INTEGRATING AUTOMOTIVE HAZARD AND THREAT ANALYSIS METHODS: HOW DOES THIS FIT WITH ASSUMPTIONS OF THE SAE J3061
|
|
- Ilene Wood
- 5 years ago
- Views:
Transcription
1 INTEGRATING AUTOMOTIVE HAZARD AND THREAT ANALYSIS METHODS: HOW DOES THIS FIT WITH ASSUMPTIONS OF THE SAE J rd EuroAsiaSPI Conference, Graz, Austria Georg Macher AVL List GmbH (Headquarters)
2 INTEGRATING AUTOMOTIVE HAZARD AND THREAT ANALYSIS METHODS: HOW DOES THIS FIT WITH ASSUMPTIONS OF THE SAE J RD EUROASIASPI CONFERENCE, GRAZ, AUSTRIA Author(s): Co-Author(s): Approved by: Project Leader: Version: 1.0 Georg Macher Release date: Security level: Customer: Project: Task ID: Department: Andreas Riel - EMIRAcle Grenoble Institute of Technology Christian Kreiner - Graz University of Technology SoQrates Working Group Development and Research - Powertrain Engineering Copyright 2016, AVL List GmbH (Headquarters) Georg Macher Development and Research - Powertrain Engineering 15 September
3 AGENDA Cyber-Security and the Automotive Domain SAE J3061 Cyber-Security Guidebook Initial Cyber-Security Assessment (TARA) EVITA method TVRA OCTAVE HEAVENS security model Attack trees SW vulnerability analysis SAHARA Approach SAHARA Application Example Conclusion Georg Macher Georg Macher Development and Research - Powertrain Engineering 15 September
4 CYBER- SECURITY AND THE AUTOMOTIVE DOMAIN 4 Where is the challenge related to automotive security? Georg Macher Development and Research - Powertrain Engineering 15 September
5 SAE J3061 CYBER-SECURITY GUIDEBOOK 1 st available standard for the automotive domain still work-in-progress draft Proposes 3 ways of applying the SAE J3061 security processes for the automotive process landscape Standalone with defined communication points to safety engineering processes In Conjunction with ISO processes Hybrid an approach with only partially shared engineering processes Proposes an initial short cybersecurity assessment of all automotive systems (TARA) Analysis technique applied in the concept phase Identify potential threats to a feature and assess associated risks Allows prioritization of cyber-security activities and focusing of resources 3 step approach: Threat identification Risk assessment Risk analysis SAE J3061 Georg Macher Development and Research - Powertrain Engineering 15 September
6 EVITA PROJECT METHOD FUNCTIONAL SECURITY ANALYSIS Adaptation of ISO26262 HAZOP analysis called THROP Threats are defined based on primary functions of the feature Guide words are applied Potential worst-case scenarios are determined For every safety critical function all information used has to be authentic Analysis based on analysis of attacks on vehicle function Risk level determination adopted from ASIL SAE J3061 Georg Macher Development and Research - Powertrain Engineering 15 September
7 EVITA SEVERITY CLASSIFICATION SAE J3061 Georg Macher Development and Research - Powertrain Engineering 15 September
8 EVITA ATTACK PROBABILITY RATING SAE J3061 Georg Macher Development and Research - Powertrain Engineering 15 September
9 TVRA - THREAT, VULNERABILITIES, AND IMPLEMENTATION RISK ANALYSIS Process-driven methodology 10 steps to systematically identify unwanted incidents Determines the occurrence, likelihood and impact of threats to determine the risk Developed for data- and telecommunication networks Hardly applicable to embedded automotive systems Georg Macher Development and Research - Powertrain Engineering 15 September
10 OCTAVE OPERATIONALLY CRITICAL THREAT, ASSET, AND VULNERABILITY EVALUATION Process-driven methodology A series of workshops to identify assets, current practices, Cybersecurity requirements, threats, and vulnerabilities and then to develop a strategy and plan for mitigating risks and protecting assets Questionnaires and separate worksheets which are completed by participants attending a series of workshops Relation to embedded automotive systems not straightforward SAE J3061 Georg Macher Development and Research - Powertrain Engineering 15 September
11 HEAVENS SECURITY MODEL Threat-centric model, realized by applying STRIDE approach Ranking of threats by determination of Threat level (TL) corresponding a likelihood estimation Impact level (IL) impact on safety, financial, operational, privacy and legislation Security level (SL) final risk ranking Implies a lot of work to analyze and determine the individual SL Requires more details of the system design than possible available at early phases SAE J3061 Georg Macher Development and Research - Powertrain Engineering 15 September
12 HEAVENS SECURITY MODEL all tables SAE J3061 Georg Macher Development and Research - Powertrain Engineering 15 September
13 ATTACK TREES AND SW VULNERABILITY ANALYSIS Attack Tree Analysis Analogous to safety fault tree analysis Using logic expression for combination of sub-goals Adequate for exploiting combinations of threats Not optimal suitable as a TARA SW Vulnerability Analysis Examines SW code for know vulnerabilities Focusing on SW level solely Not suitable as a TARA Georg Macher Development and Research - Powertrain Engineering 15 September
14 SAHARA APPROACH SAHARA Security-Aware Hazard and Risk Analysis Combined approach of STRIDE and HARA Developed prior to SAE J3061 Combined safety and security analysis approach Threat classification based on adaptation of ASIL classification Classification of security threats via: required resources (R) required know-how (K) threat criticality (T) Georg Macher Development and Research - Powertrain Engineering 15 September
15 SAHARA: SECL CLASSIFICATION Resources (R) Knowhow (K) Criticality (T) SecL Georg Macher Development and Research - Powertrain Engineering 15 September
16 APPLICATION EXAMPLE 1/4 Running example electric steering column lock system (ESCL) ISCN/SoQrates 1. Safety analysis with SAHARA Georg Macher Development and Research - Powertrain Engineering 15 September
17 APPLICATION EXAMPLE 2/4 Running example electric steering column lock system (ESCL) ISCN/SoQrates 2. Security analysis with STRIDE Georg Macher Development and Research - Powertrain Engineering 15 September
18 APPLICATION EXAMPLE 3/4 Running example electric steering column lock system (ESCL) ISCN/SoQrates 3. Quantification of security threats with SAHARA method Georg Macher Development and Research - Powertrain Engineering 15 September
19 APPLICATION EXAMPLE 4/4 Running example electric steering column lock system (ESCL) ISCN/SoQrates 4. Combination of Safety and Security Outcomes Georg Macher Development and Research - Powertrain Engineering 15 September
20 SUMMARY 20 Review of the current state-of-the-art early development phase analysis methods Review of SAE J3061 cyber-security guidebook proposals regarding TARA Dependability features (safety, security, availability ) are system-wide features with mutual impacts and interdisciplinary values SAHARA method provides a measureable quantification of system s security Example application electric steering column lock system (ESCL) Georg Macher Georg Macher Development and Research - Powertrain Engineering 15 September
21 THANK YOU
22 22 REFERENCES EMC EMC² Project. Available at: ISO ISO Road vehicles functional safety, parts Geneva, Switzerland: International Organization for Standardization. ISO ISO/IEC Industrial communication networks network and system security. Geneva, Switzerland: International Organization for Standardization. Macher, G., E. Armengaud, and C. Kreiner A practical approach to classification of safety and security risks. In Proceedings of EuroSPI 2015, Denmark. Macher, G., E. Armengaud, E. Brenner, and C. Kreiner A review of threat analysis and risk assessment methods in the automotive context. In Proceedings of SAFECOMP 2016, 20 September. Macher, G., A. Hoeller, H. Sporer, E. Armengaud, and C. Kreiner A combined safety-hazards and securitythreat analysis method for automotive systems. In Proceedings of SAFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, The Netherlands, 22 September. Springer International Publishing AG. MSDN The MSDN STRIDE threat model. Available at: SAE Vehicle Electrical System Security Committee. SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems. Scuro, G Automotive industry: Innovation driven by electronics. Available at: Sentilles, S., P. Stepan, J. Carlson, and I. Crnkovic Component-based software engineering. In Proceedings of the 12th International Symposium CBSE, June, Berlin Heidelberg: Springer Berlin Heidelberg. Georg Macher Georg Macher Development and Research - Powertrain Engineering 15 September
Integrated design for tackling safety and security challenges of smart products and digital manufacturing
Integrated design for tackling safety and security challenges of smart products and digital manufacturing Andreas Riel, Christian Kreiner, Georg Macher, Richard Messnarz To cite this version: Andreas Riel,
More informationSýnishorn ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationGerman OWASP Day 2016 CarIT Security: Facing Information Security Threats. Tobias Millauer
German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer Daimler Business Units German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer
More informationIntegrated Assessment of AutomotiveSPICE 3.0, Functional Safety ISO 26262, Cybersecurity SAE J3061
Integrated Assessment of AutomotiveSPICE 3.0, Functional Safety ISO 26262, Cybersecurity SAE J3061 Christian Kreiner Institute of Technical Informatics TUGraz Richard Messnarz ISCN GesmbH The AQU project
More informationInternet of Things Security standards
Internet of Things Security standards Vangelis Gazis (vangelis.gazis@huawei.com) Chief Architect Security Internet of Things (IoT) Security Solution Planning & Architecture Design (SPD) Security standards
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationStandard: Risk Assessment Program
Standard: Risk Assessment Program Page 1 Executive Summary San Jose State University (SJSU) is highly diversified in the information that it collects and maintains on its community members. It is the university
More informationOVERVIEW OF AUTOMATED DRIVING RESEARCH IN EUROPE. Dr. Angelos Amditis Research Director, ICCS
OVERVIEW OF AUTOMATED DRIVING RESEARCH IN EUROPE Dr. Angelos Amditis Research Director, ICCS OUTLINE Introduction L3Pilot: Pilot Testing INFRAMIX: Hybrid Infrastructure SAFERtec:Cyber-security / Security
More informationAutomotive Security Standardization activities and attacking trend
Automotive Standardization activities and attacking trend Ingo Dassow, Deloitte November 2017 Automotive Risk Overview Trends and risks for connected vehicles 2 Value and Components of a Car Autonomous
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationSecurity Aspects of Trust Services Providers
Security Aspects of Trust Services Providers Please replace background with image European Union Agency for Network and Information Security 24 th September 2013 www.enisa.europa.eu Today s agenda 09:30-10:00
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationDeriving safety requirements according to ISO for complex systems: How to avoid getting lost?
Deriving safety requirements according to ISO 26262 for complex systems: How to avoid getting lost? Thomas Frese, Ford-Werke GmbH, Köln; Denis Hatebur, ITESYS GmbH, Dortmund; Hans-Jörg Aryus, SystemA GmbH,
More informationClick ISO to edit Master title style Update on development of the standard
Click ISO 26262 to edit Master title style Update on development of the standard Dr David Ward Head of Functional Safety January 2016 Agenda Why update ISO 26262? What is the process for updating the standard?
More informationEconomic and Social Council
United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization
More informationCybersecurity Engineering and Assurance for Connected and Automated Vehicles
Cybersecurity Engineering and Assurance for Connected and Automated Vehicles Paul Wooderson Vehicle cybersecurity concerns Privacy vehicle as a data hub Theft physical cybersecurity Safety - impacts of
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationObjectives of the Security Policy Project for the University of Cyprus
Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationSoftware Architectural Risk Analysis (SARA) Frédéric Painchaud Robustness and Software Analysis Group
Software Architectural Risk Analysis (SARA) Frédéric Painchaud Robustness and Software Analysis Group Defence Research and Development Canada Recherche et développement pour la défense Canada Canada Agenda
More informationA Security Risk Analysis Model for Information Systems
A Security Risk Analysis Model for Information Systems Hoh Peter In 1,*, Young-Gab Kim 1, Taek Lee 1, Chang-Joo Moon 2, Yoonjung Jung 3, and Injung Kim 3 1 Department of Computer Science and Engineering,
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationOverview of the Cybersecurity Framework
Overview of the Cybersecurity Framework Implementation of Executive Order 13636 Matt Barrett Program Manager matthew.barrett@nist.gov cyberframework@nist.gov 15 January 2015 Executive Order: Improving
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationTool-Supported Cyber-Risk Assessment
Tool-Supported Cyber-Risk Assessment Security Assessment for Systems, Services and Infrastructures (SASSI'15) Bjørnar Solhaug (SINTEF ICT) Berlin, September 15, 2015 1 Me Bjørnar Solhaug Bjornar.Solhaug@sintef.no
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationSoftware Architectural Risk Analysis (SARA): SSAI Roadmap
Software Architectural Risk Analysis (SARA): SSAI Roadmap Frédéric Painchaud DRDC Valcartier / Systems of Systems November 2010 Agenda Introduction Software Architectural Risk Analysis Linking to SSAI
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 13335-1 First edition 2004-11-15 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for
More informationB C ISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 13335-3 First edition 1998-06-15 Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security Technologies de l'information
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationReport. Conceptual Framework for the DIAMONDS Project. SINTEF ICT Networked Systems and Services SINTEF A Unrestricted
SINTEF A22798- Unrestricted Report Conceptual Framework for the DIAMONDS Project Author(s) Gencer Erdogan, Yan Li, Ragnhild Kobro Runde, Fredrik Seehusen, Ketil Stølen SINTEF ICT Networked Systems and
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationFinal Report of TF-CS/OTA
Submitted by the Secretary of the UN Task Force on Cyber Security and Over-the-Air issues Informal document GRVA-01-19 1st GRVA, 25-28 September 2018 Agenda item 6 (b) Final Report of TF-CS/OTA United
More informationPromoting Global Cybersecurity
Promoting Global Cybersecurity Presented to ITU-T Study Group 17 Geneva, Switzerland 6 October 2005 Robert Shaw ITU Internet Strategy and Policy Advisor ITU Strategy and Policy Unit 1 Agenda Critical Infrastructures
More informationCOPE-ing with Cyber Risk Exposures
COPE-ing with Cyber Risk Exposures Russ Cohen, Chubb Ron Bushar, Mandiant Consulting September 22, 2016 1 Agenda The Challenge Transforming COPE to Cyber COPE Evaluating Risk for Cyber COPE Questions 2
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More informationThe Challenges of Risk Assessment for Smart Grid
The Challenges of Risk Assessment for Smart Grid Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September, 2014 Risk Assessment:
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationFunctional Safety and Cyber-Security Experiences and Trends
Functional Safety and Cyber-Security Experiences and Trends Dr. Christof Ebert, Vector Consulting Services V1.0 2017-12-11 Welcome Vector Consulting Services Experts for product development, product strategy
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 27019 First edition 2013-07-15 Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific
More informationRiccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist
Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist Internet of Things Group 2 Internet of Things Group 3 Autonomous systems: computing platform Intelligent eyes Vision. Intelligent
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services
TECHNICAL REPORT ISO/IEC TR 27015 First edition 2012-12-01 Information technology Security techniques Information security management guidelines for financial services Technologies de l'information Techniques
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationBonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology
Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology It s a hot topic!! Executives are asking their CISOs a LOT of questions about it Issues are costly, from a financial and a reputational
More information1.What are critical infrastructures in Switzerland? CIP concept in Switzerland
Session 4 Addressing new frontiers in CI resilience Cyber risks and beyond Swiss application and insights Joint OECD-JRC Workshop on Critical Infrastructure Resilience Paris, 25 September 2018 Dr. Stefan
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 First edition 2000-12-01 Information technology Code of practice for information security management Technologies de l'information Code de pratique pour la gestion
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security incident management
INTERNATIONAL STANDARD ISO/IEC 27035 First edition 2011-09-01 Information technology Security techniques Information security incident management Technologies de l'information Techniques de sécurité Gestion
More informationIntegrating Cyber Security and Safety Systems Engineering Disciplines with a common Code of Practice
Integrating Cyber Security and Safety Systems Engineering Disciplines with a common Code of Practice Dr Richard Piggin 16 November 2017 - Atkins Limited 1 Introduction Background Motivation Safety Engineering
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationOperational Risk Management: Major Processes and Assignments
Operational Risk Management: Major Processes and Assignments Gabriel Andrade Deputy-Head of the Risk Management Department 19 September 2017 Cambridge Agenda 1. ORM Framework Operational Risk Operational
More informationCybersecurity & Risks Analysis
Working Together to Build Confidence Cybersecurity & Risks Analysis Djenana Campara Chief Executive Officer Member, Object Management Group Board of Directors Co-Chair, System Assurance Task Force Cyber
More informationPreventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI
Preventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI Bob Gruszczynski VWoA OBD Communication Expert Current Cybersecurity Status Challenges
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationThe European Platform in Network and Information Security (NIS) Fabio Martinelli
The European Platform in Network and Information Security (NIS) Fabio Martinelli Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche IIT-CNR, Pisa, Italy Institute of Informatics and
More informationThreat Centric Vulnerability Management
Threat Centric Vulnerability Management Solution Brief When it comes to vulnerability management, security leaders continue struggle to identify which of the thousands even millions of vulnerabilities
More informationCymsoft Information Technologies
1 Cymsoft Information Technologies Dr. Cemal Gemci CEO 2 CYMSOFT? Established in 2006 in Ankara/Turkey. Main Activity: Provides Information Security solutions in each area of ICT. Focused on consultancy
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationTHE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :
THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY 18 2017: INFORMATION SYSTEM AUDIT AND SECURITY MANAGEMENT ( 2 DAYS) MAY 15 AND 16 o INFORMATION
More informationSecurity Considerations in M2M Communications
Security Considerations in M2M Communications Applied Research Issues & Projects in the Austrian Institute of Technology (AIT) Dr. Markus Tauber Project Manager, ICT Security, Future Networks and Services,
More informationFramework for Improving Critical Infrastructure Cybersecurity. and Risk Approach
Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 and Risk Approach June 9, 2016 cyberframework@nist.gov Executive Order: Improving Critical Infrastructure
More informationRisk Management. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Risk Management Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Define
More informationEPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use
EPRI Research Overview IT/Security Focus November 29, 2012 Mark McGranaghan VP, Power Delivery and Utilization Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use Transmission
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationA Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management
A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management D r. J o h n F. M i l l e r T h e M I T R E C o r p o r a t i o n P e t e r D. K e r t z n e r T h
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationWhite Paper. View cyber and mission-critical data in one dashboard
View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationGeneral Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!
General Data Protection Regulation May 25, 2018 DON T PANIC! PLAN! Protect the human behind the data record. On May 25, 2018 the General Data Protection Regulation (GDPR) is entering into force. It requires
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationProcedure for Network and Network-related devices
Lloyd s Register Type Approval System Type Approval Requirements for components within Cyber Enabled Systems on board Ships Procedure for Network and Network-related devices September 2017 1 Reference:
More informationExamining future priorities for cyber security management
Examining future priorities for cyber security management Cybersecurity Focus Day Insurance Telematics 16 Andrew Miller Chief Technical Officer Thatcham Research Owned by the major UK Motor Insurers with
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationHow to Conduct a Business Impact Analysis and Risk Assessment
How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationSecurity Standardization and Regulation An Industry Perspective
Security Standardization and Regulation An Industry Perspective Dr. Ralf Rammig Siemens AG Megatrends Challenges that are transforming our world Digitalization In the future, we ll be living in a world
More informationLocation-Specific Cyber Risk
Location-Specific Cyber Risk Lincoln Kaffenberger Cyber Threat Intelligence Officer IMF Information Security Group John Kupcinski Director, Cyber Security KPMG 1 Agenda Why assess the cyber risks by a
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationEuropean Responsible Care Forum. Security & Safe Maintenance
European Responsible Care Forum Security & Safe Maintenance Brussels, Thursday 7 April 2011 Mike Zeegers - Director Europe Agenda: History IMPROVE PROJECT To enhance Secure infrastructure Objective of
More informationA Practical Approach to Implement a Risk Based ISMS
A Practical Approach to Implement a Risk Based ISMS Pascal Reiniger Chief Information Security Officer Kanton Basel-Stadt Zürich Security Interest Group Switzerland 07.11.2017 Agenda 1. Introduction 2.
More informationFundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment
Fundamentals of Cybersecurity/CIIP Building Capacity: Using a National Strategy & Self- Presented to: 2009 ITU Regional Cybersecurity Forum for Asia-Pacific Connecting the World Responsibly 23-25 25 September
More informationChristoph Schmittner, Zhendong Ma, Paul Smith
FMVEA for Safety and Security Analysis of Intelligent and Cooperative Vehicles 1st International workshop on the Integration of Safety and Security Engineering (ISSE 14) Christoph Schmittner, Zhendong
More information