SlideShare a Scribd company logo
1 of 24
Download to read offline
H. Czamai
AVL List GmbH
(Headquarters)
Public
INFORMATION SECURITY @ AVL
H. Czamai | | 20 März 2017 | 2Public
AGENDA
„Aus dem Leben eines IT-Security-Verantwortlichen“
 Introduction AVL
 ISMS @ AVL
 How AVL survives in the Cybersecurity Jungle
H. Czamai | | 20 März 2017 | 3Public
 AVL achieves unique results in regards
to the development and improvement of
all types of powertrains as well as in the
field of measurement and test
technology.
 AVL – over 65 years’ experience
 Involved in more than 1,500 engine
development projects
 More than 4,000 engine testbed
installations
OUR EXPERIENCE FOR YOUR SUCCESS
4Public
ENTERPRISE DEVELOPMENT AUTOMOTIVE
5 powertrain
elements
EXPERIENCE
More than 65
years !
GLOBAL FOOTPRINT
30 engineering locations
 >220 test beds
 Global customer support
network
ONE
PARTNER
INNOVATION 1500
granted patents
RESEARCH 10% of
turnover in-house R&D
GROWTH
SALES
 1995:
0.15 billion €
 2015:
1.27 billion €
 prev. 2016:
1.41 billion €
STAFF
 8,050 employees
 65% engineers &
scientists
0
100
200
300
400
500
600
700
800
900
1.000
1.100
1.200
1.300
1.400
1.500
Mio. €
H. Czamai | | 20 März 2017 | 5Public
SOLUTIONS FOR ALL CUSTOMER SEGMENTS
Passenger
Cars
Racing2-Wheelers
Construction Commercial
Vehicle
Agriculture
Locomotive Power PlantsMarine
Powertrain Engineering
Simulation & Testing
Development Platform
H. Czamai | | 20 März 2017 | 6Public
AVL – A GLOBAL PARTNER
*Headquarters in Graz
Austria*
Croatia
Czech Republic
France
Germany
Great Britain
Romania
Russia
Slovenia
Spain
Sweden
Turkey
Hungary
Italy
Poland
South America
Argentina
Brazil
Asia
China
India
Indonesia
Japan
Korea
Malaysia
Taiwan
Thailand
Vietnam
Australia
North America
Mexico
USA
Europe
H. Czamai | | 20 März 2017 | 7Public
AVL POWERTRAIN – A NETWORK OF
TECHNICAL CENTERS
*Headquarters in Graz
Austria*
France
Germany
Great Britain
Hungary
Sweden
Turkey
South America
Brazil
Asia
China
India
Japan
Korea
Australia
North America
USA
Europe
Ann Arbor, USA
Plymouth, USA
Paris, FRA
Lake Forest, USA
Sao Paulo, BRA Sydney, AUS
Gotenborg, SWEBudapest, HUN
Istanbul, TUR
Basildon, UK
Shanghai, CHN
Remscheid, GER Munich, GER
Stuttgart, GER
Regensburg, GERNeuenstadt, GER
Ingolstadt, GERCoventry, UK
Tianjin, CHN
Steyr, AUT
Haninge, SWE
Södertälje,SWEHQ Graz, AUT
+ another
9 Engineering
Offices
Delhi-Gurgaon, IND
Tokyo, JPNSeoul, KOR
H. Czamai | | 20 März 2017 | 8Public
ORIENTATION FOR AN INNOVATIVE FUTURE
AFFORDABLE
CO2
REDUCTION
AVL PROVIDES INNOVATIVE SOLUTIONS - SUPPORTING OUR CUSTOMERS
TO MEET THESE MAJOR CHALLENGES
MASTERING
SPEED &
COMPLEXITY
TO MARKET
STRATEGIC
GLOBAL
PARTNER
H. Czamai | | 20 März 2017 | 9Public
CHALLENGES FOR INFORMATION SECURITY
A STRUCTURED APPROACH (E.G. ISO27001 ISMS) ALLOWS US TO ENSURE
THE NECESSARY LEVEL OF INFORMATION SECURITY
MASTERING
SPEED &
COMPLEXITY
TECHNOLOGY
THREATS
GLOBAL SETUP
CULTURES
AWARENESS
H. Czamai | | 20 März 2017 | 10Public
Internal
Hannes Czamai
Global IT Security Officer
hannes.czamai@avl.com
Phone: +43 316 787 744, Fax: +43 316 787 1473
Mobile: +43 664 4225512, Office: +43 316 787 1768
AVL LIST GMBH
A-8020 Graz, Hans-List-Platz 1
www.avl.com
http://www.xing.com/profile/Hannes_Czamai/xc
www.linkedin.com/in/hannes-czamai
10
H. Czamai | | 20 März 2017 | 11Public
ISO 27001: THE INFORMATION SECURITY
MANAGEMENT SYSTEM (ISMS)
INORMATION SECURITY
is more than
IT SECURITY
H. Czamai | | 20 März 2017 | 12Public
Internal
ISMS: INFORMATION SECURITY APPROACH
12
Organizational Measures
ISO 27001 Certification, Awareness trainings, IT processes, HR processes,
Contract management, Global policies, Audits, Affiliate assessments, Background checks,
Security clearance, Comprehensive backup & disaster concepts, Phy. zone concept, …
Technical Measures
Port security, LAN / WAN / Firewall management
Access- and identity management (FIM) + AD + Policies
Server / Storage / Datacenter (Server room) standards,
Client COE / CAx Hardware + Software standards,
Patch-, Antivirus-, Antimalware- Management,
Access control system, Video surveillance, Fences,
and many more …
technical : organizational = 30% : 70%
H. Czamai | | 20 März 2017 | 13Public
ORGANIZATION: FROM ACTING TO REACTING
Reacting IT
IT IT
Business
Acting IT
User
User SECURITY
Reacting Security
Acting Security
H. Czamai | | 20 März 2017 | 14Public
AVL PROCESS LANDSCAPE –
SECURITY & PROCESSES
Information Security Processes
IT / Operational Processes
Business Processes
H. Czamai | | 20 März 2017 | 15Public
AVL ISMS – IT RISK MANAGEMENT
Information
Objects
IT System
Business
Process
Estimate
Damage
Model
IT Service
Rate
C I A
GAP
Analysis
Measures
Problem Mgmt.
Sensitivity =
Priority
RATING
BBB
H. Czamai | | 20 März 2017 | 16Public
H. Czamai | | 20 März 2017 | 17Public
TOP THREATS
 Lack of awareness
 Industrial espionage
 Data loss or theft
 Social engineering
 Travelling user
 Vulnerabilities in Apps
 CEO/Fake President Fraud Attack
 Crypto Locker + Ransomware
 DDOS blackmail
 APTs
H. Czamai | | 20 März 2017 | 18Public
VULNERABILITY / THREAT MANAGEMENT
Permanent detection of
malicious activities
H. Czamai | | 20 März 2017 | 19Public
ATA – THE SWISS KNIFE AGAINST DC ATTACKS
Detects with help of machine learning:
 Brute force
 Sensitive account exposed in plain text auth.
 Service exposing accounts in plain text auth.
 Honey Token account suspicious activities.
 Unusual protocol implementation.
 Malicious Data Protection Private Information Request.
 Abnormal Behavior (pass the hash, pass the ticket).
H. Czamai | | 20 März 2017 | 20Public
CLOUD STRATEGY
Customer Requirements
Legal Requirements
Identity / Access Management
Technical Measures (crypt)
Audit- Log Management
Risk Analysis
Contract Management
H. Czamai | | 20 März 2017 | 21Public
CLOUD PROJECTS WITH MICROSOFT
AD Federation Service
AVL Streaming
AVL Software Repository
Azure Information Protection
Cloud encryption
MS Intune MDM
H. Czamai | | 20 März 2017 | 22Public
ARE WE SECURE ENOUGH?
YES … BUT IT IS NOT ONLY A MATTER OF TECHNOLOGY
Photo: Tobias Hellsten
H. Czamai | | 20 März 2017 | 23Public
TECHNOLOGY
www.avl.com
THANK YOU

More Related Content

What's hot

bbva_redhat-theAPIHour_IoT_Day-DavidBericat
bbva_redhat-theAPIHour_IoT_Day-DavidBericatbbva_redhat-theAPIHour_IoT_Day-DavidBericat
bbva_redhat-theAPIHour_IoT_Day-DavidBericat
David Bericat
 
redhat-IoT_use_cases-DavidBericat
redhat-IoT_use_cases-DavidBericatredhat-IoT_use_cases-DavidBericat
redhat-IoT_use_cases-DavidBericat
David Bericat
 
LG CNS Smart Building Solution
LG CNS Smart Building SolutionLG CNS Smart Building Solution
LG CNS Smart Building Solution
Lahee Kim
 
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINALVishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
Vishnu Murali
 

What's hot (20)

The Benefits of Digitizing Manufacturing
The Benefits of Digitizing ManufacturingThe Benefits of Digitizing Manufacturing
The Benefits of Digitizing Manufacturing
 
bbva_redhat-theAPIHour_IoT_Day-DavidBericat
bbva_redhat-theAPIHour_IoT_Day-DavidBericatbbva_redhat-theAPIHour_IoT_Day-DavidBericat
bbva_redhat-theAPIHour_IoT_Day-DavidBericat
 
Smart Buildings is This the New Normal?
Smart Buildings is This the New Normal?Smart Buildings is This the New Normal?
Smart Buildings is This the New Normal?
 
Enabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing TechnologyEnabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing Technology
 
redhat-IoT_use_cases-DavidBericat
redhat-IoT_use_cases-DavidBericatredhat-IoT_use_cases-DavidBericat
redhat-IoT_use_cases-DavidBericat
 
Synergize Strategies for Greater Success in Automotive
Synergize Strategies for Greater Success in AutomotiveSynergize Strategies for Greater Success in Automotive
Synergize Strategies for Greater Success in Automotive
 
Davra IOT Solution -- Oil & Gas Remote Collaboration
Davra IOT Solution -- Oil & Gas Remote Collaboration Davra IOT Solution -- Oil & Gas Remote Collaboration
Davra IOT Solution -- Oil & Gas Remote Collaboration
 
Making IoT a Reality_Axeda _ May 8 2013 _Mahbubul Alam
Making IoT a Reality_Axeda _ May 8 2013 _Mahbubul AlamMaking IoT a Reality_Axeda _ May 8 2013 _Mahbubul Alam
Making IoT a Reality_Axeda _ May 8 2013 _Mahbubul Alam
 
Next Dimension + Cisco Smart Manufacturing
Next Dimension + Cisco Smart ManufacturingNext Dimension + Cisco Smart Manufacturing
Next Dimension + Cisco Smart Manufacturing
 
NTK 2015: Internet of things track (IoT) - Smart Home
NTK 2015: Internet of things track (IoT) - Smart HomeNTK 2015: Internet of things track (IoT) - Smart Home
NTK 2015: Internet of things track (IoT) - Smart Home
 
The Impact of Internet of Things (IoT) in Manufacturing Today
The Impact of Internet of Things (IoT) in Manufacturing TodayThe Impact of Internet of Things (IoT) in Manufacturing Today
The Impact of Internet of Things (IoT) in Manufacturing Today
 
The value of a connected factory
The value of a connected factoryThe value of a connected factory
The value of a connected factory
 
Big Data Analytics for the Industrial Internet of Things
Big Data Analytics for the Industrial Internet of ThingsBig Data Analytics for the Industrial Internet of Things
Big Data Analytics for the Industrial Internet of Things
 
LG CNS Smart Building Solution
LG CNS Smart Building SolutionLG CNS Smart Building Solution
LG CNS Smart Building Solution
 
Digitalization for profitability and cost optimisation. revised
Digitalization for profitability and cost optimisation. revisedDigitalization for profitability and cost optimisation. revised
Digitalization for profitability and cost optimisation. revised
 
LoQutus introduction - IoT for Manufacturing
LoQutus introduction - IoT for ManufacturingLoQutus introduction - IoT for Manufacturing
LoQutus introduction - IoT for Manufacturing
 
5 Smart Manufacturing Terms to Know
5 Smart Manufacturing Terms to Know5 Smart Manufacturing Terms to Know
5 Smart Manufacturing Terms to Know
 
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINALVishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
 
OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션
 
2 pc enterprise summit cronin newfinal aug 18
2 pc enterprise summit cronin newfinal aug 182 pc enterprise summit cronin newfinal aug 18
2 pc enterprise summit cronin newfinal aug 18
 

Similar to Information Security @ AVL

telebriefing-150415-ericssons-security-solutions
telebriefing-150415-ericssons-security-solutionstelebriefing-150415-ericssons-security-solutions
telebriefing-150415-ericssons-security-solutions
Fakher Oueslati
 

Similar to Information Security @ AVL (20)

How to survive the Fourth Industrial Revolution: a guide to Digital Manufactu...
How to survive the Fourth Industrial Revolution: a guide to Digital Manufactu...How to survive the Fourth Industrial Revolution: a guide to Digital Manufactu...
How to survive the Fourth Industrial Revolution: a guide to Digital Manufactu...
 
The Productivity Paradox of the New Digital Economy
The Productivity Paradox of the New Digital EconomyThe Productivity Paradox of the New Digital Economy
The Productivity Paradox of the New Digital Economy
 
DMA - Energy Demand Prediction in Smart Cities
DMA - Energy Demand Prediction in Smart CitiesDMA - Energy Demand Prediction in Smart Cities
DMA - Energy Demand Prediction in Smart Cities
 
Cybergefahren in der digitalen Supply Chain - Roger Müller
Cybergefahren in der digitalen Supply Chain - Roger MüllerCybergefahren in der digitalen Supply Chain - Roger Müller
Cybergefahren in der digitalen Supply Chain - Roger Müller
 
ABB Journey to Digital
ABB Journey to DigitalABB Journey to Digital
ABB Journey to Digital
 
Big Data Pilot Demo Days – I-BiDaaS Sets the Scene
Big Data Pilot Demo Days – I-BiDaaS Sets the SceneBig Data Pilot Demo Days – I-BiDaaS Sets the Scene
Big Data Pilot Demo Days – I-BiDaaS Sets the Scene
 
AT&S IR Presentation 9M_2019_20
AT&S IR Presentation 9M_2019_20 AT&S IR Presentation 9M_2019_20
AT&S IR Presentation 9M_2019_20
 
BDE-BDVA Webinar: Arne Berre and Ana Garcia slides for BDVA/BDE Webinar
BDE-BDVA Webinar: Arne Berre and Ana Garcia slides for BDVA/BDE WebinarBDE-BDVA Webinar: Arne Berre and Ana Garcia slides for BDVA/BDE Webinar
BDE-BDVA Webinar: Arne Berre and Ana Garcia slides for BDVA/BDE Webinar
 
Accenture Technology Vision 2017
Accenture Technology Vision 2017Accenture Technology Vision 2017
Accenture Technology Vision 2017
 
Apresentação Ericsson - Inauguracao do Laboratório IoT
Apresentação Ericsson - Inauguracao do Laboratório IoTApresentação Ericsson - Inauguracao do Laboratório IoT
Apresentação Ericsson - Inauguracao do Laboratório IoT
 
Big Data Experience Sharing: Building Collaborative Data Analytics Platform -...
Big Data Experience Sharing: Building Collaborative Data Analytics Platform -...Big Data Experience Sharing: Building Collaborative Data Analytics Platform -...
Big Data Experience Sharing: Building Collaborative Data Analytics Platform -...
 
telebriefing-150415-ericssons-security-solutions
telebriefing-150415-ericssons-security-solutionstelebriefing-150415-ericssons-security-solutions
telebriefing-150415-ericssons-security-solutions
 
CWIN17 Rome / The software-ag digital business platform.v3
CWIN17 Rome / The software-ag digital business platform.v3CWIN17 Rome / The software-ag digital business platform.v3
CWIN17 Rome / The software-ag digital business platform.v3
 
Cluster IT Central Germany
Cluster IT Central GermanyCluster IT Central Germany
Cluster IT Central Germany
 
IoT Infineon.PDF
IoT Infineon.PDFIoT Infineon.PDF
IoT Infineon.PDF
 
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
 
AT&S Investor and Analyst Präsentation September 2018
AT&S Investor and Analyst Präsentation September 2018AT&S Investor and Analyst Präsentation September 2018
AT&S Investor and Analyst Präsentation September 2018
 
AT&S Investor and Analyst Presentation December 2018
AT&S Investor and Analyst Presentation December 2018AT&S Investor and Analyst Presentation December 2018
AT&S Investor and Analyst Presentation December 2018
 
AT&S Investor and Analyst Presentation December 2018
AT&S Investor and Analyst Presentation December 2018AT&S Investor and Analyst Presentation December 2018
AT&S Investor and Analyst Presentation December 2018
 
BigDataPilotDemoDays - I BiDaaS Application to the Manufacturing Sector Webinar
BigDataPilotDemoDays - I BiDaaS Application to the Manufacturing Sector WebinarBigDataPilotDemoDays - I BiDaaS Application to the Manufacturing Sector Webinar
BigDataPilotDemoDays - I BiDaaS Application to the Manufacturing Sector Webinar
 

More from Microsoft Österreich

More from Microsoft Österreich (20)

Shape the Future
Shape the FutureShape the Future
Shape the Future
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
Microsoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Digital Crimes Unit
Microsoft Digital Crimes Unit
 
Microsoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft: #DigitaleHelden Symposium - Graphic RecordingMicrosoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft: #DigitaleHelden Symposium - Graphic Recording
 
Digitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Digitale Transformation: Technologie und Mensch - die nächsten 5 JahreDigitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Digitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
 
Digital Transformation "Book of Dreams"
Digital Transformation "Book of Dreams"Digital Transformation "Book of Dreams"
Digital Transformation "Book of Dreams"
 
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
 
Modernes Rechenzentrum - Future Decoded
Modernes Rechenzentrum - Future DecodedModernes Rechenzentrum - Future Decoded
Modernes Rechenzentrum - Future Decoded
 
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, TransparencyMicrosoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
 
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&T
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem -  S&TEnable Mobility and Improve Cost Efficiency within a Secure Ecosystem -  S&T
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&T
 
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOneIMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
 
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
 
New World of Work - Solvion
New World of Work - SolvionNew World of Work - Solvion
New World of Work - Solvion
 
Der Hund an der digitalen Leine - tractive
Der Hund an der digitalen Leine - tractiveDer Hund an der digitalen Leine - tractive
Der Hund an der digitalen Leine - tractive
 
Der neue Office 365 Plan E5
Der neue Office 365 Plan E5Der neue Office 365 Plan E5
Der neue Office 365 Plan E5
 
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
 
Microsoft Lizenzierung – Server
Microsoft Lizenzierung – ServerMicrosoft Lizenzierung – Server
Microsoft Lizenzierung – Server
 
ACP Referenz Österreich Werbung
ACP Referenz Österreich WerbungACP Referenz Österreich Werbung
ACP Referenz Österreich Werbung
 

Recently uploaded

Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
UK Journal
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 

Information Security @ AVL

  • 1. H. Czamai AVL List GmbH (Headquarters) Public INFORMATION SECURITY @ AVL
  • 2. H. Czamai | | 20 März 2017 | 2Public AGENDA „Aus dem Leben eines IT-Security-Verantwortlichen“  Introduction AVL  ISMS @ AVL  How AVL survives in the Cybersecurity Jungle
  • 3. H. Czamai | | 20 März 2017 | 3Public  AVL achieves unique results in regards to the development and improvement of all types of powertrains as well as in the field of measurement and test technology.  AVL – over 65 years’ experience  Involved in more than 1,500 engine development projects  More than 4,000 engine testbed installations OUR EXPERIENCE FOR YOUR SUCCESS
  • 4. 4Public ENTERPRISE DEVELOPMENT AUTOMOTIVE 5 powertrain elements EXPERIENCE More than 65 years ! GLOBAL FOOTPRINT 30 engineering locations  >220 test beds  Global customer support network ONE PARTNER INNOVATION 1500 granted patents RESEARCH 10% of turnover in-house R&D GROWTH SALES  1995: 0.15 billion €  2015: 1.27 billion €  prev. 2016: 1.41 billion € STAFF  8,050 employees  65% engineers & scientists 0 100 200 300 400 500 600 700 800 900 1.000 1.100 1.200 1.300 1.400 1.500 Mio. €
  • 5. H. Czamai | | 20 März 2017 | 5Public SOLUTIONS FOR ALL CUSTOMER SEGMENTS Passenger Cars Racing2-Wheelers Construction Commercial Vehicle Agriculture Locomotive Power PlantsMarine Powertrain Engineering Simulation & Testing Development Platform
  • 6. H. Czamai | | 20 März 2017 | 6Public AVL – A GLOBAL PARTNER *Headquarters in Graz Austria* Croatia Czech Republic France Germany Great Britain Romania Russia Slovenia Spain Sweden Turkey Hungary Italy Poland South America Argentina Brazil Asia China India Indonesia Japan Korea Malaysia Taiwan Thailand Vietnam Australia North America Mexico USA Europe
  • 7. H. Czamai | | 20 März 2017 | 7Public AVL POWERTRAIN – A NETWORK OF TECHNICAL CENTERS *Headquarters in Graz Austria* France Germany Great Britain Hungary Sweden Turkey South America Brazil Asia China India Japan Korea Australia North America USA Europe Ann Arbor, USA Plymouth, USA Paris, FRA Lake Forest, USA Sao Paulo, BRA Sydney, AUS Gotenborg, SWEBudapest, HUN Istanbul, TUR Basildon, UK Shanghai, CHN Remscheid, GER Munich, GER Stuttgart, GER Regensburg, GERNeuenstadt, GER Ingolstadt, GERCoventry, UK Tianjin, CHN Steyr, AUT Haninge, SWE Södertälje,SWEHQ Graz, AUT + another 9 Engineering Offices Delhi-Gurgaon, IND Tokyo, JPNSeoul, KOR
  • 8. H. Czamai | | 20 März 2017 | 8Public ORIENTATION FOR AN INNOVATIVE FUTURE AFFORDABLE CO2 REDUCTION AVL PROVIDES INNOVATIVE SOLUTIONS - SUPPORTING OUR CUSTOMERS TO MEET THESE MAJOR CHALLENGES MASTERING SPEED & COMPLEXITY TO MARKET STRATEGIC GLOBAL PARTNER
  • 9. H. Czamai | | 20 März 2017 | 9Public CHALLENGES FOR INFORMATION SECURITY A STRUCTURED APPROACH (E.G. ISO27001 ISMS) ALLOWS US TO ENSURE THE NECESSARY LEVEL OF INFORMATION SECURITY MASTERING SPEED & COMPLEXITY TECHNOLOGY THREATS GLOBAL SETUP CULTURES AWARENESS
  • 10. H. Czamai | | 20 März 2017 | 10Public Internal Hannes Czamai Global IT Security Officer hannes.czamai@avl.com Phone: +43 316 787 744, Fax: +43 316 787 1473 Mobile: +43 664 4225512, Office: +43 316 787 1768 AVL LIST GMBH A-8020 Graz, Hans-List-Platz 1 www.avl.com http://www.xing.com/profile/Hannes_Czamai/xc www.linkedin.com/in/hannes-czamai 10
  • 11. H. Czamai | | 20 März 2017 | 11Public ISO 27001: THE INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) INORMATION SECURITY is more than IT SECURITY
  • 12. H. Czamai | | 20 März 2017 | 12Public Internal ISMS: INFORMATION SECURITY APPROACH 12 Organizational Measures ISO 27001 Certification, Awareness trainings, IT processes, HR processes, Contract management, Global policies, Audits, Affiliate assessments, Background checks, Security clearance, Comprehensive backup & disaster concepts, Phy. zone concept, … Technical Measures Port security, LAN / WAN / Firewall management Access- and identity management (FIM) + AD + Policies Server / Storage / Datacenter (Server room) standards, Client COE / CAx Hardware + Software standards, Patch-, Antivirus-, Antimalware- Management, Access control system, Video surveillance, Fences, and many more … technical : organizational = 30% : 70%
  • 13. H. Czamai | | 20 März 2017 | 13Public ORGANIZATION: FROM ACTING TO REACTING Reacting IT IT IT Business Acting IT User User SECURITY Reacting Security Acting Security
  • 14. H. Czamai | | 20 März 2017 | 14Public AVL PROCESS LANDSCAPE – SECURITY & PROCESSES Information Security Processes IT / Operational Processes Business Processes
  • 15. H. Czamai | | 20 März 2017 | 15Public AVL ISMS – IT RISK MANAGEMENT Information Objects IT System Business Process Estimate Damage Model IT Service Rate C I A GAP Analysis Measures Problem Mgmt. Sensitivity = Priority RATING BBB
  • 16. H. Czamai | | 20 März 2017 | 16Public
  • 17. H. Czamai | | 20 März 2017 | 17Public TOP THREATS  Lack of awareness  Industrial espionage  Data loss or theft  Social engineering  Travelling user  Vulnerabilities in Apps  CEO/Fake President Fraud Attack  Crypto Locker + Ransomware  DDOS blackmail  APTs
  • 18. H. Czamai | | 20 März 2017 | 18Public VULNERABILITY / THREAT MANAGEMENT Permanent detection of malicious activities
  • 19. H. Czamai | | 20 März 2017 | 19Public ATA – THE SWISS KNIFE AGAINST DC ATTACKS Detects with help of machine learning:  Brute force  Sensitive account exposed in plain text auth.  Service exposing accounts in plain text auth.  Honey Token account suspicious activities.  Unusual protocol implementation.  Malicious Data Protection Private Information Request.  Abnormal Behavior (pass the hash, pass the ticket).
  • 20. H. Czamai | | 20 März 2017 | 20Public CLOUD STRATEGY Customer Requirements Legal Requirements Identity / Access Management Technical Measures (crypt) Audit- Log Management Risk Analysis Contract Management
  • 21. H. Czamai | | 20 März 2017 | 21Public CLOUD PROJECTS WITH MICROSOFT AD Federation Service AVL Streaming AVL Software Repository Azure Information Protection Cloud encryption MS Intune MDM
  • 22. H. Czamai | | 20 März 2017 | 22Public ARE WE SECURE ENOUGH? YES … BUT IT IS NOT ONLY A MATTER OF TECHNOLOGY Photo: Tobias Hellsten
  • 23. H. Czamai | | 20 März 2017 | 23Public TECHNOLOGY