1 / 10

Automation of Risk Analysis and Management

Automation of Risk Analysis and Management. Dan Cvrcek, Marek Kumpost - BUSLab Ludek Novak - ANECT. BUSLab – IT Security Laboratory . BUSLab (Brno University Security Laboratory) Informal security research group of Brno University of Technology and Masaryk University

kita
Download Presentation

Automation of Risk Analysis and Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automation of Risk Analysis and Management • Dan Cvrcek, Marek Kumpost - BUSLab • Ludek Novak - ANECT Brno – Center of Education and Inovation

  2. BUSLab – IT Security Laboratory • BUSLab (Brno University Security Laboratory) • Informal security research group of Brno University of Technology and Masaryk University • Concentrates people interested in IT security • Research projects, conferences, industrial cooperation • Leading persons: Dan Cvrcek, Vashek Matyas • Cooperation with ANECT • Strong company in the area of network infrastructures and risk management • Certified by Czech NSA for classified information • Experience with critical infrastructures Automation of Risk Analysis and Management

  3. BUSLab Expertise • Privacy • Participate in the FIDIS project (Future of Identity in Information Society) • Strong cooperation with KU Leuven, TU Dresden • Reputation Systems • Experience of participation in SECURE project • Currently running national research project • Implementation of reputation system for WiFi networks • Secure Cryptographic Devices • Cooperation with Cambridge University, security of crypto-modules, smartcards, Chip&PIN cards • Key infrastructures • Design of schemes for key management in emerging areas like sensor networks Automation of Risk Analysis and Management

  4. Management of Security • Crucial problem of security is to pinpoint the important risks/threats • No-one ever did this for home computers used for Internet banking, personal communication, and recently voice communication • Number of different methodologies for large systems (CRAMM, CobiT, EBIOS, RA2 art of risk, …) • Hard to utilise, expensive, and time consuming • An audit may take several months • Not usable for everyday management, fast-changing environments • Unreachable for common users, SMEs, government Automation of Risk Analysis and Management

  5. If • Floods • Reevaluate communications, transport, healthcare,… • Coordinate emergency services, supplies, … • Later on – change infrastructures, … • Air-traffic suspension • Delivery of goods, passengers, strengthening other means of traffic • Transport of perishable goods, drugs, organs for transplantations • Later on – security measures, obligations for airlines, … Multidisciplinary assessment, analysis, reaction, … Automation of Risk Analysis and Management

  6. Risk Management Starting Points • EU business needs genuine risk management arrangement combining • Risk-correctness – appropriate accuracy of data about system and applicable threats • Control-effectiveness – measures are effective and fulfill their goals and objectives • Cost-efficiency – economically reasonable • Time-dependency – risk management must react on changes of system and its environment • Methodologies for risk management are not stable yet • ISO is rewriting its recommendations (General risk management principles, Information security risk management) • EU – ENISA’s recommendations for risk management Automation of Risk Analysis and Management

  7. Project Relevance and Needs • ENISA Risk Management Road Map • 9 of 10 identified areas are directly relevant • Interoperability/compatibility of methods • Comparability/merging of methods • Measurements of risks • Unified information bases for risk management • Risk management and relevant security issues • Business Continuity Planning (BCP) • Emerging risks • Awareness, training, communication • Security measurement • Methods inventory maintenance Automation of Risk Analysis and Management

  8. Project Objectives and Focus • Develop risk management environment/tools able to: • Integrate risk management in different domains - operational, environmental, information, … • Integrate risk management in different levels of details • Timely, effective, and efficient reassessment of relevant security aspects • Hierarchical risk management • Subordination of risk management engines • Coverage of risks by subordinate management engines • Data flows (downwards threats, upwards impact/risk) • Access control to sensitive data • XML based information exchange schemes • Pilot • Usability in different situation (home, SME, government) • Quick spreading of change data on risks Automation of Risk Analysis and Management

  9. Added Value and Project Innovation • Nearly real-time tools helping to solve situation • Tight risk management environment integrating different risk domains • SME, Government, Large enterprises • Informatics: integration of differently focused methodologies • Critical infrastructure protection: telecommunications, emergency, utilities, healthcare, banking, transportation, government, … • Tight risk management environment integrating different risk levels • Government: Region-Local, Country-Region, EU-Country • Large enterprises: Central office-Branches • Informatics: integration of individual systems Automation of Risk Analysis and Management

  10. Thanks for your attention! • Questions, comments … • Useful links • BUSLab’s web page:http://www.buslab.org • ANECThttp://www.anect.cz • emails: • Dan Cvrcekcvrcek@fit.vutbr.cz • Marek Kumpostkumpost@fit.vutbr.cz • Ludek NovakLudek.Novak@anect.cz Automation of Risk Analysis and Management

More Related