Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Similar documents
EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

End-to-End Trust, Segmentation and Segregation in the IIoT

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Cyber Security: Threat and Prevention

Governance Ideas Exchange

Microsoft Security Management

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Cyber Security Technologies

Control System Security for Social Infrastructure

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

Cybersecurity Session IIA Conference 2018

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Digital innovation? Cyber secure? Digital security: a Financial Services perspective

Security by Default: Enabling Transformation Through Cyber Resilience

Building a Resilient Security Posture for Effective Breach Prevention

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Policy Session 4 Identifying Risk: An abundance of Potential Shock Waves

Addressing the elephant in the operating room: a look at medical device security programs

OUR VISION To be a global leader of computing research in identified areas that will bring positive impact to the lives of citizens and society.

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Bradford J. Willke. 19 September 2007

Cloud Security Myths Paul Mazzucco, Chief Security Officer

Thinking cities. Khalil Laaboudi. Smart & Sustainable Cities. Global Marketing

Featured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Emerging Issues: Cybersecurity. Directors College 2015

Cisco Connected Factory Accelerator Bundles

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Transport and ICT Global Practice Smart Connections for All Sandra Sargent, Senior Operations Officer, Transport & ICT GP, The World Bank

ENISA EU Threat Landscape

Cybersecurity Roadmap: Global Healthcare Security Architecture

Sage Data Security Services Directory

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Exploring Emerging Cyber Attest Requirements

locuz.com SOC Services

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

NIS Standardisation ENISA view

CyberEdge. End-to-End Cyber Risk Management Solutions

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

HK ASTRI FinTech Initiative

BHConsulting. Your trusted cybersecurity partner

Emerging Technologies. Kursten Leins GM Strategy & Government Affairs, Ericsson Australia & New Zealand

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

Cybersecurity in Higher Ed

Innovation policy for Industry 4.0

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Building Trustworthiness The Evolution of Secure Development. Glenn Pittaway and Alex Lucas Trustworthy Computing, Microsoft Corporation

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

EU funded research is keeping up trust in digital society

How do you decide what s best for you?

Achieving a Secure and Resilient Cyber Ecosystem: A Way Ahead

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

The Networked SocIety

Cyber COBIT. Ophir Zilbiger, CEO SECOZ Shay Zandani, CEO CyberARM. December 2013

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY

Interpreting the FFIEC Cybersecurity Assessment Tool

Machine-Powered Learning for People-Centered Security

the SWIFT Customer Security

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Designing and Building a Cybersecurity Program

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

A Disciplined Approach to Cyber Security Transformation

Do You Know Your Organization's Top 10 Security Risks?

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Advanced Security Tester Course Outline

INTERNATIONAL TELECOMMUNICATION UNION

Security and networks

SDN and NFV as expressions of a systemic trend «integrating» Cloud, Networks and Terminals

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

HP Fortify Software Security Center

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

CISO as Change Agent: Getting to Yes

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Accelerate Your Enterprise Private Cloud Initiative

Cyber Resilience. Think18. Felicity March IBM Corporation

Transcription:

Supply Chain Integrity and Security Assurance for ICT Mats Nilsson

The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print sales 200.000 SMS Each second Ericsson AB 2012 Page 2

Cybersecurity and mobility see, talk, text devices business partners customers society daily life management friends social networks family communities entertainment Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 3

Cyber security PERSPECTIVES Regulations & Standards Operators of infrastructure Infrastructure VENDORS THREATS & RISKS Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 4

Threats and RISKS User behavior Malicious threats Devices and applications Mobile device, application and content management Machine to Machine networks Emerging areas: Cloud, HetNets, Big Data Complex And Rapidly Evolving environment THREATS & RISKS Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 5

OPERATOR of infrastructure Business and Society is highly dependent of Mobile Networks Secure resilience to cyber incidents Harden infrastructure Improve ability to defend Recover quickly business continuity MANAGE CONDITIONS AND CONSEQUENCES OF CYBER RISKS Infrastructure Operators Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 6

VENDOR of INFRASTRUCTURE Product Security Properties Security assurance in product development and supply chain Security in Network Deployment and Operations Pro-active industry Collaboration ENABLER FOR reducing RISKS AND improving INFRASTRUCTURE VENDORS resilience Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 7

Security TRENDS (I) new devices new communication patterns new applications new networks HetNet/SDN mobile broadband cloud and big data Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 8

SECURITY TRENDS (II) NETWORK Network evolution to mobile broadband Network is critical infrastructure for consumers, business and public services DEVICES Devices: Phones transforming into computers and entertainment APPLICATIONS Applications: Mobile malware, e-payment attacks, botnets CONTENT Content: Secure storage, transmission and sharing TECHNOLOGY Technology: Open source software Cloud and Big Data analytics Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 9

Business value Evolving to meet customer expectations Managing Managing KPIs Managing Network Business Risk Relationship complexity Trust is gained by a systematic approach to threats across the whole environment, including SCI Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 10

ericsson approach ON Security RELEVANT STANDARDS MARKET & CUSTOMER NEEDS BEST PRACTICES TECHNOLOGY AND SECURE OPERATIONS SECURE SERVICES SCI ADJUST AND FILL GAPS END TO END: COMPLIANCE MONITORING LOGGING AUDITS Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 11

Our perspective ISO27k IMPROVE ASSESSMENT RESILIENCE Secure network infrastructure to be more resilient Work with operators to maintain business optimal security in their networks Industry guidance through standards and best practices SCI part of risk assessment and mitigation through appropriate controls (similar to own R&D) REDUCE CYBER SECURITY RISK Daily co-operation and collaboration via CERT community to improve ability to defend and recover Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 12

FUTURE DIRECTIONS Reduce Cybersecurity Risk Leadership in the industry ecosystem: networks, devices, applications Collaboration in regulations, standards and industry bodies IMPROVE NETWORK RESILIENCE Secure network infrastructure for resilience Work with operators to maintain security in their networks Education & Communication Educate and communicate with users Anticipate threats and develop innovative solutions Patrik Palm Security Assurance Ericsson AB 2013 2013-04-15 Page 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback