SlideShare une entreprise Scribd logo

Eu 2016 114 - 8

Télécharger en tant que PPTX, PDF
Jan Biets [jan_biets@hotmail.com]
Jan Biets [jan_biets@hotmail.com]

KRITIS, EU Directive 2016/114 , 2016/1148

Business
1  sur  18
Sensitivity: Confidential KRITIS (Directive EU 2016/114- 1148) A way forward Note from the editors: “KRITIS” sounds German, as it is German word for ‘critical’. Germany has taken the lead in implementing the new European Directive.
Sensitivity: Confidential Where does it applies on „Critical infrastructures are organizational and physical structures and facilities of such vital importance to a nation’s society and economy that their failure or degradation would result in sustained supply shortages, significant disruption of public safety and security, or other dramatic consequence“ Source: UP KRITIS Public-Private Partnership for Critical Infrastructure Protection
Sensitivity: Confidential Industry and beyond ENERGY IT, Telecom Media, Culture Finance, Insurance Water Transport, traffic government, admin’s health food
Sensitivity: Confidential Where does it based on „ Directive (EU) 2016/1148 (NIS Directive) “ Source: UP KRITIS Public-Private Partnership for Critical Infrastructure Protection
Sensitivity: Confidential Today Front- Runner’s approach • Critical Infrastructures • Identify scope 360°, or ‘full panorama’ • Collect “landscape” information: • Infrastructure (construction) drawings, • It (software, applications, touchpoints, hardware, configuration / patch mgt,…) • It network (incl ‘cloud’) • Vendor management, configuration management (tool/application), incl. housing and hosting service providers; • Server room(-s) • Civil / operational constructions drawings, technical operation rooms • People • Policies • Processes • Geographical location, transport modi, suppliers, environmental; • Statement of Applicability (cfr / ref.: slide 7) • Risk assessment, previous audit reports • Identify mitigation • Execute / realise mitigation / solutioning • Document • Audit • Management / maintain control on ‘Critical Infrastructure’ protection
Sensitivity: Confidential SoA # area Description of Statement of Applicability Related standards, audit framework documents Vulnerability-Management What is the handling of known weak points like? Presentation of processes and derived measures. SANS Institute OWASP top 10 ISO 27002 ISO 31000 Risk assessment Recommendations Periodically Iterative Process description, Patch-Management Concept of measures for patch management at DL. ITIL Process definition (may be tooling’) Systemhärtung [hardening] The Contractor undertakes to harden the systems it supplies in order to minimise the impact Identify collection of tools, techniques, and Best Practises to reduce vulnerability Company wide; Fernzugang für Drittanbieter Remote access from third parties to the network of the Principal Anforderungen an die Softwareentwicklungsproz esse The software development processes of the contractor must be designed in such a … Einsatz der kryptographischen Lösungen In order to ensure that no obsolete cryptographic solutions known to be … Dokumentation The service provider shall regularly document the processes mentioned in this list (process manual). ISO 27000 , ISMS Define structure Define document process flow, access management, user profiles … … … …
Sensitivity: Confidential Go with the flow SoW Contract Project set up SoA landscape Risk assessment Implementing Statement of Work In scope, out of scope, high level planning (and budget covenant Rules of Engagement, communication, project organisation Statement of Applicability Infrastructure, IT /network, civil constructions Risk based approach Roll-out, roll-in audit
Sensitivity: Confidential Approach, too Re-usable framework Elaborate & engineering, and build of a re-usable framework / template / approach for other Company’s sites
Sensitivity: Confidential Solution SoA ISO 2700x NIST ISO 31000 ITIL OWASP ISO 15408 EU 2016/114 EU 2016/1148 ISO 21827 ISO 22301 ISO 27031 UP KRITIS Public-Private Partnership for Critical Infrastructure Protection KRITIS V FIPS 140 IEC 62443 “Security for Industrial Process Measurement and Control – Network and System Security”,
Sensitivity: Confidential Foundation (Tooling) 1 • Register of Vendors • Cross referencing supplies (hardware, IT components, plc’s, • Cross referencing with configuration data (key identifiers per item) • Cross referenced with maintenance management • Service level management /contract (y/n), gold, silver, less… Inventory of all items (grouped, individually, types, locations, stock/warehouse, unique identifier, vendor. Risk based approach, again. What components are strategic in your organisation, or production chain Cross references are key What if Vendors is not operational anymore: what items are impacted? What if a key item is running out of life cycle? Alternative product? Alternative Supplier? In case of quality issue of item? Where are those items located in our Organisation / Production facility What components are strategic in your organisation, or production chain
Sensitivity: Confidential Foundation (Tooling) 2 • Register of Software, and applications • Cross referencing supplier • Cross referencing with configuration data (key identifiers per Software, tool, application) • Patch management, configuration item db • Latest/active version • Swift recovery • Cross referenced with maintenance or service level management
Sensitivity: Confidential Foundation (layered) 1: production facility • P&ID of your production facility • Instrument index (cfr slide 9) • Plc, and other automation devices (cfr slide 9) • Software (versions) (cfr slide 10) • location
Sensitivity: Confidential Foundation (layered) 2: production facility • P&ID of your production facility • Instrument index (cfr slide 9) • Plc, and other automation devices (cfr slide 9) • Software (versions) (cfr slide 10) • location
Sensitivity: Confidential Foundation (layered) 3: production facility
Sensitivity: Confidential Foundation (layered) 4: ICT, network Site 1 Remote access Site 2 Remote accessible
Sensitivity: Confidential Foundation (layered) 4: geographical location Xyz location • access roads • canals • Rail roads • airport • Power supply (multiple providers) • Telecom supply (multiple providers) Physical security Vulnerability assessment
Sensitivity: Confidential Approach ‘Financial follow up ” Project set-up Contract, budget, SoA, SoW, set-up Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Deliverable 1 Definition of Work package deliverable 1 Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Deliverable 2 Definition of Work package deliverable Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Deliverable- x Definition of Work package deliverable Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Total project All deliverables (in scope) Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment
Sensitivity: Confidential End

Recommandé

network resilience 2016-04_web
network resilience 2016-04_webnetwork resilience 2016-04_web
network resilience 2016-04_web
Lieu Phung
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security IoT and M2M Safety and Security
IoT and M2M Safety and Security
Real-Time Innovations (RTI)
 
Data Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of ThingsData Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of Things
Real-Time Innovations (RTI)
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution
Schneider Electric India
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420
Steve Goeringer
 
Slides_Goeringer Steve
Slides_Goeringer SteveSlides_Goeringer Steve
Slides_Goeringer Steve
Steve Goeringer
 
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsSpace Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Real-Time Innovations (RTI)
 
Managing Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned AircraftManaging Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned Aircraft
Real-Time Innovations (RTI)
 

Recommandé

network resilience 2016-04_web
network resilience 2016-04_webnetwork resilience 2016-04_web
network resilience 2016-04_web
Lieu Phung
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security IoT and M2M Safety and Security
IoT and M2M Safety and Security
Real-Time Innovations (RTI)
 
Data Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of ThingsData Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of Things
Real-Time Innovations (RTI)
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution
Schneider Electric India
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420
Steve Goeringer
 
Slides_Goeringer Steve
Slides_Goeringer SteveSlides_Goeringer Steve
Slides_Goeringer Steve
Steve Goeringer
 
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsSpace Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Real-Time Innovations (RTI)
 
Managing Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned AircraftManaging Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned Aircraft
Real-Time Innovations (RTI)
 
Creating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management SystemCreating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management System
Schneider Electric
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Real-Time Innovations (RTI)
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
Dell EMC World
 
Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015
Guy Crumpley
 
Embedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and SolutionsEmbedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and Solutions
Real-Time Innovations (RTI)
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Network Security Offering by GSS America
Network Security Offering by GSS AmericaNetwork Security Offering by GSS America
Network Security Offering by GSS America
Gss America
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations center
Satish Chavan
 
Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...
Real-Time Innovations (RTI)
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
Sameer Paradia
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1
jjdoylecomcast
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
Huntsman Security
 
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
The Linux Foundation
 
CVSS
CVSSCVSS
CVSS
Christian Heinrich
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
 
Cruatech Services Intro
Cruatech Services IntroCruatech Services Intro
Cruatech Services Intro
Cruatech
 
Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011
Jeremy Brown
 
SHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptxSHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptx
officelifehq
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
IoT613
 
Securing Cloud Services
Securing Cloud ServicesSecuring Cloud Services
Securing Cloud Services
John Rhoton
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1
Hayat Azizi
 

Contenu connexe

Tendances

Creating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management SystemCreating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management System
Schneider Electric
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
Dell EMC World
 
Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015
Guy Crumpley
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...
Real-Time Innovations (RTI)
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1
jjdoylecomcast
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
Huntsman Security
 
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
The Linux Foundation
 

Tendances (14)

Creating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management SystemCreating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management System
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015
 
Embedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and SolutionsEmbedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and Solutions
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Network Security Offering by GSS America
Network Security Offering by GSS AmericaNetwork Security Offering by GSS America
Network Security Offering by GSS America
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations center
 
Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
 
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
XPDDS18: LCC18: Disclosure policies in the world of cloud - a look behind the...
 

Similaire à Eu 2016 114 - 8

IntroductionThe capstone project is a �structured walkthrough� pen.pdf
IntroductionThe capstone project is a �structured walkthrough� pen.pdfIntroductionThe capstone project is a �structured walkthrough� pen.pdf
IntroductionThe capstone project is a �structured walkthrough� pen.pdf
fantasiatheoutofthef
 
C3DNA-Presentation
C3DNA-PresentationC3DNA-Presentation
C3DNA-Presentation
rmikkilineni
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life
 

Similaire à Eu 2016 114 - 8 (20)

CVSS
CVSSCVSS
CVSS
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Cruatech Services Intro
Cruatech Services IntroCruatech Services Intro
Cruatech Services Intro
 
Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011
 
SHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptxSHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptx
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
Securing Cloud Services
Securing Cloud ServicesSecuring Cloud Services
Securing Cloud Services
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
IntroductionThe capstone project is a �structured walkthrough� pen.pdf
IntroductionThe capstone project is a �structured walkthrough� pen.pdfIntroductionThe capstone project is a �structured walkthrough� pen.pdf
IntroductionThe capstone project is a �structured walkthrough� pen.pdf
 
WIB March 2016 de Leeuw Focus on basics: simple, robust and safe automation a...
WIB March 2016 de Leeuw Focus on basics: simple, robust and safe automation a...WIB March 2016 de Leeuw Focus on basics: simple, robust and safe automation a...
WIB March 2016 de Leeuw Focus on basics: simple, robust and safe automation a...
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
Dynamix IoT 2012
Dynamix IoT 2012Dynamix IoT 2012
Dynamix IoT 2012
 
C3DNA-Presentation
C3DNA-PresentationC3DNA-Presentation
C3DNA-Presentation
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
 
October Southern CA Road Shows - Build Safe and Secure Distributed Systems
October Southern CA Road Shows - Build Safe and Secure Distributed SystemsOctober Southern CA Road Shows - Build Safe and Secure Distributed Systems
October Southern CA Road Shows - Build Safe and Secure Distributed Systems
 
Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...
 

Plus de Jan Biets [jan_biets@hotmail.com]

Plus de Jan Biets [jan_biets@hotmail.com] (16)

Maas
MaasMaas
Maas
 
MaaS
MaaSMaaS
MaaS
 
Core pmo services
Core pmo servicesCore pmo services
Core pmo services
 
CIP eu 2016 114(-8)
CIP eu 2016 114(-8)CIP eu 2016 114(-8)
CIP eu 2016 114(-8)
 
MaaS sota
MaaS sotaMaaS sota
MaaS sota
 
Blockchain private permissioned
Blockchain private permissionedBlockchain private permissioned
Blockchain private permissioned
 
Costing
CostingCosting
Costing
 
Portfolio,2square
Portfolio,2squarePortfolio,2square
Portfolio,2square
 
PMO, 2square
PMO, 2squarePMO, 2square
PMO, 2square
 
Project Management Flight stimulator 1.0
Project Management Flight stimulator 1.0Project Management Flight stimulator 1.0
Project Management Flight stimulator 1.0
 
Project planning logic, how to optimise your schedule
Project planning logic, how to optimise your scheduleProject planning logic, how to optimise your schedule
Project planning logic, how to optimise your schedule
 
Set up pm reporting & tracking tool
Set up pm reporting & tracking toolSet up pm reporting & tracking tool
Set up pm reporting & tracking tool
 
PMO as a service
PMO as a servicePMO as a service
PMO as a service
 
Graphical project reporting-v1-0
Graphical project reporting-v1-0Graphical project reporting-v1-0
Graphical project reporting-v1-0
 
Project management dynamics
Project management dynamicsProject management dynamics
Project management dynamics
 
trusted archiving authority - LTANS
trusted archiving authority - LTANStrusted archiving authority - LTANS
trusted archiving authority - LTANS
 

Dernier

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 

Dernier (20)

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 

Eu 2016 114 - 8

  • 1. Sensitivity: Confidential KRITIS (Directive EU 2016/114- 1148) A way forward Note from the editors: “KRITIS” sounds German, as it is German word for ‘critical’. Germany has taken the lead in implementing the new European Directive.
  • 2. Sensitivity: Confidential Where does it applies on „Critical infrastructures are organizational and physical structures and facilities of such vital importance to a nation’s society and economy that their failure or degradation would result in sustained supply shortages, significant disruption of public safety and security, or other dramatic consequence“ Source: UP KRITIS Public-Private Partnership for Critical Infrastructure Protection
  • 4. Sensitivity: Confidential Where does it based on „ Directive (EU) 2016/1148 (NIS Directive) “ Source: UP KRITIS Public-Private Partnership for Critical Infrastructure Protection
  • 5. Sensitivity: Confidential Today Front- Runner’s approach • Critical Infrastructures • Identify scope 360°, or ‘full panorama’ • Collect “landscape” information: • Infrastructure (construction) drawings, • It (software, applications, touchpoints, hardware, configuration / patch mgt,…) • It network (incl ‘cloud’) • Vendor management, configuration management (tool/application), incl. housing and hosting service providers; • Server room(-s) • Civil / operational constructions drawings, technical operation rooms • People • Policies • Processes • Geographical location, transport modi, suppliers, environmental; • Statement of Applicability (cfr / ref.: slide 7) • Risk assessment, previous audit reports • Identify mitigation • Execute / realise mitigation / solutioning • Document • Audit • Management / maintain control on ‘Critical Infrastructure’ protection
  • 6. Sensitivity: Confidential SoA # area Description of Statement of Applicability Related standards, audit framework documents Vulnerability-Management What is the handling of known weak points like? Presentation of processes and derived measures. SANS Institute OWASP top 10 ISO 27002 ISO 31000 Risk assessment Recommendations Periodically Iterative Process description, Patch-Management Concept of measures for patch management at DL. ITIL Process definition (may be tooling’) Systemhärtung [hardening] The Contractor undertakes to harden the systems it supplies in order to minimise the impact Identify collection of tools, techniques, and Best Practises to reduce vulnerability Company wide; Fernzugang für Drittanbieter Remote access from third parties to the network of the Principal Anforderungen an die Softwareentwicklungsproz esse The software development processes of the contractor must be designed in such a … Einsatz der kryptographischen Lösungen In order to ensure that no obsolete cryptographic solutions known to be … Dokumentation The service provider shall regularly document the processes mentioned in this list (process manual). ISO 27000 , ISMS Define structure Define document process flow, access management, user profiles … … … …
  • 7. Sensitivity: Confidential Go with the flow SoW Contract Project set up SoA landscape Risk assessment Implementing Statement of Work In scope, out of scope, high level planning (and budget covenant Rules of Engagement, communication, project organisation Statement of Applicability Infrastructure, IT /network, civil constructions Risk based approach Roll-out, roll-in audit
  • 8. Sensitivity: Confidential Approach, too Re-usable framework Elaborate & engineering, and build of a re-usable framework / template / approach for other Company’s sites
  • 9. Sensitivity: Confidential Solution SoA ISO 2700x NIST ISO 31000 ITIL OWASP ISO 15408 EU 2016/114 EU 2016/1148 ISO 21827 ISO 22301 ISO 27031 UP KRITIS Public-Private Partnership for Critical Infrastructure Protection KRITIS V FIPS 140 IEC 62443 “Security for Industrial Process Measurement and Control – Network and System Security”,
  • 10. Sensitivity: Confidential Foundation (Tooling) 1 • Register of Vendors • Cross referencing supplies (hardware, IT components, plc’s, • Cross referencing with configuration data (key identifiers per item) • Cross referenced with maintenance management • Service level management /contract (y/n), gold, silver, less… Inventory of all items (grouped, individually, types, locations, stock/warehouse, unique identifier, vendor. Risk based approach, again. What components are strategic in your organisation, or production chain Cross references are key What if Vendors is not operational anymore: what items are impacted? What if a key item is running out of life cycle? Alternative product? Alternative Supplier? In case of quality issue of item? Where are those items located in our Organisation / Production facility What components are strategic in your organisation, or production chain
  • 11. Sensitivity: Confidential Foundation (Tooling) 2 • Register of Software, and applications • Cross referencing supplier • Cross referencing with configuration data (key identifiers per Software, tool, application) • Patch management, configuration item db • Latest/active version • Swift recovery • Cross referenced with maintenance or service level management
  • 12. Sensitivity: Confidential Foundation (layered) 1: production facility • P&ID of your production facility • Instrument index (cfr slide 9) • Plc, and other automation devices (cfr slide 9) • Software (versions) (cfr slide 10) • location
  • 13. Sensitivity: Confidential Foundation (layered) 2: production facility • P&ID of your production facility • Instrument index (cfr slide 9) • Plc, and other automation devices (cfr slide 9) • Software (versions) (cfr slide 10) • location
  • 16. Sensitivity: Confidential Foundation (layered) 4: geographical location Xyz location • access roads • canals • Rail roads • airport • Power supply (multiple providers) • Telecom supply (multiple providers) Physical security Vulnerability assessment
  • 17. Sensitivity: Confidential Approach ‘Financial follow up ” Project set-up Contract, budget, SoA, SoW, set-up Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Deliverable 1 Definition of Work package deliverable 1 Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Deliverable 2 Definition of Work package deliverable Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Deliverable- x Definition of Work package deliverable Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment Total project All deliverables (in scope) Budget estimate Actuals (€, md) Budget at completion (€, md) Deviations (€, md) + comment