Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
POWERPOINT TEMPLATE
AGENDA
Cybersecurity
1. DEFINITION
2. Network
3. Threats
4. News
5. Security
6. Future
7. Checklist
DEFINITION
CYBERSECURITY
There are only two types
of companies: Those
that have been hacked,
and those that will be.
Robert Mueller, FBI Director, 2012
DEFINITION
Cybersecurity
I II III IV V VI
End of the 18th Century Start of the 20th Century Start of the 70s Present
Level of Complexity
NETWORK
Gap in the Risk Assessment for Industry 4.0 in the Automation Pyramid
Industry 4.0
Supply Chain Level 5:
Management Supply Chain Level
Level 0: Manufacturing/
Process Level
NETWORK
Safety Aspects of Industry 4.0
IT Security
INDUSTRY
Product
4.0 Hedging
Monitoring Production
Obligations Losses
Product
Liability
NETWORK
Services for (Virtual) Social Life
SOCIAL NETWORKS:
Facebook
Twitter Maintaining social
Instagram contacts, creating virtual
Xing profiles, sending
LinkedIn messages/ chatting, social
YouTube groups (looking for
Vimeo partners, looking
for a job)
MESSAGING SERVICES:
Skype
WhatsApp
NETWORK
Data Storage
Example:
Shops
Amazon, Zalando, Alibaba,
Lesara, Conleys etc.
Travel
Expedia, TUI, WEG.de,
Travel24 etc.
NETWORK
Banking
ELECTRONIC PAYMENTS IN EUROPE (BS) DAILY CASH AMOUNT (%) E-COMMERCE & E-BANKING
200 90
Banking transactions
180 80
177 via electronic data
160 78 transfers
70
140 60 Payments are going
60
through more and
120
50 more over the
100 internet
80
87 40
30
60
40 20
20 10
0 0
2010 2015 2020 2010 2015 2020
Payment transactions in 27 countries of the European Union
NETWORK
Policy
Spain
Submitting completed forms
Great Britain
Germany
France
Downloading official forms
0 10 20 30 40 50 60 70
THREATS
CYBERSECURITY
THREATS
Threats in Cyberspace
Prevention
Detection
SW vulnerabilities Predictability
Innovative attacks
SOCIETY: THREATS BY INCREASED Erosion privacy Black
NETWORKING Zero Day
Swan
ID theft
Action from
Erosion trust a distance
Uncover
user
passwords
Install
malware
Other
Phishing Spam actions
Detect codes by
penetrating the Divulge
system confidential
information
THREATS
Threats are Becoming Increasingly more complex
More Complex software programs
THREATS ARE
Tablet computer BECOMING MORE Cloud storage
COMPLEX
Critical infrastructure
attacks
Cyber crime Malware
BUSINESS IMPACT:
Identity theft
Citizen trust
Data breach
Cost to protect Hackers
Very
High
Medium
Very
Low
PROBABILITY OF OCCURRENCE
THREATS
Cybersecurity Problem Systematics
1. FOUR GROUPS OF
ATTACKERS:
a. Government
b. Enterprises
c. Cybercriminals
4. FOUR TYPES OF TARGET
a. Public sector
d. Cyberterrorists or
hacktivists b. Private enterprise
c. Individuals CAPABILITY
d. Critical national 6. ASSETS:
infrastructure (CNI)
2. CAPABILITY: a. Data
3. INCENTIVE:
Different motives to
attack
THREATS
Attacker Classification
Attention
Minimal means Motivated amateurs &
HACKTIVISTS, Damage specialists
GROUPS Huge bandwidth and
Highlighting system coverage Momentum
vulnerabilities
Fame
VANDALS, SCRIPT Minimal means
Reputation Applying available tools
KIDDIES Little knowledge
Attention
THREATS
Organizations Behind Cybercrime
SPAM
Seems legitimate and Many email accounts
are sent to an email have spam filtering
account
Contains often
dangerous links (to
Can also be sent on social download) or invoices for
networks or apps alleged online orders
THREATS
Malware
hacker
hACKER
INFECTED INFECTED INFECTED
It purpose is to Interrupt web servers which then causes a mass of data packets to be sent to the server
THREATS
Phishing
hacker
Creates fake messages that include links to
online shops, social networks, payment
services, etc.
Aims to easily obtain sensitive and Victims enter personal and confidential
personal data information unsuspectingly
THREATS
Nexus of the Threat Situation
attack
Vulnerabilities Drive-by-Exploits Distributed Denial of
Service attacks
enable
patches
SPAM
depends on use
Manufacturer User Social Engineering Targeted attacks Botnets
distributes
with handling
is careless
contain
Apps Malware Identity theft
THREATS
Procedure for
Looking for victims
an APT Attack
Continuous
PROCEDURE
monitoring FOR AN Initial infection
APT ATTACK
Data espionage/
Spying on the network
sabotaging systems
0 10 20 30 40 50
NEWS
Number of Incidents and Goals of Attackers (PWC, 2014, 400 Companies with up
to 1,000 Employees)
4-9 Incidents
20%
10% 2-3 Incidents 10%
28% 1 Incidents 0%
System Access data Image and Customer Intellectual Other
availability reputation and property,
contract trade
data secrets
NEWS
Hackers’ Employment Relationship (in %) (2016 Survey)
The cybercrime statistic of the Bundeskriminalamt (German Federal Criminal Office) was a total of 64,426 incidents in 2014 in Germany
NEWS
Cybercrime in Companies
January 2015
Jihadists hacked 19,000 French
websites (from banks to media
organizations)
Websites were either taken down or
threats and the flag of the Islamic
terrorist organization were put
online.
SECURITY
CYBERSECURITY
SECURITY
Cybersecurity Myths
WE CONDUCTED AN WE’VE NEVER BEEN WE’VE DESIGNED HIGH- WE COMPLY WITH A THIRD PARTY
INTRUDER TEST. ATTACKED SO OUR END SECURITY TOOLS. INDUSTRY REGULATIONS PROVIDER RUNS OUR
The test should cover
SECURITY SYSTEM MUST Security tools are only
AND BEST PRACTICES. SECURITY.
the entire BE GOOD. effective when Compliance Regardless of the
infrastructure so that properly configured, requirements often competence and
the company can Caution: threats integrated and capabilities of the provider,
continue to grow and only meet the the question is whether
quickly eliminate all controlled within all minimum safety complex threats in a
discovered become more security operations.
complex. measurements and company will be taken
vulnerabilities. not all critical systems seriously enough for a third
party to sufficiently protect
and information. it.
WE’VE INVESTED IN OUR SECURITY IS WE ONLY NEED TO WE’VE COMPLETED OUR WE AREN’T
STRICT SECURITY MANAGED ADEQUATELY SECURE OUR INTERNET SECURITY PROJECT. STATISTICALLY AT RISK.
CONTROLS. BY THE IT TEAM. APPLICATIONS. Security is an ongoing Every company is at
It is not enough to rely A threat can take over One should also be project that can never risk for a data breach
on standard IT security an entire business. equipped against be completed. and should be
controls alone. Critical Therefore, internal threats and prepared.
business elements management should member/ staff abuse.
should be above all work closely with IT.
protected.
SECURITY MEASURES
Standards for
Secure use of web services
Internet Security
Securing PC clients
SECURITY
Classification of IT Security Standards
Focus
Information security
Evaluation Evaluating IT security
management systems
Architectural level
Product System Process Surroundings
SECURITY
Four Steps to Improve Cybersecurity
1
Risk
analysis
4
Validation and Security 2
Policies,
improvement Management organizational measures
Process
3
Technical
measures
SECURITY
The Three Lines of Defence Model
Senior Management
EXTERNAL AUDIT
REGULATOR
1. Safety Barrier 2. Safety Barrier 3. Safety Barrier
Finance Controlling
Security
Inspection
Compliance
SECURITY
Creating an Effective Cybersecurity Program
the ongoing
operation
CYBER
SECURITY
SERVICES
proper case
Physical security RESPOND responses
SECURITY
Tips for Implementing a Cybersecurity Program
FOCUS ON CRITICAL INFORMATION What effect does an attack on your business have and what can be done about it?
EVALUATE A CYBER INCIDENT What vulnerabilities have been identified and how have they been resolved?
RESPONSE PLAN
LOOK OVER THE BUDGET Is the cybersecurity budget being used appropriately?
BE INFORMED ABOUT KEY RISK Do you know enough about defence, monitoring, risk and data protection?
INDICATORS
WORK WITH INTERNAL AND Are you constantly being briefed on new developments in technology and
EXTERNAL SPECIALISTS cybersecurity?
FOLLOW THE SAFETY RULES OF What are the privacy and security policies of external providers? Do they meet your
EXTERNAL PROVIDERS requirements?
COMPLY WITH LAWS/ Are you keeping up-to-date with the latest cyber threats and new laws?
REGULATIONS FOR CYBERSECURITY
SECURITY
5 Levels of Cybersecurity Flow Processes
5. OPTIMIZED
4. MANAGED
3. DEFINED
2. REPEATABLE
The target state is set to level 4 for
1. AD HOC OR INITIAL threat and vulnerability
management0
Policy & standards, strategy & operating model, risk management, training &
SECURITY GOVERNANCE AND awareness, third party security, physical security, business continuity, business
MANAGEMENT engagement, metrics & reporting, asset management, human resources security
ACCESS AND IDENTITY Provisioning & deprovisioning, user management, role based access control, multi
MANAGEMENT factor authentication, access certification
Secure system devices, code review, developer training, application protection, cloud
APPLICATIONS protection
Security architecture, malware protection, web and email security, network protection,
INFRASTRUCTURE security hardening
Privacy, data classification, data protection, data back-up and availability, data discovery
DATA and monitoring, mobile device security
SECURITY
Critical Infrastructure
Sectors in Germany
Health Food
Energy Water
Critical
Finance and Infrastructure Transport and
Insurance Sectors in Germany Traffic
These institutions are vital to the state
and any failure would have significant
consequences.
State and
Media and Culture
Administration
Source: Bundesamt für Sicher-
heit in der Informationstechnik
Have we identified and protected our most valuable processes and information?
Are we certain our third-party partners are securing our most valuable information?
HELPFUL TIPS
Are the Internet services that are being accessed and used safe?
Are employees trained for cyber attacks?
Are mobile devices such as laptops, smartphones and tablets protected from a data
breach?
Is a cyber attack from outside the corporate network possible? What are your
external access options?
Are there any contingency strategies and exercises?
Are there periodic updates for operating systems and programs
Do you know the email sender who is requesting data?
Do I trust the source of the links/ download?
Thank you for purchasing Vielen Dank dass Sie sich für unsere
our templates. Vorlagen entschieden haben.
This PowerPoint template includes special Diese PowerPoint Vorlage beinhaltet besondere
design fonts that are embedded in this Design-Schriftarten, die zur Verwendung in
document. If you also wish to use these fonts diese Vorlage eingebettet sind. Sollten Sie den
for other presentations, you will need to install Wunsch haben, diese Schriftarten (Fonts) auch
them on your computer. in anderen Präsentationen zu verwenden,
müssen Sie diese Schriftarten auf Ihrem
Download these fonts free of charge from the Computer installieren.
link below by copying it into the address field of
your web browser. Die Schriftarten können kostenfrei über die
unten genannte Internetseite heruntergeladen
werden. Kopieren Sie dazu einfach den Link in
das Adressfenster Ihres Web-Browsers.