on the database. It exposes REST API to interact with the other modules ▪The connectors (one for each external source), which translate the information coming from external threat intelligence sources into the data model to promote homogeneity and integrity among the FINSEC services
21H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Security Knowledge Base Architecture (2)
22H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The FINSEC Security Knowledge Base One of the modules contained in the Data Tier of the FINSEC Reference Architecture Security Knowledge Base will be to collect information coming from different sources of Cyber Threat Intelligence Value of the Security Knowledge Base compared to the existing ones is the definition of the relationships between different assets and their interactions as part of the critical infrastructures of the financial sector Service Tier to consume the information contained in the Knowledge Base for producing new Cyber and Physical Threat Intelligence Service Tier will feed the Security Knowledge Base with this new information
23H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Integration with the Dashboard and the Collaborative Risk Management Module ▪The Collaborative Risk Management module: ▪ Retrieves the vulnerabilities and the related scores affecting the assets that compose the service; ▪ Calculates the individual asset risk for each asset composing the service, based on the affecting vulnerabilities, the impact and the threat level for the asset itself; ▪ Calculates the service risk starting from the assets’ individual risks. ▪ The user (e.g., Security Officer, Member of CERT/CSIRT teams) can see information on the organization services in the Service page of the Dashboard
24H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Visualization of the Criticality of vulnerabilities
25H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Visualization of Vulnerabilities affecting the infrastructure
26H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Risk management module Risk Management module to calculate the risk associated with the infrastructure services. The Collaborative Risk Management module: ▪Retrieves the vulnerabilities and the related scores affecting the assets that compose the service; ▪Calculates the individual asset risk for each asset composing the service, based on the affecting vulnerabilities, the impact and the threat level for the asset itself; ▪Calculates the service risk starting from the assets’ individual risks.
27H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Visualization of Risk Associated with the Service

Recommended

09 blockchain-security-information-sharing
09 blockchain-security-information-sharing09 blockchain-security-information-sharing
09 blockchain-security-information-sharingChristos Laganas
 
11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sectorinnov-acts-ltd
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
 

Recommended

09 blockchain-security-information-sharing
09 blockchain-security-information-sharing09 blockchain-security-information-sharing
09 blockchain-security-information-sharingChristos Laganas
 
11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sectorinnov-acts-ltd
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionGareth Niblett
 
Call for Paper - 9th International Conference of Security, Privacy and Trust ...
Call for Paper - 9th International Conference of Security, Privacy and Trust ...Call for Paper - 9th International Conference of Security, Privacy and Trust ...
Call for Paper - 9th International Conference of Security, Privacy and Trust ...ijcisjournal
 
9th International Conference of Security, Privacy and Trust Management (SPTM ...
9th International Conference of Security, Privacy and Trust Management (SPTM ...9th International Conference of Security, Privacy and Trust Management (SPTM ...
9th International Conference of Security, Privacy and Trust Management (SPTM ...ijseajournal
 
Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...IJNSA Journal
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...FinTech Belgium
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summitElsa Prieto
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyUlf Mattsson
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016Ulf Mattsson
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineAlexey Yankovski
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicSecunoid Systems Inc
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eumanelmedina
 
6th International Conference on Cryptography and Information Security (CRIS 2...
6th International Conference on Cryptography and Information Security (CRIS 2...6th International Conference on Cryptography and Information Security (CRIS 2...
6th International Conference on Cryptography and Information Security (CRIS 2...IJNSA Journal
 
Call for Papers - 6th International Conference on Cryptography and Informatio...
Call for Papers - 6th International Conference on Cryptography and Informatio...Call for Papers - 6th International Conference on Cryptography and Informatio...
Call for Papers - 6th International Conference on Cryptography and Informatio...IJNSA Journal
 
09 blockchain-security-information-sharing
09 blockchain-security-information-sharing09 blockchain-security-information-sharing
09 blockchain-security-information-sharinginnov-acts-ltd
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on financeinnov-acts-ltd
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 

More Related Content

What's hot

Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionGareth Niblett
 
Call for Paper - 9th International Conference of Security, Privacy and Trust ...
Call for Paper - 9th International Conference of Security, Privacy and Trust ...Call for Paper - 9th International Conference of Security, Privacy and Trust ...
Call for Paper - 9th International Conference of Security, Privacy and Trust ...ijcisjournal
 
9th International Conference of Security, Privacy and Trust Management (SPTM ...
9th International Conference of Security, Privacy and Trust Management (SPTM ...9th International Conference of Security, Privacy and Trust Management (SPTM ...
9th International Conference of Security, Privacy and Trust Management (SPTM ...ijseajournal
 
Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...IJNSA Journal
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...FinTech Belgium
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summitElsa Prieto
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyUlf Mattsson
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016Ulf Mattsson
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineAlexey Yankovski
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicSecunoid Systems Inc
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eumanelmedina
 
6th International Conference on Cryptography and Information Security (CRIS 2...
6th International Conference on Cryptography and Information Security (CRIS 2...6th International Conference on Cryptography and Information Security (CRIS 2...
6th International Conference on Cryptography and Information Security (CRIS 2...IJNSA Journal
 
Call for Papers - 6th International Conference on Cryptography and Informatio...
Call for Papers - 6th International Conference on Cryptography and Informatio...Call for Papers - 6th International Conference on Cryptography and Informatio...
Call for Papers - 6th International Conference on Cryptography and Informatio...IJNSA Journal
 

What's hot (19)

Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss Prevention
 
Call for Paper - 9th International Conference of Security, Privacy and Trust ...
Call for Paper - 9th International Conference of Security, Privacy and Trust ...Call for Paper - 9th International Conference of Security, Privacy and Trust ...
Call for Paper - 9th International Conference of Security, Privacy and Trust ...
 
9th International Conference of Security, Privacy and Trust Management (SPTM ...
9th International Conference of Security, Privacy and Trust Management (SPTM ...9th International Conference of Security, Privacy and Trust Management (SPTM ...
9th International Conference of Security, Privacy and Trust Management (SPTM ...
 
Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
6th International Conference on Cryptography and Information Security (CRIS 2...
6th International Conference on Cryptography and Information Security (CRIS 2...6th International Conference on Cryptography and Information Security (CRIS 2...
6th International Conference on Cryptography and Information Security (CRIS 2...
 
Call for Papers - 6th International Conference on Cryptography and Informatio...
Call for Papers - 6th International Conference on Cryptography and Informatio...Call for Papers - 6th International Conference on Cryptography and Informatio...
Call for Papers - 6th International Conference on Cryptography and Informatio...
 

Similar to Digital Finance Academy Security Knowledge Base

09 blockchain-security-information-sharing
09 blockchain-security-information-sharing09 blockchain-security-information-sharing
09 blockchain-security-information-sharinginnov-acts-ltd
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on financeinnov-acts-ltd
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 
Finsec innov-acts-open banking-london080319-4web
Finsec innov-acts-open banking-london080319-4webFinsec innov-acts-open banking-london080319-4web
Finsec innov-acts-open banking-london080319-4webinnov-acts-ltd
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big UnknownAdrian Dumitrescu
 
IT Security News & Case Studies
IT Security News & Case StudiesIT Security News & Case Studies
IT Security News & Case StudiesDani Wannous
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docxwrite31
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsBob Marcus
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...IJCSIS Research Publications
 
Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien DNUG e.V.
 
Fintech Cybersecurity Measures
Fintech Cybersecurity MeasuresFintech Cybersecurity Measures
Fintech Cybersecurity Measuresijtsrd
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
SecureIoT Security Knowledge Base
SecureIoT Security Knowledge BaseSecureIoT Security Knowledge Base
SecureIoT Security Knowledge BaseMariza Konidi
 
Webinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystWebinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystTuan Yang
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 

Similar to Digital Finance Academy Security Knowledge Base (20)

09 blockchain-security-information-sharing
09 blockchain-security-information-sharing09 blockchain-security-information-sharing
09 blockchain-security-information-sharing
 
05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance05 standards and general purpose regulations - impact on finance
05 standards and general purpose regulations - impact on finance
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
Finsec innov-acts-open banking-london080319-4web
Finsec innov-acts-open banking-london080319-4webFinsec innov-acts-open banking-london080319-4web
Finsec innov-acts-open banking-london080319-4web
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big Unknown
 
IT Security News & Case Studies
IT Security News & Case StudiesIT Security News & Case Studies
IT Security News & Case Studies
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docx
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
 
Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien
 
Fintech Cybersecurity Measures
Fintech Cybersecurity MeasuresFintech Cybersecurity Measures
Fintech Cybersecurity Measures
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
SecureIoT Security Knowledge Base
SecureIoT Security Knowledge BaseSecureIoT Security Knowledge Base
SecureIoT Security Knowledge Base
 
Webinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystWebinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence Analyst
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 

Recently uploaded

Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Commonwealth
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
Chapter 2.ppt of macroeconomics by mankiw 9th edition
Chapter 2.ppt of macroeconomics by mankiw 9th editionChapter 2.ppt of macroeconomics by mankiw 9th edition
Chapter 2.ppt of macroeconomics by mankiw 9th editionMuhammadHusnain82237
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdfAdnet Communications
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesMarketing847413
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Roomdivyansh0kumar0
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Service
(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Service(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Service
(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdfHenry Tapper
 
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Sapana Sha
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...Henry Tapper
 
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 

Recently uploaded (20)

Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]
 
Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
Chapter 2.ppt of macroeconomics by mankiw 9th edition
Chapter 2.ppt of macroeconomics by mankiw 9th editionChapter 2.ppt of macroeconomics by mankiw 9th edition
Chapter 2.ppt of macroeconomics by mankiw 9th edition
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast Slides
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Service
(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Service(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Service
(TANVI) Call Girls Nanded City ( 7001035870 ) HI-Fi Pune Escorts Service
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
 
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
 
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
 

Digital Finance Academy Security Knowledge Base

  • 1. 1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Consorzio Interuniversitario Nazionale per l'Informatica (CINI) & INNOV-ACTS, Limited E-mail: cini@finsec-project.eu , info@innov-acts.com H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 FINSTIX: A Security Data Model for the Financial Sector 15/04/2020
  • 2. 2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Learn about the security knowledge base model ▪ Understand how STIX was extended to serve the needs of the FINSEC project Topic ▪ Understand what a knowledge base is ▪ Learn about the different types of knowledge bases ▪ Understand the basics of Cyber Threat Intelligence ▪ Discover the relevance of Structured Threat Information eXpression (STIX) Goal Existing solutions - STIX The FINSTIX solution
  • 3. 3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Introduction ▪ Cybersecurity incidents against financial institutions is growing ▪ Benefits - growing sophistication of recent technological innovations - complex processes - multiple organizations - services are becoming more digitized and interconnected ▪ Need for financial institutions - Increase their robustness - Develop integrated approaches for addressing physical and cyber attack FINSEC project: Integrated Framework for Predictive and Collaborative Security of Financial Sector
  • 4. 4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Existing solutions
  • 5. 5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Cyber Threat Intelligence Holistic approach to the automated sharing of threat intelligence Considered one of the most promising strategies in the cyber-security topic Propose a classification and distinction among existing threat intelligence types Summarize and compare the most prevalent information-sharing models Structured Threat Information Expression (STIX) the most commonly used CTI standard
  • 6. 6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Structured Threat Information eXpression (STIX) ▪ STIX: ▪ Provides a modular format that can also efficiently incorporate other standards ▪ Adopted in different contexts of different nature ▪ STIX has been designed with a focus on four different use cases that include: ▪ Analyzing Cyber Threats ▪ Specifying Indicator Patterns for Cyber Threats ▪ Managing Cyber Threat Response Activities ▪ Sharing Cyber Threat Information
  • 7. 7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Structured Threat Information eXpression (STIX) (cont.) Limitations of STIX: ▪very complex to implement ▪lacks support to reasoning FINSTIX ▪includes both cyber and physical security threats ▪enables the description of organization assets ▪accounts for how they are inter-connected
  • 8. 8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY STIX Domain Objects
  • 9. 9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY STIX Domain Objects (cont.)
  • 10. 10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY STIX Relationship Objects
  • 11. 11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Knowledge Base (1) ▪ Definition: Technology is used to collect, organize, share and retrieve complex structured and unstructured information representing facts and assertions about the world. ▪ Difference from a simple database: ▪ Does not consist only of tables with numbers, strings, dates, etc. ▪ Contains objects with pointers to other objects that, in turn, have additional pointers ▪ Two major types of knowledge bases: ▪ human-readable : knowledge base enables the users to access and use the knowledge ▪ machine readable
  • 12. 12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Knowledge Base (2) ▪Two major types of knowledge bases: ▪ Human-readable : ▪ knowledge base enables the users to access and use the knowledge ▪ consist of documents, manuals, troubleshooting information, and frequently answered questions ▪ interactive and can lead the users to the solutions to their problems, relying on the information provided by expert users to guide the process ▪ Machine-readable : ▪ stores knowledge in system-readable forms ▪ limited in interactivity
  • 13. 13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSEC Security Knowledge Base (1) ▪Information from different external sources of Cyber Threat Intelligence is collected ▪Structure of the knowledge base = definition of relationships between the different assets and of their interactions as part of the critical ▪Definitions enable identification and registration of known attack patterns against the infrastructure ▪Type of knowledge base : ▪mixture of human and machine-readable
  • 14. 14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSEC Security Knowledge Base (2) To suit the FINSEC needs, the content of the Security Knowledge Base satisfies two essential requirements: 1. It should be structured in order to enable automatic processing 2. It should include information on the infrastructure and the organization assets, for enabling the FINSEC Platform to perform Cyber and Physical Threat Intelligence
  • 15. 15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The FINSTIX solution
  • 16. 16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Security Knowledge Base Data Model ▪ To realize a knowledge base, need to design the appropriate data model, which is the format used to represent the information contained in the knowledge base ▪ Option #1 : ▪ Define a completely new set of objects coping with the business requirements of the considered use cases ▪ This approach incorporates the risk of missing other relevant cases ▪ Option #2: ▪ Employ an existing standard (or mix of standards) and then extend is such that missing components can be added The Edge Tier contains the Actuation Enabler and a Data Collection module ▪ FINSEC follows option #2
  • 17. 17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY From STIX to FINSTIX ▪STIX limitations: ▪ it does not provide for an accurate representation of the financial institution infrastructure ▪ does not envisage physical systems, but it is rather limited to the cyber ones ▪Two possible extensions of STIX: 1. consists in the definition of custom parameters into STIX Domain Objects already defined by the standard itself 2. consists in the definition of brand-new custom objects. FINSEC follows both approaches
  • 18. 18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSTIX Domain Objects (1) Name Description Organization Financial organization. Asset Organizations’ valuable infrastructure. PCs, server rooms, ATMs, applications, and everything inside an organization that is crucial. Area of Interest Logical/physical area, for example, an indoor area (server room). Service A collection of assets forming a publicly exposed service, for example, a web application. Probe Object used to support monitoring infrastructure. A Probe usually monitors one or more areas of interest. Probe Configuration Data sent to a probe to configure details such as the area under monitoring or the bit rate of the monitoring process. Event Information on something happened/happening.
  • 19. 19H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY FINSTIX Domain Objects (2) Name Description Collected data A group of observed data collected by the network probe. Agent Person involved in the events created by the probes. Risk The calculated risk for a specific asset or service. The upper levels of FINSEC calculate it in real-time. Risk Configuration Parameter specification to optimize the risk assessment process. It defines the triggers and other useful options. Regulation An object used to depict a regulation violation. Vulnerability score Rating used to provide a score to a vulnerability. Cyber-Physical Threat Intelligence Data set fed and enriched by threat information as soon as they are gathered from the probes and processed by the Predictive Analytics module.
  • 20. 20H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Security Knowledge Base Architecture (1) ▪The SKB Database, which stores the knowledge ▪SKB Engine, which manages the operations on the database. It exposes REST API to interact with the other modules ▪The connectors (one for each external source), which translate the information coming from external threat intelligence sources into the data model to promote homogeneity and integrity among the FINSEC services
  • 21. 21H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Security Knowledge Base Architecture (2)
  • 22. 22H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The FINSEC Security Knowledge Base One of the modules contained in the Data Tier of the FINSEC Reference Architecture Security Knowledge Base will be to collect information coming from different sources of Cyber Threat Intelligence Value of the Security Knowledge Base compared to the existing ones is the definition of the relationships between different assets and their interactions as part of the critical infrastructures of the financial sector Service Tier to consume the information contained in the Knowledge Base for producing new Cyber and Physical Threat Intelligence Service Tier will feed the Security Knowledge Base with this new information
  • 23. 23H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Integration with the Dashboard and the Collaborative Risk Management Module ▪The Collaborative Risk Management module: ▪ Retrieves the vulnerabilities and the related scores affecting the assets that compose the service; ▪ Calculates the individual asset risk for each asset composing the service, based on the affecting vulnerabilities, the impact and the threat level for the asset itself; ▪ Calculates the service risk starting from the assets’ individual risks. ▪ The user (e.g., Security Officer, Member of CERT/CSIRT teams) can see information on the organization services in the Service page of the Dashboard
  • 24. 24H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Visualization of the Criticality of vulnerabilities
  • 25. 25H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Visualization of Vulnerabilities affecting the infrastructure
  • 26. 26H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Risk management module Risk Management module to calculate the risk associated with the infrastructure services. The Collaborative Risk Management module: ▪Retrieves the vulnerabilities and the related scores affecting the assets that compose the service; ▪Calculates the individual asset risk for each asset composing the service, based on the affecting vulnerabilities, the impact and the threat level for the asset itself; ▪Calculates the service risk starting from the assets’ individual risks.
  • 27. 27H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Visualization of Risk Associated with the Service