View
58
Download
1
Category
Preview:
Citation preview
WISER “WIDE-IMPACT CYBER SECURITY RISK FRAMEWORK”www.cyberwiser.eu @cyberwiser
Co-funded by the European CommissionHorizon 2020 – Grant # 653321
Cybersecurity Risk Assessment – ‘All done’ with WISER
Riga – 27th October, 2016Presentation at DSS ITSEC
DEMO
1
Antonio Álvarez RomeroAtos Spain
2
Outline
CyberWISER Services
Introduction to CyberWISER-Light
Introduction to CyberWISER-Essential
Conclusions
© WISER 2015 www.cyberwiser.eu - @cyberwiser
CyberWISER Services
CyberWISER Light – self-assessment of cyber risks and vulnerabilities in IT system.
User-friendly service - suited to every type of organisation. Especially good for time- and resource-constrained SMEs.
CyberWISER Essential – Risk Platform as a Service (RPaaS) for self-assessment of exposure levels with continuous, quasi-real-time monitoring
Standardised mitigation plan
CyberWISER Plus – RPaaS + Customised approach to cyber risk assessmentFace-to-face support in self-assessment phase Deployment support & mitigation plan tailored to your organisation
Available Dec 2016
Available Dec 2016
www.cyberwiser.eu
3© WISER 2016 www.cyberwiser.eu - @cyberwiser
4
CyberWISER Services
© WISER 2016 www.cyberwiser.eu - @cyberwiser
CyberWISER-Light (CWL)Two versions: CWL Fast-track and CompleteSoftware as a ServiceOnline QuestionnaireOnline Vulnerability scannerProduces Aggregated Report
CyberWISER-Essential (CWE)CyberWISER-Plus (CWP)
5
CyberWISER Services
© WISER 2016 www.cyberwiser.eu - @cyberwiser
CyberWISER-Light (CWL)CyberWISER-Essential (CWE)
Risk Management PaaSSensors deployed at client produce dataRisk Assessment services in the CloudDashboard showing real-time data and information
CyberWISER-Plus (CWP)
6
CyberWISER Services
© WISER 2016 www.cyberwiser.eu - @cyberwiser
CyberWISER-Light (CWL)CyberWISER-Essential (CWE)CyberWISER-Plus (CWP)
Extended with more specific Risk ModelsExtended with specific application-level sensors
7
Outline
CyberWISER Services
Introduction to CyberWISER-Light
Introduction to CyberWISER-Essential
Conclusions
© WISER 2015 www.cyberwiser.eu - @cyberwiser
8
CyberWISER-Light
© WISER 2016 www.cyberwiser.eu - @cyberwiser
CyberWISER-Light Demo
© WISER 2015 www.cyberwiser.eu - @cyberwiser 9
Questionnaire
© WISER 2015 www.cyberwiser.eu - @cyberwiser 10
Vulnerability test
© WISER 2015 www.cyberwiser.eu - @cyberwiser 11
Vulnerability test
CyberWISER-Light Demo
© WISER 2015 www.cyberwiser.eu - @cyberwiser 13
14
Outline
© WISER 2015 www.cyberwiser.eu - @cyberwiser
CyberWISER Services
Introduction to CyberWISER-Light
Introduction to CyberWISER-Essential
Conclusions
15
CyberWISER-Essential
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Dashboard with a set of sectionsRisk ReportingConfigurationMonitoringModellingTesting
16
CyberWISER-Essential
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Risk reporting
17
CyberWISER-Essential
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Configuration
18
CyberWISER-Essential
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Monitoring
19
CyberWISER-Essential
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Modelling
20
CyberWISER-Essential
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Testing
CyberWISER-Essential Demo Scenario
© WISER 2015 www.cyberwiser.eu - @cyberwiser 21
Simulation of an incident The attacker uses Kali Linux from public IP addressThe attacker executes a Hydra scriptWiser Agent detects the attack with Snort sensor (/var/log/snort/snort.alert)Wiser Agent sends events to DWHShow events received by Monitoring Engine from DWH via RabbitMQShow Alarm received in the RAE and how it is triggered the risk assessment
• Risk models selected• DEXI instantiation• Qualitative risk assessment per risk and target• Aggregations:
• Overall• By sections• By risks• Mitigation measures
CyberWISER-Essential Demo Scenario
© WISER 2015 www.cyberwiser.eu - @cyberwiser 22
23
Outline
© WISER 2015 www.cyberwiser.eu - @cyberwiser
CyberWISER Services
Introduction to CyberWISER-Light
Introduction to CyberWISER-Essential
Conclusions
24
CyberWISER: What’s in it for my organisation?
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Affordable cyber risk assessment services depending on customer needs & budget. Due to the real-time monitoring and the increase of automatization of this assessment, prices could be more competitive, and be affordable for segments as SMEs, that have a low budget for these types of services. Effective, efficient, and user-friendly solutions. This is going to be achieved by means of an Online-centred delivery model, which is found at www.cyberwiser.eu Customised approach and a team of experts “on-call” (where applicable), to overcome the intrinsic shortfalls of the one-fits-all solution. A “Cyber Security for all” approach!
www.cyberwiser.eu @cyberwiser
Thank you for your attentions! Questions?
ContactAntonio Álvarez RomeroAtos Spainantonio.alvarez@atos.net
Recommended