Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.buslab.org Brno – Center of Education and Inovation Automation of Risk Analysis and Management Dan Cvrcek, Marek Kumpost - BUSLab Ludek Novak - ANECT.

Published byBaldwin Morris Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.buslab.org Brno – Center of Education and Inovation Automation of Risk Analysis and Management Dan Cvrcek, Marek Kumpost - BUSLab Ludek Novak - ANECT."— Presentation transcript:

1 www.buslab.org Brno – Center of Education and Inovation Automation of Risk Analysis and Management Dan Cvrcek, Marek Kumpost - BUSLab Ludek Novak - ANECT

2 www.buslab.org Automation of Risk Analysis and Management BUSLab – IT Security Laboratory BUSLab (Brno University Security Laboratory) ●Informal security research group of Brno University of Technology and Masaryk University ●Concentrates people interested in IT security ●Research projects, conferences, industrial cooperation ●Leading persons: Dan Cvrcek, Vashek Matyas Cooperation with ANECT ●Strong company in the area of network infrastructures and risk management ●Certified by Czech NSA for classified information ●Experience with critical infrastructures

3 www.buslab.org Automation of Risk Analysis and Management BUSLab Expertise Privacy ●Participate in the FIDIS project (Future of Identity in Information Society) ●Strong cooperation with KU Leuven, TU Dresden Reputation Systems ●Experience of participation in SECURE project ●Currently running national research project ●Implementation of reputation system for WiFi networks Secure Cryptographic Devices ●Cooperation with Cambridge University, security of crypto- modules, smartcards, Chip&PIN cards Key infrastructures ●Design of schemes for key management in emerging areas like sensor networks

4 www.buslab.org Automation of Risk Analysis and Management Management of Security Crucial problem of security is to pinpoint the important risks/threats No-one ever did this for home computers used for Internet banking, personal communication, and recently voice communication Number of different methodologies for large systems (CRAMM, CobiT, EBIOS, RA2 art of risk, …) ●Hard to utilise, expensive, and time consuming ●An audit may take several months ●Not usable for everyday management, fast-changing environments Unreachable for common users, SMEs, government

5 www.buslab.org Automation of Risk Analysis and Management If Floods Reevaluate communications, transport, healthcare,… Coordinate emergency services, supplies, … Later on – change infrastructures, … Air-traffic suspension Delivery of goods, passengers, strengthening other means of traffic Transport of perishable goods, drugs, organs for transplantations Later on – security measures, obligations for airlines, … Multidisciplinary assessment, analysis, reaction, …

6 www.buslab.org Automation of Risk Analysis and Management Risk Management Starting Points EU business needs genuine risk management arrangement combining ●Risk-correctness – appropriate accuracy of data about system and applicable threats ●Control-effectiveness – measures are effective and fulfill their goals and objectives ●Cost-efficiency – economically reasonable ●Time-dependency – risk management must react on changes of system and its environment Methodologies for risk management are not stable yet ●ISO is rewriting its recommendations (General risk management principles, Information security risk management) ●EU – ENISA’s recommendations for risk management

7 www.buslab.org Automation of Risk Analysis and Management Project Relevance and Needs ENISA Risk Management Road Map ●9 of 10 identified areas are directly relevant ●Interoperability/compatibility of methods ●Comparability/merging of methods ●Measurements of risks ●Unified information bases for risk management ●Risk management and relevant security issues ●Business Continuity Planning (BCP) ●Emerging risks ●Awareness, training, communication ●Security measurement ●Methods inventory maintenance

8 www.buslab.org Automation of Risk Analysis and Management Project Objectives and Focus Develop risk management environment/tools able to: ●Integrate risk management in different domains - operational, environmental, information, … ●Integrate risk management in different levels of details ●Timely, effective, and efficient reassessment of relevant security aspects Hierarchical risk management ●Subordination of risk management engines ●Coverage of risks by subordinate management engines ●Data flows (downwards threats, upwards impact/risk) ●Access control to sensitive data ●XML based information exchange schemes Pilot ●Usability in different situation (home, SME, government) ●Quick spreading of change data on risks

9 www.buslab.org Automation of Risk Analysis and Management Added Value and Project Innovation Nearly real-time tools helping to solve situation Tight risk management environment integrating different risk domains ●SME, Government, Large enterprises ●Informatics: integration of differently focused methodologies ●Critical infrastructure protection: telecommunications, emergency, utilities, healthcare, banking, transportation, government, … Tight risk management environment integrating different risk levels ●Government: Region-Local, Country-Region, EU-Country ●Large enterprises: Central office-Branches ●Informatics: integration of individual systems

10 www.buslab.org Automation of Risk Analysis and Management Thanks for your attention! Questions, comments … Useful links BUSLab’s web page:http://www.buslab.org ANECThttp://www.anect.cz emails: Dan Cvrcekcvrcek@fit.vutbr.cz Marek Kumpostkumpost@fit.vutbr.cz Ludek NovakLudek.Novak@anect.cz

Download ppt "Www.buslab.org Brno – Center of Education and Inovation Automation of Risk Analysis and Management Dan Cvrcek, Marek Kumpost - BUSLab Ludek Novak - ANECT."

Similar presentations

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Steps towards E-Government in Syria

Steps towards E-Government in Syria
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
1 Skilling Up for Patient-Centered E-Health E. Vance Wilson University of Wisconsin-Milwaukee.

1 Skilling Up for Patient-Centered E-Health E. Vance Wilson University of Wisconsin-Milwaukee.
Business-Led IT & Central IT Scaffolding UCCSC August 4, 2014.

Business-Led IT & Central IT Scaffolding UCCSC August 4, 2014.
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Annie Lalé of SQUARIS  FP7 Themes Relevant for Safety and Security  Focus of Research Projects in Emergency and Disaster Management  ICT Themes in FP7.

Annie Lalé of SQUARIS  FP7 Themes Relevant for Safety and Security  Focus of Research Projects in Emergency and Disaster Management  ICT Themes in FP7.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
GAMMA Overview. Key Data Grant Agreement n° 312382 Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget: 14.837.981.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
New technologies and disaster information resources Part 2. The right information, at the right time, the right way.

New technologies and disaster information resources Part 2. The right information, at the right time, the right way.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Building of Secured Integrated Infrastructure trough Introducing eHealth Cards 17.06.2008 – Jörg Stadler.

Building of Secured Integrated Infrastructure trough Introducing eHealth Cards – Jörg Stadler.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
The New EU Framework Programme for Research and Innovation 2014-2020 HORIZON 2020 Judit Fejes Executive Agency of Small and Medium Enterprises (EASME)

The New EU Framework Programme for Research and Innovation HORIZON 2020 Judit Fejes Executive Agency of Small and Medium Enterprises (EASME)
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
Robotics for a better Society

Robotics for a better Society
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Similar presentations

Ads by Google