Added the new training files.

Signed-off-by: Ruslan Baidan <[email protected]>

20231206/1-introduction/introduction.tex

@@ -0,0 +1,108 @@
+%
+% SECTION: Luxembourg House of Cybersecurity
+%
+\section*{Who we are - Our history}
+\begin{frame}
+%   \frametitle{Luxembourg House of Cybersecurity / Our history}
+  \begin{center}
+    \begin{itemize}
+      \item 2003: Cyberworld Awareness and Security Enhancement Services (\textbf{CASES});
+      \item 2007: Computer Incident Response Center Luxembourg (\textbf{CIRCL});
+      \item 2010: SECURITYMADEIN.LU is a \textit{GIE} (Groupement d’Intérêt Économique). CIRCL and CASES are department of SECURITYMADEIN.LU;
+      \item 2017: Cyber security Competence Center (\textbf{C3}), a new department of SECURITYMADEIN.LU;
+      \item On 17th Oct. 2022: SECURITYMADEIN.LU transformed into the Luxembourg House of Cybersecurity (\textbf{LHC})\\
+        CASES and C3 are now the National Cybersecurity Competence Centre of Luxembourg (\textbf{NC3})
+    \end{itemize}
+  \end{center}
+  CASES was an initiative of the Ministry of Economy after the worm
+  \textit{I love you} decimated more than 3 millions computers in less than a week.
+\end{frame}
+
+% \begin{frame}
+%   \frametitle{CASES}
+%   \framesubtitle{}
+%   \begin{block}{Mission}
+%     Foster cyber security by supporting Luxembourg administrations and SMEs.
+%   \end{block}
+%
+%   \begin{block}{Services}
+%     \begin{center}
+%       \begin{itemize}
+%         \item \textbf{Awareness}: publications of articles and videos;
+%         \item \textbf{Trainings}:
+%         introduction to cyber security for different audiences;
+%         \item \textbf{Software}:
+%         MONARC, MOSP, Fit4Cybersecurity, etc.
+%       \end{itemize}
+%     \end{center}
+%   \end{block}
+%
+%   \begin{block}{Cooperations}
+%     ANSSI-LU,
+%     Centre for Cyber Security Belgium, KonzeptAcht GmbH, ILR, GRC-Luxembourg and others.
+%   \end{block}
+% \end{frame}
+
+% --------- Summary ---------
+\setcounter{tocdepth}{1}
+\begin{frame}
+  \frametitle{Content at glance}
+  \tableofcontents
+\end{frame}
+\setcounter{tocdepth}{4}
+% ----------------------------
+
+%
+% SECTION: What is MONARC?
+%
+\section{What is MONARC?}
+\begin{frame}
+  \frametitle{Summary}
+  \tableofcontents[currentsection, hideothersubsections]
+\end{frame}
+\subsection{An open source software}
+\begin{frame}
+  \frametitle{An open source software}
+  \framesubtitle{}
+  MONARC is the tool you need for an optimised, precise and repeatable risk assessment.
+
+  \bigskip
+  \begin{itemize}
+    \item Web application (SaaS, self-hosted, virtual machine, etc.);
+    \item source code\footnote{\url{https://github.com/monarc-project}}:
+    \texttt{GNU Affero General Public License version 3};
+    \item data: \texttt{CC0 1.0 Universal - Public Domain Dedication}.
+  \end{itemize}
+
+  \bigskip
+  MONARC is easy to use.
+
+  Used and recognized by experts from different fields (not only information security).
+
+  \bigskip
+  For many users, it started with a spreadsheet!
+\end{frame}
+
+\subsection{A community}
+\begin{frame}
+  \frametitle{A community}
+  \framesubtitle{}
+  \begin{itemize}
+    \item more than 280 organizations:\\ \url{https://my.monarc.lu};
+    \item 17 organizations sharing MONARC objects (threats, assets, recommendations, etc.):\\
+    \url{https://objects.monarc.lu};
+    \item a global dashboard with trends about threats and vulnerabilitties:\\
+    \url{https://dashboard.monarc.lu};
+    \item discussions on GitHub:\\
+    \url{https://github.com/monarc-project/MonarcAppFO/discussions}.
+  \end{itemize}
+\end{frame}
+
+\subsection{A method}
+\begin{frame}
+  \frametitle{A method}
+  \framesubtitle{Based on \texttt{ISO/IEC 27005:2011}, but optimized}
+  \begin{center}
+    \includegraphics[scale=0.6]{../common_pictures/iso27005-2011.png}
+  \end{center}
+\end{frame}

20231206/2-method/method.tex

@@ -0,0 +1,144 @@
+
+%
+% SECTION: The method
+%
+\section{The method}
+\begin{frame}
+  \frametitle{Summary}
+  \tableofcontents[currentsection, hideothersubsections]
+\end{frame}
+
+
+\subsection{Management of risk}
+\begin{frame}
+  \frametitle{A Structured, Iterative and Qualitative method}
+  \framesubtitle{}
+  \begin{columns}[t]
+    \begin{column}{5.5cm}
+      \begin{figure}
+        \includegraphics[width=5.5cm]{../common_pictures/MONARC-method-1.png}
+      \end{figure}
+    \end{column}
+    \begin{column}{6.5cm}
+      \begin{itemize}
+        \item Structured: 1, 2, ..., n.
+        \item Iterative: \textbf{Plan}, \textbf{Do}, \textbf{Check}, \textbf{Act}
+        \item Qualitative: \textbf{Values} / \textbf{Consequence}
+        \begin{itemize}
+          \item Impact/Consequence, Threat, Vulnerability;
+          \item \textbf{r}eputation, image;
+          \item \textbf{o}peration;
+          \item \textbf{l}egal;
+          \item \textbf{f}inancial;
+          \item \textbf{p}erson (to the).
+        \end{itemize}
+        Possibility to define custom scales for operational risks.
+      \end{itemize}
+    \end{column}
+  \end{columns}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Automated and simplified management}
+  \framesubtitle{Method based on \texttt{ISO/IEC 27005}}
+  \begin{center}
+    \includegraphics[scale=0.45]{../common_pictures/MONARC-method-2-2.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Automated and simplified management}
+  \framesubtitle{Sub-stages provided by the method are also in line with \texttt{ISO/IEC 27005}}
+  \begin{center}
+    \includegraphics[scale=0.4]{../common_pictures/MONARC-method-2-1.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \begin{block}{Information risks}
+    $$R = \textbf{I}mpact \times \textbf{T}hreat \times \textbf{V}ulnerability$$
+    \begin{itemize}
+      \item impact on \textbf{C}onfidentiality \textbf{I}ntegrity \textbf{A}vailability;
+      \item on secondary assets.
+    \end{itemize}
+  \end{block}
+
+  \begin{block}{Operational risks}
+    $$R = \textbf{I}mpact \times \textbf{P}robability$$
+    \begin{itemize}
+      \item impact by default on ROLFP (possibility to define custom scales);
+      \item on primary assets.
+    \end{itemize}
+  \end{block}
+\end{frame}
+
+
+
+\subsection{An optimized method}
+\begin{frame}
+  \frametitle{Optimizations}
+  \framesubtitle{}
+  MONARC is an optimized method:
+  \begin{itemize}
+    \item inheritance on objects;
+    \item scope of objects;
+    \item inheritance on impacts;
+    \item deliverables;
+    \item multiple dashboards and reporting possibilities.
+  \end{itemize}
+\end{frame}
+
+\subsubsection{Inheritance on objects}
+\begin{frame}
+  \frametitle{Inheritance on objects}
+  \framesubtitle{Modelling}
+  \begin{center}
+    \includegraphics[scale=0.45]{../common_pictures/MONARC-method-modelling.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Inheritance}
+  \framesubtitle{Formalisation of the modelling}
+  \begin{center}
+    \includegraphics[scale=0.5]{../common_pictures/MONARC-modelling-formalisation.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Inheritance}
+  \framesubtitle{Formalisation of an asset}
+  Example with \texttt{OV\_BATI}
+  \begin{center}
+    \includegraphics[scale=0.7]{../common_pictures/ov_bati.png}
+  \end{center}
+\end{frame}
+
+\subsubsection{Scope of objects}
+\begin{frame}
+  \frametitle{Scope of objects}
+  \framesubtitle{Global or local assets}
+  \begin{center}
+    \begin{center}
+      \includegraphics[scale=0.45]{../common_pictures/global-vs-local.png}
+    \end{center}
+  \end{center}
+\end{frame}
+
+\subsubsection{Inheritance on impacts}
+\begin{frame}
+  \frametitle{Inheritance on impacts}
+  \framesubtitle{}
+  \begin{center}
+    \begin{center}
+      \includegraphics[width=12cm]{./pictures/impacts-inheritance.png}
+    \end{center}
+  \end{center}
+\end{frame}
+
+\subsubsection{Deliverables}
+\begin{frame}
+  \frametitle{Deliverables}
+  \framesubtitle{}
+  Shareable and customised templates of deliverables.
+\end{frame}

20231206/20231206_MONARC-training.tex

@@ -0,0 +1,143 @@
+\documentclass[]{beamer}
+\usepackage[utf8]{inputenc}
+\usepackage{hyperref}
+\usepackage{listings}
+\lstset{
+basicstyle=\fontsize{10}{12}\selectfont\ttfamily,
+keywordstyle=\color{blue},
+breaklines=true,
+showtabs=false,
+showstringspaces=false,
+numberstyle=\tiny\color{mygray}
+}
+% \usepackage[french]{babel}
+% \uselanguage{French}
+% \languagepath{French}
+\usepackage{pslatex}        % for better PDF on screen
+%\usepackage{textcomp}
+
+%\usetheme{AnnArbor}
+%\usetheme{Antibes}
+%\usetheme{Berkeley}
+%\usetheme{Berlin}
+%\usetheme{Boadilla}
+\usetheme{CambridgeUS}
+%\usetheme{Copenhagen}
+%\usetheme{Dresden}
+%\usetheme{Frankfurt}
+%\usetheme{Goettingen}
+%\usetheme{Hannover}
+%\usetheme{JuanLesPins}
+%\usetheme{Marburg}
+%\usetheme{Montpellier}
+%\usetheme{PaloAlto}
+%\usetheme{Pittsburgh}
+%\usetheme{Rochester}
+%\usetheme{Singapore}
+%\usetheme{Szeged}
+%\usetheme{Warsaw}
+
+
+
+% Set Color ==============================
+% Custom colors tested with CambridgeUS.
+% If you want a nice looking presentation,
+% simply comment this section.
+\usepackage{xcolor}
+
+% http://www.computerhope.com/htmcolor.htm
+\definecolor{gold}{HTML}{FDD017}
+\definecolor{deep sky blue}{HTML}{3BB9FF}
+\definecolor{light sky blue}{HTML}{82CAFA}
+\definecolor{casesBlue}{HTML}{0072b8}
+
+\makeatletter
+\definecolor{mybackground}{HTML}{82CAFA}
+\definecolor{myforeground}{HTML}{0000A0}
+
+\setbeamercolor{normal text}{fg=black,bg=white}
+\setbeamercolor{alerted text}{fg=red}
+\setbeamercolor{example text}{fg=black}
+
+\setbeamercolor{background canvas}{fg=myforeground, bg=white}
+\setbeamercolor{background}{fg=myforeground, bg=mybackground}
+
+\setbeamercolor{palette primary}{fg=black, bg=gold}
+%       \setbeamercolor{palette secondary}{fg=black, bg=gray!20!white}
+\setbeamercolor{palette secondary}{fg=white, bg=casesBlue!80!gold}
+\setbeamercolor{palette tertiary}{fg=white, bg=casesBlue}
+%       \makeatother
+
+% Set Color ==============================
+
+
+\hypersetup{
+pdfkeywords = {MONARC, NC3, training, security},
+% pdfpagemode = FullScreen
+}
+
+% Navigation menu
+% disable options by commenting appropriate line
+\setbeamertemplate{navigation symbols}{%
+\insertslidenavigationsymbol
+\insertframenavigationsymbol
+\insertsubsectionnavigationsymbol
+\insertsectionnavigationsymbol
+\insertdocnavigationsymbol
+\insertbackfindforwardnavigationsymbol
+}
+
+
+% contenu de la page de titre
+\title[Introduction to MONARC]{Introduction to MONARC}
+\subtitle{Optimised Risk Analysis Method}
+\author[NC3]{Luxembourg House of Cybersecurity / NC3}
+\institute[]{\href{https://www.nc3.lu}{National Cybersecurity Competence Centre of Luxembourg}}
+\date{December 06, 2023}
+% \date{\today{}}
+\logo{\includegraphics[height=0.5cm]{../common_pictures/logo_lhc.png}}
+\newsavebox{\logoA}
+\newsavebox{\logoB}
+\savebox{\logoA}{\includegraphics[width=3.0cm]{../common_pictures/logo_lhc.png}}
+\savebox{\logoB}{\includegraphics[height=1.5cm]{../common_pictures/logo-monarc.png}}
+\titlegraphic{%
+\raisebox{.5\dimexpr\ht\logoB-\ht\logoA}{\usebox{\logoA}}% raise smaller logo into position
+\hspace*{5cm}%
+\usebox{\logoB}
+}
+% End of preamble
+
+
+\begin{document}
+\begin{frame}
+  \titlepage
+\end{frame}
+
+
+% Content
+\include{1-introduction/introduction}
+\include{2-method/method}
+\include{3-tool/tool}
+% \include{3.1-modules/modules}
+% \include{4-roadmap/roadmap}
+\include{5-services/services}
+
+
+%
+% SECTION: End of the presentation
+%
+\section*{End of the presentation}
+\begin{frame}
+  \frametitle{End of the presentation}
+  \framesubtitle{}
+  \begin{center}
+    \begin{itemize}
+      \item Thank you for listening.
+      \item Contact: [email protected]
+      \item \url{https://github.com/NC3-LU}
+      \item \url{https://github.com/monarc-project}
+      \item \url{https://www.monarc.lu}
+    \end{itemize}
+  \end{center}
+\end{frame}
+\end{document}