SIG ISM WORKSHOP LONDON 2015 Alf Moens
SIG ISM The aims of the SIG-ISM are: * Establish a community of NREN security management professionals develop, maintain and promote trust framework between NRENs based on international standards * promote the use of international security standards and share best practices for security management within NRENs * discuss and promote issues of information security management of particular interest to NRENs In the direction of these fundamental points, the 1st SIG-ISM that will be held at the Imperial College in London wishes to bring together CISOs and all people interested on ISM to develop and strengthen the ISM Community around the globe.
Agenda Tuesday 12:30-13:30 Arrival and registration 13:30-13:45 Welcome and introduction Alf Moens (SURF) 13:45-14:15 How to gain and maintain ISO 27001 certification Urpo Kaila (CSC) 14:15-14:45 Jisc and the ISO27001 James Davis (Jisc) 14:15-14:45 Coffee break 14:45-16:45 Round-table discussions What do NREN need to implement as a standard? The aim of this discussion is to generate a document to highlight the basic steps NRENS should follow to implement security management. 16:45-17:00 Summary of the day 17:00-19:00 Checking in... 19:00-21:00 Joint dinner
Introduction SIG ISM Steering committee: Started autumn 2014, at workshop in Utrecht, monthly VC meetings: James, Rolf, Wayne, Alf Charter: approved! Participation: free for anyone but aimed at security opfficers of NRENs It’s not about incidents, it’s about security management. Reach out to other Task forces and SIGs Maintain ‘register’ of security officers Should we work on a trust framework?
Agenda Wednesday 09:00-9:30 Risk Registers, the good and the bad – Making Real Change Wayne Routly (GEANT) 9:30-10:30 Round-table discussions Risk analysis The aim of this discussion is to generate a short paper around the current risks and the new threads coming up. 10:30-11:00 Coffee break 11:00-11:30 Finalising the discussion on Risks 11:30-12:20 REFEDS and SIG-ISM Nicole Harris (GEANT) 12:20-12:30 Discussion about future meetings and Wrap-up
Participants Alf Moens - SURFnet bv Wayne Routly - DANTE Alessandra Scicchitano - GEANT Association Dominique Launay - GIP RENATER Maciej Milostan - PSNC / PIONIER John Chapman - Jisc Antonio Fuentes Bermejo - RedIRIS Fernand De Decker - BELNET Rolf Sture Normann - UNINETT AS Cynthia Wagner - Fondation RESTENA Thomas Tam - Canada's Advanced Research and Innovation Network Jacob Asbæk Wolf - NORDUnet A/S Øivind Høiem - UNINETT AS James Davis - Jisc Urpo Kaila - CSC - IT Center for Science Ltd. Nicole Harris - GÉANT Association apologized [4] Aidan Carty - HEAnet David Simonsen - WAYF - Where are you from Vlado Pribolsan - AAI@EduHr - Croatian Research and Education Federation Ralf Groeper - DFN
Standards and certifications Inventory - Do you have a security officer? An approved security policy? - Which standard for information security are you using? - Are you implementing any certifications? - Which? - Who is asking for this? - How much effort is it? Discussion - What standard should a NREN use for information security?
Risk Identification and Management Do you perform any risk analysis? Company wide, for a project or for an information system? What do you need to protect? What are the core assets of a NREN? What are the main threats for a NREN? What are the main threats for a university?
Type of Threath Example sof Threath Relevance (chance * imoact) # Type of Threath Event Actor Example incidents Education Research Operations Theft"of"reasearch"data" Cybercriminals" Tentamenfraude" door" openbaarmaking" van" 1" Accessing"or"(unautorised)"" tentamenopgaven"" publishing""data" Privacysensitive"information""is"leaked"and"published" Activists" Privacygevoelige" gegevens" over" students" en" Design"of"a"research"lab"falls"into"wrong"hands"" States" leerlingen"op"straat"beland" MIDDLE HIGH MIDDLE Fraude"bij"gaining"access"to""information"abouth"exams"and" Employees" Kamervragen"over"intranetlek"Hogeschool" test"questions"" Student"has"someone"else"do"his"examn" Students" Kamervragen" naar" identiteitsfraude" Hogeschool" 2" Identity"fraude" Windesheim" Student"poses"as"other"student"or"employee"to"gain"access" Cybercriminals" to"exams." Fraude"in"toelating"examens" Activists" HIGH MIDDLE LOW Activist"poses"as"a"researcher" " Student"poses"as"an"employee"and"changes"examresults" Studieresultaten"worden"vervalst" Students" Student" krijgt" vier" jaar" celstraf" voor" het" wijzigen" 3" Manipulation"of""data" van"zijn"cijfers" Manipulatie"van"research"data" Employees" Massale"fraude"economiestudents" HIGH LOW LOW Aanpassing"van"bedrijfsvoering"data" Student" hackt" website" en" inleversysteem" " Informatica" Research"data"worden"afgetapt" States" MI5" waarschuwde" Britse" universiteiten" voor" 4" Espionage" cyberattacklen" Via"een"derde"partij"wordt"intellectueel"eigendom"gestolen" Companies" &" commercial"partners" NSA"hackt"Belgische"cyberprofessor" LOW HIGH LOW Cybercriminals" Chinezen"bespioneren"denk"tanks"met"expertise"in" Irak" DDoSVattack"legt"ITVinfrastructuur"plat" Cyberresearchers" Distributed" Denial" of" Service" attack" treft" SETI" 5" Disruption"of"ICT" project" Kritieke""research"data"of"examendata"wordt"vernietigd" Activists" Dorifelvirus"treft"ook"universiteiten" Opzet"van"onderzoeksinstellingen"wordt"gesaboteerd" Students" MIDDLE MIDDLE MIDDLE Server"legde"netwerk"Universiteit"Utrecht"plat" Onderwijsmiddelen" worden" onbruikbaar" door" malware " Employees" (bijv."eLearning"of"het"netwerk)" Opstelling"van"onderzoeksinstellingen"overgenomen" Cybercriminals" Yahoo" blokkeert" Universiteit" Maastricht" wegens" 6" Take"over"or"abuse"ofCT" spam" Systemen" of" accounts" worden" misbruikt" voor" andere" Students" LOW MIDDLE MIDDLE doeleinden"(botnet," mining ,"spam)" Student" gebruikt" universiteit" computers" om" Employees" dogecoin"te"minen" Defacement"of"website" Activists" Homepage"Faculteit"Letteren"beklad" 7" Create"negative"image"on" purpose" Social"media"account"hacked"and"abused" Students" Hackers"bekladden"website"van"MIT" LOW LOW LOW Cyberresearchers" Cybervandalen"
Sources for threat information SURF Cyberdreigingsbeeld 2014 https://www.surf.nl/nieuws/2014/11/handvatten-om- cybersecurity-instellingen-te-verbeteren.html Cyber Security Beeld Nederland 4 (NCSC) https://www.ncsc.nl/dienstverlening/expertise-advies/ kennisdeling/trendrapporten/cybersecuritybeeld- nederland-4.html Dutch Cyber Security Council (CSR) (cyber security guide for the board room) http://www.cybersecurityraad.nl/assets/ 1502517_VENJ_Cybersecurity_UK_vdef.pdf Enisa Threat Landscape http://www.enisa.europa.eu/activities/risk-management/ evolving-threat-environment/enisa-threat-landscape-mid- year-2013/at_download/fullReport World Economic Forum http://www.enisa.europa.eu/activities/risk-management/ evolving-threat-environment/enisa-threat-landscape-mid- year-2013/at_download/fullReport 10
Recommend
More recommend
