1 Dr. Spyros Papastergiou, University of Piraeus (Greece)–Dept. of Informatics M. Zaharias Singular Logic (Greece) CYSM Risk Assessment Methodology.

Slides:

Advertisements

Similar presentations

Module N° 4 – ICAO SSP framework

Advertisements

DELOS Highlights COSTANTINO THANOS ITALIAN NATIONAL RESEARCH COUNCIL.

Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.

1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.

Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Applying the ISO RM-ODP Standard in e-Government B. Meneklis 1, A. Kaliontzoglou 2,3, D. Polemi 1, C. Douligeris 1 1 University of Piraeus, Department.

Quality evaluation and improvement for Internal Audit

The Knowledge Resources Guide The SUVOT Project Sustainable and Vocational Tourism Rimini, 20 October 2005.

Agricultural Biotechnology Network for Regional Collaboration and Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview.

WP5 Digital Business Ecosystem Alessandra Benvenuti, INSIEL SpA (Friuli Venezia Giulia Region) ADC Final Conference Venice, March 13 th 2012.

Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.

SecureAware Building an Information Security Management System.

Laboratory Biorisk Management Standard CWA 15793:2008

1 Process Engineering A Systems Approach to Process Improvement Jeffrey L. Dutton Jacobs Sverdrup Advanced Systems Group Engineering Performance Improvement.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

Regional Integration Cluster Olivier Hartmann - SSATP.

Participatory research to enhance climate change policy and institutions in the Caribbean: ARIA toolkit pilot 27 th meeting of the CANARI Partnership January.

Development and Transfer of Technologies UNFCCC Expert Workshop On Technology Information Technology Transfer Network and Matchmaking Systems: a LA & C.

Wireless Networks Breakout Session Summary September 21, 2012.

Adaptation knowledge needs and response under the UNFCCC process Adaptation Knowledge Day V Session 1: Knowledge Gaps Bonn, Germany 09 June 2014 Rojina.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” Marco Carugi.

SEVESO II transposition and implementation – possible approaches and lessons learned from MS/NMS SEVESO II transposition and implementation – possible.

Piemonte Workshop 1 11 September 2006 Paolo Salieri European Commission DG ENTR-H4 Security research in FP7.

International Labour OrganizationInternational Maritime Organization Summary of the ILO-IMO Code of Practice on Security in Ports.

Creating a European entity Management Architecture for eGovernment CUB - corvinus.hu Id Réka Vas

Last Updated 1/17/02 1 Business Drivers Guiding Portal Evolution Portals Integrate web-based systems to increase productivity and reduce.

The partnership principle and the European Code of Conduct on Partnership.

KEYSTONE EUROPEAN CROSS DOMAIN PKI ARCHITECTURE Sokratis K. Katsikas Professor & Head Dept. of Information & Communication Systems University of the Aegean.

Fostering worldwide interoperabilityGeneva, July 2009 Intelligent Transport Systems Presenter: Soeren Hess Chairman TC ITS Global Standards Collaboration.

National Public Health Performance Standards Local Assessment Instrument Essential Service:6 Enforce Laws and Regulations that Protect Health and Ensure.

Unit-5 Introduction to IS/ISO 9004:2000 – quality management systems – guidelines for performance improvements. Presented by N.Vigneshwari.

SMILE - Smart Green Innovative urban Logistics for Energy efficient mediterranean cities Rijeka, Overview of the SMILE Project.

Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.

Implementation of Insurance Core Principles and FSAP Evaluations The Portuguese FSAP experience Gabriel Bernardino Instituto de Seguros de Portugal.

National Geospatial Enterprise Architecture N S D I National Spatial Data Infrastructure An Architectural Process Overview Presented by Eliot Christian.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

SEVESO II transposition and implementation: Possible approaches and lessons learned from member states and new member states SEVESO II transposition and.

FROM PRINCIPLE TO PRACTICE: Implementing the Principles for Digital Development Perspectives and Recommendations from the Practitioner Community.

CYSM Collaborative Cyber/Physical Security Management System Assistant Professor Nineta Polemi University of Piraeus, “PREVENTION, PREPAREDENESS.

Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.

CYSM Risk Assessment Methodology Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme.

LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

TECHNICAL QUALITY MANAGEMENT Technical Quality Management Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related.

1 Dr. Spyridon Papastergiou University of Piraeus (Greece)–Dept. of Informatics Multidimensional,

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

Presented for discussion with Implementation SIG Heather Grain.

© The InfoCitizen Consortium Project Presentation Agent based negotiation for inter- and intra-enterprise coordination employing a European Information.

Overall Exploitation & Sustainability Strategy 4th Steering Committee meeting Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism.

Dr. Ir. Yeffry Handoko Putra

Dr. Stelios Panagiotou, Dr. Stelios C.A. Thomopoulos

Crisis management related research at

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

Go LNG LNG Value Chain for Clean Shipping, Green Ports and Blue Growth in Baltic Sea Region.

Sendai Framework for Disaster Risk Reduction

Integrated Management System and Certification

ICT PSP 2011, 5th call, Pilot Type B, Objective: 2.4 eLearning

Integrated Management System and Certification

Instantiation of the Concept in GAMMA Prototypes

Dr. Stelios Panagiotou, Dr. Stelios C.A. Thomopoulos

IAEA General Conference Regulatory Cooperation Forum Regulatory Approach Prescriptive vs Performance Based David Senior Executive Director -

Strategic Environmental Assessment (SEA)

CEng progression through the IOM3

Presentation transcript:

1 Dr. Spyros Papastergiou, University of Piraeus (Greece)–Dept. of Informatics M. Zaharias Singular Logic (Greece) CYSM Risk Assessment Methodology & Tool Demonstration

 Basic Concepts  CYSM Objectives  CYSM Risk Assessment Methodology  CYSM System Architecture & Services  CYSM System Demonstration Topics

Commercial Ports

Objectives  O1: To introduce a targeted risk management methodology for port CIIs, taking into account the protection of physical and cyber assets. The methodology will be aligned to relevant standards and legislation.  O2: To implement, deploy and evaluate an integrated security management system (for CII operators) enabling asset modeling, risk analysis, anticipation/management of attacks, as well as stakeholders’ collaboration.  O3: To increase the collaboration between European port stakeholders towards improved management of the physical and cyber nature of CIIs in a harmonized manner.  O4: To document best practices for integrated security management of port CIIs. Accordingly, to disseminate them to maritime policy-shaping groups (e.g., ECSA, ICS-ISF) and contribute towards an acceptable, applicable Integrated Maritime Policy (IMP).

Consortium PartnerRole PORT INSTITUTE FOUNDATION OF STUDIES AND COOPERATION OF THE VALENCIA REGION (FEPORTS) Project Coordinator UNIVERSITY OF PIRAEUS RESEARCH CENTRE (UPRC)Technical Manager SINGULARLOGIC ANONYMOS ETAIRIA PLIROFORIAKON SYSTIMATON & EFARMOGON PLIROFORIKIS (SiLo) Technical Partner Università degli Studi di Genova (DITEN)Technical Partner Piraeus Port Authority S.A. (PPA) Pilot Valenciaport Foundation for Research, Promotion and Commercial Studies of the Valencian region (VPF) Pilot Port-of-Mykonos (POM) (subcontractor of SiLo) Pilot

CYSM Risk Assessment Methodology CYSM Risk Assessment Methodology is oriented:  to cover the security and safety requirements on the demanding sector of commercial ports,  to assess all the physical and cyber facilities required for the robust and uninterruptible operation of ports  physical facilities such as buildings, platforms, gates, marinas, data centers, platform  cyber facilities such as networks, equipment, satellites, servers, relay stations, tributary stations, information, etc.

Requirements CYSM Risk Assessment Methodology should satisfy:  Compatible with standards (e.g. ISO27001, and ISPS code)  Multi-scope analytic: Be able to perform risk analysis using different scopes  Collaborative: Ensures collaboration among all port users  Broad analytic: Analyses sectoral, interconnected and interdependent threats  Time and resource economical: Avoids the plethora of questionnaires and frustrating interviews with all participants  Accurate: Derives accurate results  Good Functional requirements: Needs to be clear for all actors involved, precise, and measurable  Easy to implement: Easy to implement the methodology  Well documented: All steps of the methodology can be documented in clear format with clear outcomes for each step  Responsibility centric: Methodology has to be oriented to users’ role

General Approach of CYSM Methodology

 Open Standards: adoption of peak technologies and worldwide accepted and mature standards  Interoperability: adoption of world-wide known and used open standards as the core communication protocol (Interconnection of many distributed and heterogeneous systems (Efficient & Quicker Integration)  Modularity: Complex systems consist of a large number of different modules that interact in a non-simple way, and tiers.  Reusability: all essential primary functions that can be easily reused, configured and customized in every service  Scalability & Extensibility: robust and extensible in order to efficiently support ports’ business activities  Security: five critical security requirements Authentication, Integrity, confidentiality, Non-repudiation, Availability  Privacy: support of mechanisms that provide effective and efficient management of users’ identities and access rights to the system Architectural Design Principles

 Support for information security risk management knowledge codification  Support for information security management personalization  Support for collaboration  Role-specific content views  Descriptive approach Overall requirements

CYSM System Architecture

Security & Safety Management Services

Impacts for the Mediterranean Ports Raise their cyber and physical intelligence and culture Harmonize their digital security practices Improve the trust in the maritime environment Increase predictability and reduce uncertainty of business operations Provide the appropriate guidance to the ports’ personnel (selecting security countermeasures, upcoming threats, best practices and related regulations) Assist them on how to comply with legal and regulatory frameworks

Mykonos-GR