diff --git a/.github/workflows/latex.yml b/.github/workflows/latex.yml index 8269327..1ab0518 100644 --- a/.github/workflows/latex.yml +++ b/.github/workflows/latex.yml @@ -55,6 +55,12 @@ jobs: working_directory: 20221207 root_file: 20221207_MONARC-training.tex + - name: Compile LaTeX document + uses: xu-cheng/latex-action@master + with: + working_directory: 20230531 + root_file: 20230531_MONARC-training.tex + - run: mkdir -p artifact - run: mv 20200212/20200212_MONARC-training.pdf artifact/ @@ -79,6 +85,9 @@ jobs: - run: mkdir -p artifact - run: mv 20221207/20221207_MONARC-training.pdf artifact/ + - run: mkdir -p artifact + - run: mv 20230531/20230531_MONARC-training.pdf artifact/ + - uses: actions/upload-artifact@v1 with: name: MONARC-trainings.pdf diff --git a/20230531/1-introduction/introduction.tex b/20230531/1-introduction/introduction.tex new file mode 100644 index 0000000..3176df9 --- /dev/null +++ b/20230531/1-introduction/introduction.tex @@ -0,0 +1,108 @@ +% +% SECTION: Luxembourg House of Cybersecurity +% +\section*{Who we are - Our history} +\begin{frame} +% \frametitle{Luxembourg House of Cybersecurity / Our history} + \begin{center} + \begin{itemize} + \item 2003: Cyberworld Awareness and Security Enhancement Services (\textbf{CASES}); + \item 2007: Computer Incident Response Center Luxembourg (\textbf{CIRCL}); + \item 2010: SECURITYMADEIN.LU is a \textit{GIE} (Groupement d’Intérêt Économique). CIRCL and CASES are department of SECURITYMADEIN.LU; + \item 2017: Cyber security Competence Center (\textbf{C3}), a new department of SECURITYMADEIN.LU; + \item On 17th Oct. 2022: SECURITYMADEIN.LU transformed into the Luxembourg House of Cybersecurity (\textbf{LHC})\\ + CASES and C3 are now the National Cybersecurity Competence Centre of Luxembourg (\textbf{NC3}) + \end{itemize} + \end{center} + CASES was an initiative of the Ministry of Economy after the worm + \textit{I love you} decimated more than 3 millions computers in less than a week. +\end{frame} + +% \begin{frame} +% \frametitle{CASES} +% \framesubtitle{} +% \begin{block}{Mission} +% Foster cyber security by supporting Luxembourg administrations and SMEs. +% \end{block} +% +% \begin{block}{Services} +% \begin{center} +% \begin{itemize} +% \item \textbf{Awareness}: publications of articles and videos; +% \item \textbf{Trainings}: +% introduction to cyber security for different audiences; +% \item \textbf{Software}: +% MONARC, MOSP, Fit4Cybersecurity, etc. +% \end{itemize} +% \end{center} +% \end{block} +% +% \begin{block}{Cooperations} +% ANSSI-LU, +% Centre for Cyber Security Belgium, KonzeptAcht GmbH, ILR, GRC-Luxembourg and others. +% \end{block} +% \end{frame} + +% --------- Summary --------- +\setcounter{tocdepth}{1} +\begin{frame} + \frametitle{Content at glance} + \tableofcontents +\end{frame} +\setcounter{tocdepth}{4} +% ---------------------------- + +% +% SECTION: What is MONARC? +% +\section{What is MONARC?} +\begin{frame} + \frametitle{Summary} + \tableofcontents[currentsection, hideothersubsections] +\end{frame} +\subsection{An open source software} +\begin{frame} + \frametitle{An open source software} + \framesubtitle{} + MONARC is the tool you need for an optimised, precise and repeatable risk assessment. + + \bigskip + \begin{itemize} + \item Web application (SaaS, self-hosted, virtual machine, etc.); + \item source code\footnote{\url{https://github.com/monarc-project}}: + \texttt{GNU Affero General Public License version 3}; + \item data: \texttt{CC0 1.0 Universal - Public Domain Dedication}. + \end{itemize} + + \bigskip + MONARC is easy to use. + + Used and recognized by experts from different fields (not only information security). + + \bigskip + For many users, it started with a spreadsheet! +\end{frame} + +\subsection{A community} +\begin{frame} + \frametitle{A community} + \framesubtitle{} + \begin{itemize} + \item more than 270 organizations:\\ \url{https://my.monarc.lu}; + \item 17 organizations sharing MONARC objects (threats, assets, recommendations, etc.):\\ + \url{https://objects.monarc.lu}; + \item a global dashboard with trends about threats and vulnerabilitties:\\ + \url{https://dashboard.monarc.lu}; + \item discussions on GitHub:\\ + \url{https://github.com/monarc-project/MonarcAppFO/discussions}. + \end{itemize} +\end{frame} + +\subsection{A method} +\begin{frame} + \frametitle{A method} + \framesubtitle{Based on \texttt{ISO/IEC 27005:2011}, but optimized} + \begin{center} + \includegraphics[scale=0.6]{../common_pictures/iso27005-2011.png} + \end{center} +\end{frame} diff --git a/20230531/2-method/method.tex b/20230531/2-method/method.tex new file mode 100644 index 0000000..88f0eb4 --- /dev/null +++ b/20230531/2-method/method.tex @@ -0,0 +1,144 @@ + +% +% SECTION: The method +% +\section{The method} +\begin{frame} + \frametitle{Summary} + \tableofcontents[currentsection, hideothersubsections] +\end{frame} + + +\subsection{Management of risk} +\begin{frame} + \frametitle{A Structured, Iterative and Qualitative method} + \framesubtitle{} + \begin{columns}[t] + \begin{column}{5.5cm} + \begin{figure} + \includegraphics[width=5.5cm]{../common_pictures/MONARC-method-1.png} + \end{figure} + \end{column} + \begin{column}{6.5cm} + \begin{itemize} + \item Structured: 1, 2, ..., n. + \item Iterative: \textbf{Plan}, \textbf{Do}, \textbf{Check}, \textbf{Act} + \item Qualitative: \textbf{Values} / \textbf{Consequence} + \begin{itemize} + \item Impact/Consequence, Threat, Vulnerability; + \item \textbf{r}eputation, image; + \item \textbf{o}peration; + \item \textbf{l}egal; + \item \textbf{f}inancial; + \item \textbf{p}erson (to the). + \end{itemize} + Possibility to define custom scales for operational risks. + \end{itemize} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Automated and simplified management} + \framesubtitle{Method based on \texttt{ISO/IEC 27005}} + \begin{center} + \includegraphics[scale=0.45]{../common_pictures/MONARC-method-2-2.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Automated and simplified management} + \framesubtitle{Sub-stages provided by the method are also in line with \texttt{ISO/IEC 27005}} + \begin{center} + \includegraphics[scale=0.4]{../common_pictures/MONARC-method-2-1.png} + \end{center} +\end{frame} + +\begin{frame} + \begin{block}{Information risks} + $$R = \textbf{I}mpact \times \textbf{T}hreat \times \textbf{V}ulnerability$$ + \begin{itemize} + \item impact on \textbf{C}onfidentiality \textbf{I}ntegrity \textbf{A}vailability; + \item on secondary assets. + \end{itemize} + \end{block} + + \begin{block}{Operational risks} + $$R = \textbf{I}mpact \times \textbf{P}robability$$ + \begin{itemize} + \item impact by default on ROLFP (possibility to define custom scales); + \item on primary assets. + \end{itemize} + \end{block} +\end{frame} + + + +\subsection{An optimized method} +\begin{frame} + \frametitle{Optimizations} + \framesubtitle{} + MONARC is an optimized method: + \begin{itemize} + \item inheritance on objects; + \item scope of objects; + \item inheritance on impacts; + \item deliverables; + \item multiple dashboards and reporting possibilities. + \end{itemize} +\end{frame} + +\subsubsection{Inheritance on objects} +\begin{frame} + \frametitle{Inheritance on objects} + \framesubtitle{Modelling} + \begin{center} + \includegraphics[scale=0.45]{../common_pictures/MONARC-method-modelling.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Inheritance} + \framesubtitle{Formalisation of the modelling} + \begin{center} + \includegraphics[scale=0.5]{../common_pictures/MONARC-modelling-formalisation.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Inheritance} + \framesubtitle{Formalisation of an asset} + Example with \texttt{OV\_BATI} + \begin{center} + \includegraphics[scale=0.7]{../common_pictures/ov_bati.png} + \end{center} +\end{frame} + +\subsubsection{Scope of objects} +\begin{frame} + \frametitle{Scope of objects} + \framesubtitle{Global or local assets} + \begin{center} + \begin{center} + \includegraphics[scale=0.45]{../common_pictures/global-vs-local.png} + \end{center} + \end{center} +\end{frame} + +\subsubsection{Inheritance on impacts} +\begin{frame} + \frametitle{Inheritance on impacts} + \framesubtitle{} + \begin{center} + \begin{center} + \includegraphics[width=12cm]{./pictures/impacts-inheritance.png} + \end{center} + \end{center} +\end{frame} + +\subsubsection{Deliverables} +\begin{frame} + \frametitle{Deliverables} + \framesubtitle{} + Shareable and customised templates of deliverables. +\end{frame} diff --git a/20230531/20230531_MONARC-training.tex b/20230531/20230531_MONARC-training.tex new file mode 100755 index 0000000..9572fa8 --- /dev/null +++ b/20230531/20230531_MONARC-training.tex @@ -0,0 +1,143 @@ +\documentclass[]{beamer} +\usepackage[utf8]{inputenc} +\usepackage{hyperref} +\usepackage{listings} +\lstset{ +basicstyle=\fontsize{10}{12}\selectfont\ttfamily, +keywordstyle=\color{blue}, +breaklines=true, +showtabs=false, +showstringspaces=false, +numberstyle=\tiny\color{mygray} +} +% \usepackage[french]{babel} +% \uselanguage{French} +% \languagepath{French} +\usepackage{pslatex} % for better PDF on screen +%\usepackage{textcomp} + +%\usetheme{AnnArbor} +%\usetheme{Antibes} +%\usetheme{Berkeley} +%\usetheme{Berlin} +%\usetheme{Boadilla} +\usetheme{CambridgeUS} +%\usetheme{Copenhagen} +%\usetheme{Dresden} +%\usetheme{Frankfurt} +%\usetheme{Goettingen} +%\usetheme{Hannover} +%\usetheme{JuanLesPins} +%\usetheme{Marburg} +%\usetheme{Montpellier} +%\usetheme{PaloAlto} +%\usetheme{Pittsburgh} +%\usetheme{Rochester} +%\usetheme{Singapore} +%\usetheme{Szeged} +%\usetheme{Warsaw} + + + +% Set Color ============================== +% Custom colors tested with CambridgeUS. +% If you want a nice looking presentation, +% simply comment this section. +\usepackage{xcolor} + +% http://www.computerhope.com/htmcolor.htm +\definecolor{gold}{HTML}{FDD017} +\definecolor{deep sky blue}{HTML}{3BB9FF} +\definecolor{light sky blue}{HTML}{82CAFA} +\definecolor{casesBlue}{HTML}{0072b8} + +\makeatletter +\definecolor{mybackground}{HTML}{82CAFA} +\definecolor{myforeground}{HTML}{0000A0} + +\setbeamercolor{normal text}{fg=black,bg=white} +\setbeamercolor{alerted text}{fg=red} +\setbeamercolor{example text}{fg=black} + +\setbeamercolor{background canvas}{fg=myforeground, bg=white} +\setbeamercolor{background}{fg=myforeground, bg=mybackground} + +\setbeamercolor{palette primary}{fg=black, bg=gold} +% \setbeamercolor{palette secondary}{fg=black, bg=gray!20!white} +\setbeamercolor{palette secondary}{fg=white, bg=casesBlue!80!gold} +\setbeamercolor{palette tertiary}{fg=white, bg=casesBlue} +% \makeatother + +% Set Color ============================== + + +\hypersetup{ +pdfkeywords = {MONARC, NC3, training, security}, +% pdfpagemode = FullScreen +} + +% Navigation menu +% disable options by commenting appropriate line +\setbeamertemplate{navigation symbols}{% +\insertslidenavigationsymbol +\insertframenavigationsymbol +\insertsubsectionnavigationsymbol +\insertsectionnavigationsymbol +\insertdocnavigationsymbol +\insertbackfindforwardnavigationsymbol +} + + +% contenu de la page de titre +\title[Introduction to MONARC]{Introduction to MONARC} +\subtitle{Optimised Risk Analysis Method} +\author[NC3]{Luxembourg House of Cybersecurity / NC3} +\institute[]{\href{https://www.nc3.lu}{National Cybersecurity Competence Centre of Luxembourg}} +\date{May 31, 2023} +% \date{\today{}} +\logo{\includegraphics[height=0.5cm]{../common_pictures/logo_lhc.png}} +\newsavebox{\logoA} +\newsavebox{\logoB} +\savebox{\logoA}{\includegraphics[width=3.0cm]{../common_pictures/logo_lhc.png}} +\savebox{\logoB}{\includegraphics[height=1.5cm]{../common_pictures/logo-monarc.png}} +\titlegraphic{% +\raisebox{.5\dimexpr\ht\logoB-\ht\logoA}{\usebox{\logoA}}% raise smaller logo into position +\hspace*{5cm}% +\usebox{\logoB} +} +% End of preamble + + +\begin{document} +\begin{frame} + \titlepage +\end{frame} + + +% Content +\include{1-introduction/introduction} +\include{2-method/method} +\include{3-tool/tool} +% \include{3.1-modules/modules} +% \include{4-roadmap/roadmap} +\include{5-services/services} + + +% +% SECTION: End of the presentation +% +\section*{End of the presentation} +\begin{frame} + \frametitle{End of the presentation} + \framesubtitle{} + \begin{center} + \begin{itemize} + \item Thank you for listening. + \item Contact: opensource@nc3.lu + \item \url{https://github.com/NC3-LU} + \item \url{https://github.com/monarc-project} + \item \url{https://www.monarc.lu} + \end{itemize} + \end{center} +\end{frame} +\end{document} diff --git a/20230531/3-tool/tool.tex b/20230531/3-tool/tool.tex new file mode 100644 index 0000000..4ec8942 --- /dev/null +++ b/20230531/3-tool/tool.tex @@ -0,0 +1,104 @@ +% +% SECTION: The tool +% +\section{The tool} +\begin{frame} + \frametitle{Summary} + \tableofcontents[currentsection, hideothersubsections] +\end{frame} +\subsection{Architecture} +\begin{frame} + \frametitle{} + \framesubtitle{} + \begin{center} + \includegraphics[scale=0.25]{pictures/monarc-architecture.png} + \end{center} +\end{frame} + + + +\subsection{Workshop} +\begin{frame} + \frametitle{Le'ts work a little!} + \framesubtitle{} + \begin{itemize} + \item connect to the MONARC formation instance:\\ + \url{https://formation.monarc.lu} + \item use login and password provided during the training. + \end{itemize} + + \bigskip + Compatible Web browsers: Firefox, Chrome and Safari. +\end{frame} + + + +\subsection{Modules} +\subsubsection{Dashboard} +\begin{frame} + \frametitle{Dashboard} + \framesubtitle{} + \begin{itemize} + \item provide different visualizations of the current analysis state; + \item visualizations are exportable (.png, .csv, .pptx). + \end{itemize} +\end{frame} + +\subsubsection{Statement of Applicabitity} +\begin{frame} + \frametitle{Statement of Applicabitity} + \framesubtitle{} + Statement of Applicability (SOA) and compliance level for a referential security. +\end{frame} + +\subsubsection{Record of processing activities} +\begin{frame} + \frametitle{Record of processing activities} + \framesubtitle{} + Register of the information treatment for processing activities. +\end{frame} + + + +\subsection{Roadmap} +\subsubsection{Past} +\begin{frame} + \frametitle{Latest notable developments} + \framesubtitle{} + \begin{itemize} + \item PHP 8 compatibility, possibility to link multiple specific models per client, + new feature to enforce two-factor authentication. + (\href{https://www.monarc.lu/news/2023/04/25/monarc-2126-released/}{MONARC 2.12.6}); + \item two-factor authentication, compliance scale, metadata assets + (\href{https://www.monarc.lu/news/2022/06/22/monarc-2121-released/}{MONARC 2.12.1}); + \item definition of custom scales for operational risks + (\href{https://www.monarc.lu/news/2021/09/02/monarc-2110-released/}{MONARC 2.11.0}); + \item dashboard for the CEO with data gathered from different MONARC instances + (\href{https://www.monarc.lu/news/2020/12/18/monarc-2101-released/}{MONARC 2.10.1}); + \item records of processing activities for the GDPR and set of recommendations + (\href{https://www.monarc.lu/news/2019/08/23/monarc-290-released/}{MONARC 2.9.0}); + \item connection with MOSP + (\href{https://www.monarc.lu/news/2019/05/28/monarc-282-released/}{MONARC 2.8.2}); + \item statement of applicability + (\href{https://www.monarc.lu/news/2018/08/22/monarc-270-released/}{MONARC 2.7.0}). + \end{itemize} +\end{frame} + +\subsubsection{Future} +\begin{frame} + \frametitle{Future developments} + \framesubtitle{} + \begin{itemize} + \item management of dependencies between services; + \item enhancements to the global dashboard towards a + security weather forecast\footnote{\url{https://dashboard.monarc.lu}}; + \item enhancements to the sharing of MONARC objects with + MOSP\footnote{\url{https://objects.monarc.lu}}; + \item import of models in back office; + \item link between GDPR module and some objects in MONARC. + \end{itemize} + \bigskip + Idea ? + $\rightarrow$ + \href{https://github.com/monarc-project/MonarcAppFO/discussions/categories/ideas}{Discussions on GitHub} +\end{frame} diff --git a/20230531/3.1-modules/modules.tex b/20230531/3.1-modules/modules.tex new file mode 100644 index 0000000..fbf0630 --- /dev/null +++ b/20230531/3.1-modules/modules.tex @@ -0,0 +1,3 @@ +% +% SECTION: Modules +% diff --git a/20230531/4-roadmap/roadmap.tex b/20230531/4-roadmap/roadmap.tex new file mode 100644 index 0000000..2fa0b05 --- /dev/null +++ b/20230531/4-roadmap/roadmap.tex @@ -0,0 +1,3 @@ +% +% SECTION: Roadmap +% diff --git a/20230531/5-services/services.tex b/20230531/5-services/services.tex new file mode 100644 index 0000000..48566f2 --- /dev/null +++ b/20230531/5-services/services.tex @@ -0,0 +1,15 @@ +% +% SECTION: Services +% +\section*{Services} +\begin{frame} + \frametitle{Services related to MONARC} + \begin{center} + \begin{itemize} + \item help at deploying; + \item help at using; + \item trainings; + \item developments, feature requests. + \end{itemize} + \end{center} +\end{frame} diff --git a/20230531/pictures/impacts-inheritance.png b/20230531/pictures/impacts-inheritance.png new file mode 100644 index 0000000..7717c80 Binary files /dev/null and b/20230531/pictures/impacts-inheritance.png differ diff --git a/20230531/pictures/monarc-architecture.png b/20230531/pictures/monarc-architecture.png new file mode 100644 index 0000000..aec76de Binary files /dev/null and b/20230531/pictures/monarc-architecture.png differ