Brussels June-11-2015 Cyber-Security Cyber-Protection Cyber-Sustainability.

Brussels June-11-2015

Cyber-SecurityCyber-ProtectionCyber-Sustainability

Concerns about Transport

Transport systems are every day more ICT dependents

Internet (TCP/IP), the Cloud and social networks are the environment

Internet, social media and people not enough aware are themain vulnerabilities


Concerns about Transport (Cont.)

Main risks:•Public transport as a target for terrorism (Sep 11th) Signalling, vehicles everyday more controlled through Internet, ransom ware

•Transport System as component of Supply Chain as a target for cyber crime mafias for economic purposes Modify cargo manifest, EDI contamination, DoS, etc.


Preliminary 360º on Transport

• Aware the Organizations and stake holders on cyber security and unsafe habits

• Analyse vulnerabilities• Perform a risk assessment and fix the risk acceptancy• On strategic IT, the Information is strategic• Invest in technology and calculate the ROI (ROSI)• Not only should we protect our assets, we could be a vehicle to

infect customers and suppliers• Benchmarks


5

AntimalwareCifrado

Form

ación

Cla

ssifi

catio

n

Best P

racti

ces

Awareness

Antimalware

Cipher

Data M

asking

Ben

chm

ark

Traini

ngGRC

Audit management

ConsultingIS

F


Landscape in Cybersecurity

The Good ones

•Governments•Organizations•People

The Bad ones

•Governments•Organizations•People


The leading, global authority on information security and information risk management

Facts

Growth on cybercrime:• Activity• Profit• Damage• Crime as a Service

Malware morphs:• Mutation Engine (ME)• Stuxnet begot Duqu, then begot Gauss• Malware when detected is several years old•The average of malware activity inside a system was 227 days in

2013 and 230 days in 2012 (Mandiant Report)



Our point of view

Today:From technology tothe business process



Change the paradigm

From top managementto the technology



Risks and Responsibilities

There are lots of Risks to mitigate:•Cyber-attacks•Non compliancy with laws and regulations•Reputational lost

All of them will affect people, assets and the business itself.



Benchmark

Organizations need to benchmark their status on security regarding risks, threats, and responsibilities.

CARONTE could be the reference for this benchmark in an agnostic-industry basis.

Cyberdelincuency is evolving continuously. To work with static risks maps makes controls and procedures quickly obsolescent

User awareness is essential.



Create an Immune system

Because the gaps and the isolation are not possible in a Global World, lets copy the Immune System, that works from several million years.

Let balance the cyber protection from hygiene to asepsia

Live with the risk identifying your risk acceptancy


CALS Message

Put people, methodology and technology working with a synergic mentality.

Holistic vision vs Reductionist vision


Computer Aided Logistics (CALS)

14

CALS is a Company specialized in GRC (Governance, Risk & Compliance) tools and Information Security implementations. Also with national and international agreements we offer solutions in the following environments:

Information and Communication Systems: Analysis and Risk Management for the organizations, Audits and Security solutions including international standards, methodologies and good practices.

Consulting and Training: Standard and tailored training. Awareness projects as a first step for information security.

The company is established in May 1997, with the basic idea of offering the market an alternative for strategic services and solutions with a high return of investment (ROI)


We share with the industry their concerns regarding “cyber insecurity”

We hold the technological tools to build a governance on cybersecurity platform

The above conditions allows us to understand the cyber security and cyber protection as a global an integrated practice affecting every one in Organizations

CALS expertise


The ISF could also be behind this European Project

CALS is also the ISF agent for Spain, Portugal and Latin America


What is the ISF?

An international association of near 400 leading global organizations (Fortune 500/Forbes 2000), which...

• Addresses key issues in information risk management through research and collaboration• Develops practical tools and guidance for its members

• Is fully independent, not-for-profit organization and driven by its Members

• Promotes networking within its membership

The leading, global authority on information security and in

The leading, global authority on information security


Some Research & Reports

• You Could be Next: Learning from incidents to improve resilience

• The 2014 Standard of Good Practice for Information Security

• Data Analytics for Information Security• Threat Horizon 2014 – 2015 - 2016• Cyber Security Strategies: Achieving cyber

resilience• Federated Identity Access Management• Cyber Citizenship• Hacktivism• Information Security Governance – Raising

the game• Securing Consumer Devices• Securing Cloud Computing• Beyond the clear desk policy

• Securing the information lifecycle• Information security for external suppliers• Information security maturity models• Protecting information in the end user

environment• Information security assurance• Security audit of business applications• Information security governance (Briefing)• Reporting information risk• Network convergence• Information security assurance• Benchmark reports:

o Critical Business Applicationso The impact of information security

investmento Consolidated benchmark resultso Cross reference to ISO/IEC 27002, COBIT

version 4.1


19

Contact

Computer Aided Logistics

www.calogistics.comVelázquez 86- B28006 – Madrid

E-mail: [email protected]

Tel: +34 91 432 14 15Móvil: +34 607 995 117Fax: +34 91 578 27 97

Rafael Rodríguez de Cora

E-mail: [email protected]

Brussels June-11-2015 Cyber-Security Cyber-Protection Cyber-Sustainability.

Documents

Transcript of Brussels June-11-2015 Cyber-Security Cyber-Protection Cyber-Sustainability.