Presentation is loading. Please wait.

Presentation is loading. Please wait.

The extremes are attracting each other Calin Rangu 25 st of May, 2009 Cyber-security Conference Bucharest.

Published byOctavia Singleton Modified over 9 years ago

Similar presentations

Presentation on theme: "The extremes are attracting each other Calin Rangu 25 st of May, 2009 Cyber-security Conference Bucharest."— Presentation transcript:

1 The extremes are attracting each other Calin Rangu 25 st of May, 2009 Cyber-security Conference Bucharest

2 Agenda  History and Present: IIRUC Service and R-IT  Cyber-security : the real dimension  The public-private partnership  Cyber-security centers – integrated universe  Proposed measures and standards  What IIRUC Service can do?

3 History and Present  1968: the original IIRUC company was established  1991: IIRUC-SA was registered as a shareholding company out of the original IIRUC company  2004: IIRUC SERVICE SA was established, based on the traditional IIRUC SA company  2008 (February): Raiffeisen Informatik Austria (R-IT), the second largest IT service provider in Austria, achieved the sole control over IIRUC SERVICE SA  2008 (October): Approval of the Master Plan for the company development  2008 (October): Opening new Headquarter with a Data Center facility and a central Call Center dept.  2009 (January): The set-up of the IT security business line – global partnerships and product related services  2009 (June) – Professional and IT Security Operations related services Raiffeisen Informatik Group 2009’s turnover: Over 1 billions EURO

4 IIRUC Service means :  Over 25,000 customers  Over 70,000 equipment in service  East-Europe competence hub  Running international projects (Ukraina, CEE)  Multiple certifications  350 employees  120 cars fleet  60 nationwide locations in 8 areas  47 nationwide stores  50 service laboratories  1 national training center

5 IT Operations Outsourcing Security Services Software Solutions Output Services Client Management Raiffeisen Informatik Offered IT Services, strategical vision for Romanian market  3.000 Server  20.000 Corporate Clients  All highway system in Austria  320 local communities  28 hospitals  25 banks  40.000 km Network  520 TB Storage  1 Billion Transactions p.a.  300 Mio. printed Pages p.a.  Several Data Centers

6 Cyber Security – the real dimension of the problem The Cybersecurity Act of 2009 of USA, proposed in late March, starts with the assessment:Cybersecurity Act of 2009 "The Congress finds the following: (1) America's failure to protect cyberspace is one of the most urgent national security problems facing the country." The situation: confused atmosphere about cyber-security. States need help passing security tests, yet the government is drawn to the big problem of securing the Internet. The declaration: the importance of the Internet as an infrastructure to our economy and society and the inability of the private sector to solve cyber- security problems

7 The government is always hopelessly behind the private sector in technology. But in front of all are there the cyber-bad-guys. There are better ways for the public sector to complement the private sector. Open networking and connectivity - vulnerabilities in computer systems. Too much legislative dialog around corporate responsibilities. It may be far more effective to involve the service provider utilities as part of the solution. The initiative for a national identity and authentication service and its large civil liberties implications is a discussion that should be conducted at the highest levels. The real dimension of the problem

8 The Internet has brought unparalleled positive change in our lives -- the security reality is far different from the hype. In past the changes due to adoption of the telephone, television or transportation network that has worked without security oversight - security incidents have been far short of catastrophic. Private industry knows how to build in business resiliency, indemnify consumers, and allocate new technologies to reduce risk. The government can learn about managing risk from private enterprises and should avoid rushing in to set standards. The real dimension of the problem

9 The states are unprepared to respond to a ‘‘cyber-storms’’ and that ‘‘a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between governments and governments and the private sector.’’ Booz Allen Hamilton, recommended to ‘‘establish a single voice for cyber-security within government’’ concluding that the ‘‘unique nature of cyber-security requires a new leadership paradigm.’’ Corner stone of cyberspace security strategy : long-term challenge in cyberspace from intelligence agencies and militaries, criminals, and others. Losing this struggle will wreak serious damage on the economic health and national security The single stable solution can be the public-private partnership A new leadership paradigm

10 The creation and support of Regional Cyber-security Centers for the promotion and implementation of cyber-security standards. Each Center shall be affiliated with a nonprofit institution or organization, or consortium thereof, that applies for and is awarded financial assistance under this section. PURPOSE : to enhance the cyber - security of small and medium sized businesses through: (1)the transfer of cyber-security standards, processes, technology, and techniques to Centers and, through them, to small- and medium-sized companies; (2) the participation of individuals from industry, universities, State governments, other agencies, in cooperative technology transfer activities; (3) efforts to make new cyber-security technology, standards, and processes usable by small- and medium-sized companies; Regional Cyber Security Centers – USA example

11 CYBERSECURITY METRICS RESEARCH - that can assess the economic impact of cyber-security. These metrics should measure risk reduction and the cost of defense SECURITY CONTROLS - to block or mitigate known attacks SOFTWARE SECURITY - a prioritized list of software weaknesses known to lead to exploited and exploitable vulnerabilities SOFTWARE CONFIGURATION SPECIFICATION LANGUAGE - establish standard computer-readable language for government contractors and grantees, and in private sector owned critical infrastructure information systems and networks. STANDARD SOFTWARE CONFIGURATION- security settings for operating system software and software utilities VULNERABILITY SPECIFICATION LANGUAGE for vendors to communicate vulnerability data to software users in real time. NATIONAL COMPLIANCE STANDARDS FOR ALL SOFTWARE - a standard testing and accreditation protocol for software built Recommendation: Measures and auditable cyber-security standards

12 What IIRUC Service/Raiffesien Informatik can do? 1.Partnership 2.Know-how 3.Professional Services 4.Product related Services 5.Operational related Services

13 Shift the Security Perspective

14  Security zone  Authentification  Redundante Infrastructure  Intrusion detection  Fireproofing  Waterproofing  Overload protection  Access control  Video control  …  Virus protection  Firewall  Digital certif,  Authentification  Encription  IT-Tools for Checks ...  Security management  Security policy  Risic analyse  Security concept  Roolbook  Quality controlling  Audit  … Professional Services Product Related Services Operational Related Services Comprehensive Security Physical Security Organi- zational Security IT Security Comprehensive Security

15 Organizational security

16 IT and Business Security

17

18 Thank you for your attention! SC IIRUC SERVICE SA Thank you for your attention! 7 th “Fabrica de Glucoza” Street Sector 2 020331 Bucharest Romania Tel.: +40-21-232.25.21 Fax: +40-21-232.25.26 Mail: office@iirucservice.rooffice@iirucservice.ro www.iirucservice.ro

Download ppt "The extremes are attracting each other Calin Rangu 25 st of May, 2009 Cyber-security Conference Bucharest."

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
DRAFT Page 1 A unique, non-profit, economic development organization Who we are What we do Lead and partner with industry, academia and government regionally.

DRAFT Page 1 A unique, non-profit, economic development organization Who we are What we do Lead and partner with industry, academia and government regionally.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA www.gilligangroupinc.com March 10, 2009.

Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.
SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.

SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Closing the CIP Technology Gap in the Banking and Finance Sector Treasury Department Office of Critical Infrastructure Protection and Compliance Policy.

Closing the CIP Technology Gap in the Banking and Finance Sector Treasury Department Office of Critical Infrastructure Protection and Compliance Policy.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Together advancing small enterprise development. Who is Seda  Established in 2004  Government Agency – Falls under Department of Trade and Industry.

Together advancing small enterprise development. Who is Seda  Established in 2004  Government Agency – Falls under Department of Trade and Industry.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Similar presentations

Ads by Google