Www.buslab.org Brno – Center of Education and Inovation Automation of Risk Analysis and Management Dan Cvrcek, Marek Kumpost - BUSLab Ludek Novak - ANECT.

Slides:

Advertisements

Similar presentations

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

Advertisements

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Steps towards E-Government in Syria

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

1 Skilling Up for Patient-Centered E-Health E. Vance Wilson University of Wisconsin-Milwaukee.

Business-Led IT & Central IT Scaffolding UCCSC August 4, 2014.

Alignment of COBIT to Botswana IT Audit Methodology

Annie Lalé of SQUARIS  FP7 Themes Relevant for Safety and Security  Focus of Research Projects in Emergency and Disaster Management  ICT Themes in FP7.

Protection of Information Assets I. Joko Dewanto 1.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:

New technologies and disaster information resources Part 2. The right information, at the right time, the right way.

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Building of Secured Integrated Infrastructure trough Introducing eHealth Cards – Jörg Stadler.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

The New EU Framework Programme for Research and Innovation HORIZON 2020 Judit Fejes Executive Agency of Small and Medium Enterprises (EASME)

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Strategy and Policy Unit: Current Activities and Future Tasks

NIS Directive and NIS Platform

Robotics for a better Society

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

State of Information Technology Presentation for Faculty Council November 14, 2013 Mike Carlin Vice Chancellor for IT and CIO.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Marketing of Information Security Products. The business case for Information Security Management.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Mobile data. Introduction Wireless (cellular) communications has experienced a tremendous growth in this decade. Most of the wireless users also access.

IT Internal Audit Survey Overview of survey findings May 2009 IT ADVISORY ADVISORY.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

The Next Step in Digital Literacy IC3 and Critical Thinking:

Presentation WG 2 Managing EU Funds on the Regional Level Republic of Albania Ministry of European Integration (MEI) Regional Conference EU Perspectives.

Challenges in Infosecurity Practices at IT Organizations

Olga E. SegouDr. Stelios C.A. Thomopoulos Integrated Systems.

InWEnt | Qualified to shape the future1 Capacity Development Programme in Industrial Disaster Risk Management Cooperation under the Programme on Advisory.

Configuring Directory Certificate Services Lesson 13.

Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.

NETWORK STRUCTURE AND COOPERATION BETWEEN UNIVERSITIES AND INDUSTRY Prof. Ing. Tatiana Čorejová, PhD. Prof. Ing. Ján Čorej, PhD.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

Hellenic Research Foundation1 31 March 2006 The 2006 Call of the Preparatory Action for Security Research Pieter De Smet European Commission DG ENTR-H4.

Information Society Technologies (IST) Programme 5th EU RTD Framework Programme.

1 SMEs – a priority for FP6 Barend Verachtert DG Research Unit B3 - Research and SMEs.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

ENISA efforts for securing European Internet Infrastructure

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Make Your Mark HALO Branded Solutions We will achieve your promotional objectives! Any combination of our online... Or offline services will provide.

Exchange Deployment Planning Services Exchange 2010 Complementary Products.

Your Name Your Title Hewlett-Packard Company Software Engineering for E-Business.

European Commission Research 1 Participation in the EU 6th Framework Programme for Research and Technological Development Peter Härtwich, DG Research,

Microsoft and Symantec

MarNIS Maritime Navigation and Information Services FP6 - Integrated Project.

INNOVATIVE ACTIONS UNDER THE ERDF REGIONAL PROGRAMME OF INNOVATIVE ACTIONS ENtrepreneurship Through Innovation in Epirus “ENTI”

Conference Pan-European eGovernment services for citizens & enterprises E.3 Services for enterprises Development and improvement of Information Systems.

LSEC H2020-DS - & CIP Ulrich Seldeslachts, Brussels, January 27th, 2016.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Gaia Ubiquitous Computing Directions Roy Campbell University of Illinois at Urbana-Champaign.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Business Challenges in the evolution of HOME AUTOMATION (IoT)

Digital Security Focus Area & Critical Infrastructure Protection in H2020 SC7 WP Aristotelis Tzafalias Trust and Security Unit DG Communications.

IoT R&I on IoT integration and platforms INTERNET OF THINGS

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

Innovative ICT Building a Better Smart City. Agenda 1. Why focus on Smart City 2. What is a Smart City 3. References.

EUB Brazil: IoT Pilots HORIZON 2020 WP EUB Brazil: IoT Pilots DG CONNECT European Commission.

Regional Research-driven clusters as a tool for strenghthening regional economic development: the FP7 Regions of Knowledge Programme and its synergies.

Securing Critical Assets: Arizona’s Security & Privacy Initiatives

Critical Infrastructure Protection Policy Priorities

Alignment of COBIT to Botswana IT Audit Methodology

Presentation for information days Units involved:

Presentation transcript:

Brno – Center of Education and Inovation Automation of Risk Analysis and Management Dan Cvrcek, Marek Kumpost - BUSLab Ludek Novak - ANECT

Automation of Risk Analysis and Management BUSLab – IT Security Laboratory BUSLab (Brno University Security Laboratory) ●Informal security research group of Brno University of Technology and Masaryk University ●Concentrates people interested in IT security ●Research projects, conferences, industrial cooperation ●Leading persons: Dan Cvrcek, Vashek Matyas Cooperation with ANECT ●Strong company in the area of network infrastructures and risk management ●Certified by Czech NSA for classified information ●Experience with critical infrastructures

Automation of Risk Analysis and Management BUSLab Expertise Privacy ●Participate in the FIDIS project (Future of Identity in Information Society) ●Strong cooperation with KU Leuven, TU Dresden Reputation Systems ●Experience of participation in SECURE project ●Currently running national research project ●Implementation of reputation system for WiFi networks Secure Cryptographic Devices ●Cooperation with Cambridge University, security of crypto- modules, smartcards, Chip&PIN cards Key infrastructures ●Design of schemes for key management in emerging areas like sensor networks

Automation of Risk Analysis and Management Management of Security Crucial problem of security is to pinpoint the important risks/threats No-one ever did this for home computers used for Internet banking, personal communication, and recently voice communication Number of different methodologies for large systems (CRAMM, CobiT, EBIOS, RA2 art of risk, …) ●Hard to utilise, expensive, and time consuming ●An audit may take several months ●Not usable for everyday management, fast-changing environments Unreachable for common users, SMEs, government

Automation of Risk Analysis and Management If Floods Reevaluate communications, transport, healthcare,… Coordinate emergency services, supplies, … Later on – change infrastructures, … Air-traffic suspension Delivery of goods, passengers, strengthening other means of traffic Transport of perishable goods, drugs, organs for transplantations Later on – security measures, obligations for airlines, … Multidisciplinary assessment, analysis, reaction, …

Automation of Risk Analysis and Management Risk Management Starting Points EU business needs genuine risk management arrangement combining ●Risk-correctness – appropriate accuracy of data about system and applicable threats ●Control-effectiveness – measures are effective and fulfill their goals and objectives ●Cost-efficiency – economically reasonable ●Time-dependency – risk management must react on changes of system and its environment Methodologies for risk management are not stable yet ●ISO is rewriting its recommendations (General risk management principles, Information security risk management) ●EU – ENISA’s recommendations for risk management

Automation of Risk Analysis and Management Project Relevance and Needs ENISA Risk Management Road Map ●9 of 10 identified areas are directly relevant ●Interoperability/compatibility of methods ●Comparability/merging of methods ●Measurements of risks ●Unified information bases for risk management ●Risk management and relevant security issues ●Business Continuity Planning (BCP) ●Emerging risks ●Awareness, training, communication ●Security measurement ●Methods inventory maintenance

Automation of Risk Analysis and Management Project Objectives and Focus Develop risk management environment/tools able to: ●Integrate risk management in different domains - operational, environmental, information, … ●Integrate risk management in different levels of details ●Timely, effective, and efficient reassessment of relevant security aspects Hierarchical risk management ●Subordination of risk management engines ●Coverage of risks by subordinate management engines ●Data flows (downwards threats, upwards impact/risk) ●Access control to sensitive data ●XML based information exchange schemes Pilot ●Usability in different situation (home, SME, government) ●Quick spreading of change data on risks

Automation of Risk Analysis and Management Added Value and Project Innovation Nearly real-time tools helping to solve situation Tight risk management environment integrating different risk domains ●SME, Government, Large enterprises ●Informatics: integration of differently focused methodologies ●Critical infrastructure protection: telecommunications, emergency, utilities, healthcare, banking, transportation, government, … Tight risk management environment integrating different risk levels ●Government: Region-Local, Country-Region, EU-Country ●Large enterprises: Central office-Branches ●Informatics: integration of individual systems

Automation of Risk Analysis and Management Thanks for your attention! Questions, comments … Useful links BUSLab’s web page: ANECThttp:// s: Dan Marek Ludek