SlideShare uma empresa Scribd logo

National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Call....

Shah Sheikh
Shah Sheikh

Shah Sheikh - Presentation at the National Oil Conference 2014 in Dubai organized by Marsh. Evolving Cyber Security - A Wake Up Call.....

Tecnologia
1 de 33
NATIONAL OIL COMPANIES CONFERENCE 2014 BEYOND THE HORIZON – MANAGING THE NEXT FRONTIER OF RISK 18-20 MARCH 2014 Evolving Cyber Security - A wake up call… Shah H Sheikh MEng CISSP CISA CISM CRISC CCSK (shah@dts-solution.com) Co-Founder / Sr. Security Consultant @ DTS Solution INTERCONTINENTAL HOTEL FESTIVAL CITY, DUBAI
MARSH 113 May 2014 Agenda Evolving Cyber Security – A wake up call …. • Cyber Security Introduction and History… • Cyber Security for SCADA / Critical Infrastructure and Enterprises • Attacker and Actors Profile and Objectives • Cyber Security Risk Management Framework
MARSH Cyber Security Introduction • What is Cyber Security? – Protection of mission and business critical assets in the form of logical security controls (this is not physical security) to ensure no adverse impact of any kind to the business. • Why is it important? – Globalized Digital Data – Every organization has digital information data, many enterprises trade and carry business transactions online, each and every enterprise is connected to the internet in one form or another – cyber security threats can materialize from external and internal boundaries. Critical Infrastructure needs to be protected…. Many important government level discussions in 2013 cited Cyber Attacks and Digital Spying as a major concern for national security … 213 May 2014
MARSH Cyber Security Introduction • Information Security Investment – From Luxury to Necessity … – The perception needs to change and needs to be driven at top management level with clear governance and steering committee. • The future of Cyber Security and Risk…. – There is little doubt that the race for arms is cyber warfare… – State sponsored cyber attacks are a common place and very evident in Y2013 – Financial reward makes organized Cyber Crime very prevalent – Geo-Political Expression of Opinion – Ease of Attack Tools and Availability – …. The list goes on …… 313 May 2014
MARSH Cyber Security Threat Landscape – (R) evolution….. 413 May 2014
MARSH Cyber Security Threat Landscape – Sophistication of Attacks 513 May 2014
MARSH Cyber Security in the Energy Sector 613 May 2014 • Some Statistics…. – US ICS-CERT is the only organized public forum for Industrial Control Systems Security – Computer Emergency Response Team – 18 x Critical Infrastructure Sectors Identified by DHS • Concerted effort is required amongst organizations and governments alike to increase awareness of cyber security across critical infrastructure…..
MARSH Cyber Security in the Energy Sector 713 May 2014 Source: ICS-CERT (256 reported security incidents) – how many go unreported 
MARSH ….. Industrial Malware Timeline ….. 813 May 2014 Slammer •Davis-Besse Nuclear Plant •Plant monitoring offline for 5-6 hours Night Dragon •Oil and Gas Majors •Sensitive Information Stolen Stuxnet •USB infection •Natanz Facility •Controller Sabotage 2003 2009 2010 Shamoon •Oil and Gas in GCC •30K+ Devices Wiped 20122011 DuQu •Stuxnet Variant •Backdoor Rootkit Flame •Keystroke Logger •Screenshot •Cyber Espionage •Mainly in Middle East Some Malware Self-Replicating and Propagates….. (dropper and replicate, overwrite and wipe) Mahdi •Malicious PDF/PPT •Cyber Espionage •Mainly in Middle East Red October •Malicious PDF/PPT •Cyber Espionage •Swiss Knife of Malware 2013 Operations Aurora •APT •Target Hi-Tech •Defense •Source Code •Originated from CN
MARSH …. Industrial Malware Geo-Infections …. 913 May 2014 STUXNET FLAME Source: Kaspersky Labs
MARSH …. Industrial Malware Geo-Infections …. 1013 May 2014
MARSH Critical Infrastructure / Energy Sector – Security Attacks on SCADA Networks 1113 May 2014
MARSH Critical Infrastructure / Energy Sector – Impact 1213 May 2014 • Can you imagine what can go wrong…. Power Blackout Contamination Loss in Production • http://www.securityincidents.org/ - global repository of industrial control security incidents. • Database of known ICS security incidents …
MARSH Critical Infrastructure / Energy Sector – Ease of Exploitation 1313 May 2014 • SCADA Systems are “in-secure by design” – PLC / RTU non-hardened Operative System – Commercial of the Shelf Hardware – Legacy Industrial Control Protocols without authentication or authorization – No form of confidentiality – encryption – Security is still immature in SCADA / ICS networks unlike IT Enterprise • Control Engineers and Field Operators have little understanding of Cyber Security • Threats are multi-dimensional; – Internet Connectivity (www.shodanhq.com) all kinds of SCADA systems from HVAC to Web Cams – 3rd Party Remote Access – USB Infected Removable Media – Insecure SCADA devices (vulnerabilities) – Enterprise IT Business LAN connected to Control Systems Network – no air gap… – Legacy Windows Based Operating System (XP, NT etc…) – highly vulnerable systems
MARSH DISCLAIMER – What is connected to the @ 1413 May 2014 WEBCAMS H2O FUEL CELL WINDFARMS HVAC / HOME AUTOMATION (SPEAKERS) HEAT PUMP EMERGENCY TELCO GEAR MASSIVE COOLERS STOPLIGHTS / JUNCTIONS
MARSH • Exploits readily available on the Internet – AppStore style availability of vulnerability exploits against SCADA devices….. 1513 May 2014 Critical Infrastructure / Energy Sector – Ease of Exploitation
MARSH Critical Infrastructure – Enterprise and Process Control Network Convergence 1613 May 2014
MARSH 17 External Network Control LAN Plant Network Office LAN Internet  Infected Laptops Infected Remote Support  Mis-Configured Firewalls  Unauthorized Connections  Modems   3rd Party Issues USB Drives  Security Threats on the Plant Floor
MARSH So how are we going to secure the critical infrastructure…. 1813 May 2014
MARSH So how are we going to secure the critical infrastructure…. • Follow Industry Best Practices in the Security Field – Many different Security Standards and Regulations exist for the ICS environment; - ISA-99 / IEC-62443 - NERC-CIP - NIST 800-82 - ISO27001:2013 – Begin by developing a Cyber Security Framework that incorporate Risk Management into this. – Ensure the Cyber Security Framework is going to have top management level backing….. 1913 May 2014
MARSH Establish a Cyber Security Governance Group 2013 May 2014 What is the role of a governance group? • Strategic: setting the process control security policy and initiating the process control security programme. • Tactical: implement the process control security programme, provide process control security awareness and training advice, and policy and standards compliance monitoring. Setting and approving budgets. • Operational: forming and liaising with the ICS Security Run & Maintain Team which monitors, analyses and responds to alerts and incidents. Monitoring risk exposure. Output – Deploy & Manage Policies, Standards, Monitoring Awareness & Training Continuity & Response Capability Definition & Creation - Governance Group Operations Safety/Risk Engineering IT Regulatory Exec Sponsor Inputs - Business Risks Threats Regulations/Standards Technologies Business Impact
MARSH Cyber Security - Policies, Standards and Compliance 2113 May 2014 Policies establishes the boundaries for action and is driven by the business’ appetite for risk Policy statements communicate the following: • Clear commitment to ICS security principals and practices endorsed by senior leadership • Clear statement of policy intent to provide a basis for consistent decision-making and prioritization Typical policy characteristics : • Widespread application • Change infrequently and expressed in broad terms • Are not technical documents • Based on statements of “What” and/or “Why” • Guide and determine present and future decisions Policies should include: • Statement of intent • To what or whom the policy applies to • Who owns the policy • The exception criteria process
MARSH Cyber Security - Policies, Standards and Compliance 2213 May 2014 Internal Standards provide a consistent organizational interpretation to achieve the desired quality of the defined policy. Typical standards characteristics : • Narrow in application • Change more frequently due to implementation feedback or system environment • Described in detail including some technical or vendor specific detail • Include statements of “How” , “When” and possibly “Who” • Describes related processes Standards documents should include: • The policy statements to which the standards applies • Intended audience • To what or whom the standard applies • Who owns the standard and information on the update cycle • The exception criteria process
MARSH Cyber Security – Risk Assessment Methodologies 2313 May 2014
MARSH Asset Lifecycle Challenges specific to ICS Security; 2413 May 2014 • Capital projects • Greenfield • Existing assets • Brownfield • Contractors and suppliers • Workforce Development • Raising Cyber Security Awareness
MARSH Cyber Security – Embedding Security Technical Assurance in Project Lifecycle 2513 May 2014
MARSH Contractors and Suppliers • Develop standards and implementation guidelines for suppliers – especially important for 3rd party vendors • Work with key suppliers to develop standard toolkits for future projects and upgrades • Set high expectations for suppliers and contractually obligate them successfully deliver a secure solution 2613 May 2014
MARSH Cyber Security Project Assurance Levels 2713 May 2014
MARSH Cyber Security Framework Development 2813 May 2014 • Security Policies Development • Security Procedures and Standards Development • Control System Asset Management • Risk Assessment for ICS/SCADA • Gap Analysis for ICS/SCADA • Business Continuity Planning • Incident Response Plan • Security Architecture Blueprint • Workforce Training and Development • Security Controls Mapping to Industry Standards • SCADA Network Traffic Analysis • Security Operations Center (SOC) for SCADA
MARSH Cyber Security Operations Center 2913 May 2014
MARSH Technical Cyber Security Implementation 3013 May 2014 • Security Architecture Review and Re-Engineering • Network Segmentation • Security Zoning and Conduits • One Way Diode Firewall • Overlay Encryption • Patch Management • Endpoint Security • Application Whitelisting • Vulnerability Management for Control System • SIEM for the ICS/SCADA Environment • 3rd Party Remote Access
MARSH 3113 May 2014
Registered in England and Wales Number: 1507274, Registered Office: 1 Tower Place West, Tower Place, London EC3R 5BU. Marsh Ltd is authorised and regulated by the Financial Conduct Authority.

Recomendados

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 

Recomendados

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 

Mais conteúdo relacionado

Mais procurados

Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 

Mais procurados (20)

Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 

Semelhante a National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Call....

Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
1 final secnet_pci
1 final secnet_pci1 final secnet_pci
1 final secnet_pcimosyas
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training CourseRicky Lionel Vaz
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Netpluz Asia Pte Ltd
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskSurfWatch Labs
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 

Semelhante a National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Call.... (20)

Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
1 final secnet_pci
1 final secnet_pci1 final secnet_pci
1 final secnet_pci
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training Course
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 

Mais de Shah Sheikh

DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....Shah Sheikh
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayShah Sheikh
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
SeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysSeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysShah Sheikh
 

Mais de Shah Sheikh (20)

DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job Way
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
SeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysSeGW Whitepaper from Radisys
SeGW Whitepaper from Radisys
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Call....

  • 1. NATIONAL OIL COMPANIES CONFERENCE 2014 BEYOND THE HORIZON – MANAGING THE NEXT FRONTIER OF RISK 18-20 MARCH 2014 Evolving Cyber Security - A wake up call… Shah H Sheikh MEng CISSP CISA CISM CRISC CCSK (shah@dts-solution.com) Co-Founder / Sr. Security Consultant @ DTS Solution INTERCONTINENTAL HOTEL FESTIVAL CITY, DUBAI
  • 2. MARSH 113 May 2014 Agenda Evolving Cyber Security – A wake up call …. • Cyber Security Introduction and History… • Cyber Security for SCADA / Critical Infrastructure and Enterprises • Attacker and Actors Profile and Objectives • Cyber Security Risk Management Framework
  • 3. MARSH Cyber Security Introduction • What is Cyber Security? – Protection of mission and business critical assets in the form of logical security controls (this is not physical security) to ensure no adverse impact of any kind to the business. • Why is it important? – Globalized Digital Data – Every organization has digital information data, many enterprises trade and carry business transactions online, each and every enterprise is connected to the internet in one form or another – cyber security threats can materialize from external and internal boundaries. Critical Infrastructure needs to be protected…. Many important government level discussions in 2013 cited Cyber Attacks and Digital Spying as a major concern for national security … 213 May 2014
  • 4. MARSH Cyber Security Introduction • Information Security Investment – From Luxury to Necessity … – The perception needs to change and needs to be driven at top management level with clear governance and steering committee. • The future of Cyber Security and Risk…. – There is little doubt that the race for arms is cyber warfare… – State sponsored cyber attacks are a common place and very evident in Y2013 – Financial reward makes organized Cyber Crime very prevalent – Geo-Political Expression of Opinion – Ease of Attack Tools and Availability – …. The list goes on …… 313 May 2014
  • 5. MARSH Cyber Security Threat Landscape – (R) evolution….. 413 May 2014
  • 6. MARSH Cyber Security Threat Landscape – Sophistication of Attacks 513 May 2014
  • 7. MARSH Cyber Security in the Energy Sector 613 May 2014 • Some Statistics…. – US ICS-CERT is the only organized public forum for Industrial Control Systems Security – Computer Emergency Response Team – 18 x Critical Infrastructure Sectors Identified by DHS • Concerted effort is required amongst organizations and governments alike to increase awareness of cyber security across critical infrastructure…..
  • 8. MARSH Cyber Security in the Energy Sector 713 May 2014 Source: ICS-CERT (256 reported security incidents) – how many go unreported 
  • 9. MARSH ….. Industrial Malware Timeline ….. 813 May 2014 Slammer •Davis-Besse Nuclear Plant •Plant monitoring offline for 5-6 hours Night Dragon •Oil and Gas Majors •Sensitive Information Stolen Stuxnet •USB infection •Natanz Facility •Controller Sabotage 2003 2009 2010 Shamoon •Oil and Gas in GCC •30K+ Devices Wiped 20122011 DuQu •Stuxnet Variant •Backdoor Rootkit Flame •Keystroke Logger •Screenshot •Cyber Espionage •Mainly in Middle East Some Malware Self-Replicating and Propagates….. (dropper and replicate, overwrite and wipe) Mahdi •Malicious PDF/PPT •Cyber Espionage •Mainly in Middle East Red October •Malicious PDF/PPT •Cyber Espionage •Swiss Knife of Malware 2013 Operations Aurora •APT •Target Hi-Tech •Defense •Source Code •Originated from CN
  • 10. MARSH …. Industrial Malware Geo-Infections …. 913 May 2014 STUXNET FLAME Source: Kaspersky Labs
  • 11. MARSH …. Industrial Malware Geo-Infections …. 1013 May 2014
  • 12. MARSH Critical Infrastructure / Energy Sector – Security Attacks on SCADA Networks 1113 May 2014
  • 13. MARSH Critical Infrastructure / Energy Sector – Impact 1213 May 2014 • Can you imagine what can go wrong…. Power Blackout Contamination Loss in Production • http://www.securityincidents.org/ - global repository of industrial control security incidents. • Database of known ICS security incidents …
  • 14. MARSH Critical Infrastructure / Energy Sector – Ease of Exploitation 1313 May 2014 • SCADA Systems are “in-secure by design” – PLC / RTU non-hardened Operative System – Commercial of the Shelf Hardware – Legacy Industrial Control Protocols without authentication or authorization – No form of confidentiality – encryption – Security is still immature in SCADA / ICS networks unlike IT Enterprise • Control Engineers and Field Operators have little understanding of Cyber Security • Threats are multi-dimensional; – Internet Connectivity (www.shodanhq.com) all kinds of SCADA systems from HVAC to Web Cams – 3rd Party Remote Access – USB Infected Removable Media – Insecure SCADA devices (vulnerabilities) – Enterprise IT Business LAN connected to Control Systems Network – no air gap… – Legacy Windows Based Operating System (XP, NT etc…) – highly vulnerable systems
  • 15. MARSH DISCLAIMER – What is connected to the @ 1413 May 2014 WEBCAMS H2O FUEL CELL WINDFARMS HVAC / HOME AUTOMATION (SPEAKERS) HEAT PUMP EMERGENCY TELCO GEAR MASSIVE COOLERS STOPLIGHTS / JUNCTIONS
  • 16. MARSH • Exploits readily available on the Internet – AppStore style availability of vulnerability exploits against SCADA devices….. 1513 May 2014 Critical Infrastructure / Energy Sector – Ease of Exploitation
  • 17. MARSH Critical Infrastructure – Enterprise and Process Control Network Convergence 1613 May 2014
  • 18. MARSH 17 External Network Control LAN Plant Network Office LAN Internet  Infected Laptops Infected Remote Support  Mis-Configured Firewalls  Unauthorized Connections  Modems   3rd Party Issues USB Drives  Security Threats on the Plant Floor
  • 19. MARSH So how are we going to secure the critical infrastructure…. 1813 May 2014
  • 20. MARSH So how are we going to secure the critical infrastructure…. • Follow Industry Best Practices in the Security Field – Many different Security Standards and Regulations exist for the ICS environment; - ISA-99 / IEC-62443 - NERC-CIP - NIST 800-82 - ISO27001:2013 – Begin by developing a Cyber Security Framework that incorporate Risk Management into this. – Ensure the Cyber Security Framework is going to have top management level backing….. 1913 May 2014
  • 21. MARSH Establish a Cyber Security Governance Group 2013 May 2014 What is the role of a governance group? • Strategic: setting the process control security policy and initiating the process control security programme. • Tactical: implement the process control security programme, provide process control security awareness and training advice, and policy and standards compliance monitoring. Setting and approving budgets. • Operational: forming and liaising with the ICS Security Run & Maintain Team which monitors, analyses and responds to alerts and incidents. Monitoring risk exposure. Output – Deploy & Manage Policies, Standards, Monitoring Awareness & Training Continuity & Response Capability Definition & Creation - Governance Group Operations Safety/Risk Engineering IT Regulatory Exec Sponsor Inputs - Business Risks Threats Regulations/Standards Technologies Business Impact
  • 22. MARSH Cyber Security - Policies, Standards and Compliance 2113 May 2014 Policies establishes the boundaries for action and is driven by the business’ appetite for risk Policy statements communicate the following: • Clear commitment to ICS security principals and practices endorsed by senior leadership • Clear statement of policy intent to provide a basis for consistent decision-making and prioritization Typical policy characteristics : • Widespread application • Change infrequently and expressed in broad terms • Are not technical documents • Based on statements of “What” and/or “Why” • Guide and determine present and future decisions Policies should include: • Statement of intent • To what or whom the policy applies to • Who owns the policy • The exception criteria process
  • 23. MARSH Cyber Security - Policies, Standards and Compliance 2213 May 2014 Internal Standards provide a consistent organizational interpretation to achieve the desired quality of the defined policy. Typical standards characteristics : • Narrow in application • Change more frequently due to implementation feedback or system environment • Described in detail including some technical or vendor specific detail • Include statements of “How” , “When” and possibly “Who” • Describes related processes Standards documents should include: • The policy statements to which the standards applies • Intended audience • To what or whom the standard applies • Who owns the standard and information on the update cycle • The exception criteria process
  • 24. MARSH Cyber Security – Risk Assessment Methodologies 2313 May 2014
  • 25. MARSH Asset Lifecycle Challenges specific to ICS Security; 2413 May 2014 • Capital projects • Greenfield • Existing assets • Brownfield • Contractors and suppliers • Workforce Development • Raising Cyber Security Awareness
  • 26. MARSH Cyber Security – Embedding Security Technical Assurance in Project Lifecycle 2513 May 2014
  • 27. MARSH Contractors and Suppliers • Develop standards and implementation guidelines for suppliers – especially important for 3rd party vendors • Work with key suppliers to develop standard toolkits for future projects and upgrades • Set high expectations for suppliers and contractually obligate them successfully deliver a secure solution 2613 May 2014
  • 28. MARSH Cyber Security Project Assurance Levels 2713 May 2014
  • 29. MARSH Cyber Security Framework Development 2813 May 2014 • Security Policies Development • Security Procedures and Standards Development • Control System Asset Management • Risk Assessment for ICS/SCADA • Gap Analysis for ICS/SCADA • Business Continuity Planning • Incident Response Plan • Security Architecture Blueprint • Workforce Training and Development • Security Controls Mapping to Industry Standards • SCADA Network Traffic Analysis • Security Operations Center (SOC) for SCADA
  • 30. MARSH Cyber Security Operations Center 2913 May 2014
  • 31. MARSH Technical Cyber Security Implementation 3013 May 2014 • Security Architecture Review and Re-Engineering • Network Segmentation • Security Zoning and Conduits • One Way Diode Firewall • Overlay Encryption • Patch Management • Endpoint Security • Application Whitelisting • Vulnerability Management for Control System • SIEM for the ICS/SCADA Environment • 3rd Party Remote Access
  • 33. Registered in England and Wales Number: 1507274, Registered Office: 1 Tower Place West, Tower Place, London EC3R 5BU. Marsh Ltd is authorised and regulated by the Financial Conduct Authority.