Submit Search
Upload
Practical approach to NIS Directive's incident management
•
Download as PPTX, PDF
•
0 likes
•
117 views
DATA SECURITY SOLUTIONS
Follow
Mariusz Stawowski, CISSP, CEH, CISCO https://dssitsec.eu
Read less
Read more
Technology
Report
Share
Report
Share
1 of 21
Download now
Recommended
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
Francesco Ciclosi
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
European Services Institute
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
The RIPE Experience
The RIPE Experience
Digital Bond
Stu r35 b
Stu r35 b
SelectedPresentations
Evolution of Security Management
Evolution of Security Management
Christophe Briguet
Vidsys Physical Security Information Management (PSIM) solution
Vidsys Physical Security Information Management (PSIM) solution
VidSys, Inc.
Recommended
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and IS...
Francesco Ciclosi
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
European Services Institute
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
The RIPE Experience
The RIPE Experience
Digital Bond
Stu r35 b
Stu r35 b
SelectedPresentations
Evolution of Security Management
Evolution of Security Management
Christophe Briguet
Vidsys Physical Security Information Management (PSIM) solution
Vidsys Physical Security Information Management (PSIM) solution
VidSys, Inc.
CMMC Certification
CMMC Certification
ControlCase
White paper scada (2)
White paper scada (2)
Ivan Carmona
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
Alan Yau Ti Dun
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
Sb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
CyCron 2016
CyCron 2016
Cruxcreative
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Alan Yau Ti Dun
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013
APEXMarCom
Security technologies
Security technologies
Dhani Ahmad
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
padler01
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
Corporate Cyber Program
Corporate Cyber Program
Ignyte Assurance Platform
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
TI Safe
DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Ignyte Assurance Platform
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
Smart Grid Interoperability Panel
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
shed59
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
TI Safe
Risk management i
Risk management i
Dhani Ahmad
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
European Services Institute
More Related Content
What's hot
CMMC Certification
CMMC Certification
ControlCase
White paper scada (2)
White paper scada (2)
Ivan Carmona
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
Alan Yau Ti Dun
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
Sb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
CyCron 2016
CyCron 2016
Cruxcreative
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Alan Yau Ti Dun
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013
APEXMarCom
Security technologies
Security technologies
Dhani Ahmad
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
padler01
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
Corporate Cyber Program
Corporate Cyber Program
Ignyte Assurance Platform
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
TI Safe
DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Ignyte Assurance Platform
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
Smart Grid Interoperability Panel
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
shed59
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
TI Safe
Risk management i
Risk management i
Dhani Ahmad
What's hot
(20)
CMMC Certification
CMMC Certification
White paper scada (2)
White paper scada (2)
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Sb fortinet-nozomi
Sb fortinet-nozomi
CyCron 2016
CyCron 2016
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013
Security technologies
Security technologies
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Corporate Cyber Program
Corporate Cyber Program
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
DFARS & CMMC Overview
DFARS & CMMC Overview
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Risk management i
Risk management i
Similar to Practical approach to NIS Directive's incident management
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
European Services Institute
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Enrique Martin
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
African Cyber Security Summit
· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx
oswald1horne84988
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
GoogleNewsSubmit
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Miguel A. Amutio
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Hamilton
Airport security 2013 slawomir szlufik
Airport security 2013 slawomir szlufik
Russell Publishing
WCIT 2016 Jan Ming Ho
WCIT 2016 Jan Ming Ho
Roberto C. Mayer
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systems
DATA SECURITY SOLUTIONS
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Miguel A. Amutio
Standards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
Dr Dev Kambhampati
CEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk Management
Tim Bass
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
Detect Threats Faster
Detect Threats Faster
Force 3
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & Construction
Aronson LLC
Similar to Practical approach to NIS Directive's incident management
(20)
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
· Answer the following questions in a 100- to 150 word response .docx
· Answer the following questions in a 100- to 150 word response .docx
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
Airport security 2013 slawomir szlufik
Airport security 2013 slawomir szlufik
WCIT 2016 Jan Ming Ho
WCIT 2016 Jan Ming Ho
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systems
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Standards based security for energy utilities
Standards based security for energy utilities
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
CEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk Management
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Detect Threats Faster
Detect Threats Faster
Cybersecurity for Real Estate & Construction
Cybersecurity for Real Estate & Construction
More from DATA SECURITY SOLUTIONS
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
DATA SECURITY SOLUTIONS
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyes
DATA SECURITY SOLUTIONS
The artificial reality of cyber defense
The artificial reality of cyber defense
DATA SECURITY SOLUTIONS
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloud
DATA SECURITY SOLUTIONS
Forensic tool development with rust
Forensic tool development with rust
DATA SECURITY SOLUTIONS
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
DATA SECURITY SOLUTIONS
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
DATA SECURITY SOLUTIONS
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
DATA SECURITY SOLUTIONS
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...
DATA SECURITY SOLUTIONS
When network security is not enough
When network security is not enough
DATA SECURITY SOLUTIONS
New security solutions for next generation of IT
New security solutions for next generation of IT
DATA SECURITY SOLUTIONS
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
DATA SECURITY SOLUTIONS
Network is the Firewall
Network is the Firewall
DATA SECURITY SOLUTIONS
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
DATA SECURITY SOLUTIONS
Secure enterprise mobility
Secure enterprise mobility
DATA SECURITY SOLUTIONS
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
DATA SECURITY SOLUTIONS
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware Security
DATA SECURITY SOLUTIONS
Cyber crime as a startup
Cyber crime as a startup
DATA SECURITY SOLUTIONS
Services evolution in cybercrime economics
Services evolution in cybercrime economics
DATA SECURITY SOLUTIONS
FSDI Latvia presentation 2018
FSDI Latvia presentation 2018
DATA SECURITY SOLUTIONS
More from DATA SECURITY SOLUTIONS
(20)
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyes
The artificial reality of cyber defense
The artificial reality of cyber defense
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloud
Forensic tool development with rust
Forensic tool development with rust
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...
When network security is not enough
When network security is not enough
New security solutions for next generation of IT
New security solutions for next generation of IT
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
Network is the Firewall
Network is the Firewall
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
Secure enterprise mobility
Secure enterprise mobility
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware Security
Cyber crime as a startup
Cyber crime as a startup
Services evolution in cybercrime economics
Services evolution in cybercrime economics
FSDI Latvia presentation 2018
FSDI Latvia presentation 2018
Recently uploaded
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
Hyundai Motor Group
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
XfilesPro
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Deakin University
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Recently uploaded
(20)
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Practical approach to NIS Directive's incident management
1.
© 1991 −
2018, CLICO sp. z o.o. Practical approach to NIS Directive's incident management Mariusz Stawowski, Ph.D. CISSP, CEH, CCISO
2.
© 1991 −
2018, CLICO sp. z o.o. Mandatory critical systems protection and incident reporting – the law obligation of operators of essential services • Risk management (NISD Art. 14.1) - threats, vulnerabilities and impact assessment of assets covered by the law requirements. • Assets protection (NISD Art. 14.1) - measures for ensuring the safety of the assets covered by the law requirements. • Incident management and reporting (NISD Art. 14.2, 14.3, 14.4) - take appropriate measures to prevent and minimize the impact of incidents as well as notify to the authority of security breaches related to the assets covered by the law requirements. • Documentation of assets and cybersecurity (NISD Art. 15.2.a) - documentation of assets covered by the law requirements and security measures that ensure their safety.
3.
© 1991 −
2018, CLICO sp. z o.o. Business-critical Systems that failure can cause significant tangible or intangible economic costs, e.g., customer accounting system in a bank, e-banking system, etc. Mission-critical Systems that failure can cause an inability to complete the overall system or project objectives; e.g., loss of energy or water supply, unavailability of an important industrial process, etc. Life-critical, safety-critical Systems that failure can cause loss of life, serious personal injury, or damage to the natural environment. Critical infrastructure Assets that are essential for the functioning of a society and economy, e.g., electricity generation, transmission and distribution, water supply, public health, transportation systems, telecommunication, banking and financial services, etc.
4.
© 1991 −
2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance OT IT Business Critical Systems Mission Critical Systems Life Critical Systems
5.
© 1991 −
2018, CLICO sp. z o.o. NIST, Framework for Improving Critical Infrastructure Cybersecurity, April 16, 2018 1. Identify Understanding the business context, the resources that support critical functions, and the related cybersecurity risks 2. Protect Appropriate safeguards to ensure delivery of critical services 3. Detect Appropriate activities to identify the occurrence of a cybersecurity event 4. Respond Appropriate activities to take action regarding a detected cybersecurity incident (including the ability to contain the impact of a potential cybersecurity incident) 5. Recover Timely recovery to normal operations to reduce the impact from a cybersecurity incident Risk Management
6.
© 1991 −
2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance Industrial/ Enterprise DMZ • FW, VPN & IPS • Privileged Access Security • Anti-Malware, etc.
7.
© 1991 −
2018, CLICO sp. z o.o. Control devices (PLC, PAC, RTU, etc.) Visualization, supervision and control (SCADA, DCS, HMI, etc.) Advanced analytics and data storage (MES, APC, Historian, etc.) WAN LAN LAN Internet VPN Cameras, IP phones, many more OT Maintenance Industrial/ Enterprise DMZ Incident detection
8.
© 1991 −
2018, CLICO sp. z o.o. Flowmon ADS Security Intelligence based on Network Behavior Analysis
9.
© 1991 −
2018, CLICO sp. z o.o. Incident detection with ICS networks Unknown DNS requests Port scanning (TCP, UDP) Network scanning (ICMP, TCP, UDP) DNS tunneling New IP address in the network Anomaly in network behavior C&C access attempts (Threat Intelligence) New protocol in the network ALERTS!
10.
© 1991 −
2018, CLICO sp. z o.o. Variety of analytical methods for efficient incident detection FlowmonADS Machine Learning Adaptive Baselining Heuristics Behavior Patterns Threat Intelligence
11.
© 1991 −
2018, CLICO sp. z o.o. LAN/WAN with Flowmon Probes or NetFlow/IPFIX compatible devices Internet Enterprise Monitoring of entire attack path - Internet, IT and OT • From Internet and VPN, business networks to the "deepest" OT WAN Industrial
12.
© 1991 −
2018, CLICO sp. z o.o. Start Duration Proto Src IP:Port Dst IP:Port Packets Bytes … Flow Export 9:35:24.8 0 TCP 192.168.1.1:10111 -> 10.10.10.10:80 1 40 …9:35:24.8 0.1 TCP 192.168.1.1:10111 -> 10.10.10.10:80 2 80 … 9:35:25.0 0 TCP 10.10.10.10:80 -> 192.168.1.1:10111 1 40 …9:35:25.0 0.3 TCP 10.10.10.10:80 -> 192.168.1.1:10111 2 156 …9:35:25.0 0.5 TCP 10.10.10.10:80 -> 192.168.1.1:10111 3 362 …9:35:25.0 0.7 TCP 10.10.10.10:80 -> 192.168.1.1:10111 4 862 …9:35:25.0 0.9 TCP 10.10.10.10:80 -> 192.168.1.1:10111 5 1231 … Detection of internal threats hidden from network safeguards • Malware detection by analysis of network access switches
13.
© 1991 −
2018, CLICO sp. z o.o. • Detailed information about network and applications and users • Effective troubleshooting • Detection of misconfigurations • Optimization and capacity planning • Monitoring and analysis of network and application performance • Anti-DDoS, prevention of overload and network down-time Network visibility and troubleshooting of IT and OT
14.
© 1991 −
2018, CLICO sp. z o.o. Simple and cost-effective deployment Flowmon Probes - Stand-alone passive sources of network statistics (NetFlow / IPFIX ) Flowmon Collector - Storing, visualization and analysis of network statistics Network Traffic Monitoring Network Statistics Collection & Analysis Advanced Analysis of Network Statistics • No need to copy all ICS network traffic and transfer to central system • Work modes: network flows, SPAN, Tap • Very cost-effective solution for ICS security monitoring
15.
© 1991 −
2018, CLICO sp. z o.o. Five Keys to effective ICS incident detection 1. Variety of analytical methods for efficient incident detection • From machine learning and heuristics to Threat Intelligence 2. Monitoring of entire attack path in Internet, IT and OT • From Internet and VPN, business networks to the "deepest" OT 3. Detection of internal threats hidden from network safeguards • Malware detection by analysis of network access switches 4. Network visibility and troubleshooting of IT and OT • Network visibility and troubleshooting, app performance monitoring, Anti-DDoS 5. Simple and cost-effective deployment in existing ICS networks • No need to copy all ICS network traffic and transfer to central system
16.
© 1991 −
2018, CLICO sp. z o.o. NIST, Framework for Improving Critical Infrastructure Cybersecurity, April 16, 2018 Rigor and sophistication in cybersecurity risk management (Tiers): 1. Partial - in summary organizational cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner 2. Risk Informed - in summary risk management practices are approved by management but may not be established as organizational-wide policy 3. Repeatable - in summary the organization’s risk management practices are formally approved and expressed as policy 4. Adaptive - in summary the organization adapts its cybersecurity practices based on previous and current cybersecurity activities, including lessons learned and predictive indicators
17.
© 1991 −
2018, CLICO sp. z o.o. Integration with SIEM and IT GRC • Event exporting (syslog based) • Incident detection (Flowmon ADS) <-> Business Impact (IT GRC) Event Collection and Correlation NetFlow IPFIX SYSLOG Network Traffic Monitoring Collection and Behavior Analysis Flowmon Collector & ADS
18.
© 1991 −
2018, CLICO sp. z o.o. Inicident management workflow and playbook
19.
© 1991 −
2018, CLICO sp. z o.o. Business Impact Analysis (BIA) when managing incidents in ICS networks
20.
© 1991 −
2018, CLICO sp. z o.o. Summary EU’s NIS Directive enforces cybersecurity requirements on the operators of essential services and providers of critical digital services: • Risk management • Assets protection (including critical systems) • Incident management and reporting • Documentation of assets and cybersecurity Recognized security standards and frameworks (e.g. NIST Framework for Improving Critical Infrastructure Cybersecurity) as well as high quality Security Management tools can significantly help organizations to comply with the new EU cybersecurity law
21.
© 1991 −
2018, CLICO sp. z o.o. Thank you! Mariusz.Stawowski@clico.pl
Download now