The extremes are attracting each other Calin Rangu 25 st of May, 2009 Cyber-security Conference Bucharest.

Slides:

Advertisements

Similar presentations

Its a new digital world with new digital dangers….

Advertisements

Philippine Cybercrime Efforts

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

DRAFT Page 1 A unique, non-profit, economic development organization Who we are What we do Lead and partner with industry, academia and government regionally.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

David A. Brown Chief Information Security Officer State of Ohio

DHS, National Cyber Security Division Overview

Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.

SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

Closing the CIP Technology Gap in the Banking and Finance Sector Treasury Department Office of Critical Infrastructure Protection and Compliance Policy.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Together advancing small enterprise development. Who is Seda  Established in 2004  Government Agency – Falls under Department of Trade and Industry.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

Lessons Learned in Smart Grid Cyber Security

US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.

Joseph Ferracin Director IT Security Solutions Managing Security.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Public Participation and the Advisory Committee Process A Collaborative Partnership For Water Resources Toni M. Johnson, Chief Water Information Coordination.

Security Policy Evaluation Using Balanced Scorecards Mohamad El Osta MBA 737 April 29, 2008.

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

A National approach to Cyber security/CIIP: Raising awareness.

The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Recent Cyber Attacks and Countermeasures September 2006.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

1 Raiffeisen-Leasing International Raiffeisen Group in the Republic of Moldova Vienna Economic Forum Chisinau Meeting 20th and 21st of February 2008.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Business Retention and Expansion What it is Why it is important How it works What makes it successful Business Retention and Expansion.

111 © 2005 EMC Corporation. All rights reserved. Achieving Business Resilience 2005 Business Continuity and Corporate Security Show & Conference Stephen.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.

24 October,2013 Technology Transfer Office “Information and Communication Technologies for Energy Efficiency” TTO “ICTEE” AComIn – Starosel, Bulgaria.

Jacques Bus Head of Unit, DG INFSO-F5 “Security” European Commission FP7 launch in the New Member States Regional on-line conference 22 January 2007 Objective.

Raya for Information Technology. About US  Raya IT, established in 1998, operates in the field of systems integration and IT business solutions.  A.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Science & Technology for National Progress in African Region: Highlights of Regional Strategy and Action Professor Gabriel B. Ogunmola, FAS President,

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

MAZOWSZE 2007 – 2013 Operational Program Human Capital Regional Component Ministry of Regional Development.

Activu-Powered Video Wall Prominently Featured during President Obama’s Visit to the National Cybersecurity and Communications Integration Center On January.

SEC 480 assist Expect Success/sec480assistdotcom FOR MORE CLASSES VISIT

Society for Maintenance and Reliability Professionals (SMRP)

Cybersecurity as a Business Differentiator

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

New A.M. Best Cyber Questionnaire

California Cybersecurity Integration Center (Cal-CSIC)

Information Systems Management

John Carlson Senior Director, BITS

Cyber Security Ecosystem of Georgia. Experience and Challenges

In the attack index…what number is your Company?

ISACA IN 2019 Robin Lyons WHAT’S NEXT, NOW Technical Research Manager

Presentation transcript:

The extremes are attracting each other Calin Rangu 25 st of May, 2009 Cyber-security Conference Bucharest

Agenda  History and Present: IIRUC Service and R-IT  Cyber-security : the real dimension  The public-private partnership  Cyber-security centers – integrated universe  Proposed measures and standards  What IIRUC Service can do?

History and Present  1968: the original IIRUC company was established  1991: IIRUC-SA was registered as a shareholding company out of the original IIRUC company  2004: IIRUC SERVICE SA was established, based on the traditional IIRUC SA company  2008 (February): Raiffeisen Informatik Austria (R-IT), the second largest IT service provider in Austria, achieved the sole control over IIRUC SERVICE SA  2008 (October): Approval of the Master Plan for the company development  2008 (October): Opening new Headquarter with a Data Center facility and a central Call Center dept.  2009 (January): The set-up of the IT security business line – global partnerships and product related services  2009 (June) – Professional and IT Security Operations related services Raiffeisen Informatik Group 2009’s turnover: Over 1 billions EURO

IIRUC Service means :  Over 25,000 customers  Over 70,000 equipment in service  East-Europe competence hub  Running international projects (Ukraina, CEE)  Multiple certifications  350 employees  120 cars fleet  60 nationwide locations in 8 areas  47 nationwide stores  50 service laboratories  1 national training center

IT Operations Outsourcing Security Services Software Solutions Output Services Client Management Raiffeisen Informatik Offered IT Services, strategical vision for Romanian market  Server  Corporate Clients  All highway system in Austria  320 local communities  28 hospitals  25 banks  km Network  520 TB Storage  1 Billion Transactions p.a.  300 Mio. printed Pages p.a.  Several Data Centers

Cyber Security – the real dimension of the problem The Cybersecurity Act of 2009 of USA, proposed in late March, starts with the assessment:Cybersecurity Act of 2009 "The Congress finds the following: (1) America's failure to protect cyberspace is one of the most urgent national security problems facing the country." The situation: confused atmosphere about cyber-security. States need help passing security tests, yet the government is drawn to the big problem of securing the Internet. The declaration: the importance of the Internet as an infrastructure to our economy and society and the inability of the private sector to solve cybersecurity problems

The government is always hopelessly behind the private sector in technology. But in front of all are there the cyber-bad-guys. There are better ways for the public sector to complement the private sector. Open networking and connectivity - vulnerabilities in computer systems. Too much legislative dialog around corporate responsibilities. It may be far more effective to involve the service provider utilities as part of the solution. The initiative for a national identity and authentication service and its large civil liberties implications is a discussion that should be conducted at the highest levels. The real dimension of the problem

The Internet has brought unparalleled positive change in our lives -- the security reality is far different from the hype. In past the changes due to adoption of the telephone, television or transportation network that has worked without security oversight - security incidents have been far short of catastrophic. Private industry knows how to build in business resiliency, indemnify consumers, and allocate new technologies to reduce risk. The government can learn about managing risk from private enterprises and should avoid rushing in to set standards. The real dimension of the problem

The states are unprepared to respond to a ‘‘cyber-storms’’ and that ‘‘a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between governments and governments and the private sector.’’ Booz Allen Hamilton, recommended to ‘‘establish a single voice for cyber-security within government’’ concluding that the ‘‘unique nature of cyber-security requires a new leadership paradigm.’’ Corner stone of cyberspace security strategy : long-term challenge in cyberspace from intelligence agencies and militaries, criminals, and others. Losing this struggle will wreak serious damage on the economic health and national security The single stable solution can be the public-private partnership A new leadership paradigm

The creation and support of Regional Cyber-security Centers for the promotion and implementation of cyber-security standards. Each Center shall be affiliated with a nonprofit institution or organization, or consortium thereof, that applies for and is awarded financial assistance under this section. PURPOSE : to enhance the cyber - security of small and medium sized businesses through: (1)the transfer of cyber-security standards, processes, technology, and techniques to Centers and, through them, to small- and medium-sized companies; (2) the participation of individuals from industry, universities, State governments, other agencies, in cooperative technology transfer activities; (3) efforts to make new cyber-security technology, standards, and processes usable by small- and medium-sized companies; Regional Cyber Security Centers – USA example

CYBERSECURITY METRICS RESEARCH - that can assess the economic impact of cyber-security. These metrics should measure risk reduction and the cost of defense SECURITY CONTROLS - to block or mitigate known attacks SOFTWARE SECURITY - a prioritized list of software weaknesses known to lead to exploited and exploitable vulnerabilities SOFTWARE CONFIGURATION SPECIFICATION LANGUAGE - establish standard computer-readable language for government contractors and grantees, and in private sector owned critical infrastructure information systems and networks. STANDARD SOFTWARE CONFIGURATION- security settings for operating system software and software utilities VULNERABILITY SPECIFICATION LANGUAGE for vendors to communicate vulnerability data to software users in real time. NATIONAL COMPLIANCE STANDARDS FOR ALL SOFTWARE - a standard testing and accreditation protocol for software built Recommendation: Measures and auditable cyber-security standards

What IIRUC Service/Raiffesien Informatik can do? 1.Partnership 2.Know-how 3.Professional Services 4.Product related Services 5.Operational related Services

Shift the Security Perspective

 Security zone  Authentification  Redundante Infrastructure  Intrusion detection  Fireproofing  Waterproofing  Overload protection  Access control  Video control  …  Virus protection  Firewall  Digital certif,  Authentification  Encription  IT-Tools for Checks ...  Security management  Security policy  Risic analyse  Security concept  Roolbook  Quality controlling  Audit  … Professional Services Product Related Services Operational Related Services Comprehensive Security Physical Security Organi- zational Security IT Security Comprehensive Security

Organizational security

IT and Business Security

Thank you for your attention! SC IIRUC SERVICE SA Thank you for your attention! 7 th “Fabrica de Glucoza” Street Sector Bucharest Romania Tel.: Fax: Mail: