Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.
1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introduction to Network Defense
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
Computer Crime and Information Technology Security
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Cyber Security Nevada Businesses Overview June, 2014.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Communications-Electronics Security Group. Excellence in Infosec.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.
Hurdles in implementation of cyber security in India.
Chap1: Is there a Security Problem in Computing?.
CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Safe’n’Sec IT security solutions for enterprises of any size.
MIS323 – Business Telecommunications Chapter 10 Security.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Information Management System Ali Saeed Khan 29 th April, 2016.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
NANDHA ENGINEERING COLLEGE ERODE-52. CYBER WAR-A NEW FACE OF TERRORISM Guided byGuided by E.Kanimozhi,M.EE.Kanimozhi,M.E AP/Dept of ITAP/Dept of IT PRESENTED.
Threats & Challenges in the Digital World EY 2015 Global Information Security Survey.
The Need of CSIRT in Enterprise Keyur Desai – Vice President - IT
Proactive Incident Response
Cyber Insurance Risk Transfer Alternatives
Cybersecurity as a Business Differentiator
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Cyber Security Zafar Sadik
Information Security – Current Challenges
4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.
Agenda Control systems defined
Associate Degree in Cyber security
Public Facilities and Cyber Security
Compliance with hardening standards
RCCU Zephyr South West Regional Cyber Crime Unit.
Securing Information Systems
Information Security based on International Standard ISO 27001
Cyber defense management
I have many checklists: how do I get started with cyber security?
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
Data/Information Security, Not My Problem Or is it
Forensic and Investigative Accounting
Strategic threat assessment
National Information Assurance (NIA) Policy
LO1 - Know about aspects of cyber security
The journey to a SMART University
Presentation transcript:

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015

/ Protecting our railway in a connected world - Digital Railway Supplier Conference Peter Gibbons B.E.M. Professional Head (Cyber Security) Network Rail July 15 th 2015

/ AGENDA What is Cyber security and how might it impact our railway? How are we managing risks to Cyber security? What should you be doing? Conclusion

/ Keeping our railway safe and secure What is Cyber Security? The government point of view … “our increasing dependence on cyberspace has brought new risks, risks that key data and systems on which we now rely can be compromised or damaged, in ways that are hard to detect or defend against” Rt. Hon. Francis Maude MP - The UK Cyber Security Strategy November 2011 What is Cyber Security and what does it mean to us? Cyber security is concerned with the security of cyberspace, which encompasses all forms of networked, digital activities; this includes the content of and actions conducted through digital networks All our systems and connected, computerised technology from our railway cyberspace. That includes Databases, signalling systems, level crossing, RCM, CCTV and the underpinning infrastructure and telecommunication networks they rely on

/ How might cyber attacks impact our railway? To provide appropriate protection, we have to understand the threat As we introduce more digital technologies, we increase the opportunity for cyber attack Balance most likely with worst credible case

/ MOTIVE MEANS (THREAT) THREAT ACTOR Terrorist Activist Foreign State Hacker Employee Terrorist Activist Foreign State Hacker Employee Financial gain Retribution Harm NR reputation Political advantage Cause loss of life/harm Create fear Financial gain Retribution Harm NR reputation Political advantage Cause loss of life/harm Create fear Phishing Virus Unauthorised security tools Unauthorised physical access Social Engineering C2 Services Malware Phishing Virus Unauthorised security tools Unauthorised physical access Social Engineering C2 Services Malware Supplier Researcher Journalist Organised Crime Competitor Supplier Researcher Journalist Organised Crime Competitor Curiosity Intellectual challenge Mischief Spread propaganda Act of war Disrupt commerce Cause civil unrest Curiosity Intellectual challenge Mischief Spread propaganda Act of war Disrupt commerce Cause civil unrest Hacking services Watering holes Botnets Ransomware Exploit kits Rootkit Trojans Hacking services Watering holes Botnets Ransomware Exploit kits Rootkit Trojans OPPORTUNITY (VULNERABILITY) Access Connectivity System Functionality Technology Access Connectivity System Functionality Technology RESULT Denial of Service Data theft Data loss Data change System interruption Unauthorised access Unauthorised operations Denial of Service Data theft Data loss Data change System interruption Unauthorised access Unauthorised operations IMPACT (CONSEQUENCE) Train delay, disruption, derailment Unplanned cost Reputational damage Lost productivity Asset damage Regulator sanction Legal breach Financial loss Harm Train delay, disruption, derailment Unplanned cost Reputational damage Lost productivity Asset damage Regulator sanction Legal breach Financial loss Harm ASSETS How are we managing cyber security risks? DETER PREVENT PROTECT LEAD PROACTIVE CAPABILITY DETECT RESPOND RECOVER UNDERSTAND REACTIVE CAPABILITY

/ What should you be doing? Network Rail Procurements Standards for High Risk suppliers 9. The Supplier shall be certified to the government’s Cyber Essentials Scheme as a minimum requirement and shall provide evidence of its certification. Alternatively, proof of certification against ISO is acceptable, providing that the certification covers the part of the organisation that is delivering the Services. 10. The Supplier shall, as far as is reasonably practicable, categorize Assets according to the potential impact to Network Rail of their loss of confidentiality, integrity and availability (‘Categorization’); those with significant potential impact shall be notified to Network Rail. Securing technical railway products Clear security requirements Coding standards Control testing Zoning and segmentation Managing security of operational services Vulnerability discovery, disclosure and patching Incident reporting Develop and follow common good practice Securing your business Data loss prevention Access control Protect your services and your supply chain Accreditation and compliance Cyber Essentials PAS555 OWASP Common Criteria ISO27001

/ Conclusion 1.Cyber attack is a real threat to our Railway Rail infrastructure systems have been attacked and compromised 2.Effective cyber security is a condition of entry for digitisation of the railway Our needs are not unique, as critical national infrastructure our standards must be high 3. We’re in it together We’re all a target and we’re all part of the solution

/ Please visit the Cyber Security stand in room E1 for more information Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.