TEACHERS
GALLERY
PRICING
SIGN IN
TRY ZURU
GET STARTED
Loop
Audio
Interval:
5s
10s
15s
20s
60s
Play
1 of 29
Slide Notes
Download
Go Live
New! Free Haiku Deck for PowerPoint Add-In
C3 - the missing link
Share
Copy
Download
0
7
Published on Jun 27, 2016
No Description
View Outline
MORE DECKS TO EXPLORE
PRESENTATION OUTLINE
1.
The missing link
C3
2.
Cybersecurity Competence Centre
C3 - by
SECURITYMADEIN.LU
3.
Cybersecurity Competence Centre
Fast moving targets
Lack of skilled people
Need of intense collaboration
Complexity of regulatory frameworks
Increase of targeted attacks
Need for mission critical security
Photo by
416style
4.
digitisation
Strong government commitment
IPCEI – HPC and big data
IoT – infrastructure mode in autonomous driving
FinTECH
SpaceTECH
Photo by
filin ilia - aliyo.hu
5.
NATIONAL CYBERSECURITY STRATEGY
a risk based approach
Photo by
zilverbat.
6.
“Digital security risk should be treated like an economic rather than a technical issue, and should be part of an organisation’s overall risk management and decision-making”
OECD – 2015
Photo by
Lucy Nieto
7.
National Cybersecurity strategy
Cyber security is a factor of attractiveness
Cyber security is a competitive advantage
Cyber security is an opportunity
Cyber security concerns everybody
Photo by
zilverbat.
8.
Democratisation of security
Reduce costs and complexity for everybody
Agree upon a taxonomy and mutualise
Collaborate, Cooperate, Coordinate:
-> Competitive advantage
Photo by
mustetahra
9.
Contextualisation of cybersecurity
From HOW to WHY - Analyse threats in a business context
Increased need because of amplified subcontracting - Understand technical and business anomalies - Complex and phased attack schemes
Understand the big picture
The are no small incidents
Photo by
Don McCullough
10.
What we already do
Gather intel in order to act intelligently and legally
Photo by
Frank Boston
11.
MONARC (CASES)
Optimised risk assessment method
Reduction of individual effort by 80%
Towards a common taxonomy
Towards objectiveness and governance
12.
BGP ranking (CIRCL)
Collect blacklists – link to AS
Evaluate maliciousness of AS
A health and maliciousness indicator for networks/providers
13.
ANALYSIS OF INFORMATION LEAKS (CIRCL)
20 sources (pastebin et al.)
5-7 posts per second (in 2014: 27 GB data – 24 million pages)
Analyse for breach indicators
"Early" warning of leaks
14.
MISP - Threat sharing Platform (CIRCL)
3040 events in the database
336.000 attributes
113.000 correlations
Empowers detection and blocking of attacks
Generate technical intelligence about campaigns and large scale attacks
15.
C3, THe missing link
connect cybersecurity to business
Photo by
DaveBleasdale
16.
C3 - Cybersecurity COmpetence Centre
Threat Intelligence
Training
Testing
Photo by
DaveBleasdale
17.
Threat intel
Technical and Operational security
Economic, Legal and Financial contextualisation
Threat intel for Metrics and Governance
Photo by
Richard Clark (Digimist)
18.
Technical Intel
Prevention
Detection
Mitigation
Indicator sharing
Photo by
C!...
19.
Contextualised intel
Threats put into a specific context (common labs) like: - FINTECH - SPACE - HPC - IoT
Protect strategic developments
Insurance sector business opportunities
Photo by
Kaptain Kobold
20.
Governance intel
Objective metrics for: - Risk management - Governance
Strong need of metrics
Informed governance
Photo by
kennymatic
21.
Training
Technical
Contextualised
Realistic / Simulated
Photo by
appsforeurope
22.
Technical training
Improve technical skills of teams in: - Prevention - Detection - Mitigation - Indicator sharing
Protect strategic developments
Address skills problem
Photo by
appsforeurope
23.
Contextualised training
Train in specific sectors: - Ops teams - LE - Regulator - Compliance - Audit - Subcontractors
Insurance sector business opportunities
Subcontractors
Photo by
RDECOM
24.
Holistic training
Train with the help of Simulators / Exercises
Train "crisis" teams (include management)
Test procedures
Photo by
slagheap
25.
Testing
Security systems
Management systems
Products or services
Photo by
Sharon Drummond
26.
Testing security setups
Test with the help of: - Simulators with real life and state of the art scenarios - Recurrent automated test - Creative hacking tests
Protect strategic developments
Harden systems
Identify good practice
Photo by
mariordo59
27.
Testing the ISMS
Test effectiveness of: - ISMS - Policies - Procedures - Plans (DRP)
GDPR and NIS regulatory requirements
ISMS certification preparation
Photo by
tk-link
28.
Testing products/services
Test in realistic environment – automated and creative
Help for start-ups
Labellisation / Certification
Due diligence / Trust models
Photo by
skycaptaintwo
29.
Pascal Steichen
SECURITMADEIN.LU
Photo by
woodleywonderworks
Pascal Steichen
https://lhc.lu/
×
Error!