SlideShare une entreprise Scribd logo

Cybersecurity isaca

Antoine Vigneron
Antoine Vigneron

This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.

Technologie
1  sur  56
Télécharger pour lire hors ligne
Cybersecurité à l’ISACA Yves LE ROUX CISM, CISSP Yves.leroux@ca.com 2 avril 2015 Jeudi de l’AFAI
Tendances et nouveaux aspects de la sécurité informatique
3 © 2014 CA. ALL RIGHTS RESERVED.
4 © 2014 CA. ALL RIGHTS RESERVED. Factors Impacting the Need for Improved Cyber Security Source: ISACA, 2014
5 © 2014 CA. ALL RIGHTS RESERVED. Consumerization •Mobile devices •Social media •Cloud services •Nonstandard •Security as a Service Continual Regulatory and Compliance Pressures • SOX, PCI, EU Privacy • ISO 27001 • Other regulations Emerging Trends •Decrease in time to exploit •Targeted attacks •Advanced persistent threats (APTs) Source: ISACA, 2014 Key Trends and Drivers of Security
6 © 2014 CA. ALL RIGHTS RESERVED. he WOrld is Changing Source: ISACA, 2012
7 © 2014 CA. ALL RIGHTS RESERVED. The APT Life cycle History shows that most sophisticated attackers, regardless of their motives, funding or control, tend to operate in a certain cycle and are extremely effective at attacking their targets. 7
8 © 2014 CA. ALL RIGHTS RESERVED.
APT sont différents ils sont ciblés VS
Attaques ciblées • Adversary’s persistence – They know what they want and they pursue their goal – They will repeatedly try to get in – Once they’re in they try to stay – When you throw them out they will try to come back • Initial infection very difficult to avoid – Spear-phishing e-mails – Social engineering to trick the user into running malware installers – Watering hole attacks using known exploits – Watering hole attacks that rely on social engineering • Take control over the infrastructure: 10’-> 48hours • Detection: average 229 days (or never) • Remediation: 1-6 months
Stratégie Européenne de Cybersécurité
12 © 2014 CA. ALL RIGHTS RESERVED. Strategie Européenne de Cybersecurité  The Five strategic objectives of the strategy are as follows: – Achieving cyber resilience – Drastically reducing cybercrime – Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP) – Developing the industrial and technological resources for cybersecurity – Establishing a coherent international cyberspace policy for the European Union and promote core EU values.
13 © 2014 CA. ALL RIGHTS RESERVED. Network and Information Security (NIS) Directive Key Elements  Capabilities: Common NIS requirements at national level – NIS strategy and cooperation plan – NIS competent authority – Computer Emergency Response Team (CERT)  Cooperation: NIS competent authorities to cooperate within a network at EU level – Early warnings and coordinated response – Capacity building – NIS exercises at EU level – ENISA to assist  Risk management and incident reporting for: – Energy – electricity, gas and oil – Credit institutions and stock exchanges – Transport – air, maritime, rail – Healthcare – Internet enablers – Public administrations
14 © 2014 CA. ALL RIGHTS RESERVED. NIS Directive legal actions  7 February 2013 The European Commission published the draft Network and Information Security (NIS) Directive, which set out proposals to enhance the EU’s resilience to cyber security threats and ensure a common level of network and information security across the EU.  13 March 2014 The European Parliament successfully voted through the proposed NIS Directive with a number of amendments to the proposed text.  19 November 2014 EU Member States remain divided whether Internet companies should comply with the proposed NIS Directive. The Council presidency said that it is "confident" that the Council and Parliament would be able to "reach a deal before the end of the year" on the final wording of the legislation.
15 © 2014 CA. ALL RIGHTS RESERVED. NIS Public-Private Platform  NIS Platform is complementing and underpinning the NIS Directive. It will help implement the measures set out in the Directive, e.g. by simplifying incident reporting, and ensure its convergent and harmonised application across the EU.  First meeting of the NIS Platform on 17 June 2013, it was decided to set up 3 working groups which should be cross-cutting, with all relevant sectors represented: – WG1 on risk management, including information assurance, risks metrics and awareness raising; – WG2 on information exchange and incident coordination, including incident reporting and risks metrics for the purpose of information exchange; – WG3 on secure ICT research and innovation.  The NIS Platform on 25 November 2014, decided that the aim is to have NISP finalised guidance of all Chapters in October 2015 and Commission recommendations on good cyber security practices due to be adopted in late 2015.
16 © 2014 CA. ALL RIGHTS RESERVED. Breakdown and tentative timing of Chapters per W.G. Source: NIS Public-Private Platform 25 november 2014 Meeting Report
17 © 2014 CA. ALL RIGHTS RESERVED. France  La loi de programmation militaire du 18 décembre 2013  Décret no 2015-349 du 27 mars 2015 relatif à l’habilitation et à l’assermentation des agents de l’autorité nationale de sécurité des systèmes d’information  Décret no 2015- 350 du 27 mars 2015 relatif à la qualification des produits de sécurité   Décret no 2015-351 du 27 mars 2015 relatif à la sécurité des systèmes d’information des opérateurs d’importance vitale.
18 © 2014 CA. ALL RIGHTS RESERVED. France  218 organisations stratégiques pour la nation, ont l'obligation de se protéger contre les intrusions informatiques.  Secteurs étatiques : activités civiles de l’Etat, activités militaires de l’Etat, activités judiciaires.  Secteurs de la protection des citoyens : santé, gestion de l'eau, alimentation.  Secteurs de la vie économique et sociale de la nation : énergie, communication, électronique, audiovisuel et information (les quatre représentent un secteur), transports, finances, industrie.  Audits externes réguliers contrôlant la sécurité de leur système d'information  Installation de logiciels ou matériels qui détectent en permanence les intrusions informatiques venues de l'extérieur.
ISACA European Cybersecurity Implementation Series
20 © 2014 CA. ALL RIGHTS RESERVED.  ISACA has released the European Cyber security Implementation Series primarily to provide practical implementation guidance that is aligned with European requirements and good practice. Source: ISACA, 2014
21 © 2014 CA. ALL RIGHTS RESERVED. Source: ISACA, 2014
22 © 2014 CA. ALL RIGHTS RESERVED.
23 © 2014 CA. ALL RIGHTS RESERVED. SIX QUESTIONS THE BOARD SHOULD ASK  Does the organization use a security framework?  What are the top five risks the organization has related to cybersecurity?  How are employees made aware of their role related to cybersecurity?  Are external and internal threats considered when planning cybersecurity program activities?  How is security governance managed within the organization?  In the event of a serious breach, has management developed a robust response protocol?
24 © 2014 CA. ALL RIGHTS RESERVED. Overview When implementing cybersecurity steps and measures enterprises should perform : 1. Analyse impact (with a view to business impacts and other, nonfinancial impacts). 2. Identify and analyse risk 3. Determine risk treatment. 4. Determine cybersecurity strategy options based on risk profile.
25 © 2014 CA. ALL RIGHTS RESERVED.
Source: ENISA, 2014
Mapping ERMP to COBIT 5 Source: ISACA, 2014
Some exemples of Cybersecurity Risk
Risk Scenario in COBIT 5 Risk Management
Cobit 5 Risk Management Framework
Trois lignes de défense
European restriction on Audit
Legal and contractual relationships
Data logging & retention
Le dernier paru
Questions? Yves.leroux@ca.com

Recommandé

Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - OverviewThanuja Seneviratne
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
 

Recommandé

Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - OverviewThanuja Seneviratne
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides SlideTeam
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
Cybersecurity
CybersecurityCybersecurity
CybersecuritySanjana Agarwal
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartJames W. De Rienzo
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Information security
Information securityInformation security
Information securityYogeshwari M Yogi
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...Edureka!
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_SecurityWillianMachadoFonsec
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecuritydivyanshigarg4
 
ANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEpolenumerique33
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesMohamed MDELLA
 

Contenu connexe

Tendances

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides SlideTeam
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...Edureka!
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
 

Tendances (20)

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Information security
Information securityInformation security
Information security
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_Security
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 

En vedette

ANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEpolenumerique33
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesMohamed MDELLA
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatiqueNIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatiqueITrust - Cybersecurity as a Service
 
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...Antoine Vigneron
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapterisc2-hellenic
 
Paiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitalePaiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitaleAntoine Vigneron
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Jeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéJeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéAntoine Vigneron
 
La French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de PresseLa French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de PressePaul-Antoine Evain
 
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...polenumerique33
 
Incident Response in the Cloud
Incident Response in the CloudIncident Response in the Cloud
Incident Response in the CloudBrian Honan
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...polenumerique33
 
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshopIUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshoppolenumerique33
 
CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015polenumerique33
 
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...polenumerique33
 

En vedette (20)

ANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PMEANSSI D2IE Formation à la cybersécurité des TPE / PME
ANSSI D2IE Formation à la cybersécurité des TPE / PME
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnelles
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatiqueNIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
NIS : l’Europe se dote d’un plan de bataille contre le piratage informatique
 
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
 
Paiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitalePaiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitale
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Fiche jei-2015
Fiche jei-2015Fiche jei-2015
Fiche jei-2015
 
Jeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéJeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécurité
 
La French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de PresseLa French Tech au CES 2017 - Dossier de Presse
La French Tech au CES 2017 - Dossier de Presse
 
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
Conférence Internet des objets IoT M2M - CCI Bordeaux - 02 04 2015 - presenta...
 
Incident Response in the Cloud
Incident Response in the CloudIncident Response in the Cloud
Incident Response in the Cloud
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
L’ENTREPRISE FACE À SES ENJEUX ET RISQUES NUMÉRIQUES GOUVERNANCE ET ORGANISAT...
 
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshopIUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
IUT Bordeaux - plaquette coh@bit 2015 - fab lab et technoshop
 
CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015CR Aquitaine AMI Numérique aquitain 2015
CR Aquitaine AMI Numérique aquitain 2015
 
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
Notice pour la déclaration de dépenses d’innovation éligibles au crédit impôt...
 

Similaire à Cybersecurity isaca

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorEuropean Services Institute
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016OMNETRIC
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxbagotjesusa
 
Critical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation SectorCritical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation SectorEuropean Services Institute
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillaydotZADNA
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanAPNIC
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Cyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportCyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportAndrey Apuhtin
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)Abbie Barbir
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber StrategyIan Kelly
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseKevin Duffey
 

Similaire à Cybersecurity isaca (20)

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docx
 
Critical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation SectorCritical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation Sector
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in Taiwan
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
 
Cyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportCyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transport
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber Strategy
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
 

Plus de Antoine Vigneron

L'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéL'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéAntoine Vigneron
 
La signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesLa signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesAntoine Vigneron
 
La signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASLa signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASAntoine Vigneron
 
La signature électronique chez les notaires
La signature électronique chez les notairesLa signature électronique chez les notaires
La signature électronique chez les notairesAntoine Vigneron
 
La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?Antoine Vigneron
 
Internet des objets - Doc@Post
Internet des objets - Doc@PostInternet des objets - Doc@Post
Internet des objets - Doc@PostAntoine Vigneron
 
Objets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreObjets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreAntoine Vigneron
 
Données personnelles et SI - GDPR
Données personnelles et SI - GDPRDonnées personnelles et SI - GDPR
Données personnelles et SI - GDPRAntoine Vigneron
 
La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des... La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des...Antoine Vigneron
 
Cybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautiqueCybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautiqueAntoine Vigneron
 
Les ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieLes ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieAntoine Vigneron
 
Relever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeRelever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeAntoine Vigneron
 
DSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteDSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteAntoine Vigneron
 
CFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteCFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteAntoine Vigneron
 
Galtier Concilier securite et simplicite
Galtier Concilier securite et simpliciteGaltier Concilier securite et simplicite
Galtier Concilier securite et simpliciteAntoine Vigneron
 
Challenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraChallenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraAntoine Vigneron
 

Plus de Antoine Vigneron (20)

L'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéL'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécurité
 
La signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesLa signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usages
 
La signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASLa signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDAS
 
La signature électronique chez les notaires
La signature électronique chez les notairesLa signature électronique chez les notaires
La signature électronique chez les notaires
 
Bitcoin et le bitcoin
Bitcoin et le bitcoinBitcoin et le bitcoin
Bitcoin et le bitcoin
 
La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?
 
CIO advisory English
CIO advisory English CIO advisory English
CIO advisory English
 
Les objets connectés
Les objets connectésLes objets connectés
Les objets connectés
 
Internet des objets - Doc@Post
Internet des objets - Doc@PostInternet des objets - Doc@Post
Internet des objets - Doc@Post
 
Objets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreObjets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendre
 
Données personnelles et SI - GDPR
Données personnelles et SI - GDPRDonnées personnelles et SI - GDPR
Données personnelles et SI - GDPR
 
La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des... La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des...
 
Cybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautiqueCybersécurité, IOT automobile et aéronautique
Cybersécurité, IOT automobile et aéronautique
 
Les ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieLes ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussie
 
Relever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeRelever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en Europe
 
DSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteDSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simplicite
 
CFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteCFAO Concilier securité et simplicite
CFAO Concilier securité et simplicite
 
Galtier Concilier securite et simplicite
Galtier Concilier securite et simpliciteGaltier Concilier securite et simplicite
Galtier Concilier securite et simplicite
 
Cloud and compliance REX
Cloud and compliance REXCloud and compliance REX
Cloud and compliance REX
 
Challenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraChallenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital era
 

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Dernier (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Cybersecurity isaca

  • 1. Cybersecurité à l’ISACA Yves LE ROUX CISM, CISSP Yves.leroux@ca.com 2 avril 2015 Jeudi de l’AFAI
  • 2. Tendances et nouveaux aspects de la sécurité informatique
  • 3. 3 © 2014 CA. ALL RIGHTS RESERVED.
  • 4. 4 © 2014 CA. ALL RIGHTS RESERVED. Factors Impacting the Need for Improved Cyber Security Source: ISACA, 2014
  • 5. 5 © 2014 CA. ALL RIGHTS RESERVED. Consumerization •Mobile devices •Social media •Cloud services •Nonstandard •Security as a Service Continual Regulatory and Compliance Pressures • SOX, PCI, EU Privacy • ISO 27001 • Other regulations Emerging Trends •Decrease in time to exploit •Targeted attacks •Advanced persistent threats (APTs) Source: ISACA, 2014 Key Trends and Drivers of Security
  • 6. 6 © 2014 CA. ALL RIGHTS RESERVED. he WOrld is Changing Source: ISACA, 2012
  • 7. 7 © 2014 CA. ALL RIGHTS RESERVED. The APT Life cycle History shows that most sophisticated attackers, regardless of their motives, funding or control, tend to operate in a certain cycle and are extremely effective at attacking their targets. 7
  • 8. 8 © 2014 CA. ALL RIGHTS RESERVED.
  • 9. APT sont différents ils sont ciblés VS
  • 10. Attaques ciblées • Adversary’s persistence – They know what they want and they pursue their goal – They will repeatedly try to get in – Once they’re in they try to stay – When you throw them out they will try to come back • Initial infection very difficult to avoid – Spear-phishing e-mails – Social engineering to trick the user into running malware installers – Watering hole attacks using known exploits – Watering hole attacks that rely on social engineering • Take control over the infrastructure: 10’-> 48hours • Detection: average 229 days (or never) • Remediation: 1-6 months
  • 11. Stratégie Européenne de Cybersécurité
  • 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Strategie Européenne de Cybersecurité  The Five strategic objectives of the strategy are as follows: – Achieving cyber resilience – Drastically reducing cybercrime – Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP) – Developing the industrial and technological resources for cybersecurity – Establishing a coherent international cyberspace policy for the European Union and promote core EU values.
  • 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Network and Information Security (NIS) Directive Key Elements  Capabilities: Common NIS requirements at national level – NIS strategy and cooperation plan – NIS competent authority – Computer Emergency Response Team (CERT)  Cooperation: NIS competent authorities to cooperate within a network at EU level – Early warnings and coordinated response – Capacity building – NIS exercises at EU level – ENISA to assist  Risk management and incident reporting for: – Energy – electricity, gas and oil – Credit institutions and stock exchanges – Transport – air, maritime, rail – Healthcare – Internet enablers – Public administrations
  • 14. 14 © 2014 CA. ALL RIGHTS RESERVED. NIS Directive legal actions  7 February 2013 The European Commission published the draft Network and Information Security (NIS) Directive, which set out proposals to enhance the EU’s resilience to cyber security threats and ensure a common level of network and information security across the EU.  13 March 2014 The European Parliament successfully voted through the proposed NIS Directive with a number of amendments to the proposed text.  19 November 2014 EU Member States remain divided whether Internet companies should comply with the proposed NIS Directive. The Council presidency said that it is "confident" that the Council and Parliament would be able to "reach a deal before the end of the year" on the final wording of the legislation.
  • 15. 15 © 2014 CA. ALL RIGHTS RESERVED. NIS Public-Private Platform  NIS Platform is complementing and underpinning the NIS Directive. It will help implement the measures set out in the Directive, e.g. by simplifying incident reporting, and ensure its convergent and harmonised application across the EU.  First meeting of the NIS Platform on 17 June 2013, it was decided to set up 3 working groups which should be cross-cutting, with all relevant sectors represented: – WG1 on risk management, including information assurance, risks metrics and awareness raising; – WG2 on information exchange and incident coordination, including incident reporting and risks metrics for the purpose of information exchange; – WG3 on secure ICT research and innovation.  The NIS Platform on 25 November 2014, decided that the aim is to have NISP finalised guidance of all Chapters in October 2015 and Commission recommendations on good cyber security practices due to be adopted in late 2015.
  • 16. 16 © 2014 CA. ALL RIGHTS RESERVED. Breakdown and tentative timing of Chapters per W.G. Source: NIS Public-Private Platform 25 november 2014 Meeting Report
  • 17. 17 © 2014 CA. ALL RIGHTS RESERVED. France  La loi de programmation militaire du 18 décembre 2013  Décret no 2015-349 du 27 mars 2015 relatif à l’habilitation et à l’assermentation des agents de l’autorité nationale de sécurité des systèmes d’information  Décret no 2015- 350 du 27 mars 2015 relatif à la qualification des produits de sécurité   Décret no 2015-351 du 27 mars 2015 relatif à la sécurité des systèmes d’information des opérateurs d’importance vitale.
  • 18. 18 © 2014 CA. ALL RIGHTS RESERVED. France  218 organisations stratégiques pour la nation, ont l'obligation de se protéger contre les intrusions informatiques.  Secteurs étatiques : activités civiles de l’Etat, activités militaires de l’Etat, activités judiciaires.  Secteurs de la protection des citoyens : santé, gestion de l'eau, alimentation.  Secteurs de la vie économique et sociale de la nation : énergie, communication, électronique, audiovisuel et information (les quatre représentent un secteur), transports, finances, industrie.  Audits externes réguliers contrôlant la sécurité de leur système d'information  Installation de logiciels ou matériels qui détectent en permanence les intrusions informatiques venues de l'extérieur.
  • 20. 20 © 2014 CA. ALL RIGHTS RESERVED.  ISACA has released the European Cyber security Implementation Series primarily to provide practical implementation guidance that is aligned with European requirements and good practice. Source: ISACA, 2014
  • 21. 21 © 2014 CA. ALL RIGHTS RESERVED. Source: ISACA, 2014
  • 22. 22 © 2014 CA. ALL RIGHTS RESERVED.
  • 23. 23 © 2014 CA. ALL RIGHTS RESERVED. SIX QUESTIONS THE BOARD SHOULD ASK  Does the organization use a security framework?  What are the top five risks the organization has related to cybersecurity?  How are employees made aware of their role related to cybersecurity?  Are external and internal threats considered when planning cybersecurity program activities?  How is security governance managed within the organization?  In the event of a serious breach, has management developed a robust response protocol?
  • 24. 24 © 2014 CA. ALL RIGHTS RESERVED. Overview When implementing cybersecurity steps and measures enterprises should perform : 1. Analyse impact (with a view to business impacts and other, nonfinancial impacts). 2. Identify and analyse risk 3. Determine risk treatment. 4. Determine cybersecurity strategy options based on risk profile.
  • 25. 25 © 2014 CA. ALL RIGHTS RESERVED.
  • 27. Mapping ERMP to COBIT 5 Source: ISACA, 2014
  • 28. Some exemples of Cybersecurity Risk
  • 29. Risk Scenario in COBIT 5 Risk Management
  • 30. Cobit 5 Risk Management Framework
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. Trois lignes de défense
  • 46.
  • 47.
  • 49.
  • 50. Legal and contractual relationships
  • 51.
  • 52. Data logging & retention
  • 54.
  • 55.