SlideShare a Scribd company logo

Practical approach to NIS Directive's incident management

Download as PPTX, PDF
DATA SECURITY SOLUTIONS
DATA SECURITY SOLUTIONS

Mariusz Stawowski, CISSP, CEH, CISCO https://dssitsec.eu

Technology
1 of 21
© 1991 − 2018, CLICO sp. z o.o. Practical approach to NIS Directive's incident management Mariusz Stawowski, Ph.D. CISSP, CEH, CCISO
© 1991 − 2018, CLICO sp. z o.o. Mandatory critical systems protection and incident reporting – the law obligation of operators of essential services • Risk management (NISD Art. 14.1) - threats, vulnerabilities and impact assessment of assets covered by the law requirements. • Assets protection (NISD Art. 14.1) - measures for ensuring the safety of the assets covered by the law requirements. • Incident management and reporting (NISD Art. 14.2, 14.3, 14.4) - take appropriate measures to prevent and minimize the impact of incidents as well as notify to the authority of security breaches related to the assets covered by the law requirements. • Documentation of assets and cybersecurity (NISD Art. 15.2.a) - documentation of assets covered by the law requirements and security measures that ensure their safety.
© 1991 − 2018, CLICO sp. z o.o. Business-critical Systems that failure can cause significant tangible or intangible economic costs, e.g., customer accounting system in a bank, e-banking system, etc. Mission-critical Systems that failure can cause an inability to complete the overall system or project objectives; e.g., loss of energy or water supply, unavailability of an important industrial process, etc. Life-critical, safety-critical Systems that failure can cause loss of life, serious personal injury, or damage to the natural environment. Critical infrastructure Assets that are essential for the functioning of a society and economy, e.g., electricity generation, transmission and distribution, water supply, public health, transportation systems, telecommunication, banking and financial services, etc.
© 1991 − 2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance OT IT Business Critical Systems Mission Critical Systems Life Critical Systems
© 1991 − 2018, CLICO sp. z o.o. NIST, Framework for Improving Critical Infrastructure Cybersecurity, April 16, 2018 1. Identify Understanding the business context, the resources that support critical functions, and the related cybersecurity risks 2. Protect Appropriate safeguards to ensure delivery of critical services 3. Detect Appropriate activities to identify the occurrence of a cybersecurity event 4. Respond Appropriate activities to take action regarding a detected cybersecurity incident (including the ability to contain the impact of a potential cybersecurity incident) 5. Recover Timely recovery to normal operations to reduce the impact from a cybersecurity incident Risk Management
© 1991 − 2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance Industrial/ Enterprise DMZ • FW, VPN & IPS • Privileged Access Security • Anti-Malware, etc.
© 1991 − 2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance Industrial/ Enterprise DMZ Incident detection
© 1991 − 2018, CLICO sp. z o.o. Flowmon ADS Security Intelligence based on Network Behavior Analysis
© 1991 − 2018, CLICO sp. z o.o. Incident detection with ICS networks Unknown DNS requests Port scanning (TCP, UDP) Network scanning (ICMP, TCP, UDP) DNS tunneling New IP address in the network Anomaly in network behavior C&C access attempts (Threat Intelligence) New protocol in the network ALERTS!
© 1991 − 2018, CLICO sp. z o.o. Variety of analytical methods for efficient incident detection FlowmonADS Machine Learning Adaptive Baselining Heuristics Behavior Patterns Threat Intelligence
© 1991 − 2018, CLICO sp. z o.o. LAN/WAN with Flowmon Probes or NetFlow/IPFIX compatible devices Internet Enterprise Monitoring of entire attack path - Internet, IT and OT • From Internet and VPN, business networks to the "deepest" OT WAN Industrial
© 1991 − 2018, CLICO sp. z o.o. Start Duration Proto Src IP:Port Dst IP:Port Packets Bytes … Flow Export 9:35:24.8 0 TCP 192.168.1.1:10111 -> 10.10.10.10:80 1 40 …9:35:24.8 0.1 TCP 192.168.1.1:10111 -> 10.10.10.10:80 2 80 … 9:35:25.0 0 TCP 10.10.10.10:80 -> 192.168.1.1:10111 1 40 …9:35:25.0 0.3 TCP 10.10.10.10:80 -> 192.168.1.1:10111 2 156 …9:35:25.0 0.5 TCP 10.10.10.10:80 -> 192.168.1.1:10111 3 362 …9:35:25.0 0.7 TCP 10.10.10.10:80 -> 192.168.1.1:10111 4 862 …9:35:25.0 0.9 TCP 10.10.10.10:80 -> 192.168.1.1:10111 5 1231 … Detection of internal threats hidden from network safeguards • Malware detection by analysis of network access switches
© 1991 − 2018, CLICO sp. z o.o. • Detailed information about network and applications and users • Effective troubleshooting • Detection of misconfigurations • Optimization and capacity planning • Monitoring and analysis of network and application performance • Anti-DDoS, prevention of overload and network down-time Network visibility and troubleshooting of IT and OT
© 1991 − 2018, CLICO sp. z o.o. Simple and cost-effective deployment Flowmon Probes - Stand-alone passive sources of network statistics (NetFlow / IPFIX ) Flowmon Collector - Storing, visualization and analysis of network statistics Network Traffic Monitoring Network Statistics Collection & Analysis Advanced Analysis of Network Statistics • No need to copy all ICS network traffic and transfer to central system • Work modes: network flows, SPAN, Tap • Very cost-effective solution for ICS security monitoring
© 1991 − 2018, CLICO sp. z o.o. Five Keys to effective ICS incident detection 1. Variety of analytical methods for efficient incident detection • From machine learning and heuristics to Threat Intelligence 2. Monitoring of entire attack path in Internet, IT and OT • From Internet and VPN, business networks to the "deepest" OT 3. Detection of internal threats hidden from network safeguards • Malware detection by analysis of network access switches 4. Network visibility and troubleshooting of IT and OT • Network visibility and troubleshooting, app performance monitoring, Anti-DDoS 5. Simple and cost-effective deployment in existing ICS networks • No need to copy all ICS network traffic and transfer to central system
© 1991 − 2018, CLICO sp. z o.o. NIST, Framework for Improving Critical Infrastructure Cybersecurity, April 16, 2018 Rigor and sophistication in cybersecurity risk management (Tiers): 1. Partial - in summary organizational cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner 2. Risk Informed - in summary risk management practices are approved by management but may not be established as organizational-wide policy 3. Repeatable - in summary the organization’s risk management practices are formally approved and expressed as policy 4. Adaptive - in summary the organization adapts its cybersecurity practices based on previous and current cybersecurity activities, including lessons learned and predictive indicators
© 1991 − 2018, CLICO sp. z o.o. Integration with SIEM and IT GRC • Event exporting (syslog based) • Incident detection (Flowmon ADS) <-> Business Impact (IT GRC) Event Collection and Correlation NetFlow IPFIX SYSLOG Network Traffic Monitoring Collection and Behavior Analysis Flowmon Collector & ADS
© 1991 − 2018, CLICO sp. z o.o. Inicident management workflow and playbook
© 1991 − 2018, CLICO sp. z o.o. Business Impact Analysis (BIA) when managing incidents in ICS networks
© 1991 − 2018, CLICO sp. z o.o. Summary EU’s NIS Directive enforces cybersecurity requirements on the operators of essential services and providers of critical digital services: • Risk management • Assets protection (including critical systems) • Incident management and reporting • Documentation of assets and cybersecurity Recognized security standards and frameworks (e.g. NIST Framework for Improving Critical Infrastructure Cybersecurity) as well as high quality Security Management tools can significantly help organizations to comply with the new EU cybersecurity law
© 1991 − 2018, CLICO sp. z o.o. Thank you! Mariusz.Stawowski@clico.pl

Recommended

The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...Francesco Ciclosi
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity European Services Institute
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Stu r35 b
Stu r35 bStu r35 b
Stu r35 bSelectedPresentations
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Vidsys Physical Security Information Management (PSIM) solution
Vidsys Physical Security Information Management (PSIM) solutionVidsys Physical Security Information Management (PSIM) solution
Vidsys Physical Security Information Management (PSIM) solutionVidSys, Inc.
 

Recommended

The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...Francesco Ciclosi
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity European Services Institute
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Stu r35 b
Stu r35 bStu r35 b
Stu r35 bSelectedPresentations
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Vidsys Physical Security Information Management (PSIM) solution
Vidsys Physical Security Information Management (PSIM) solutionVidsys Physical Security Information Management (PSIM) solution
Vidsys Physical Security Information Management (PSIM) solutionVidSys, Inc.
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
CyCron 2016
CyCron 2016CyCron 2016
CyCron 2016Cruxcreative
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013APEXMarCom
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber ProgramIgnyte Assurance Platform
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...TI Safe
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview Ignyte Assurance Platform
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisTI Safe
 
Risk management i
Risk management iRisk management i
Risk management iDhani Ahmad
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorEuropean Services Institute
 

More Related Content

What's hot

CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013APEXMarCom
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...TI Safe
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisTI Safe
 
Risk management i
Risk management iRisk management i
Risk management iDhani Ahmad
 

What's hot (20)

CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
CyCron 2016
CyCron 2016CyCron 2016
CyCron 2016
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013
 
Security technologies
Security technologiesSecurity technologies
Security technologies
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
 
Risk management i
Risk management iRisk management i
Risk management i
 

Similar to Practical approach to NIS Directive's incident management

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorEuropean Services Institute
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docxoswald1horne84988
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Hamilton
 
Airport security 2013 slawomir szlufik
Airport security 2013 slawomir szlufikAirport security 2013 slawomir szlufik
Airport security 2013 slawomir szlufikRussell Publishing
 
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsHow to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsDATA SECURITY SOLUTIONS
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesDr Dev Kambhampati
 
CEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk ManagementCEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk ManagementTim Bass
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionCybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionAronson LLC
 

Similar to Practical approach to NIS Directive's incident management (20)

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
 
Airport security 2013 slawomir szlufik
Airport security 2013 slawomir szlufikAirport security 2013 slawomir szlufik
Airport security 2013 slawomir szlufik
 
WCIT 2016 Jan Ming Ho
WCIT 2016 Jan Ming HoWCIT 2016 Jan Ming Ho
WCIT 2016 Jan Ming Ho
 
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsHow to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systems
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
 
CEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk ManagementCEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk Management
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & ConstructionCybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & Construction
 

More from DATA SECURITY SOLUTIONS

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesMLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesDATA SECURITY SOLUTIONS
 
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudHow to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudDATA SECURITY SOLUTIONS
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanDATA SECURITY SOLUTIONS
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricDATA SECURITY SOLUTIONS
 
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...DATA SECURITY SOLUTIONS
 
New security solutions for next generation of IT
New security solutions for next generation of ITNew security solutions for next generation of IT
New security solutions for next generation of ITDATA SECURITY SOLUTIONS
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.DATA SECURITY SOLUTIONS
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityDATA SECURITY SOLUTIONS
 
Services evolution in cybercrime economics
Services evolution in cybercrime economicsServices evolution in cybercrime economics
Services evolution in cybercrime economicsDATA SECURITY SOLUTIONS
 

More from DATA SECURITY SOLUTIONS (20)

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesMLM or how to look at company users with new eyes
MLM or how to look at company users with new eyes
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudHow to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloud
 
Forensic tool development with rust
Forensic tool development with rustForensic tool development with rust
Forensic tool development with rust
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...
 
When network security is not enough
When network security is not enoughWhen network security is not enough
When network security is not enough
 
New security solutions for next generation of IT
New security solutions for next generation of ITNew security solutions for next generation of IT
New security solutions for next generation of IT
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
Network is the Firewall
Network is the FirewallNetwork is the Firewall
Network is the Firewall
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobility
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware Security
 
Cyber crime as a startup
Cyber crime as a startupCyber crime as a startup
Cyber crime as a startup
 
Services evolution in cybercrime economics
Services evolution in cybercrime economicsServices evolution in cybercrime economics
Services evolution in cybercrime economics
 
FSDI Latvia presentation 2018
FSDI Latvia presentation 2018FSDI Latvia presentation 2018
FSDI Latvia presentation 2018
 

Recently uploaded

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Practical approach to NIS Directive's incident management

  • 1. © 1991 − 2018, CLICO sp. z o.o. Practical approach to NIS Directive's incident management Mariusz Stawowski, Ph.D. CISSP, CEH, CCISO
  • 2. © 1991 − 2018, CLICO sp. z o.o. Mandatory critical systems protection and incident reporting – the law obligation of operators of essential services • Risk management (NISD Art. 14.1) - threats, vulnerabilities and impact assessment of assets covered by the law requirements. • Assets protection (NISD Art. 14.1) - measures for ensuring the safety of the assets covered by the law requirements. • Incident management and reporting (NISD Art. 14.2, 14.3, 14.4) - take appropriate measures to prevent and minimize the impact of incidents as well as notify to the authority of security breaches related to the assets covered by the law requirements. • Documentation of assets and cybersecurity (NISD Art. 15.2.a) - documentation of assets covered by the law requirements and security measures that ensure their safety.
  • 3. © 1991 − 2018, CLICO sp. z o.o. Business-critical Systems that failure can cause significant tangible or intangible economic costs, e.g., customer accounting system in a bank, e-banking system, etc. Mission-critical Systems that failure can cause an inability to complete the overall system or project objectives; e.g., loss of energy or water supply, unavailability of an important industrial process, etc. Life-critical, safety-critical Systems that failure can cause loss of life, serious personal injury, or damage to the natural environment. Critical infrastructure Assets that are essential for the functioning of a society and economy, e.g., electricity generation, transmission and distribution, water supply, public health, transportation systems, telecommunication, banking and financial services, etc.
  • 4. © 1991 − 2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance OT IT Business Critical Systems Mission Critical Systems Life Critical Systems
  • 5. © 1991 − 2018, CLICO sp. z o.o. NIST, Framework for Improving Critical Infrastructure Cybersecurity, April 16, 2018 1. Identify Understanding the business context, the resources that support critical functions, and the related cybersecurity risks 2. Protect Appropriate safeguards to ensure delivery of critical services 3. Detect Appropriate activities to identify the occurrence of a cybersecurity event 4. Respond Appropriate activities to take action regarding a detected cybersecurity incident (including the ability to contain the impact of a potential cybersecurity incident) 5. Recover Timely recovery to normal operations to reduce the impact from a cybersecurity incident Risk Management
  • 6. © 1991 − 2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance Industrial/ Enterprise DMZ • FW, VPN & IPS • Privileged Access Security • Anti-Malware, etc.
  • 7. © 1991 − 2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance Industrial/ Enterprise DMZ Incident detection
  • 8. © 1991 − 2018, CLICO sp. z o.o. Flowmon ADS Security Intelligence based on Network Behavior Analysis
  • 9. © 1991 − 2018, CLICO sp. z o.o. Incident detection with ICS networks Unknown DNS requests Port scanning (TCP, UDP) Network scanning (ICMP, TCP, UDP) DNS tunneling New IP address in the network Anomaly in network behavior C&C access attempts (Threat Intelligence) New protocol in the network ALERTS!
  • 10. © 1991 − 2018, CLICO sp. z o.o. Variety of analytical methods for efficient incident detection FlowmonADS Machine Learning Adaptive Baselining Heuristics Behavior Patterns Threat Intelligence
  • 11. © 1991 − 2018, CLICO sp. z o.o. LAN/WAN with Flowmon Probes or NetFlow/IPFIX compatible devices Internet Enterprise Monitoring of entire attack path - Internet, IT and OT • From Internet and VPN, business networks to the "deepest" OT WAN Industrial
  • 12. © 1991 − 2018, CLICO sp. z o.o. Start Duration Proto Src IP:Port Dst IP:Port Packets Bytes … Flow Export 9:35:24.8 0 TCP 192.168.1.1:10111 -> 10.10.10.10:80 1 40 …9:35:24.8 0.1 TCP 192.168.1.1:10111 -> 10.10.10.10:80 2 80 … 9:35:25.0 0 TCP 10.10.10.10:80 -> 192.168.1.1:10111 1 40 …9:35:25.0 0.3 TCP 10.10.10.10:80 -> 192.168.1.1:10111 2 156 …9:35:25.0 0.5 TCP 10.10.10.10:80 -> 192.168.1.1:10111 3 362 …9:35:25.0 0.7 TCP 10.10.10.10:80 -> 192.168.1.1:10111 4 862 …9:35:25.0 0.9 TCP 10.10.10.10:80 -> 192.168.1.1:10111 5 1231 … Detection of internal threats hidden from network safeguards • Malware detection by analysis of network access switches
  • 13. © 1991 − 2018, CLICO sp. z o.o. • Detailed information about network and applications and users • Effective troubleshooting • Detection of misconfigurations • Optimization and capacity planning • Monitoring and analysis of network and application performance • Anti-DDoS, prevention of overload and network down-time Network visibility and troubleshooting of IT and OT
  • 14. © 1991 − 2018, CLICO sp. z o.o. Simple and cost-effective deployment Flowmon Probes - Stand-alone passive sources of network statistics (NetFlow / IPFIX ) Flowmon Collector - Storing, visualization and analysis of network statistics Network Traffic Monitoring Network Statistics Collection & Analysis Advanced Analysis of Network Statistics • No need to copy all ICS network traffic and transfer to central system • Work modes: network flows, SPAN, Tap • Very cost-effective solution for ICS security monitoring
  • 15. © 1991 − 2018, CLICO sp. z o.o. Five Keys to effective ICS incident detection 1. Variety of analytical methods for efficient incident detection • From machine learning and heuristics to Threat Intelligence 2. Monitoring of entire attack path in Internet, IT and OT • From Internet and VPN, business networks to the "deepest" OT 3. Detection of internal threats hidden from network safeguards • Malware detection by analysis of network access switches 4. Network visibility and troubleshooting of IT and OT • Network visibility and troubleshooting, app performance monitoring, Anti-DDoS 5. Simple and cost-effective deployment in existing ICS networks • No need to copy all ICS network traffic and transfer to central system
  • 16. © 1991 − 2018, CLICO sp. z o.o. NIST, Framework for Improving Critical Infrastructure Cybersecurity, April 16, 2018 Rigor and sophistication in cybersecurity risk management (Tiers): 1. Partial - in summary organizational cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner 2. Risk Informed - in summary risk management practices are approved by management but may not be established as organizational-wide policy 3. Repeatable - in summary the organization’s risk management practices are formally approved and expressed as policy 4. Adaptive - in summary the organization adapts its cybersecurity practices based on previous and current cybersecurity activities, including lessons learned and predictive indicators
  • 17. © 1991 − 2018, CLICO sp. z o.o. Integration with SIEM and IT GRC • Event exporting (syslog based) • Incident detection (Flowmon ADS) <-> Business Impact (IT GRC) Event Collection and Correlation NetFlow IPFIX SYSLOG Network Traffic Monitoring Collection and Behavior Analysis Flowmon Collector & ADS
  • 18. © 1991 − 2018, CLICO sp. z o.o. Inicident management workflow and playbook
  • 19. © 1991 − 2018, CLICO sp. z o.o. Business Impact Analysis (BIA) when managing incidents in ICS networks
  • 20. © 1991 − 2018, CLICO sp. z o.o. Summary EU’s NIS Directive enforces cybersecurity requirements on the operators of essential services and providers of critical digital services: • Risk management • Assets protection (including critical systems) • Incident management and reporting • Documentation of assets and cybersecurity Recognized security standards and frameworks (e.g. NIST Framework for Improving Critical Infrastructure Cybersecurity) as well as high quality Security Management tools can significantly help organizations to comply with the new EU cybersecurity law
  • 21. © 1991 − 2018, CLICO sp. z o.o. Thank you! Mariusz.Stawowski@clico.pl