1 of 29

Slide Notes

DownloadGo Live

C3 - the missing link

Published on Jun 27, 2016

No Description

PRESENTATION OUTLINE

The missing link

C3

Cybersecurity Competence Centre

Cybersecurity Competence Centre

  • Fast moving targets
  • Lack of skilled people
  • Need of intense collaboration
  • Complexity of regulatory frameworks
  • Increase of targeted attacks
  • Need for mission critical security
Photo by 416style

digitisation

  • Strong government commitment
  • IPCEI – HPC and big data
  • IoT – infrastructure mode in autonomous driving
  • FinTECH
  • SpaceTECH

NATIONAL CYBERSECURITY STRATEGY

a risk based approach
Photo by zilverbat.

“Digital security risk should be treated like an economic rather than a technical issue, and should be part of an organisation’s overall risk management and decision-making”
OECD – 2015

Photo by Lucy Nieto

National Cybersecurity strategy

  • Cyber security is a factor of attractiveness
  • Cyber security is a competitive advantage
  • Cyber security is an opportunity
  • Cyber security concerns everybody
Photo by zilverbat.

Democratisation of security

  • Reduce costs and complexity for everybody
  • Agree upon a taxonomy and mutualise
  • Collaborate, Cooperate, Coordinate:
  • -> Competitive advantage
Photo by mustetahra

Contextualisation of cybersecurity

  • From HOW to WHY - Analyse threats in a business context
  • Increased need because of amplified subcontracting - Understand technical and business anomalies - Complex and phased attack schemes
  • Understand the big picture
  • The are no small incidents

What we already do

Gather intel in order to act intelligently and legally
Photo by Frank Boston

MONARC (CASES)

  • Optimised risk assessment method
  • Reduction of individual effort by 80%
  • Towards a common taxonomy
  • Towards objectiveness and governance

BGP ranking (CIRCL)

  • Collect blacklists – link to AS
  • Evaluate maliciousness of AS
  • A health and maliciousness indicator for networks/providers

ANALYSIS OF INFORMATION LEAKS (CIRCL)

  • 20 sources (pastebin et al.)
  • 5-7 posts per second (in 2014: 27 GB data – 24 million pages)
  • Analyse for breach indicators
  • "Early" warning of leaks

MISP - Threat sharing Platform (CIRCL)

  • 3040 events in the database
  • 336.000 attributes
  • 113.000 correlations
  • Empowers detection and blocking of attacks
  • Generate technical intelligence about campaigns and large scale attacks

C3, THe missing link

connect cybersecurity to business
Photo by DaveBleasdale

C3 - Cybersecurity COmpetence Centre

  • Threat Intelligence
  • Training
  • Testing
Photo by DaveBleasdale

Threat intel

  • Technical and Operational security
  • Economic, Legal and Financial contextualisation
  • Threat intel for Metrics and Governance

Technical Intel

  • Prevention
  • Detection
  • Mitigation
  • Indicator sharing
Photo by C!...

Contextualised intel

  • Threats put into a specific context (common labs) like: - FINTECH - SPACE - HPC - IoT
  • Protect strategic developments
  • Insurance sector business opportunities

Governance intel

  • Objective metrics for: - Risk management - Governance
  • Strong need of metrics
  • Informed governance
Photo by kennymatic

Training

  • Technical
  • Contextualised
  • Realistic / Simulated
Photo by appsforeurope

Technical training

  • Improve technical skills of teams in: - Prevention - Detection - Mitigation - Indicator sharing
  • Protect strategic developments
  • Address skills problem
Photo by appsforeurope

Contextualised training

  • Train in specific sectors: - Ops teams - LE - Regulator - Compliance - Audit - Subcontractors
  • Insurance sector business opportunities
  • Subcontractors
Photo by RDECOM

Holistic training

  • Train with the help of Simulators / Exercises
  • Train "crisis" teams (include management)
  • Test procedures
Photo by slagheap

Testing

  • Security systems
  • Management systems
  • Products or services

Testing security setups

  • Test with the help of: - Simulators with real life and state of the art scenarios - Recurrent automated test - Creative hacking tests
  • Protect strategic developments
  • Harden systems
  • Identify good practice
Photo by mariordo59

Testing the ISMS

  • Test effectiveness of: - ISMS - Policies - Procedures - Plans (DRP)
  • GDPR and NIS regulatory requirements
  • ISMS certification preparation
Photo by tk-link

Testing products/services

  • Test in realistic environment – automated and creative
  • Help for start-ups
  • Labellisation / Certification
  • Due diligence / Trust models
Photo by skycaptaintwo