SlideShare une entreprise Scribd logo

ADIPEC physical and Infosec for Oil and Gas

Jorge Sebastiao
Jorge Sebastiao

ADIPEC physical and Infosec for Oil and Gas, Abu Dhabi International Petroleum Exhibition & Conference

Formation
1  sur  29
Physical Security Infosec Approach Nov 8th, Abu Dhabi, UAE Jorge Sebastiao, CISSP ICT Expert, Cloud Practice Leader Huawei http://linkedin.com/in/sebastiao/ Twitter: @4jorge
Disclaimer & Copyright • Please note that this presentation is for informational, knowledge sharing and educational purposes only. Any comments or statements made herein do not necessarily reflect the views of Huawei. The information is intended for the recipient's use only and should not be cited, reproduced or distributed to any third party without the prior consent of the authors. Although great care is taken to ensure accuracy of information neither the author, nor Huawei can be held responsible for any decision made on the basis of the information cited. • The content of this presentation is based on information gathered in good faith from both primary and secondary sources and is believed to be correct at the time of publication. The author can however provide no guarantee regarding the accuracy of this content and therefore accepts no liability whatsoever for any actions taken that subsequently prove incorrect. • The practices listed in the document are provided as is and as guidance and the author and Huawei do not claim that these comprise the only practices to be followed. The readers are urged to make informed decisions in their usage. • The information presented in this presentation is not intended to be, and should not be construed as, an offer to sell any products or services or a solicitation of an offer to buy any products or services . Any such offer or sale will be made pursuant to, and the information presented at this meeting is qualified in its entirety by, authorized offering documents and related disclosure schedules or similar disclosure documentation. • All logos and brand names belong to their respective owners and we do not claim any relationship or association, implied or otherwise, with them. • Use of any materials by virtue of relationships and associations, if any, are mentioned explicitly. • Author has taken care to attribute all sources for external materials used in this presentation, and any oversight is regretted. If you, as owner, or as viewer, find any reason to dispute the use of these materials kindly communicate the same to author. • Any omissions, in terms of attribution, may be due to an error of author and not intentional.
Rogue & Clueless Users
Payment Overlay malware on Mobile
Physical Security
Hacking SCADA sensors Industrial Scale Risks
World Maritime Lanes – 95% of world’s freight goes by sea
Potential Targets Nuclear waste carriers LNG tankers Oil Tankers Cargo ships OSC Platforms Maritime Terminals ATSAIS Satelitte
Cyber Crime & Maritime
Are we ready for IoT?
IoT Hacks
Smart City The Patching Callenge
Hacking Robots
0 Day Exploits - Guaranteed
Modern Oil & Gas Cyber Security is Different – CSO Nightmare
Cyberspace CharacteristicsAsymmetric Attribution Problems No Borders Complex Interconnected Systems
Outdated Assumptions?
Effective Countermeasures
Wrong Skills?
Right Risk Appetite?
CONSEQUENCE LIKLIEHOOD FV T Risk Group 1 Risk Group 2 Risk Group 3 HighLow L o w H i g h RESPONSE PROTECTION Target Risk Risk Reduction Strategies!
Knowledge Base Response Build Security Intelligence Multiple Sources Intel Partners, Vendors, CERT ,… Internal Security Research Internet, Mailing lists and other sources Cyber Security Incidence Response
Big Data Analytics Big Data Security Defense Physical & Infosec Web and IP reputation File and mail reputation Application identification Smart policy proposal Malicious software detection system APT detection system DDoS attack defense system Reputation Feedback Security Device 1101100101 1010101100 01010101010 1011101011 101011001011 1001100101 10101101011 0001101001 1101101101 0101010101 0011101101 0110110110 10110 0111 1000 1011 101 1010 01 1011 001 10110 0011 10100 Network Traffic IoT Devices Physical Security
Road to Security Metrics Security Metrics KPIs, Testing Results CSA Controls, Compliance, Operational, Financial Physical Security ISMS ISO27001 IoT Security Time Based Security ISMS ISO22301 ISMS ISO20000
Final Goal Is Total Integrated Security Information Security Management IoT, Device Security Management
Winning the War Red Teaming Solve Attribution Continuous Vulnerability Mgmt Crowd Sourcing/Bug Bounty Fusing Crisis Management Vertical CERT Integration Encryption Exchange Knowledge Data Leak Prevention Threat Management Reputation Management Big Data/Physical Infosec Honeynets Machine Learning Sandbox Security Metrics Physical Security IoT security Attack / Take down
Physical & Infosec Don’t bring a knife to gun fight
Security Awareness Video
Jorge Sebastiao, CISSP ICT Expert Huawei http://linkedin.com/in/sebastiao/ Twitter: @4jorge

Recommandé

AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?
Jorge Sebastiao
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profit
Florent Batard
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
Cyren, Inc
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
Mohammed Adam
 
Iranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousands
Iranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousandsIranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousands
Iranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousands
isightpartners
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
 

Recommandé

AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?
Jorge Sebastiao
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profit
Florent Batard
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
Cyren, Inc
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
Mohammed Adam
 
Iranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousands
Iranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousandsIranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousands
Iranian Cyber Espionage Using LinkedIn, Facebook, Twitter to target thousands
isightpartners
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
Cyren, Inc
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
When governance lacks compliance
When governance lacks complianceWhen governance lacks compliance
When governance lacks compliance
Randy Williams
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
Mohammed Adam
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Cyren, Inc
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of Internet
Raghav Bisht
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Priyanka Aash
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Research
 
WE16 - Cyber Security - Security is Everyone's Responsibility
WE16 - Cyber Security - Security is Everyone's ResponsibilityWE16 - Cyber Security - Security is Everyone's Responsibility
WE16 - Cyber Security - Security is Everyone's Responsibility
Society of Women Engineers
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO_Presentations
 
Raviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
Raviv Melamed (Vayyar Imaging) Making Superman Vision a RealityRaviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
Raviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
AugmentedWorldExpo
 
Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"
Jorge Sebastiao
 
CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2
Jorge Sebastiao
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
Jorge Sebastiao
 
RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4
Jorge Sebastiao
 
Security is broken V3.0
Security is broken V3.0Security is broken V3.0
Security is broken V3.0
Jorge Sebastiao
 
A6 pragmatic journey into cyber security
A6 pragmatic journey into cyber securityA6 pragmatic journey into cyber security
A6 pragmatic journey into cyber security
Jorge Sebastiao
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
Jorge Sebastiao
 

Contenu connexe

Tendances

SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Research
 
Raviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
Raviv Melamed (Vayyar Imaging) Making Superman Vision a RealityRaviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
Raviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
AugmentedWorldExpo
 

Tendances (15)

Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
 
When governance lacks compliance
When governance lacks complianceWhen governance lacks compliance
When governance lacks compliance
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of Internet
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
 
WE16 - Cyber Security - Security is Everyone's Responsibility
WE16 - Cyber Security - Security is Everyone's ResponsibilityWE16 - Cyber Security - Security is Everyone's Responsibility
WE16 - Cyber Security - Security is Everyone's Responsibility
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
 
Raviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
Raviv Melamed (Vayyar Imaging) Making Superman Vision a RealityRaviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
Raviv Melamed (Vayyar Imaging) Making Superman Vision a Reality
 

Similaire à ADIPEC physical and Infosec for Oil and Gas

Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
Coforge (Erstwhile WHISHWORKS)
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
Edge AI and Vision Alliance
 

Similaire à ADIPEC physical and Infosec for Oil and Gas (20)

Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"
 
CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
 
RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4
 
Security is broken V3.0
Security is broken V3.0Security is broken V3.0
Security is broken V3.0
 
A6 pragmatic journey into cyber security
A6 pragmatic journey into cyber securityA6 pragmatic journey into cyber security
A6 pragmatic journey into cyber security
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
 
Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2
 
Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3
 
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
 
Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
 
Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
 
Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1
 
Network Security
Network SecurityNetwork Security
Network Security
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
 
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led ConnectivityMuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
 

Plus de Jorge Sebastiao

Plus de Jorge Sebastiao (15)

Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
 
Blockchain and covid19 v3
Blockchain and covid19 v3Blockchain and covid19 v3
Blockchain and covid19 v3
 
Top tech shapping startups
Top tech shapping startupsTop tech shapping startups
Top tech shapping startups
 
Blockchain and security v3
Blockchain and security v3Blockchain and security v3
Blockchain and security v3
 
The road to blockchain 5.0
The road to blockchain 5.0The road to blockchain 5.0
The road to blockchain 5.0
 
How AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart CityHow AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart City
 
Ai and traffic management application v1.0
Ai and traffic management application v1.0Ai and traffic management application v1.0
Ai and traffic management application v1.0
 
AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1
 
IGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance ForumIGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance Forum
 
Togaf Version 9.1 Introduction Overview
Togaf Version 9.1 Introduction OverviewTogaf Version 9.1 Introduction Overview
Togaf Version 9.1 Introduction Overview
 
Protecting cloud computing using big data v11
Protecting cloud computing using big data v11Protecting cloud computing using big data v11
Protecting cloud computing using big data v11
 
National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto Program
 
Plan Cyber Security Division v11
Plan Cyber Security Division v11Plan Cyber Security Division v11
Plan Cyber Security Division v11
 
Manager Services Strategy
Manager Services StrategyManager Services Strategy
Manager Services Strategy
 
ICT Cyber Security Forensic`and partnership v14
ICT Cyber Security Forensic`and partnership v14ICT Cyber Security Forensic`and partnership v14
ICT Cyber Security Forensic`and partnership v14
 

Dernier

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 

Dernier (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 

ADIPEC physical and Infosec for Oil and Gas

  • 1. Physical Security Infosec Approach Nov 8th, Abu Dhabi, UAE Jorge Sebastiao, CISSP ICT Expert, Cloud Practice Leader Huawei http://linkedin.com/in/sebastiao/ Twitter: @4jorge
  • 2. Disclaimer & Copyright • Please note that this presentation is for informational, knowledge sharing and educational purposes only. Any comments or statements made herein do not necessarily reflect the views of Huawei. The information is intended for the recipient's use only and should not be cited, reproduced or distributed to any third party without the prior consent of the authors. Although great care is taken to ensure accuracy of information neither the author, nor Huawei can be held responsible for any decision made on the basis of the information cited. • The content of this presentation is based on information gathered in good faith from both primary and secondary sources and is believed to be correct at the time of publication. The author can however provide no guarantee regarding the accuracy of this content and therefore accepts no liability whatsoever for any actions taken that subsequently prove incorrect. • The practices listed in the document are provided as is and as guidance and the author and Huawei do not claim that these comprise the only practices to be followed. The readers are urged to make informed decisions in their usage. • The information presented in this presentation is not intended to be, and should not be construed as, an offer to sell any products or services or a solicitation of an offer to buy any products or services . Any such offer or sale will be made pursuant to, and the information presented at this meeting is qualified in its entirety by, authorized offering documents and related disclosure schedules or similar disclosure documentation. • All logos and brand names belong to their respective owners and we do not claim any relationship or association, implied or otherwise, with them. • Use of any materials by virtue of relationships and associations, if any, are mentioned explicitly. • Author has taken care to attribute all sources for external materials used in this presentation, and any oversight is regretted. If you, as owner, or as viewer, find any reason to dispute the use of these materials kindly communicate the same to author. • Any omissions, in terms of attribution, may be due to an error of author and not intentional.
  • 7. World Maritime Lanes – 95% of world’s freight goes by sea
  • 8. Potential Targets Nuclear waste carriers LNG tankers Oil Tankers Cargo ships OSC Platforms Maritime Terminals ATSAIS Satelitte
  • 9. Cyber Crime & Maritime
  • 10. Are we ready for IoT?
  • 12. Smart City The Patching Callenge
  • 14. 0 Day Exploits - Guaranteed
  • 15. Modern Oil & Gas Cyber Security is Different – CSO Nightmare
  • 21. CONSEQUENCE LIKLIEHOOD FV T Risk Group 1 Risk Group 2 Risk Group 3 HighLow L o w H i g h RESPONSE PROTECTION Target Risk Risk Reduction Strategies!
  • 22. Knowledge Base Response Build Security Intelligence Multiple Sources Intel Partners, Vendors, CERT ,… Internal Security Research Internet, Mailing lists and other sources Cyber Security Incidence Response
  • 23. Big Data Analytics Big Data Security Defense Physical & Infosec Web and IP reputation File and mail reputation Application identification Smart policy proposal Malicious software detection system APT detection system DDoS attack defense system Reputation Feedback Security Device 1101100101 1010101100 01010101010 1011101011 101011001011 1001100101 10101101011 0001101001 1101101101 0101010101 0011101101 0110110110 10110 0111 1000 1011 101 1010 01 1011 001 10110 0011 10100 Network Traffic IoT Devices Physical Security
  • 24. Road to Security Metrics Security Metrics KPIs, Testing Results CSA Controls, Compliance, Operational, Financial Physical Security ISMS ISO27001 IoT Security Time Based Security ISMS ISO22301 ISMS ISO20000
  • 25. Final Goal Is Total Integrated Security Information Security Management IoT, Device Security Management
  • 26. Winning the War Red Teaming Solve Attribution Continuous Vulnerability Mgmt Crowd Sourcing/Bug Bounty Fusing Crisis Management Vertical CERT Integration Encryption Exchange Knowledge Data Leak Prevention Threat Management Reputation Management Big Data/Physical Infosec Honeynets Machine Learning Sandbox Security Metrics Physical Security IoT security Attack / Take down
  • 27. Physical & Infosec Don’t bring a knife to gun fight
  • 29. Jorge Sebastiao, CISSP ICT Expert Huawei http://linkedin.com/in/sebastiao/ Twitter: @4jorge