There is and always will be a permanent race in cyber space between attackers and defenders. Unfortunately, at the moment attackers are one step ahead. In this race it is impossible to know and, finally, to beat the opponents without understanding their capabilities and attack methods. Hence, understanding threats is a vital element towards protecting organisation that needs to be in the focus of business leaders and information security professionals alike.
The concept of a threat is often misused, with many prominent organisations and frameworks still using the term threat when they mean either attack or vulnerability. A threat is defined as anything that is capable, by its action or inaction, of causing harm to the organisation by compromising the confidentiality, integrity or availability of an information asset.
Populating a threat landscape for the environment being assessed involves identifying potentially relevant threats through discussion with key stakeholders, and analysing available sources of threat intelligence. At the conclusion of the Threat Profiling exercise, the defined and agreed threat landscape, in-scope threat events and impacted information assets (inventory) should be documented by the business.
For each threat, we will assess specific characteristics known as threat attributes. These attributes will be used to help model the behaviour of each threat, a process known as threat profiling.
“Know yourself, know the enemy. A thousand battles, a thousand victories”
The workshop will give attendees the understanding and the tools needed to:1. Profile and prioritise all threats that are relevant to the organisation (environment) being assessed
2. Identify the potential ways that the highest priority threats could manifest to cause harm to the organisation
Steps:1. Populate the threat landscape; What Threats could target our environment?
2. Profile Threats; What are the characteristics of the threats?
3. Produce a prioritised threat landscape; Which threats must we address?
4. Scope and map the threat events; Which threat events can a threat use?
5. Identify and map information asset(s) impacted by each threat event; Which assets are exposed to a Threat - Threat event(s)?
About the trainer:
Alternating senior management, consulting and business development roles Flavius Plesu is an enthusiastic information security professional with over 10 years of Information Security experience in international markets, both public and private sector, within a variety of sectors such as Financial Services, Legal, Technology, Transport and Logistics, Government and Education.
As the Global Information Risk and Policy Director at Markit*, Flavius is responsible for defining and landing the information risk management framework to support the organisation in identifying the key critical risks and the controls required to mitigate these to an acceptable level. At the same time he assists the corporate departments and various business units to understand and establish acceptable levels of risk, in order to reduce the potential for information security breaches. His work ultimately enables the executive team to make well informed business decisions.
Flavius holds a GCHQ-certified MSc degree in Information Security from ISG Royal Holloway, University of London and various industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Internal Security Assessor - PCI Security Standards Council (PCI DSS ISA).
Markit is a leading global provider of financial information services with 4,500 employees and annual revenues of over $1.6 billion.
Requirements:All the attendees have to bring a personal laptop in order to execute the exercises put up by the trainer.
Number of attendees: 15
Registration:Registration fee (all taxes included):
199 EUR until Jan 20th, 2016
249 EUR between Jan 21st - Jan 29th, 2016
* 149 EUR if your company is a ANIS or ClujIT Cluster member
! a 50% down-payment is required in order to reserve your presence.
For reservations and details contact us:
0744 549 898