-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added slides for the presentation of 28 November 2022
- Loading branch information
1 parent
51ec62e
commit 9357378
Showing
10 changed files
with
525 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,108 @@ | ||
| % | ||
| % SECTION: Luxembourg House of Cybersecurity | ||
| % | ||
| \section*{Who we are - Our history} | ||
| \begin{frame} | ||
| % \frametitle{Luxembourg House of Cybersecurity / Our history} | ||
| \begin{center} | ||
| \begin{itemize} | ||
| \item 2003: Cyberworld Awareness and Security Enhancement Services (\textbf{CASES}); | ||
| \item 2007: Computer Incident Response Center Luxembourg (\textbf{CIRCL}); | ||
| \item 2010: SECURITYMADEIN.LU is a \textit{GIE} (Groupement d’Intérêt Économique). CIRCL and CASES are department of SECURITYMADEIN.LU; | ||
| \item 2017: Cyber security Competence Center (\textbf{C3}), a new department of SECURITYMADEIN.LU; | ||
| \item On 17th Oct. 2022: SECURITYMADEIN.LU transformed into the Luxembourg House of Cybersecurity (\textbf{LHC})\\ | ||
| CASES and C3 are now the National Cybersecurity Competence Center of Luxembourg (\textbf{NC3}) | ||
| \end{itemize} | ||
| \end{center} | ||
| CASES was an initiative of the Ministry of Economy after the worm | ||
| \textit{I love you} decimated more than 3 millions computers in less than a week. | ||
| \end{frame} | ||
|
|
||
| % \begin{frame} | ||
| % \frametitle{CASES} | ||
| % \framesubtitle{} | ||
| % \begin{block}{Mission} | ||
| % Foster cyber security by supporting Luxembourg administrations and SMEs. | ||
| % \end{block} | ||
| % | ||
| % \begin{block}{Services} | ||
| % \begin{center} | ||
| % \begin{itemize} | ||
| % \item \textbf{Awareness}: publications of articles and videos; | ||
| % \item \textbf{Trainings}: | ||
| % introduction to cyber security for different audiences; | ||
| % \item \textbf{Software}: | ||
| % MONARC, MOSP, Fit4Cybersecurity, etc. | ||
| % \end{itemize} | ||
| % \end{center} | ||
| % \end{block} | ||
| % | ||
| % \begin{block}{Cooperations} | ||
| % ANSSI-LU, | ||
| % Centre for Cyber Security Belgium, KonzeptAcht GmbH, ILR, GRC-Luxembourg and others. | ||
| % \end{block} | ||
| % \end{frame} | ||
|
|
||
| % --------- Summary --------- | ||
| \setcounter{tocdepth}{1} | ||
| \begin{frame} | ||
| \frametitle{Content at glance} | ||
| \tableofcontents | ||
| \end{frame} | ||
| \setcounter{tocdepth}{4} | ||
| % ---------------------------- | ||
|
|
||
| % | ||
| % SECTION: What is MONARC? | ||
| % | ||
| \section{What is MONARC?} | ||
| \begin{frame} | ||
| \frametitle{Summary} | ||
| \tableofcontents[currentsection, hideothersubsections] | ||
| \end{frame} | ||
| \subsection{An open source software} | ||
| \begin{frame} | ||
| \frametitle{An open source software} | ||
| \framesubtitle{} | ||
| MONARC is the tool you need for an optimised, precise and repeatable risk assessment. | ||
|
|
||
| \bigskip | ||
| \begin{itemize} | ||
| \item Web application (SaaS, self-hosted, virtual machine, etc.); | ||
| \item source code\footnote{\url{https://github.com/monarc-project}}: | ||
| \texttt{GNU Affero General Public License version 3}; | ||
| \item data: \texttt{CC0 1.0 Universal - Public Domain Dedication}. | ||
| \end{itemize} | ||
|
|
||
| \bigskip | ||
| MONARC is easy to use. | ||
|
|
||
| Used and recognized by experts from different fields (not only information security). | ||
|
|
||
| \bigskip | ||
| For many users, it started with a spreadsheet! | ||
| \end{frame} | ||
|
|
||
| \subsection{A community} | ||
| \begin{frame} | ||
| \frametitle{A community} | ||
| \framesubtitle{} | ||
| \begin{itemize} | ||
| \item more than 270 organizations:\\ \url{https://my.monarc.lu}; | ||
| \item 17 organizations sharing MONARC objects (threats, assets, recommendations, etc.):\\ | ||
| \url{https://objects.monarc.lu}; | ||
| \item a global dashboard with trends about threats and vulnerabilitties:\\ | ||
| \url{https://dashboard.monarc.lu}; | ||
| \item discussions on GitHub:\\ | ||
| \url{https://github.com/monarc-project/MonarcAppFO/discussions}. | ||
| \end{itemize} | ||
| \end{frame} | ||
|
|
||
| \subsection{A method} | ||
| \begin{frame} | ||
| \frametitle{A method} | ||
| \framesubtitle{Based on \texttt{ISO/IEC 27005:2011}, but optimized} | ||
| \begin{center} | ||
| \includegraphics[scale=0.6]{../common_pictures/iso27005-2011.png} | ||
| \end{center} | ||
| \end{frame} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,144 @@ | ||
|
|
||
| % | ||
| % SECTION: The method | ||
| % | ||
| \section{The method} | ||
| \begin{frame} | ||
| \frametitle{Summary} | ||
| \tableofcontents[currentsection, hideothersubsections] | ||
| \end{frame} | ||
|
|
||
|
|
||
| \subsection{Management of risk} | ||
| \begin{frame} | ||
| \frametitle{A Structured, Iterative and Qualitative method} | ||
| \framesubtitle{} | ||
| \begin{columns}[t] | ||
| \begin{column}{5.5cm} | ||
| \begin{figure} | ||
| \includegraphics[width=5.5cm]{../common_pictures/MONARC-method-1.png} | ||
| \end{figure} | ||
| \end{column} | ||
| \begin{column}{6.5cm} | ||
| \begin{itemize} | ||
| \item Structured: 1, 2, ..., n. | ||
| \item Iterative: \textbf{Plan}, \textbf{Do}, \textbf{Check}, \textbf{Act} | ||
| \item Qualitative: \textbf{Values} / \textbf{Consequence} | ||
| \begin{itemize} | ||
| \item Impact/Consequence, Threat, Vulnerability; | ||
| \item \textbf{r}eputation, image; | ||
| \item \textbf{o}peration; | ||
| \item \textbf{l}egal; | ||
| \item \textbf{f}inancial; | ||
| \item \textbf{p}erson (to the). | ||
| \end{itemize} | ||
| Possibility to define custom scales for operational risks. | ||
| \end{itemize} | ||
| \end{column} | ||
| \end{columns} | ||
| \end{frame} | ||
|
|
||
| \begin{frame} | ||
| \frametitle{Automated and simplified management} | ||
| \framesubtitle{Method based on \texttt{ISO/IEC 27005}} | ||
| \begin{center} | ||
| \includegraphics[scale=0.45]{../common_pictures/MONARC-method-2-2.png} | ||
| \end{center} | ||
| \end{frame} | ||
|
|
||
| \begin{frame} | ||
| \frametitle{Automated and simplified management} | ||
| \framesubtitle{Sub-stages provided by the method are also in line with \texttt{ISO/IEC 27005}} | ||
| \begin{center} | ||
| \includegraphics[scale=0.4]{../common_pictures/MONARC-method-2-1.png} | ||
| \end{center} | ||
| \end{frame} | ||
|
|
||
| \begin{frame} | ||
| \begin{block}{Information risks} | ||
| $$R = I \times T \times V$$ | ||
| \begin{itemize} | ||
| \item impact on \textbf{C}onfidentiality \textbf{I}ntegrity \textbf{A}vailability; | ||
| \item on secondary assets. | ||
| \end{itemize} | ||
| \end{block} | ||
|
|
||
| \begin{block}{Operational risks} | ||
| $$R = I \times P$$ | ||
| \begin{itemize} | ||
| \item impact by default on ROLFP (possibility to define custom scales); | ||
| \item on primary assets. | ||
| \end{itemize} | ||
| \end{block} | ||
| \end{frame} | ||
|
|
||
|
|
||
|
|
||
| \subsection{An optimized method} | ||
| \begin{frame} | ||
| \frametitle{Optimizations} | ||
| \framesubtitle{} | ||
| MONARC is an optimized method: | ||
| \begin{itemize} | ||
| \item inheritance on objects; | ||
| \item scope of objects; | ||
| \item inheritance on impacts; | ||
| \item deliverables; | ||
| \item multiple dashboards and reporting possibilities. | ||
| \end{itemize} | ||
| \end{frame} | ||
|
|
||
| \subsubsection{Inheritance on objects} | ||
| \begin{frame} | ||
| \frametitle{Inheritance on objects} | ||
| \framesubtitle{Modelling} | ||
| \begin{center} | ||
| \includegraphics[scale=0.45]{../common_pictures/MONARC-method-modelling.png} | ||
| \end{center} | ||
| \end{frame} | ||
|
|
||
| \begin{frame} | ||
| \frametitle{Inheritance} | ||
| \framesubtitle{Formalisation of the modelling} | ||
| \begin{center} | ||
| \includegraphics[scale=0.5]{../common_pictures/MONARC-modelling-formalisation.png} | ||
| \end{center} | ||
| \end{frame} | ||
|
|
||
| \begin{frame} | ||
| \frametitle{Inheritance} | ||
| \framesubtitle{Formalisation of an asset} | ||
| Example with \texttt{OV\_BATI} | ||
| \begin{center} | ||
| \includegraphics[scale=0.7]{../common_pictures/ov_bati.png} | ||
| \end{center} | ||
| \end{frame} | ||
|
|
||
| \subsubsection{Scope of objects} | ||
| \begin{frame} | ||
| \frametitle{Scope of objects} | ||
| \framesubtitle{Global or local assets} | ||
| \begin{center} | ||
| \begin{center} | ||
| \includegraphics[scale=0.45]{../common_pictures/global-vs-local.png} | ||
| \end{center} | ||
| \end{center} | ||
| \end{frame} | ||
|
|
||
| \subsubsection{Inheritance on impacts} | ||
| \begin{frame} | ||
| \frametitle{Inheritance on impacts} | ||
| \framesubtitle{} | ||
| \begin{center} | ||
| \begin{center} | ||
| \includegraphics[width=12cm]{./pictures/impacts-inheritance.png} | ||
| \end{center} | ||
| \end{center} | ||
| \end{frame} | ||
|
|
||
| \subsubsection{Deliverables} | ||
| \begin{frame} | ||
| \frametitle{Deliverables} | ||
| \framesubtitle{} | ||
| Shareable and customised templates of deliverables. | ||
| \end{frame} |
Oops, something went wrong.