Professional Documents
Culture Documents
as critical
infrastructure
---
Manage information
security through
lifecycle
Francesco Di Maio
(ENAV ITA. Head Security)
CANSO ASWG Chair
GANIS/SANIS, ICAO HQ, Montreal, 11-15 December 2017
FOREWORDS
Evidences:
stratification of technologies
legacy and COTS
lock-in, obsolescence and
investment protection issues;
Safety vs security: what is this?
Interoperability
interdependencies
Energy
Telecommunications
Ancillary services
∞
COMPLIANCE + DUE DILIGENCE: PROACTIVE SECURITY
Professional approach;
Methodology;
Apply continuous improvement
Do not «over» everything
• Over-regulation
• Over-auditing
• Over-expenses
• …
Risk based approach always;
Systematically thinking;
Focus on both threats and vulnerabilities;
Share relevant information (IoC) not opinions
FROM THEORY TO ACTION
National Organization within EU NIS Directive
Political-Strategical Level
PRIME CISR
MINISTER Inter-Ministerial Committee for National Security
CyberSecurity Unit
Scientific
DIS Committee
(SECURITY
INTELLIGENCE Operational/Decisional Support Level
NISP
DEPARTMENT)
Situational and
Planning Unit Intelligence
Agencies (AISI/AISE)
i-SOC Services
8
SERVICES PROVIDED LIFECYCLE SPAN
Risk Management
Crisis Management
Civil/Military Coordination
Classified Information
Protection
Security Department
Authentication Authorization
Accounting
Security Intelligence
Policy Enforcement
Policy Compliance
Forensic
Security Awarness
Attack Simulation
Lesson Learned
& dissemination
9
IT Operation
Assett Management
SECURITY OPERATIONS - DETAIL
Security Event Monitoring
Authentication Authorization
Accounting
Endpoint Protection
Policy Enforcement
Policy Compliance
Forensic
Security Awarness
Attack Simulation
Lesson Learned
& dissemination
10
IT Operation
Assett Management
SECURITY MODEL
- WEB
- NETWORK
- MALWARE
- AUTHENTICATION
- VULNERABILITIES
- OS/SERVICES
- IDENTITIES
- USERS
12
- ASSETS
FOCUS ON INFORMATION SHARING
Objective Ensure a pure and trusted Public-Private Partnership using
standard language and transfer STIX/TAXII protocol and the
existing SIEM or intelligence platform in the federated entities
MineMeld
STIX/TAXII
network
THE ARCHITECTURE
CANSO Headquarters
Transpolis Schiphol Airport
Polaris Avenue 85e
2132 JH Hoofddorp
the Netherlands