security challenges within an information system
play

Security challenges within an Information System Directorate Works of - PowerPoint PPT Presentation

Sep 02, 2022 •228 likes •376 views

Security challenges within an Information System Directorate Works of the RWGs 5th meeting on Computer Development 25/04/2019 DGD/DSID/Ple Scurit 1 Security challenges within an Information System Directorate 29/04/2019 DGD/DSID/Ple

  1. Security challenges within an Information System Directorate Works of the RWG’s 5th meeting on Computer Development 25/04/2019 DGD/DSID/Pôle Sécurité 1

  2. Security challenges within an Information System Directorate 29/04/2019 DGD/DSID/Pôle Sécurité 2

  3. table of content CONTEXT VULNERABILITIES IS THREAT VECTORS HACKERS PROFILES CYBERATTACKS EXAMPLE CYBERSECURITY GOUVERNANCE 25/04/2019 DGD/DSID/Pôle Sécurité 3

  4. Context (1/2) Strong IT Partnership dependency outreach Protection of the Digitalization economy Contribution to Trade security the State budget Business facilitation 25/04/2019 DGD/DSID/Pôle Sécurité

  5. Context (2/2) RESPECT OF INTERNATIONAL COMPLIANCE AGREEMENTS AND TREATIES Legislation ( Customs Code, cyber criminality, personal data protection, Code of Telecoms, e ‐ transactions, etc ) Standards(ISO 270XX, 900X, PCI ‐ DSS, SANS, OWASP, NIST, CC, Bale II ‐ III ) 25/04/2019 DGD/DSID/Pôle Sécurité

  6. IS VULNERABILITIES Technical Organizational Human ressources Vulnerabilities Vulnerabilities Vulnerabilities • Contremesures non • Lack of procedure (PSSI, • Lack of human ressources adaptés aux menaces GIS, audit, etc ) of unqualified human ressources • Obsolescence des • Lack of task separation technologies utilisées • Lack of staff awareness • Lack of rôle definition on cybersecurity • défaut ou mauvaise and responsabilities configuration • Misunderstanding of • No organization of the procedures • Défaut Conceptuel security • Etc.cf Mehari • Etc. cf base vuln Mehari, • cf base vulnérabilité vulnerabilities database, Ebios, 27005 Mehari vulnerabilities Ebios, 27005 database, Ebios, 27005 25/04/2019 DGD/DSID/Pôle Sécurité 6

  7. Threath vectors (1/2) • The art to persuade someone to give away a confidential information une SOCIAL ENGINEERING personne de révéler une information confidentielle • Social Networks can contribute and facilitate the loss of control on strategic Social Networks information • Mail PHISHING •Links •Attachments • Injection: remote code execution WEB APPLICATION • Cross ‐ Site Scripting : attacks on the client’s side • Violation de Gestion d'Authentification et de Session: authorisation and authentification • USB, REMOVABLE DRIVES • keyboard, • CD, etc • Technology implementation ( applications, services, storage function and Shadow IT information sharing) within collaborators without the need of the CIO Physical intrusion • The hacker accesses the location of its victim so he directly connects. 25/04/2019 DGD/DSID/Pôle Sécurité/Team Pentest 7

  8. Threat vectors2/2 29/04/2019 Verizon ‐ DBIR_2018 ‐ Main_report.pdf 8

  9. HACKER PROFILES 1/2 PROFILES MOTIVATIONS � Financial Expert commissioned � Sabotage � Ideology Hacktivists � State interests Cyber ‐ soldiers � Financial Malicious user � None (nuisance by mistake) � Sabotage Malicious staff � Financial � Financial Furniture Provider � Financial Service provider � Espionnage partners � Renommée Cybercriminals � Financières 29/04/2019 DGD/DSID/Pôle Sécurité 9

  10. HACKERS PROFILES 2/2 29/04/2019 Verizon ‐ DBIR_2018 ‐ Main_report.pdf 10

  11. EXAMPLES OF CYBER ‐ ATTACKS Examples of cyber ‐ attacks in the intrnational transit sector Military Sealift Anvers’ Port IRISL (Islamic Republic MAERSK Command of Iran Shipping Lines) • The attack was detected in • The attack was detected June 2011 and were • The attack targetted a sailing by the end of June 2017 • The attack occured in commissioned by a drug squad shuttle of the Military Sealift and was done by a group august 2011 and all the trying to high ‐ jack containers Command : many systems of hackers. MAERSK a lost date the company had on and to circulate drug coming would have been compromised nearly 300 millions dollars from Latin America by stealing its cargos were deleted. by the chineses armyaccording because of this attack. agents’ passcodes. The commissioner remains to a report from the American unknown. Senate. 25/04/2019 DGD/DSID/Pôle Sécurité 11

  12. Cybersecurity Governance (1/2) • Engagement from the Top Management • Organization ( rôles and responsability, institutions) • Ressources • Tools 25/04/2019 DGD/DSID/Pôle Sécurité 12

  13. Cybersecurity Governance (2/2) 25/04/2019 cisecurity.org/controls 13

  14. Thank you ‐ Jerejef Ressources humaines Process 29/04/2019 DGD/DSID/Pôle Sécurité 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant CERT-MU | National Computer Board OUTLINE The Internet of Insecure Things New Devices, New Security Challenges IOT Specific Security Issues

301 views • 27 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
CS6265: Information Security Lab Taesoo Kim 2 CS6265: Information Security Lab A special

CS6265: Information Security Lab Taesoo Kim 2 CS6265: Information Security Lab A special

1 CS6265: Information Security Lab Taesoo Kim 2 CS6265: Information Security Lab A special course: supervised, hands-on laboratory Designed for seniors and above (including InfoSec MS, fresh PhDs) Prerequisite: OS, system

404 views • 26 slides
Doing IT Security Organizational challenges Laura Kocksch Fraunhofer Institute for Secure

Doing IT Security Organizational challenges Laura Kocksch Fraunhofer Institute for Secure

Doing IT Security Organizational challenges Laura Kocksch Fraunhofer Institute for Secure Information Technologies/Ruhr University Bochum RISCS Developer-Centred Security Workshop: 24th November 2016 1 Study I: Can security become an

449 views • 20 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information Security Theory and Practices 1 4 September 2009, Brussels, Belgium Summary A brief reminder about RFID. Description of the threats, state of

880 views • 41 slides
Mobile Trust Telecommunications AG (MTT AG) presents Stealthphone Information Security System

Mobile Trust Telecommunications AG (MTT AG) presents Stealthphone Information Security System

Cyber security is a National Security Priority Bara k Obama Mobile Trust Telecommunications AG (MTT AG) presents Stealthphone Information Security System Stay invisible in the digital world ABOUT THE COMPANY MTT AG Company

593 views • 21 slides
Security Challenges For Future System s Steve Purser Head of Technical Competence Department

Security Challenges For Future System s Steve Purser Head of Technical Competence Department

Security Challenges For Future System s Steve Purser Head of Technical Competence Department June 2011 Agenda Introduction to ENISA The Trends Scope & Requirements Design Considerations Deploying Secure Systems ENISAs contribution

663 views • 31 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook <keescook@google.com> (pronounced Case) Who is

474 views • 33 slides
Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh summer 2006 Chapter 1 Introduction

253 views • 10 slides
Security, Availability, and Multiple Information Sources: Exploring Update Behavior of System

Security, Availability, and Multiple Information Sources: Exploring Update Behavior of System

Security, Availability, and Multiple Information Sources: Exploring Update Behavior of System Administrators Christian Tiefenau , Maximilian Hring, Katharina Krombholz, Emanuel von Zezschwitz @chrizzlz @cathykxx Usable Security and Privacy Lab,

596 views • 12 slides
Challenges in the new normal Rising above these Challenges Rajeev Lollbeharree Head Security

Challenges in the new normal Rising above these Challenges Rajeev Lollbeharree Head Security

ACI Webinar on Security and Facilitation Airport Security and Facilitation Challenges in the new normal Rising above these Challenges Rajeev Lollbeharree Head Security Services , Airports of Mauritius Ltd 12 Au August 2020 SS SSR In

768 views • 17 slides
New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr .

New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr .

New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr . Mara Laura Moreno Sainz Sciences Po Lyon, France Geneva Center for Security Policy April 28 th 2016 Latin America : an external invention

784 views • 35 slides
Swiss cheese security or the real challenges faced by internet facing companies About me

Swiss cheese security or the real challenges faced by internet facing companies About me

Swiss cheese security or the real challenges faced by internet facing companies About me Almost 20 years in information security / hacking OWASP Project leader Latest research interests: Large scale RSA crypto survey

691 views • 49 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
ALL THAT YOU NEED TO KNOW TO ENSURE WEB SECURITY Presented By: Ryan McElrath & Joe Kocan

ALL THAT YOU NEED TO KNOW TO ENSURE WEB SECURITY Presented By: Ryan McElrath & Joe Kocan

ALL THAT YOU NEED TO KNOW TO ENSURE WEB SECURITY Presented By: Ryan McElrath & Joe Kocan February 26, 2015 INTRODUCTIONS Ryan McElrath Chief Technology Officer Joe Kocan IT Security Consultant 2/26/2015 2 IMPORTANCE OF SECURITY

711 views • 24 slides
CYBERSECURITY: EMERGING THREATS AND MITIGATION STRATEGIES Gogwim , Joel Godwin, B. Tech (Hons),

CYBERSECURITY: EMERGING THREATS AND MITIGATION STRATEGIES Gogwim , Joel Godwin, B. Tech (Hons),

CYBERSECURITY: EMERGING THREATS AND MITIGATION STRATEGIES Gogwim , Joel Godwin, B. Tech (Hons), MPhil. (SA), CCNA, CCDA, CCAI, CCNP, CCDP, CEH, MNCS, MCPN, MNiRA, MCFIN ICT Directorate University of Jos, Nigeria email : gogwim[at]unijos.edu.ng

236 views • 10 slides
Momchil Karov VanSecSIG Best Buy Canada Oct 12, 2018 1 PRESENTED BY: (A.K.A. THE

Momchil Karov VanSecSIG Best Buy Canada Oct 12, 2018 1 PRESENTED BY: (A.K.A. THE

HOW TO EMBED SECURITY INTO AGILE? Momchil Karov VanSecSIG Best Buy Canada Oct 12, 2018 1 PRESENTED BY: (A.K.A. THE WHO AM I SLIDE) Momchil Karov, MSc., CISSP Principal Security Architect Enterprise Risk and Compliance Best

777 views • 44 slides
Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool

Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool

Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool Derrick Neier Jim Solce Zach Taylor Joe Tuohey Department of Computer Science and Engineering Michigan State University Fall 2012 From Students

447 views • 17 slides
Solr Presented by Jacob Pitassi 07.28.12 Monday, July 30, 12 Hello Jacob Pitassi Director of

Solr Presented by Jacob Pitassi 07.28.12 Monday, July 30, 12 Hello Jacob Pitassi Director of

Solr Presented by Jacob Pitassi 07.28.12 Monday, July 30, 12 Hello Jacob Pitassi Director of Engineering jpitassi@stauffer.com stauffer.com Monday, July 30, 12 What are you talking about Monday, July 30, 12 Parts of this presentation

624 views • 26 slides
The Future of E-Commerce is More Web-like Ian Jacobs W3C I. What the Web Means for Commerce

The Future of E-Commerce is More Web-like Ian Jacobs W3C I. What the Web Means for Commerce

The Future of E-Commerce is More Web-like Ian Jacobs W3C I. What the Web Means for Commerce Source: merchandisingmatters.com New Zealand E-Commerce Source: Nielsen New Zealand E-Commerce Report 2016 E-Commerce Rising Proportion of Retail

861 views • 45 slides
Software Systems by Incorporating Security Knowledge Stefan Grtner and Kurt Schneider Software

Software Systems by Incorporating Security Knowledge Stefan Grtner and Kurt Schneider Software

Maintaining Requirements for Long-Living Software Systems by Incorporating Security Knowledge Stefan Grtner and Kurt Schneider Software Engineering Group, Leibniz Universitt Hannover, Germany Thomas Ruhroth, Jens Brger, and Jan Jrjens

480 views • 24 slides
DC GIS Steering Committee November 2014 10:00 AM 12:00 PM 200 I Street SE, 5 th Floor

DC GIS Steering Committee November 2014 10:00 AM 12:00 PM 200 I Street SE, 5 th Floor

DC GIS Steering Committee November 2014 10:00 AM 12:00 PM 200 I Street SE, 5 th Floor Washington, DC 20003 Conference Room: 5009 Agenda Introductions and Establish Quorum Approve Minutes 8/21/2014 DC GIS News OCTO GIS News

1.1k views • 93 slides

More recommend