Cybersecurity Risk Assessment - 'All Done' with WISER

WISER “WIDE-IMPACT CYBER SECURITY RISK FRAMEWORK”www.cyberwiser.eu @cyberwiser

Co-funded by the European CommissionHorizon 2020 – Grant # 653321

Cybersecurity Risk Assessment – ‘All done’ with WISER

Riga – 27th October, 2016Presentation at DSS ITSEC

DEMO

1

Antonio Álvarez RomeroAtos Spain

http://www.cyberwiser.eu/

2

Outline

CyberWISER Services

Introduction to CyberWISER-Light

Introduction to CyberWISER-Essential

Conclusions

© WISER 2015 www.cyberwiser.eu - @cyberwiser

CyberWISER Services

CyberWISER Light – self-assessment of cyber risks and vulnerabilities in IT system.

User-friendly service - suited to every type of organisation. Especially good for time- and resource-constrained SMEs.

CyberWISER Essential – Risk Platform as a Service (RPaaS) for self-assessment of exposure levels with continuous, quasi-real-time monitoring

Standardised mitigation plan

CyberWISER Plus – RPaaS + Customised approach to cyber risk assessmentFace-to-face support in self-assessment phase Deployment support & mitigation plan tailored to your organisation

Available Dec 2016

Available Dec 2016

www.cyberwiser.eu

3© WISER 2016 www.cyberwiser.eu - @cyberwiser

4

CyberWISER Services


CyberWISER-Light (CWL)Two versions: CWL Fast-track and CompleteSoftware as a ServiceOnline QuestionnaireOnline Vulnerability scannerProduces Aggregated Report

CyberWISER-Essential (CWE)CyberWISER-Plus (CWP)

5

CyberWISER Services


CyberWISER-Light (CWL)CyberWISER-Essential (CWE)

Risk Management PaaSSensors deployed at client produce dataRisk Assessment services in the CloudDashboard showing real-time data and information

CyberWISER-Plus (CWP)

6

CyberWISER Services


CyberWISER-Light (CWL)CyberWISER-Essential (CWE)CyberWISER-Plus (CWP)

Extended with more specific Risk ModelsExtended with specific application-level sensors

7

Outline

CyberWISER Services



Conclusions


8

CyberWISER-Light


CyberWISER-Light Demo

© WISER 2015 www.cyberwiser.eu - @cyberwiser 9

Questionnaire


Vulnerability test


Vulnerability test

CyberWISER-Light Demo


14

Outline


CyberWISER Services



Conclusions

15

CyberWISER-Essential


Dashboard with a set of sectionsRisk ReportingConfigurationMonitoringModellingTesting

16



Risk reporting

17



Configuration

18



Monitoring

19



Modelling

20



Testing

CyberWISER-Essential Demo Scenario


Simulation of an incident The attacker uses Kali Linux from public IP addressThe attacker executes a Hydra scriptWiser Agent detects the attack with Snort sensor (/var/log/snort/snort.alert)Wiser Agent sends events to DWHShow events received by Monitoring Engine from DWH via RabbitMQShow Alarm received in the RAE and how it is triggered the risk assessment

• Risk models selected• DEXI instantiation• Qualitative risk assessment per risk and target• Aggregations:

• Overall• By sections• By risks• Mitigation measures

CyberWISER-Essential Demo Scenario


23

Outline


CyberWISER Services



Conclusions

24

CyberWISER: What’s in it for my organisation?


Affordable cyber risk assessment services depending on customer needs & budget. Due to the real-time monitoring and the increase of automatization of this assessment, prices could be more competitive, and be affordable for segments as SMEs, that have a low budget for these types of services. Effective, efficient, and user-friendly solutions. This is going to be achieved by means of an Online-centred delivery model, which is found at www.cyberwiser.eu Customised approach and a team of experts “on-call” (where applicable), to overcome the intrinsic shortfalls of the one-fits-all solution. A “Cyber Security for all” approach!


www.cyberwiser.eu @cyberwiser

Thank you for your attentions! Questions?

ContactAntonio Álvarez RomeroAtos [email protected]


Internet

Cybersecurity Risk Assessment - 'All Done' with WISER