Sharing Best Security Practices with your Peers - on an International Level
|
|
- Ralph Hancock
- 6 years ago
- Views:
Transcription
1 Public Sharing Best Security Practices with your Peers - on an International Level Urpo Kaila, <urpo.kaila@csc.fi> Head of Security, csc.fi EUDAT Security Officer WISE Community SC member GÉANT SIG-ISMS SC member EDUCAUSE Security Professionals Conference Seattle,
2 First, about me and my site Me o Head of Security for CSC - IT Center for Science Ltd. o Special interests: Sharing and developing best information security practices, ISO CSC o A non-profit government owned company in Finland providing IT services for research, higher education, and government o Staff: 300 o Services: scientific computing, Funet NREN, IAM, datacenters, IT services, education management 03/02/15 2
3 Sharing Best Practices with Peers A security practitioner needs o A good education o Experience o Management support o Professional continuing training o by ISC2, SANS, ISACA etc o Motivation o and learning from and sharing with peers! o Current real world issues o Sharing in trust (chatham house rule) o Not aligned to vendor or government interests o Learning how, not only what on an international level o the bad guys does also network over borders 03/02/15 3
4 Networking in European Research Infrastructures EUDAT o The collaborative Pan-European infrastructure providing research data services, training and consultancy for researchers, Research Communities and Research Infrastructures & Data Centres o PRACE o Partnership for Advanced Computing in Europe o GÉANT SIG-ISM (formerly TERENA) o GÉANT is the leading collaboration on e-infrastructure and services for research and education. o 4
5 GÉANT SIG-ISM SIG-ISM offers CISOs (Chief Information Security Officers) of national research and education network (NREN) organisations the opportunity to share best practices and learn from each others' experience, to safeguard their NREN against security incidents and threats Events o 1st SIG-ISM workshop on information security management and compliance on 19 May 2015 in London o 2nd SIG-ISM Workshop on risk management in Copenhagen 22nd-23th of February /02/15 5
6 WISE what is it? Wise Information Security for Collaborating E-infrastructure A trusted global framework where security experts can share information on different topics like risk management, experiences about certification process and threat intelligence keeping a special focus on e-infrastructures.
7 How everything started Joint effort of GEANT SIG-ISM (Special Interest Group on Information Security Management) and SCI (Security for Collaboration among Infrastructures) Workshop in Barcelona Spain, October participants
8 How everything started Main idea: 4 big e-infrastructures EGI, EUDAT, GEANT and PRACE getting together to facilitate the exchange of experience and knowledge on security. But also NRENs, XSEDE, NCSA, CTSC and communities like HEP/CERN, HBP and many others participated. A profound need for a real collaboration became evident
9 Activities Led by a Steering Committee Two face-to-face meetings a year The main work happens through working groups. Five WGs: o Updating the SCI framework (SCIV2-WG) o Security Training and Awareness (STAA-WG) o Security Review and Audit (SRA-WG) o Risk Assessment WISE (RAW-WG) o Security in Big and Open Data (SBOD-WG)
10 SCIV2-WG Updating the SCI framework: Already existing framework created by the SCI group o o SCIV2-WG will work towards version 2 of the SCI document that will become the 1 st WISE framework defining best practices, trust and policy standards for collaboration. A wider range of stakeholders will be involved, specifically the NRENs, whose security issues were not present in the first version.
11 SCIv2-WG The WG has just defined the direction of the work and chose the first topic the group will focus on: How to share vulnerabilities among e-infrastructures
12 STAA-WG Security Training and Awareness: Training is wanted and needed for security professionals, systems and network managers and engineers, users of the infrastructures and for decision makers, for a wide range of topics. Main activities of the WG: o Collecting good training practices o Collecting information about relevant existing trainings at the infrastructures o Set up a basic training and awareness program for organizations in the WISE community, identifying which trainings are needed
13 STAA-WG The WG Security Training and Awareness will first do an inventory: What are the target groups for security awareness? What materials are already available and what practices can e-infras share? What are the most important subject for security training? Which free/open training or trainings materials are available? Which commercial trainings are available? The purpose is to identify the training needs and make a first match with available training material.
14 RAW-WG Risk assessment WISE: Large e-infrastructures are vulnerable for high impact security incidents because of the relative easy way that an incident may spread among partner organizations because of the collaborative services that exist among the constituent organizations. So it is important that each member organization has a trusted level of implemented security procedures. The objective of the WG is to provide e-infrastructures and their member organizations with guidelines on how Risk Assessments can be effectively implemented.
15 SRA-WG Security Review and Audit: A proven method to obtain objective and comprehensive information about the current state of information security is to perform security reviews and security audits Some of the activities of the WG: o Follow and contribute to the development of security audits and reviews among the constituents o Share related best practices for implementations o Contribute to development of security standards and frameworks
16 SBOD-WG Security in Big and Open Data: The WG focuses on security issues that arise when dealing with Big and Open data especially within the e-infrastructures. Main activities of the WG: o list and discuss already existing studies and state of the art the starting point for the rest of the work. o work on a list of issues particularly important for e-infrastructures and on a set of recommendations on how to minimize the impact of these issues.
17 Participate in WISE Interested in any of the the working group subjects? Subscribe to the workgroup mailinglist on the WISE website Contact the workgroup chair and let s work together The Working groups are starting their work now
18 Thanks and let s keep in touch I ll be happy to network and keep in touch with all attendants of the EDUCASE Security Professionals conference trough o The WISE Working Groups o <urpo.kaila@csc.fi> o LinkedIN (I am currently the only Urpo Kaila around ;) o Twitter (@utsirp) 03/02/15 18
Federated Services and Data Management in PRACE
Federated Services and Data Management in PRACE G. Erbacci, (CINECA and PRACE) Collaborative Services for e-infrastructure Commons e-irg Workshop, Bratislava 15-16 November 2016 Partnership for Advanced
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationInformation Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011
Information Technology Information Sharing and Analysis Center First Symposium Barcelona, Spain Feb. 2, 2011 About Us Non Profit, US Corporation established in 2000 and operational in 2001 Fully funded
More informationExpand Your Cyber Expertise. Secure Your Future.
Expand Your Cyber Expertise. Secure Your Future. CSX 2018 Europe will help you stay on top of the latest cybersecurity trends, further your cyber career, and make new connections with professionals around
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationRisk and Security Management for Distributed Supercomputing with Grids
Risk and Security Management for Distributed Supercomputing with Grids Urpo Kaila Funet CERT & CSC 2006-09-22 19th TF-CSIRT Meeting,Espoo, Finland Agenda Grid s and supercomputing Some
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationMY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.
MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE. TIMO HEIKKINEN, CISA, CGEIT SENIOR AUDIT SPECIALIST, NORDEA HELSINKI, FINLAND ISACA MEMBER SINCE 1999 ABOUT US BE MORE INFORMED, VALUED
More informationGrid security and NREN CERTS in the Nordic Countries
Grid security and NREN CERTS in the Nordic Countries TF-CSIRT meeting January 27-28, 2005 London Urpo Kaila FUNET CERT Agenda Grids as security threats NREN CERTS in the Nordic Countries Some Grids in
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationfalanx Cyber ISO 27001: How and why your organisation should get certified
falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management
More informationTrust and Certification: the case for Trustworthy Digital Repositories. RDA Europe webinar, 14 February 2017 Ingrid Dillo, DANS, The Netherlands
Trust and Certification: the case for Trustworthy Digital Repositories RDA Europe webinar, 14 February 2017 Ingrid Dillo, DANS, The Netherlands Perhaps the biggest challenge in sharing data is trust: how
More informationENISA S WORK ON ICS AND SMART GRID SECURITY
AMSTERDAM, OCTOBER 15, 2012 ENISA S WORK ON ICS AND SMART GRID SECURITY Dr. Evangelos OUZOUNIS Head of CIIP & Resilience Unit ENISA 1 Why is it important? Industrial networks is the CI for the SCADA and
More informationAT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant
Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse 25-27 68159 Mannheim E: info@it-scan.de W: www.it-scan.de Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter
More informationBRING EXPERT TRAINING TO YOUR WORKPLACE.
BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationETSI ISG ISI Information Security Indicators
ETSI ISG ISI Information Security Indicators Updates on ISI standardization results Paolo De Lutiis (Telecom Italia Information Technology) 9th ETSI Security Workshop ETSI 2014. All rights reserved Cyber
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationEU Code of Conduct on Data Centre Energy Efficiency
EUROPEAN COMMISSION DIRECTORATE-GENERAL JRC JOINT RESEARCH CENTRE Institute for Energy Renew able and Energy Efficiency Unit EU Code of Conduct on Data Centre Energy Efficiency Introductory guide for all
More informationWP3: Policy and Best Practice Harmonisation
Authentication and Authorisation for Research and Collaboration WP3: Policy and Best Practice Harmonisation David Groep AARC2 2018 AL/TL meeting 12-13 September, 2018 Amsterdam 0.4 Policy and best practice
More informationA Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)
A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF) Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University
More informationPOSITION DESCRIPTION
UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:
More informationDiscussion on MS contribution to the WP2018
Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationGÉANT Community Programme
GÉANT Community Programme Building the community Klaas Wierenga Chief Community Support Officer GÉANT Information day, Tirana, 5 th April 1 Membership Association = very large community to serve GÉANT
More informationImplementation PREVIEW VERSION
Implementation These following pages provide a preview of the information contained in COBIT 5 Implementation. The publication provides a good-practice approach for implementation governance of enterprise
More informationREQUEST FOR EXPRESSIONS OF INTEREST
REQUEST FOR EXPRESSIONS OF INTEREST (CONSULTING SERVICES FIRMS SELECTION) Country : INDIA Project : FINANCING PUBLIC PRIVATE PARTNERSHIP THROUGH SUPPORT TO THE INDIA INFRASTRUCTURE FINANCE COMPANY LIMITED
More informationBuilding an Assurance Foundation for 21 st Century Information Systems and Networks
Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership
More informationIPv6 Task Force - Phase II. Welcome
IPv6 Task Force - Phase II Welcome Joao da Silva European Commission Brussels 12 September 2002 Erkki Liikanen - Date 2002-1 Latest EU action on IPv6 IPv6 Task Force (Phase I) launched April 2001 Recommendations
More informationTechnical Support from the Ministry of Technology, Communication and Innovation
Technical Support from the Ministry of Technology, Communication and Innovation Mr Hawabhay R Chief Technical Officer Ministry of Technology, Communication & Innovation July 2015 MTCI In Support To HRMIS
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationSC27 WG4 Mission. Security controls and services
copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial
More informationCCSK Research Sponsorship
CCSK Research Sponsorship Overview The industry s first user certification program for secure cloud computing, the Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationFirst Session of the Asia Pacific Information Superhighway Steering Committee, 1 2 November 2017, Dhaka, Bangladesh.
First Session of the Asia Pacific Information Superhighway Steering Committee, 1 2 November 2017, Dhaka, Bangladesh. DRAFT SUBMISSION OF [ORGANIZATION] PROJECTS/ACTIVITIES/STUDIES [Date] Objective: This
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationCloud Security Alliance Quantum-safe Security Working Group
Don Hayford 3rd ETSI/IQC Workshop on Quantum-Safe Cryptography Seoul, Korea October 5, 2015 Session 3: Joint Global Efforts Cloud Security Alliance Quantum-safe Security Working Group 1 Cloud Security
More informationGDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,
GDPR Impacts SEV GDPR Workshop Athens Giles Watkins, UK Country Leader Wednesday 7th February, 2018 Agenda What is the Privacy Opportunity? What is different under GDPR? Where organisations are focusing?
More informationImplementation Strategy for Cybersecurity Workshop ITU 2016
Implementation Strategy for Cybersecurity Workshop ITU 2016 Council for Scientific and Industrial Research Joey Jansen van Vuuren Intricacies and interdependencies cyber policies must address potential
More informationData Sheet The PCI DSS
Data Sheet The PCI DSS Protect profits by managing payment card risk IT Governance is uniquely qualified to provide Payment Card Industry (PCI) services. Our leadership in cyber security and technical
More informationEISAS Enhanced Roadmap 2012
[Deliverable November 2012] I About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private
More informationCERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria
CERT.LV activities, role in Latvia and globally Baiba Kaskina, CERT.LV 30.11.2016., Sofia, Bulgaria CERT.LV Overview CERT.LV Information Technology Security Incident Response Institution of the Republic
More informationEuropean Code of Conduct on Data Centre Energy Efficiency
EUROPEAN COMMISSION DIRECTORATE-GENERAL JOINT RESEARCH CENTRE Institute for Energy and Transport Renewable Energy Unit European Code of Conduct on Data Centre Energy Efficiency Introductory guide for applicants
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationEUDAT. Towards a pan-european Collaborative Data Infrastructure. Damien Lecarpentier CSC-IT Center for Science, Finland EUDAT User Forum, Barcelona
EUDAT Towards a pan-european Collaborative Data Infrastructure Damien Lecarpentier CSC-IT Center for Science, Finland EUDAT User Forum, Barcelona Date: 7 March 2012 EUDAT Key facts Content Project Name
More informationWhen Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.
When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of
More informationThe Scottish Credit and Qualifications Framework and Chartered Banker Institute
The Scottish Credit and Qualifications Framework and Chartered Banker Institute Working together for Life Long Learning: SCQF and Chartered Banker Institute Lydia George, Development Officer, SCQFP Colin
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationInternational Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface
Meeting the Challenge of the Safety- Security Interface Rhonda Evans Senior Nuclear Security Officer, Division of Nuclear Security Department of Nuclear Safety and Security Outline Introduction Understanding
More informationISO 55001: 2014 Asset Management System 5-Day Training Course (IAM Certified)
ISO 55001: 2014 Asset Management System 5-Day Training Course (IAM Certified) TÜV SÜD Introduction ISO 55001: 2014 is a newly released best practice standard for asset management. This standard helps to
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationCurrent skills gap for capable CTI analysts: Training for forensics & analysis
Current skills gap for capable CTI analysts: Training for forensics & analysis WORKSHOP CTI EU Bonding EU Cyber Threat Intelligence 30-31 October, Link Campus University, Rome, Italy Ing. Selene Giupponi
More informationFintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform
Fintech District The First Testing Cyber Security Platform In collaboration with CISCO Cloud or On Premise Platform WHAT IS SWASCAN? SWASCAN SERVICES Cloud On premise Web Application Vulnerability Scan
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationEUDAT- Towards a Global Collaborative Data Infrastructure
EUDAT- Towards a Global Collaborative Data Infrastructure FOT-Net Data Stakeholder Meeting Brussels, 8 March 2016 Yann Le Franc, PhD e-science Data Factory, France CEO and founder EUDAT receives funding
More informationUK Permanent Salary Index November 2013 Based on registered vacancies and actual placements
UK Permanent Salary Index ember 1 SYSTEM INTEGRATORS & CONSULTANCIES Job Title Guidelines 8 9 2010 2011 2012 Information & Risk IT Officer Project & Risk Consultant Analyst Part of a team in a large organisation
More informationSecurity in Big and Open Data - WG. Alessandra Scicchitano GÉANT - Project Development Officer Ralph Niederberger Jülich Supercomputing Center (FZJ)
Security in Big and Open Data - WG Alessandra Scicchitano GÉANT - Project Development Officer Ralph Niederberger Jülich Supercomputing Center (FZJ) SBOD-WG Nowadays, Big data and Open data are often-heard
More informationFriedrich Smaxwil CEN President. CEN European Committee for Standardization
Friedrich Smaxwil CEN President CEN European Committee for Standardization www.cen.eu www.cencenelec.eu Friedrich Smaxwil, CEN President 1. Standards & standardization 2. CEN s role in European Standardization
More informationWhat is ISO/IEC 27001?
An Introduction to the International Information Security Management Standard By President INTERPROM July 2017 Copyright 2017 by InterProm USA. All Rights Reserved www.interpromusa.com Contents INTRODUCTION...
More informationGlobal Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009
Global Response Centre (GRC) & CIRT Lite Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009 IMPACT Service offerings Global Response Centre CIRT Lite Need for GRC Access
More informationPartnership Information
SECOND INTERNATIONAL CONFERENCE ON ISO 31000 STANDARD USING ISO 31000 RISK MANAGEMENT STANDARD TO ACHIEVE OPTIMAL PERFORMANCE Conference Date: 28-29 May 2013 Master Classes Date: 30-31 May 2013 Location:
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationWhat is ISO ISMS? Business Beam
1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4
More informationIT Information Security Manager Job Description
IT Information Security Manager Job Description IT Information Security Manager Responsible to: Accountable to: IT Service Manager Head of IT Services Overall Purpose To provide effective response, protection
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationHPC IN EUROPE. Organisation of public HPC resources
HPC IN EUROPE Organisation of public HPC resources Context Focus on publicly-funded HPC resources provided primarily to enable scientific research and development at European universities and other publicly-funded
More informationInterconnected NRENs in Europe & GÉANT: Mission & Governance Issues
Interconnected NRENs in Europe & GÉANT: Mission & Governance Issues Vasilis Maglaris maglaris@netmode.ntua.gr Professor, National Technical University of Athens - NTUA Chairman, NREN Policy Committee GÉANT
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits September 2016 Copyright
More informationISE Canada Executive Forum and Awards
ISE Canada Executive Forum and Awards September 19, 2013 "Establishing a Cost Effective PCI DSS Compliance Program by Having a Can Do Attitude Della Shea Chief Privacy & Information Risk Officer Symcor
More informationTWELVEDOT SECURITY DESIGN.BUILD.SECURE
TWELVEDOT SECURITY DESIGN.BUILD.SECURE 1 AGENDA About Us The Threat Landscape IoT Standards Using an ISMS Approach Testing and Evaluation Privacy Considerations 2 ABOUT US - YOW based company - Global
More informationThe PCI Security Standards Council PCI DSS Virtualization Webinar
The PCI Security Standards Council PCI DSS Virtualization Webinar Bob Russo, General Manager Kurt Roemer, Citrix Systems, PCI SSC Virtualization SIG Chair June 2011 Agenda Introductions Council & Virtualization
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationA Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework
A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationSecurity as a Service (Implementation Guides) Research Sponsorship
Security as a Service (Implementation Guides) Research Sponsorship Overview The purpose of the Security as a Service (SecaaS) Working Group will be to identify consensus definitions of what Security as
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationISO/IEC ISO/IEC
ISO/IEC 27000 2010 6 3 1. ISO/IEC 27000 ISO/IEC 27000 ISMS ISO IEC ISO/IEC JTC1 SC 27 ISO/IEC 27001 ISO/IEC 27000 ISO/IEC 27001 ISMS requirements ISO/IEC 27000 ISMS overview and vocabulary ISO/IEC 27002
More informationThe European Platform in Network and Information Security (NIS) Fabio Martinelli
The European Platform in Network and Information Security (NIS) Fabio Martinelli Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche IIT-CNR, Pisa, Italy Institute of Informatics and
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationThe Network and Information Security Directive - ENISA's contribution
The Network and Information Security Directive - ENISA's contribution Konstantinos Moulinos Information Security Expert 3rd IMPROVER- ERNCIP Operators Workshop Lisbon 23.05.2018 European Union Agency for
More informationCOBIT 5 Foundation Certification Training Course - Brochure
COBIT 5 Foundation Certification Training Course - Brochure The Next Level of IT Security Governance Course Name : COBIT 5 Foundation Version : INVL_Cobit5_BR_02_081_1.1 Course ID : ITSG-130 www.invensislearning.com
More informationWhere s My Data? Managing the Data Residency Challenge
Where s My Data? Managing the Data Residency Challenge Claude Baudoin & Geoff Rayner 27 February 2018 2/26/2018 Copyright 2018 OMG. All rights reserved. 1 Speakers Tracie Berardi Director of Program Management,
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationSecurity Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 Outline Input FIM4R requirements TNC2014 BoF Romain Wartel Security
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.
Course Outline CISM - Certified Information Security Manager 20 Nov 2017 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More information«Prompting an EOSC in Practice»
«Prompting an EOSC in Practice» EOSC HLEG II (2017-2018) Members George A. Komatsoulis (Observer, USA), Andreas Mortensen (Rapporteur), Silvana Muscella (Chair), Isabel Campos Plasencia, Toivo Räim, François
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More informationROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.
ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success. ROI for Your Enterprise Through ISACA With the growing complexities of global business and
More information2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing
2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing Powered by the Retail ISAC, A Division of the R-CISC Overview Last October,
More information2013 ISACA New Delhi Chapter All Rights Reserved
Mr. Rajendra Kathal President Invitation for Continuing Professional Education Session On May 25, 2013 (Saturday) from 04:30 pm to 06:30 pm Venue: Seminar Hall No. 1, USI Building Rao Tula Ram Marg, New
More informationData Discovery - Introduction
Data Discovery - Introduction Why (benefits of reusing data) How EUDAT's services help with this (in general) Adam Carter In days gone by: Design an experiment Getting Your Data Conduct the experiment
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationImplementation of Business Continuity Management System (BCMS) based on ISO 22301:2012 requirements
Implementation of Business Continuity Management System (BCMS) based on ISO 22301:2012 requirements Summary This five-day intensive training course enables participants to develop the necessary expertise
More information