SpringerBriefs in Computer Science
|
|
- Jacob Terry
- 6 years ago
- Views:
Transcription
1 SpringerBriefs in Computer Science
2 More information about this series at
3 Atle Refsdal Bjørnar Solhaug Ketil Stølen Cyber-Risk Management 123
4 Atle Refsdal SINTEF ICT Oslo Norway Ketil Stølen SINTEF ICT Oslo Norway Bjørnar Solhaug SINTEF ICT Oslo Norway ISSN ISSN (electronic) SpringerBriefs in Computer Science ISBN ISBN (ebook) DOI / Library of Congress Control Number: Springer Cham Heidelberg New York Dordrecht London The Author(s) 2015 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper Springer International Publishing AG Switzerland is part of Springer Science+Business Media (
5 Preface Information and communication technologies (ICT) have over several decades brought significant benefits to enterprises, individuals, and society as a whole. This is clearly evident when considering the wide and profound impact of the Internet in a great many parts of our daily lives. The Internet, and more broadly cyberspace, has become a cornerstone for a broad range of services and activities that today we take for granted. Due to cyberspace and its underlying infrastructure, people and organizations have access to more and better services than ever before. This is the case within several domains of society, including banking and finance, communication, entertainment, health, power supply, social interactions, transportation, trade, and social participation. As a result, our daily lives, fundamental rights, economies, and social security depend on ICT working seamlessly. At the same time, cyberspace has introduced, and continues to introduce, numerous new threats and vulnerabilities. Stakeholders are exposed to cybersecurity incidents of many different kinds and degrees of severity. These include information theft, disruption of services, privacy and identity abuse, fraud, espionage, and sabotage. At a larger scale, societies are threatened by possible attacks on critical infrastructures via cyberspace, as well as the potential for cyber-terrorism and even cyber-warfare. In addition to the many possibilities for cyber-crime and malicious attacks come all the accidental and other non-malicious threats that may lead to cybersecurity incidents. In fact, the ubiquity of cyberspace has brought societies to a point where a very large number of the risks that we traditionally have been exposed to in the physical world today arise in cyberspace and have become cyber-risks. In order to ensure a satisfactory level of cybersecurity, stakeholders need to understand the nature of cyber-risk and what distinguishes cyber-risk from other kinds of risk, and they need adequate methods and techniques for cyber-risk management. Our main objective with this book is to give a short introduction to risk management, focusing on cybersecurity and cyber-risk assessment. We introduce the reader to the underlying terminology, we present and explain the processes of cyber-risk management, and we provide guidance and hands-on examples on how to conduct cyber-risk assessment in practice. We moreover address many of the typical challenges that risk assessors face, and we give advice on how to tackle them. v
6 vi Preface There are many different techniques, tools, modeling languages, and documentation formats that are available to support cyber-risk assessment. This book is oblivious to any such specific approach; while we have based the contents on established standards and industry best practices, we present the risk assessment process and the examples in a format that can be instantiated by any specific approach that complies with the ISO risk management standard. The intended target audience is practitioners, as well as graduate and undergraduate students, in particular within the ICT domain. We also aim to provide lecturers with teaching material on the fundamentals of cyber-risk management and the basic principles and techniques of cyber-risk assessment. We moreover believe that the book illuminates and clarifies many aspects and underlying concepts of the domain of cybersecurity. The book can therefore be useful also for researchers and standardization bodies that have activities related to cybersecurity. Our own knowledge about and experience of cybersecurity and cyber-risk management, and therefore also the contents of this book, largely stem from academic research and empirical studies that we have conducted jointly with colleagues and with collaborators from industry. We express our acknowledgments to all of those who in different ways have helped out in the work on this book. We owe many thanks to our close colleagues Gencer Erdogan, Yan Li, Aida Omerovic, and Fredrik Seehusen for their many and valuable comments and suggestions on several parts of this book. We are very grateful to Kristian Beckers, Karin Bernsmed, Aslak Wegner Eide, Marika Lüders, and Ragnhild Kobro Runde for reviewing the manuscript and providing good and helpful feedback. Prior to and during the work on this book we have benefited greatly from collaboration with people from academia and industry on several research projects. These include Jürgen Großmann, Maritta Heisel, Fabio Martinelli, Wolter Pieters, Alexander Pretschner, Christian W. Probst, and Aristotelis Tzafalias. Some of the research activities that the work on this book has benefited from have partly been funded by the Research Council of Norway, in particular through the projects Diamonds and AGRA. Relevant research activities have also been funded by the European Commission, in particular through the projects RASEN and NES- SOS, but also through CONCERTO. Oslo, Norway July 2015 Atle Refsdal Bjørnar Solhaug Ketil Stølen
7 Contents 1 Introduction Aim and Emphasis Policy of Writing and Presentation Structure and Organization Part I: Conceptual Introduction Part II: Cyber-risk Assessment Exemplified Part III: Known Challenges Intended Readers and Ways to Read Relevant Standards Part I Conceptual Introduction 2 Risk Management What is Risk? What is Risk Management? Communication and Consultation Establish a Consultative Team Define a Plan for Communication and Consultation Ensure Endorsement of the Risk Management Process Communicate Risk Assessment Results Risk Assessment Context Establishment Risk Identification Risk Analysis Risk Evaluation Risk Treatment Monitoring and Review Monitoring and Review of Risks Monitoring and Review of Risk Management Further Reading vii
8 viii Contents 3 Cyber-systems What is a Cyberspace? What is a Cyber-system? Further Reading Cybersecurity What is Cybersecurity? How Does Cybersecurity Relate to Information Security? How Does Cybersecurity Relate to Critical Infrastructure Protection? How Does Cybersecurity Relate to Safety? Further Reading Cyber-risk Management What is Cyber-risk? Communication and Consultation of Cyber-risk Cyber-risk Assessment Context Establishment for Cyber-risk Identification of Malicious Cyber-risk Identification of Non-malicious Cyber-risk Analysis of Cyber-risk Evaluation of Cyber-risk Treatment of Cyber-risk Monitoring and Review of Cyber-risk Monitoring and Review of Cyber-risk Monitoring and Review of Cyber-risk Management Further Reading Part II Cyber-risk Assessment Exemplified 6 Context Establishment Context, Goals, and Objectives External Context Internal Context Goals and Objectives Target of Assessment Electricity Customer Distribution System Operator Communication Channels Between Components Interface to Cyberspace and Attack Surface Scope, Focus, and Assumptions Scope Focus Assumptions Assets, Scales, and Risk Evaluation Criteria Assets Likelihood Scale... 58
9 Contents ix Consequence Scales Risk Evaluation Criteria Further Reading Risk Identification Risk Identification Techniques Malicious Risks Threat Source Identification Threat Identification Vulnerability Identification Incident Identification Non-malicious Risks Incident Identification Vulnerability Identification Threat Identification Threat Source Identification Further Reading Risk Analysis Threat Analysis Malicious Threats Non-malicious Threats Vulnerability Analysis Malicious Threat Vulnerabilities Non-malicious Threat Vulnerabilities Likelihood of Incidents Consequence of Incidents Further Reading Risk Evaluation Consolidation of Risk Analysis Results Evaluation of Risk Level Risk Aggregation Risk Grouping Further Reading Risk Treatment Risk Treatment Identification Malicious Risks Non-malicious Risks Risk Acceptance Further Reading...103
10 x Contents Part III Known Challenges and How to Address Them in Practice 11 Which Measure of Risk Level to Use? Two-factor Measure Three-factor Measure Many-factor Measure Which Measure to Use for Cyber-risk? Further Reading What Scales Are Best Suited Under What Conditions? Classification of Scales Qualitative Versus Quantitative Risk Assessment Scales for Likelihood Scales for Consequence What Scales to Use for Cyber-risk? Further Reading How to Deal with Uncertainty? Conceptual Clarification Kinds of Uncertainty Representing Uncertainty Reducing Uncertainty How to Handle Uncertainty for Cyber-risk? Further Reading High-consequence Risk with Low Likelihood Dealing with Black Swans Identifying Gray Swans Communicating Gray Swans Dealing with Gray Swans Recognizing Gray Swans in Cyberspace Further Reading Conclusion What We Have Put Forward in General What We Have Put Forward in Particular What We Have not Covered Glossary References Index...141
11 Acronyms AMI ARPANET CAPEC CIIP CIP CNSS COBIT CWE DDoS DoS ENISA EU EUROPOL GAO GPRS ICT IEC ISACA ISO IT ITU LAN NIACAP NIST NSFNET OWASP SLA UML WAN Advanced metering infrastructure Advanced Research Projects Agency Network Common Attack Pattern Enumeration and Classification Critical information infrastructure protection Critical infrastructure protection Committee on National Security Systems Control Objectives for Information and Related Technology Common Weakness Enumeration Distributed denial of service Denial of service European Union Agency for Network and Information Security European Union European Police Office US Government Accountability Office General packet radio service Information and communication technology International Electrotechnical Commission Information Systems Audit and Control Association International Organization for Standardization Information technology International Telecommunication Union Local area network National Information Assurance Certification and Accreditation Process National Institute of Standards and Technology National Science Foundation Network Open Web Application Security Project Service level agreement Unified Modeling Language Wide area network xi
Tool-Supported Cyber-Risk Assessment
Tool-Supported Cyber-Risk Assessment Security Assessment for Systems, Services and Infrastructures (SASSI'15) Bjørnar Solhaug (SINTEF ICT) Berlin, September 15, 2015 1 Me Bjørnar Solhaug Bjornar.Solhaug@sintef.no
More informationMobile Phone Security and Forensics
Mobile Phone Security and Forensics Iosif I. Androulidakis Mobile Phone Security and Forensics A Practical Approach Second Edition Iosif I. Androulidakis Pedini Ioannina Greece ISBN 978-3-319-29741-5
More informationFailure-Modes-Based Software Reading
SPRINGER BRIEFS IN COMPUTER SCIENCE Yang-Ming Zhu Failure-Modes-Based Software Reading SpringerBriefs in Computer Science More information about this series at http://www.springer.com/series/10028 Yang-Ming
More informationPhilip Andrew Simpson. FPGA Design. Best Practices for Team-based Reuse. Second Edition
FPGA Design Philip Andrew Simpson FPGA Design Best Practices for Team-based Reuse Second Edition Philip Andrew Simpson San Jose, CA, USA ISBN 978-3-319-17923-0 DOI 10.1007/978-3-319-17924-7 ISBN 978-3-319-17924-7
More informationReport. Conceptual Framework for the DIAMONDS Project. SINTEF ICT Networked Systems and Services SINTEF A Unrestricted
SINTEF A22798- Unrestricted Report Conceptual Framework for the DIAMONDS Project Author(s) Gencer Erdogan, Yan Li, Ragnhild Kobro Runde, Fredrik Seehusen, Ketil Stølen SINTEF ICT Networked Systems and
More informationResearch on Industrial Security Theory
Research on Industrial Security Theory Menggang Li Research on Industrial Security Theory Menggang Li China Centre for Industrial Security Research Beijing, People s Republic of China ISBN 978-3-642-36951-3
More informationGuide to OSI and TCP/IP Models
SPRINGER BRIEFS IN COMPUTER SCIENCE Mohammed M. Alani Guide to OSI and TCP/IP Models SpringerBriefs in Computer Science Series editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi
More informationITIL 2011 At a Glance. John O. Long
ITIL 2011 At a Glance John O. Long SpringerBriefs in Computer Science Series Editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin Shen Borko Furht VS
More informationWireless Networks. Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada
Wireless Networks Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada More information about this series at http://www.springer.com/series/14180 Sachin Shetty Xuebiao Yuchi
More informationSpringerBriefs in Computer Science
SpringerBriefs in Computer Science Series Editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin (Sherman) Shen Borko Furht V.S. Subrahmanian Martial Hebert
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationCORAL: A Model-Based Approach to Risk-Driven Security Testing
CORAL: A Model-Based Approach to Risk-Driven Security Testing Doctoral Dissertation by Gencer Erdogan Submitted to the Faculty of Mathematics and Natural Sciences at the University of Oslo in partial fulfillment
More informationLow Level X Window Programming
Low Level X Window Programming Ross J. Maloney Low Level X Window Programming An Introduction by Examples 123 Dr. Ross J. Maloney Yenolam Corporation Booragoon, WA Australia ISBN 978-3-319-74249-6 ISBN
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationComputer Communications and Networks. Series editor A.J. Sammes Centre for Forensic Computing Cranfield University, Shrivenham campus Swindon, UK
Computer Communications and Networks Series editor A.J. Sammes Centre for Forensic Computing Cranfield University, Shrivenham campus Swindon, UK The Computer Communications and Networks series is a range
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationCEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
More informationWhitestein Series in software Agent Technologies. About whitestein Technologies
Whitestein Series in software Agent Technologies Series Editors: Marius Walliser Stefan Brantschen Monique Calisti Thomas Hempfling This series reports new developments in agent-based software technologies
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationSecurity Analysis Part I: Basics
Security Analysis Part I: Basics Ketil Stølen, SINTEF & UiO CORAS 1 Acknowledgments The research for the contents of this tutorial has partly been funded by the European Commission through the FP7 project
More informationStefan Waldmann. Topology. An Introduction
Topology Stefan Waldmann Topology An Introduction 123 Stefan Waldmann Julius Maximilian University of Würzburg Würzburg Germany ISBN 978-3-319-09679-7 ISBN 978-3-319-09680-3 (ebook) DOI 10.1007/978-3-319-09680-3
More informationFunctional Programming in R
Functional Programming in R Advanced Statistical Programming for Data Science, Analysis and Finance Thomas Mailund Functional Programming in R: Advanced Statistical Programming for Data Science, Analysis
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationIntroduction to Computer Networking
Introduction to Computer Networking Thomas G. Robertazzi Introduction to Computer Networking 123 Thomas G. Robertazzi Department of Electrical and Computer Engineering Stony Brook University Stony Brook,
More informationAustralian/New Zealand Standard
AS/NZS ISO/IEC 27005:2012 Australian/New Zealand Standard Information technology Security techniques Information security risk management (ISO/IEC 27005:2011, MOD) This Joint Australian/New Zealand Standard
More informationGeneral Framework for Secure IoT Systems
General Framework for Secure IoT Systems National center of Incident readiness and Strategy for Cybersecurity (NISC) Government of Japan August 26, 2016 1. General Framework Objective Internet of Things
More informationIntelligent Systems Reference Library
Intelligent Systems Reference Library Volume 145 Series editors Janusz Kacprzyk, Polish Academy of Sciences, Warsaw, Poland e-mail: kacprzyk@ibspan.waw.pl Lakhmi C. Jain, University of Canberra, Canberra,
More informationNATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -
NATIONAL CYBER SECURITY STRATEGY - Version 2.0 - CONTENTS SUMMARY... 3 1 INTRODUCTION... 4 2 GENERAL PRINCIPLES AND OBJECTIVES... 5 3 ACTION FRAMEWORK STRATEGIC OBJECTIVES... 6 3.1 Determining the stakeholders
More informationTHE CYBER SECURITY ENVIRONMENT IN LITHUANIA
Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationIterative Design of Teaching-Learning Sequences
Iterative Design of Teaching-Learning Sequences Dimitris Psillos Petros Kariotoglou Editors Iterative Design of Teaching- Learning Sequences Introducing the Science of Materials in European Schools Editors
More informationBrussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER
COUNCIL OF THE EUROPEAN UNION Brussels, 19 May 2011 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66 NOTE From : COREPER To: COUNCIL No Cion. prop.: 8548/11 TELECOM 40 DATAPROTECT 27 JAI 213 PROCIV38
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationSummary of Contents LIST OF FIGURES LIST OF TABLES
Summary of Contents LIST OF FIGURES LIST OF TABLES PREFACE xvii xix xxi PART 1 BACKGROUND Chapter 1. Introduction 3 Chapter 2. Standards-Makers 21 Chapter 3. Principles of the S2ESC Collection 45 Chapter
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationReport. An Evaluation of a Test driven Security Risk Analysis Method Based on an Industrial Case Study
Unrestricted Report An Evaluation of a Test driven Security Risk Analysis Method Based on an Industrial Case Study Author(s) Gencer Erdogan Fredrik Seehusen Yan Li SINTEF ICT Networked Systems and Services
More informationStandard Course Outline IS 656 Information Systems Security and Assurance
Standard Course Outline IS 656 Information Systems Security and Assurance I. General Information s Course number: IS 656 s Title: Information Systems Security and Assurance s Units: 3 s Prerequisites:
More informationSTUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences
STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences Undergraduate Programs - Bachelor B.S. Computer Game Design Upon completion of the B.S. degree in Computer Game Design, students
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationPROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK
PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK 23.11.2015 DEFINITION OF CRITICAL INFRASTRUCTURE US EU The nation's
More informationINFORMATION SECURITY MANAGEMENT SYSTEMS CERTIFICATION RESEARCH IN THE ROMANIAN ORGANIZATIONS
U.P.B. Sci. Bull., Series D, Vol. 77, Iss. 4, 2015 ISSN 1454-2358 INFORMATION SECURITY MANAGEMENT SYSTEMS CERTIFICATION RESEARCH IN THE ROMANIAN ORGANIZATIONS Bogdan ŢIGĂNOAIA 1, Anca-Alexandra PURCĂREA
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationBachelor of Information Technology (Network Security)
Course information for Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank Course Design The Bachelor of Information Technology (Network Security) is a three-year
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationReal-Time Graphics Rendering Engine
Hujun Bao Wei Hua Real-Time Graphics Rendering Engine With 66 figures, 11 of them in color ADVANCED TOPICS IN SCIENCE AND TECHNOLOGY IN CHINA ADVANCED TOPICS IN SCIENCE AND TECHNOLOGY IN CHINA Zhejiang
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationCOSO Enterprise Risk Management
COSO Enterprise Risk Management COSO Enterprise Risk Management Establishing Effective Governance, Risk, and Compliance Processes Second Edition ROBERT R. MOELLER John Wiley & Sons, Inc. Copyright # 2007,
More informationEssential Angular for ASP.NET Core MVC
Essential Angular for ASP.NET Core MVC Adam Freeman Essential Angular for ASP.NET Core MVC Adam Freeman London, UK ISBN-13 (pbk): 978-1-4842-2915-6 ISBN-13 (electronic): 978-1-4842-2916-3 DOI 10.1007/978-1-4842-2916-3
More informationImplementation Strategy for Cybersecurity Workshop ITU 2016
Implementation Strategy for Cybersecurity Workshop ITU 2016 Council for Scientific and Industrial Research Joey Jansen van Vuuren Intricacies and interdependencies cyber policies must address potential
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationIS305 Managing Risk in Information Systems [Onsite and Online]
IS305 Information Systems [Onsite and Online] Course Description: This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationJava Quick Syntax Reference. Second Edition. Mikael Olsson
Java Quick Syntax Reference Second Edition Mikael Olsson Java Quick Syntax Reference Second Edition Mikael Olsson Java Quick Syntax Reference Mikael Olsson Hammarland, Länsi-Suomi, Finland ISBN-13 (pbk):
More informationENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010
ENISA & Cybersecurity Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010 Agenda Some Definitions Some Statistics ENISA & Cybersecurity Conclusions
More informationRobust SRAM Designs and Analysis
Robust SRAM Designs and Analysis Jawar Singh Saraju P. Mohanty Dhiraj K. Pradhan Robust SRAM Designs and Analysis 123 Jawar Singh Indian Institute of Information Technology Design and Manufacturing Dumna
More informationAIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1)
AIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1) AIIC Associazione Italiana esperti Infrastrutture Critiche Non-governmental and non-profit scientific association legally registered
More informationSpringerBriefs in Computer Science
SpringerBriefs in Computer Science Series editors Stan Zdonik, Brown University, Providence, Rhode Island, USA Shashi Shekhar, University of Minnesota, Minneapolis, Minnesota, USA Xindong Wu, University
More informationGUIDELINES ON MARITIME CYBER RISK MANAGEMENT
E 4 ALBERT EMBANKMENT LONDON SE1 7SR Telephone: +44 (0)20 7735 7611 Fax: +44 (0)20 7587 3210 GUIDELINES ON MARITIME CYBER RISK MANAGEMENT MSC-FAL.1/Circ.3 5 July 2017 1 The Facilitation Committee, at its
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationGeorge Grätzer. Practical L A TEX
Practical L A TEX George Grätzer Practical L A TEX 123 George Grätzer Toronto, ON, Canada Additional material to this book can be downloaded from http://extras.springer.com ISBN 978-3-319-06424-6 ISBN
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationIJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY EVALUATING ISO STANDARDS APPLICATION OF SECURITY REQUIREMENTS OF E- BANKING IN SUDAN Inshirah M. O. Elmaghrabi*, Hoida A. Abdelgadir,
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationHOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS
HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level:
More informationETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)
ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security
More informationITT Technical Institute. IT360 Networking Security I Onsite Course SYLLABUS
ITT Technical Institute IT360 Networking Security I Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 0 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite:
More informationGuidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 Adopted on 25 May 2018 Contents 1. Introduction... 2 1.1. Scope
More informationCall for Expressions of Interest
Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationEuropean Responsible Care Forum. Security & Safe Maintenance
European Responsible Care Forum Security & Safe Maintenance Brussels, Thursday 7 April 2011 Mike Zeegers - Director Europe Agenda: History IMPROVE PROJECT To enhance Secure infrastructure Objective of
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27039 First edition 2015-02-15 Corrected version 2016-05-01 Information technology Security techniques Selection, deployment and operations of intrusion detection and prevention
More informationInformation technology Security techniques Code of practice for personally identifiable information protection
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationSystemic Analyser in Network Threats
Systemic Analyser in Network Threats www.project-saint.eu @saintprojecteu #saintprojecteu John M.A. Bothos jbothos@iit.demokritos.gr Integrated System Laboratory Institute of Informatics & Telecommunication
More informationReport. ISMS-CORAS: A Structured Method for Establishing an ISO Compliant Information Security Management System
SINTEF A25626- Unrestricted Report ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System Authors Kristian Beckers Maritta Heisel Bjørnar Solhaug
More informationSoftware Architectural Risk Analysis (SARA) Frédéric Painchaud Robustness and Software Analysis Group
Software Architectural Risk Analysis (SARA) Frédéric Painchaud Robustness and Software Analysis Group Defence Research and Development Canada Recherche et développement pour la défense Canada Canada Agenda
More informationGlobal cybersecurity and international standards
World Class Standards Global cybersecurity and international standards Professor Solange Ghernaouti-Hélie sgh@unil.ch Faculty of Business and Economics, University of Lausanne Member of the Hight Level
More informationCybersecurity Strategy of the Republic of Cyprus
Cybersecurity Strategy of the Republic of Cyprus George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 12 th February 2016 Cybersecurity Strategy of
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationDirective on security of network and information systems (NIS): State of Play
Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationFUNCTIONAL MODELLING OF IT RISK ASSESSMENT SUPPORT SYSTEM
FUNCTIONAL MODELLING OF IT RISK ASSESSMENT SUPPORT SYSTEM Artis Teilans 1, Andrejs Romanovs 2, Yuri Merkuryev 3, Arnis Kleins 4, Pjotrs Dorogovs 5, Ojars Krasts 6 1 Rezekne Higher Education Institution,
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationWindows 10 Revealed. The Universal Windows Operating System for PC, Tablets, and Windows Phone. Kinnary Jangla
Windows 10 Revealed The Universal Windows Operating System for PC, Tablets, and Windows Phone Kinnary Jangla Windows 10 Revealed Kinnary Jangla Bing Maps San Francisco, California, USA ISBN-13 (pbk): 978-1-4842-0687-4
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationU.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan
U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders
More informationItu regional workshop
Itu regional workshop "Key Aspects of Cybersecurity in the Context of Internet of Things (IoT) Natalia SPINU 18 September, 2017 Tashkent, Uzbekistan AGENDA 1. INTRODUCTI ON 2. Moldovan public policy on
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationJinkun Liu Xinhua Wang. Advanced Sliding Mode Control for Mechanical Systems. Design, Analysis and MATLAB Simulation
Jinkun Liu Xinhua Wang Advanced Sliding Mode Control for Mechanical Systems Design, Analysis and MATLAB Simulation Jinkun Liu Xinhua Wang Advanced Sliding Mode Control for Mechanical Systems Design, Analysis
More information