SlideShare a Scribd company logo

Cybersecurity isaca

Antoine Vigneron
Antoine Vigneron

This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.

Technology
1 of 56
Download to read offline
Cybersecurité à l’ISACA Yves LE ROUX CISM, CISSP Yves.leroux@ca.com 2 avril 2015 Jeudi de l’AFAI
Tendances et nouveaux aspects de la sécurité informatique
3 © 2014 CA. ALL RIGHTS RESERVED.
4 © 2014 CA. ALL RIGHTS RESERVED. Factors Impacting the Need for Improved Cyber Security Source: ISACA, 2014
5 © 2014 CA. ALL RIGHTS RESERVED. Consumerization •Mobile devices •Social media •Cloud services •Nonstandard •Security as a Service Continual Regulatory and Compliance Pressures • SOX, PCI, EU Privacy • ISO 27001 • Other regulations Emerging Trends •Decrease in time to exploit •Targeted attacks •Advanced persistent threats (APTs) Source: ISACA, 2014 Key Trends and Drivers of Security
6 © 2014 CA. ALL RIGHTS RESERVED. he WOrld is Changing Source: ISACA, 2012
7 © 2014 CA. ALL RIGHTS RESERVED. The APT Life cycle History shows that most sophisticated attackers, regardless of their motives, funding or control, tend to operate in a certain cycle and are extremely effective at attacking their targets. 7
8 © 2014 CA. ALL RIGHTS RESERVED.
APT sont différents ils sont ciblés VS
Attaques ciblées • Adversary’s persistence – They know what they want and they pursue their goal – They will repeatedly try to get in – Once they’re in they try to stay – When you throw them out they will try to come back • Initial infection very difficult to avoid – Spear-phishing e-mails – Social engineering to trick the user into running malware installers – Watering hole attacks using known exploits – Watering hole attacks that rely on social engineering • Take control over the infrastructure: 10’-> 48hours • Detection: average 229 days (or never) • Remediation: 1-6 months
Stratégie Européenne de Cybersécurité
12 © 2014 CA. ALL RIGHTS RESERVED. Strategie Européenne de Cybersecurité  The Five strategic objectives of the strategy are as follows: – Achieving cyber resilience – Drastically reducing cybercrime – Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP) – Developing the industrial and technological resources for cybersecurity – Establishing a coherent international cyberspace policy for the European Union and promote core EU values.
13 © 2014 CA. ALL RIGHTS RESERVED. Network and Information Security (NIS) Directive Key Elements  Capabilities: Common NIS requirements at national level – NIS strategy and cooperation plan – NIS competent authority – Computer Emergency Response Team (CERT)  Cooperation: NIS competent authorities to cooperate within a network at EU level – Early warnings and coordinated response – Capacity building – NIS exercises at EU level – ENISA to assist  Risk management and incident reporting for: – Energy – electricity, gas and oil – Credit institutions and stock exchanges – Transport – air, maritime, rail – Healthcare – Internet enablers – Public administrations
14 © 2014 CA. ALL RIGHTS RESERVED. NIS Directive legal actions  7 February 2013 The European Commission published the draft Network and Information Security (NIS) Directive, which set out proposals to enhance the EU’s resilience to cyber security threats and ensure a common level of network and information security across the EU.  13 March 2014 The European Parliament successfully voted through the proposed NIS Directive with a number of amendments to the proposed text.  19 November 2014 EU Member States remain divided whether Internet companies should comply with the proposed NIS Directive. The Council presidency said that it is "confident" that the Council and Parliament would be able to "reach a deal before the end of the year" on the final wording of the legislation.
15 © 2014 CA. ALL RIGHTS RESERVED. NIS Public-Private Platform  NIS Platform is complementing and underpinning the NIS Directive. It will help implement the measures set out in the Directive, e.g. by simplifying incident reporting, and ensure its convergent and harmonised application across the EU.  First meeting of the NIS Platform on 17 June 2013, it was decided to set up 3 working groups which should be cross-cutting, with all relevant sectors represented: – WG1 on risk management, including information assurance, risks metrics and awareness raising; – WG2 on information exchange and incident coordination, including incident reporting and risks metrics for the purpose of information exchange; – WG3 on secure ICT research and innovation.  The NIS Platform on 25 November 2014, decided that the aim is to have NISP finalised guidance of all Chapters in October 2015 and Commission recommendations on good cyber security practices due to be adopted in late 2015.
16 © 2014 CA. ALL RIGHTS RESERVED. Breakdown and tentative timing of Chapters per W.G. Source: NIS Public-Private Platform 25 november 2014 Meeting Report
17 © 2014 CA. ALL RIGHTS RESERVED. France  La loi de programmation militaire du 18 décembre 2013  Décret no 2015-349 du 27 mars 2015 relatif à l’habilitation et à l’assermentation des agents de l’autorité nationale de sécurité des systèmes d’information  Décret no 2015- 350 du 27 mars 2015 relatif à la qualification des produits de sécurité   Décret no 2015-351 du 27 mars 2015 relatif à la sécurité des systèmes d’information des opérateurs d’importance vitale.
18 © 2014 CA. ALL RIGHTS RESERVED. France  218 organisations stratégiques pour la nation, ont l'obligation de se protéger contre les intrusions informatiques.  Secteurs étatiques : activités civiles de l’Etat, activités militaires de l’Etat, activités judiciaires.  Secteurs de la protection des citoyens : santé, gestion de l'eau, alimentation.  Secteurs de la vie économique et sociale de la nation : énergie, communication, électronique, audiovisuel et information (les quatre représentent un secteur), transports, finances, industrie.  Audits externes réguliers contrôlant la sécurité de leur système d'information  Installation de logiciels ou matériels qui détectent en permanence les intrusions informatiques venues de l'extérieur.
ISACA European Cybersecurity Implementation Series
20 © 2014 CA. ALL RIGHTS RESERVED.  ISACA has released the European Cyber security Implementation Series primarily to provide practical implementation guidance that is aligned with European requirements and good practice. Source: ISACA, 2014
21 © 2014 CA. ALL RIGHTS RESERVED. Source: ISACA, 2014
22 © 2014 CA. ALL RIGHTS RESERVED.
23 © 2014 CA. ALL RIGHTS RESERVED. SIX QUESTIONS THE BOARD SHOULD ASK  Does the organization use a security framework?  What are the top five risks the organization has related to cybersecurity?  How are employees made aware of their role related to cybersecurity?  Are external and internal threats considered when planning cybersecurity program activities?  How is security governance managed within the organization?  In the event of a serious breach, has management developed a robust response protocol?
24 © 2014 CA. ALL RIGHTS RESERVED. Overview When implementing cybersecurity steps and measures enterprises should perform : 1. Analyse impact (with a view to business impacts and other, nonfinancial impacts). 2. Identify and analyse risk 3. Determine risk treatment. 4. Determine cybersecurity strategy options based on risk profile.
25 © 2014 CA. ALL RIGHTS RESERVED.
Source: ENISA, 2014
Mapping ERMP to COBIT 5 Source: ISACA, 2014
Some exemples of Cybersecurity Risk
Risk Scenario in COBIT 5 Risk Management
Cobit 5 Risk Management Framework
Trois lignes de défense
European restriction on Audit
Legal and contractual relationships
Data logging & retention
Le dernier paru
Questions? Yves.leroux@ca.com

Recommended

Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
MohammedYaseen638128
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
Cloudflare
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
Fahmi Albaheth
 

Recommended

Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
MohammedYaseen638128
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
Cloudflare
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
Fahmi Albaheth
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
VivianMarcello3
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity Capabilities
ITU
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
Edureka!
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
Management Events
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
Ahmed Hashem El Fiky
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
ANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PME
polenumerique33
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnelles
Mohamed MDELLA
 

More Related Content

What's hot

Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
VivianMarcello3
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity Capabilities
ITU
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
Edureka!
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
Management Events
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
Ahmed Hashem El Fiky
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 

What's hot (20)

Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity Capabilities
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 

Viewers also liked

ANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PME
polenumerique33
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnelles
Mohamed MDELLA
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
European Union Agency for Network and Information Security (ENISA)
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatiqueNIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
ITrust - Cybersecurity as a Service
 
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
Antoine Vigneron
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
isc2-hellenic
 
Paiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitalePaiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitale
Antoine Vigneron
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
JamesDempsey1
 
Fiche jei-2015
Fiche jei-2015Fiche jei-2015
Fiche jei-2015
polenumerique33
 
Jeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéJeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécurité
Antoine Vigneron
 
La French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de PresseLa French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de Presse
Paul-Antoine Evain
 
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
polenumerique33
 
Incident Response in the Cloud
Incident Response in the CloudIncident Response in the Cloud
Incident Response in the Cloud
Brian Honan
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Brian Honan
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
Parag Deodhar
 
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
polenumerique33
 
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshopIUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
polenumerique33
 
CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015
polenumerique33
 
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
polenumerique33
 

Viewers also liked (20)

ANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PME
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnelles
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatiqueNIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
 
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
 
Paiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitalePaiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitale
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Fiche jei-2015
Fiche jei-2015Fiche jei-2015
Fiche jei-2015
 
Jeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéJeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécurité
 
La French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de PresseLa French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de Presse
 
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
 
Incident Response in the Cloud
Incident Response in the CloudIncident Response in the Cloud
Incident Response in the Cloud
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
 
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshopIUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
 
CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015
 
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
 

Similar to Cybersecurity isaca

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
BigData_Europe
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
European Services Institute
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
European Services Institute
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Miguel A. Amutio
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016
OMNETRIC
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
Santosh Khadsare
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docx
bagotjesusa
 
Critical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation SectorCritical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation Sector
European Services Institute
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
dotZADNA
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
EUBrasilCloudFORUM .
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in Taiwan
APNIC
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
Dr David Probert
 
Cyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportCyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transport
Andrey Apuhtin
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
Knowledge Group
 
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
Abbie Barbir
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
Aurobindo Nayak
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber Strategy
Ian Kelly
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
Kevin Duffey
 

Similar to Cybersecurity isaca (20)

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docx
 
Critical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation SectorCritical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation Sector
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in Taiwan
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
 
Cyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportCyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transport
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber Strategy
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
 

More from Antoine Vigneron

L'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéL'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécurité
Antoine Vigneron
 
La signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesLa signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usages
Antoine Vigneron
 
La signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASLa signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDAS
Antoine Vigneron
 
La signature électronique chez les notaires
La signature électronique chez les notairesLa signature électronique chez les notaires
La signature électronique chez les notaires
Antoine Vigneron
 
Bitcoin et le bitcoin
Bitcoin et le bitcoinBitcoin et le bitcoin
Bitcoin et le bitcoin
Antoine Vigneron
 
La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?
Antoine Vigneron
 
CIO advisory English
CIO advisory English CIO advisory English
CIO advisory English
Antoine Vigneron
 
Les objets connectés
Les objets connectésLes objets connectés
Les objets connectés
Antoine Vigneron
 
Internet des objets - Doc@Post
Internet des objets - Doc@PostInternet des objets - Doc@Post
Internet des objets - Doc@Post
Antoine Vigneron
 
Objets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreObjets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendre
Antoine Vigneron
 
Données personnelles et SI - GDPR
Données personnelles et SI - GDPRDonnées personnelles et SI - GDPR
Données personnelles et SI - GDPR
Antoine Vigneron
 
La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des... La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des...
Antoine Vigneron
 
Cybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautiqueCybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautique
Antoine Vigneron
 
Les ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieLes ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussie
Antoine Vigneron
 
Relever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeRelever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en Europe
Antoine Vigneron
 
DSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteDSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simplicite
Antoine Vigneron
 
CFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteCFAO Concilier securité et simplicite
CFAO Concilier securité et simplicite
Antoine Vigneron
 
Galtier Concilier securite et simplicite
Galtier Concilier securite et simpliciteGaltier Concilier securite et simplicite
Galtier Concilier securite et simplicite
Antoine Vigneron
 
Cloud and compliance REX
Cloud and compliance REXCloud and compliance REX
Cloud and compliance REX
Antoine Vigneron
 
Challenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraChallenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital era
Antoine Vigneron
 

More from Antoine Vigneron (20)

L'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéL'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécurité
 
La signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesLa signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usages
 
La signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASLa signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDAS
 
La signature électronique chez les notaires
La signature électronique chez les notairesLa signature électronique chez les notaires
La signature électronique chez les notaires
 
Bitcoin et le bitcoin
Bitcoin et le bitcoinBitcoin et le bitcoin
Bitcoin et le bitcoin
 
La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?
 
CIO advisory English
CIO advisory English CIO advisory English
CIO advisory English
 
Les objets connectés
Les objets connectésLes objets connectés
Les objets connectés
 
Internet des objets - Doc@Post
Internet des objets - Doc@PostInternet des objets - Doc@Post
Internet des objets - Doc@Post
 
Objets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreObjets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendre
 
Données personnelles et SI - GDPR
Données personnelles et SI - GDPRDonnées personnelles et SI - GDPR
Données personnelles et SI - GDPR
 
La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des... La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des...
 
Cybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautiqueCybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautique
 
Les ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieLes ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussie
 
Relever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeRelever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en Europe
 
DSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteDSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simplicite
 
CFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteCFAO Concilier securité et simplicite
CFAO Concilier securité et simplicite
 
Galtier Concilier securite et simplicite
Galtier Concilier securite et simpliciteGaltier Concilier securite et simplicite
Galtier Concilier securite et simplicite
 
Cloud and compliance REX
Cloud and compliance REXCloud and compliance REX
Cloud and compliance REX
 
Challenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraChallenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital era
 

Recently uploaded

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

Cybersecurity isaca

  • 1. Cybersecurité à l’ISACA Yves LE ROUX CISM, CISSP Yves.leroux@ca.com 2 avril 2015 Jeudi de l’AFAI
  • 2. Tendances et nouveaux aspects de la sécurité informatique
  • 3. 3 © 2014 CA. ALL RIGHTS RESERVED.
  • 4. 4 © 2014 CA. ALL RIGHTS RESERVED. Factors Impacting the Need for Improved Cyber Security Source: ISACA, 2014
  • 5. 5 © 2014 CA. ALL RIGHTS RESERVED. Consumerization •Mobile devices •Social media •Cloud services •Nonstandard •Security as a Service Continual Regulatory and Compliance Pressures • SOX, PCI, EU Privacy • ISO 27001 • Other regulations Emerging Trends •Decrease in time to exploit •Targeted attacks •Advanced persistent threats (APTs) Source: ISACA, 2014 Key Trends and Drivers of Security
  • 6. 6 © 2014 CA. ALL RIGHTS RESERVED. he WOrld is Changing Source: ISACA, 2012
  • 7. 7 © 2014 CA. ALL RIGHTS RESERVED. The APT Life cycle History shows that most sophisticated attackers, regardless of their motives, funding or control, tend to operate in a certain cycle and are extremely effective at attacking their targets. 7
  • 8. 8 © 2014 CA. ALL RIGHTS RESERVED.
  • 9. APT sont différents ils sont ciblés VS
  • 10. Attaques ciblées • Adversary’s persistence – They know what they want and they pursue their goal – They will repeatedly try to get in – Once they’re in they try to stay – When you throw them out they will try to come back • Initial infection very difficult to avoid – Spear-phishing e-mails – Social engineering to trick the user into running malware installers – Watering hole attacks using known exploits – Watering hole attacks that rely on social engineering • Take control over the infrastructure: 10’-> 48hours • Detection: average 229 days (or never) • Remediation: 1-6 months
  • 11. Stratégie Européenne de Cybersécurité
  • 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Strategie Européenne de Cybersecurité  The Five strategic objectives of the strategy are as follows: – Achieving cyber resilience – Drastically reducing cybercrime – Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP) – Developing the industrial and technological resources for cybersecurity – Establishing a coherent international cyberspace policy for the European Union and promote core EU values.
  • 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Network and Information Security (NIS) Directive Key Elements  Capabilities: Common NIS requirements at national level – NIS strategy and cooperation plan – NIS competent authority – Computer Emergency Response Team (CERT)  Cooperation: NIS competent authorities to cooperate within a network at EU level – Early warnings and coordinated response – Capacity building – NIS exercises at EU level – ENISA to assist  Risk management and incident reporting for: – Energy – electricity, gas and oil – Credit institutions and stock exchanges – Transport – air, maritime, rail – Healthcare – Internet enablers – Public administrations
  • 14. 14 © 2014 CA. ALL RIGHTS RESERVED. NIS Directive legal actions  7 February 2013 The European Commission published the draft Network and Information Security (NIS) Directive, which set out proposals to enhance the EU’s resilience to cyber security threats and ensure a common level of network and information security across the EU.  13 March 2014 The European Parliament successfully voted through the proposed NIS Directive with a number of amendments to the proposed text.  19 November 2014 EU Member States remain divided whether Internet companies should comply with the proposed NIS Directive. The Council presidency said that it is "confident" that the Council and Parliament would be able to "reach a deal before the end of the year" on the final wording of the legislation.
  • 15. 15 © 2014 CA. ALL RIGHTS RESERVED. NIS Public-Private Platform  NIS Platform is complementing and underpinning the NIS Directive. It will help implement the measures set out in the Directive, e.g. by simplifying incident reporting, and ensure its convergent and harmonised application across the EU.  First meeting of the NIS Platform on 17 June 2013, it was decided to set up 3 working groups which should be cross-cutting, with all relevant sectors represented: – WG1 on risk management, including information assurance, risks metrics and awareness raising; – WG2 on information exchange and incident coordination, including incident reporting and risks metrics for the purpose of information exchange; – WG3 on secure ICT research and innovation.  The NIS Platform on 25 November 2014, decided that the aim is to have NISP finalised guidance of all Chapters in October 2015 and Commission recommendations on good cyber security practices due to be adopted in late 2015.
  • 16. 16 © 2014 CA. ALL RIGHTS RESERVED. Breakdown and tentative timing of Chapters per W.G. Source: NIS Public-Private Platform 25 november 2014 Meeting Report
  • 17. 17 © 2014 CA. ALL RIGHTS RESERVED. France  La loi de programmation militaire du 18 décembre 2013  Décret no 2015-349 du 27 mars 2015 relatif à l’habilitation et à l’assermentation des agents de l’autorité nationale de sécurité des systèmes d’information  Décret no 2015- 350 du 27 mars 2015 relatif à la qualification des produits de sécurité   Décret no 2015-351 du 27 mars 2015 relatif à la sécurité des systèmes d’information des opérateurs d’importance vitale.
  • 18. 18 © 2014 CA. ALL RIGHTS RESERVED. France  218 organisations stratégiques pour la nation, ont l'obligation de se protéger contre les intrusions informatiques.  Secteurs étatiques : activités civiles de l’Etat, activités militaires de l’Etat, activités judiciaires.  Secteurs de la protection des citoyens : santé, gestion de l'eau, alimentation.  Secteurs de la vie économique et sociale de la nation : énergie, communication, électronique, audiovisuel et information (les quatre représentent un secteur), transports, finances, industrie.  Audits externes réguliers contrôlant la sécurité de leur système d'information  Installation de logiciels ou matériels qui détectent en permanence les intrusions informatiques venues de l'extérieur.
  • 20. 20 © 2014 CA. ALL RIGHTS RESERVED.  ISACA has released the European Cyber security Implementation Series primarily to provide practical implementation guidance that is aligned with European requirements and good practice. Source: ISACA, 2014
  • 21. 21 © 2014 CA. ALL RIGHTS RESERVED. Source: ISACA, 2014
  • 22. 22 © 2014 CA. ALL RIGHTS RESERVED.
  • 23. 23 © 2014 CA. ALL RIGHTS RESERVED. SIX QUESTIONS THE BOARD SHOULD ASK  Does the organization use a security framework?  What are the top five risks the organization has related to cybersecurity?  How are employees made aware of their role related to cybersecurity?  Are external and internal threats considered when planning cybersecurity program activities?  How is security governance managed within the organization?  In the event of a serious breach, has management developed a robust response protocol?
  • 24. 24 © 2014 CA. ALL RIGHTS RESERVED. Overview When implementing cybersecurity steps and measures enterprises should perform : 1. Analyse impact (with a view to business impacts and other, nonfinancial impacts). 2. Identify and analyse risk 3. Determine risk treatment. 4. Determine cybersecurity strategy options based on risk profile.
  • 25. 25 © 2014 CA. ALL RIGHTS RESERVED.
  • 27. Mapping ERMP to COBIT 5 Source: ISACA, 2014
  • 28. Some exemples of Cybersecurity Risk
  • 29. Risk Scenario in COBIT 5 Risk Management
  • 30. Cobit 5 Risk Management Framework
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. Trois lignes de défense
  • 46.
  • 47.
  • 49.
  • 50. Legal and contractual relationships
  • 51.
  • 52. Data logging & retention
  • 54.
  • 55.