brussels june-11-2015 cyber-security cyber-protection cyber-sustainability
TRANSCRIPT
Brussels June-11-2015
Cyber-SecurityCyber-ProtectionCyber-Sustainability
Concerns about Transport
Transport systems are every day more ICT dependents
Internet (TCP/IP), the Cloud and social networks are the environment
Internet, social media and people not enough aware are themain vulnerabilities
Brussels June-11-2015
Concerns about Transport (Cont.)
Main risks:•Public transport as a target for terrorism (Sep 11th) Signalling, vehicles everyday more controlled through Internet, ransom ware
•Transport System as component of Supply Chain as a target for cyber crime mafias for economic purposes Modify cargo manifest, EDI contamination, DoS, etc.
Brussels June-11-2015
Preliminary 360º on Transport
• Aware the Organizations and stake holders on cyber security and unsafe habits
• Analyse vulnerabilities• Perform a risk assessment and fix the risk acceptancy• On strategic IT, the Information is strategic• Invest in technology and calculate the ROI (ROSI)• Not only should we protect our assets, we could be a vehicle to
infect customers and suppliers• Benchmarks
Brussels June-11-2015
5
AntimalwareCifrado
Form
ación
Cla
ssifi
catio
n
Best P
racti
ces
Awareness
Antimalware
Cipher
Data M
asking
Ben
chm
ark
Traini
ngGRC
Audit management
ConsultingIS
F
Brussels June-11-2015
Landscape in Cybersecurity
The Good ones
•Governments•Organizations•People
The Bad ones
•Governments•Organizations•People
Brussels June-11-2015
The leading, global authority on information security and information risk management
Facts
Growth on cybercrime:• Activity• Profit• Damage• Crime as a Service
Malware morphs:• Mutation Engine (ME)• Stuxnet begot Duqu, then begot Gauss• Malware when detected is several years old•The average of malware activity inside a system was 227 days in
2013 and 230 days in 2012 (Mandiant Report)
Brussels June-11-2015
The leading, global authority on information security and information risk management
Our point of view
Today:From technology tothe business process
Brussels June-11-2015
The leading, global authority on information security and information risk management
Change the paradigm
From top managementto the technology
Brussels June-11-2015
The leading, global authority on information security and information risk management
Risks and Responsibilities
There are lots of Risks to mitigate:•Cyber-attacks•Non compliancy with laws and regulations•Reputational lost
All of them will affect people, assets and the business itself.
Brussels June-11-2015
The leading, global authority on information security and information risk management
Benchmark
Organizations need to benchmark their status on security regarding risks, threats, and responsibilities.
CARONTE could be the reference for this benchmark in an agnostic-industry basis.
Cyberdelincuency is evolving continuously. To work with static risks maps makes controls and procedures quickly obsolescent
User awareness is essential.
Brussels June-11-2015
The leading, global authority on information security and information risk management
Create an Immune system
Because the gaps and the isolation are not possible in a Global World, lets copy the Immune System, that works from several million years.
Let balance the cyber protection from hygiene to asepsia
Live with the risk identifying your risk acceptancy
Brussels June-11-2015
CALS Message
Put people, methodology and technology working with a synergic mentality.
Holistic vision vs Reductionist vision
Brussels June-11-2015
Computer Aided Logistics (CALS)
14
CALS is a Company specialized in GRC (Governance, Risk & Compliance) tools and Information Security implementations. Also with national and international agreements we offer solutions in the following environments:
Information and Communication Systems: Analysis and Risk Management for the organizations, Audits and Security solutions including international standards, methodologies and good practices.
Consulting and Training: Standard and tailored training. Awareness projects as a first step for information security.
The company is established in May 1997, with the basic idea of offering the market an alternative for strategic services and solutions with a high return of investment (ROI)
Brussels June-11-2015
We share with the industry their concerns regarding “cyber insecurity”
We hold the technological tools to build a governance on cybersecurity platform
The above conditions allows us to understand the cyber security and cyber protection as a global an integrated practice affecting every one in Organizations
CALS expertise
Brussels June-11-2015
The ISF could also be behind this European Project
CALS is also the ISF agent for Spain, Portugal and Latin America
Brussels June-11-2015
What is the ISF?
An international association of near 400 leading global organizations (Fortune 500/Forbes 2000), which...
• Addresses key issues in information risk management through research and collaboration• Develops practical tools and guidance for its members
• Is fully independent, not-for-profit organization and driven by its Members
• Promotes networking within its membership
The leading, global authority on information security and in
The leading, global authority on information security
Brussels June-11-2015
Some Research & Reports
• You Could be Next: Learning from incidents to improve resilience
• The 2014 Standard of Good Practice for Information Security
• Data Analytics for Information Security• Threat Horizon 2014 – 2015 - 2016• Cyber Security Strategies: Achieving cyber
resilience• Federated Identity Access Management• Cyber Citizenship• Hacktivism• Information Security Governance – Raising
the game• Securing Consumer Devices• Securing Cloud Computing• Beyond the clear desk policy
• Securing the information lifecycle• Information security for external suppliers• Information security maturity models• Protecting information in the end user
environment• Information security assurance• Security audit of business applications• Information security governance (Briefing)• Reporting information risk• Network convergence• Information security assurance• Benchmark reports:
o Critical Business Applicationso The impact of information security
investmento Consolidated benchmark resultso Cross reference to ISO/IEC 27002, COBIT
version 4.1
Brussels June-11-2015
19
Contact
Computer Aided Logistics
www.calogistics.comVelázquez 86- B28006 – Madrid
E-mail: [email protected]
Tel: +34 91 432 14 15Móvil: +34 607 995 117Fax: +34 91 578 27 97
Rafael Rodríguez de Cora
E-mail: [email protected]