SlideShare a Scribd company logo

Information Security @ AVL

Microsoft Österreich, profile picture
Microsoft Österreich

H. Czamai presented on information security at AVL, an automotive engineering company. AVL has implemented an Information Security Management System (ISMS) based on ISO 27001 to ensure information security through organizational and technical measures. This includes an ISO 27001 certification, security awareness training, global policies, audits, and technical controls like firewalls, access management, and encryption. AVL also manages risks through threat detection and vulnerability management processes. The presentation discussed AVL's global operations, top security threats, and cloud security strategy using Microsoft services like Azure and Intune.

Technology
Related topics:
Information Security
1 of 24
Downloaded 60 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
H. Czamai AVL List GmbH (Headquarters) Public INFORMATION SECURITY @ AVL
H. Czamai | | 20 März 2017 | 2Public AGENDA „Aus dem Leben eines IT-Security-Verantwortlichen“  Introduction AVL  ISMS @ AVL  How AVL survives in the Cybersecurity Jungle
H. Czamai | | 20 März 2017 | 3Public  AVL achieves unique results in regards to the development and improvement of all types of powertrains as well as in the field of measurement and test technology.  AVL – over 65 years’ experience  Involved in more than 1,500 engine development projects  More than 4,000 engine testbed installations OUR EXPERIENCE FOR YOUR SUCCESS
4Public ENTERPRISE DEVELOPMENT AUTOMOTIVE 5 powertrain elements EXPERIENCE More than 65 years ! GLOBAL FOOTPRINT 30 engineering locations  >220 test beds  Global customer support network ONE PARTNER INNOVATION 1500 granted patents RESEARCH 10% of turnover in-house R&D GROWTH SALES  1995: 0.15 billion €  2015: 1.27 billion €  prev. 2016: 1.41 billion € STAFF  8,050 employees  65% engineers & scientists 0 100 200 300 400 500 600 700 800 900 1.000 1.100 1.200 1.300 1.400 1.500 Mio. €
H. Czamai | | 20 März 2017 | 5Public SOLUTIONS FOR ALL CUSTOMER SEGMENTS Passenger Cars Racing2-Wheelers Construction Commercial Vehicle Agriculture Locomotive Power PlantsMarine Powertrain Engineering Simulation & Testing Development Platform
H. Czamai | | 20 März 2017 | 6Public AVL – A GLOBAL PARTNER *Headquarters in Graz Austria* Croatia Czech Republic France Germany Great Britain Romania Russia Slovenia Spain Sweden Turkey Hungary Italy Poland South America Argentina Brazil Asia China India Indonesia Japan Korea Malaysia Taiwan Thailand Vietnam Australia North America Mexico USA Europe
H. Czamai | | 20 März 2017 | 7Public AVL POWERTRAIN – A NETWORK OF TECHNICAL CENTERS *Headquarters in Graz Austria* France Germany Great Britain Hungary Sweden Turkey South America Brazil Asia China India Japan Korea Australia North America USA Europe Ann Arbor, USA Plymouth, USA Paris, FRA Lake Forest, USA Sao Paulo, BRA Sydney, AUS Gotenborg, SWEBudapest, HUN Istanbul, TUR Basildon, UK Shanghai, CHN Remscheid, GER Munich, GER Stuttgart, GER Regensburg, GERNeuenstadt, GER Ingolstadt, GERCoventry, UK Tianjin, CHN Steyr, AUT Haninge, SWE Södertälje,SWEHQ Graz, AUT + another 9 Engineering Offices Delhi-Gurgaon, IND Tokyo, JPNSeoul, KOR
H. Czamai | | 20 März 2017 | 8Public ORIENTATION FOR AN INNOVATIVE FUTURE AFFORDABLE CO2 REDUCTION AVL PROVIDES INNOVATIVE SOLUTIONS - SUPPORTING OUR CUSTOMERS TO MEET THESE MAJOR CHALLENGES MASTERING SPEED & COMPLEXITY TO MARKET STRATEGIC GLOBAL PARTNER
H. Czamai | | 20 März 2017 | 9Public CHALLENGES FOR INFORMATION SECURITY A STRUCTURED APPROACH (E.G. ISO27001 ISMS) ALLOWS US TO ENSURE THE NECESSARY LEVEL OF INFORMATION SECURITY MASTERING SPEED & COMPLEXITY TECHNOLOGY THREATS GLOBAL SETUP CULTURES AWARENESS
H. Czamai | | 20 März 2017 | 10Public Internal Hannes Czamai Global IT Security Officer hannes.czamai@avl.com Phone: +43 316 787 744, Fax: +43 316 787 1473 Mobile: +43 664 4225512, Office: +43 316 787 1768 AVL LIST GMBH A-8020 Graz, Hans-List-Platz 1 www.avl.com http://www.xing.com/profile/Hannes_Czamai/xc www.linkedin.com/in/hannes-czamai 10
H. Czamai | | 20 März 2017 | 11Public ISO 27001: THE INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) INORMATION SECURITY is more than IT SECURITY
H. Czamai | | 20 März 2017 | 12Public Internal ISMS: INFORMATION SECURITY APPROACH 12 Organizational Measures ISO 27001 Certification, Awareness trainings, IT processes, HR processes, Contract management, Global policies, Audits, Affiliate assessments, Background checks, Security clearance, Comprehensive backup & disaster concepts, Phy. zone concept, … Technical Measures Port security, LAN / WAN / Firewall management Access- and identity management (FIM) + AD + Policies Server / Storage / Datacenter (Server room) standards, Client COE / CAx Hardware + Software standards, Patch-, Antivirus-, Antimalware- Management, Access control system, Video surveillance, Fences, and many more … technical : organizational = 30% : 70%
H. Czamai | | 20 März 2017 | 13Public ORGANIZATION: FROM ACTING TO REACTING Reacting IT IT IT Business Acting IT User User SECURITY Reacting Security Acting Security
H. Czamai | | 20 März 2017 | 14Public AVL PROCESS LANDSCAPE – SECURITY & PROCESSES Information Security Processes IT / Operational Processes Business Processes
H. Czamai | | 20 März 2017 | 15Public AVL ISMS – IT RISK MANAGEMENT Information Objects IT System Business Process Estimate Damage Model IT Service Rate C I A GAP Analysis Measures Problem Mgmt. Sensitivity = Priority RATING BBB
H. Czamai | | 20 März 2017 | 16Public
H. Czamai | | 20 März 2017 | 17Public TOP THREATS  Lack of awareness  Industrial espionage  Data loss or theft  Social engineering  Travelling user  Vulnerabilities in Apps  CEO/Fake President Fraud Attack  Crypto Locker + Ransomware  DDOS blackmail  APTs
H. Czamai | | 20 März 2017 | 18Public VULNERABILITY / THREAT MANAGEMENT Permanent detection of malicious activities
H. Czamai | | 20 März 2017 | 19Public ATA – THE SWISS KNIFE AGAINST DC ATTACKS Detects with help of machine learning:  Brute force  Sensitive account exposed in plain text auth.  Service exposing accounts in plain text auth.  Honey Token account suspicious activities.  Unusual protocol implementation.  Malicious Data Protection Private Information Request.  Abnormal Behavior (pass the hash, pass the ticket).
H. Czamai | | 20 März 2017 | 20Public CLOUD STRATEGY Customer Requirements Legal Requirements Identity / Access Management Technical Measures (crypt) Audit- Log Management Risk Analysis Contract Management
H. Czamai | | 20 März 2017 | 21Public CLOUD PROJECTS WITH MICROSOFT AD Federation Service AVL Streaming AVL Software Repository Azure Information Protection Cloud encryption MS Intune MDM
H. Czamai | | 20 März 2017 | 22Public ARE WE SECURE ENOUGH? YES … BUT IT IS NOT ONLY A MATTER OF TECHNOLOGY Photo: Tobias Hellsten
H. Czamai | | 20 März 2017 | 23Public TECHNOLOGY
www.avl.com THANK YOU

More Related Content

PPTX
Microsoft empowered smart buildings
ClintHarris18
 
PDF
6 Applications of IoT for Building Automation Solutions
Happiest Minds Technologies
 
PPTX
Smart Buildings & IoT
Microsoft Österreich
 
PDF
How IoT transforms the market for Building Automation in support of sustainab...
Chess Wise BV - Solid in Wireless
 
PDF
Can you trust your smart building
Duncan Purves
 
PDF
Microsoft Smart Buildings White Paper
Microsoft India
 
PDF
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Mark Benson
 
PDF
Evolutions to Smart Buildings
Cambridge Consultants
 
Microsoft empowered smart buildings
ClintHarris18
 
6 Applications of IoT for Building Automation Solutions
Happiest Minds Technologies
 
Smart Buildings & IoT
Microsoft Österreich
 
How IoT transforms the market for Building Automation in support of sustainab...
Chess Wise BV - Solid in Wireless
 
Can you trust your smart building
Duncan Purves
 
Microsoft Smart Buildings White Paper
Microsoft India
 
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Mark Benson
 
Evolutions to Smart Buildings
Cambridge Consultants
 

What's hot (19)

PDF
The Benefits of Digitizing Manufacturing
Christopher Kelley
 
PDF
bbva_redhat-theAPIHour_IoT_Day-DavidBericat
David Bericat
 
PDF
Smart Buildings is This the New Normal?
Bruce Duyshart
 
PDF
Enabling Service-Delivery Business Models with Remote Sensing Technology
Mark Benson
 
PDF
redhat-IoT_use_cases-DavidBericat
David Bericat
 
PPTX
Synergize Strategies for Greater Success in Automotive
Plex Systems
 
PDF
Davra IOT Solution -- Oil & Gas Remote Collaboration
davranetworks
 
PDF
Making IoT a Reality_Axeda _ May 8 2013 _Mahbubul Alam
Mahbubul Alam
 
PDF
Next Dimension + Cisco Smart Manufacturing
Next Dimension Inc.
 
PPTX
NTK 2015: Internet of things track (IoT) - Smart Home
Andrej Tozon
 
PDF
The Impact of Internet of Things (IoT) in Manufacturing Today
Suyati Technologies
 
PDF
The value of a connected factory
Croonwolter&dros
 
PDF
Big Data Analytics for the Industrial Internet of Things
Anthony Chen
 
PPTX
LG CNS Smart Building Solution
Lahee Kim
 
PPT
Digitalization for profitability and cost optimisation. revised
AbdulRahman Mijinyawa
 
PDF
LoQutus introduction - IoT for Manufacturing
LoQutus
 
PDF
5 Smart Manufacturing Terms to Know
Monarch Metal
 
PDF
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
Vishnu Murali
 
PDF
2 pc enterprise summit cronin newfinal aug 18
IntelAPAC
 
The Benefits of Digitizing Manufacturing
Christopher Kelley
 
bbva_redhat-theAPIHour_IoT_Day-DavidBericat
David Bericat
 
Smart Buildings is This the New Normal?
Bruce Duyshart
 
Enabling Service-Delivery Business Models with Remote Sensing Technology
Mark Benson
 
redhat-IoT_use_cases-DavidBericat
David Bericat
 
Synergize Strategies for Greater Success in Automotive
Plex Systems
 
Davra IOT Solution -- Oil & Gas Remote Collaboration
davranetworks
 
Making IoT a Reality_Axeda _ May 8 2013 _Mahbubul Alam
Mahbubul Alam
 
Next Dimension + Cisco Smart Manufacturing
Next Dimension Inc.
 
NTK 2015: Internet of things track (IoT) - Smart Home
Andrej Tozon
 
The Impact of Internet of Things (IoT) in Manufacturing Today
Suyati Technologies
 
The value of a connected factory
Croonwolter&dros
 
Big Data Analytics for the Industrial Internet of Things
Anthony Chen
 
LG CNS Smart Building Solution
Lahee Kim
 
Digitalization for profitability and cost optimisation. revised
AbdulRahman Mijinyawa
 
LoQutus introduction - IoT for Manufacturing
LoQutus
 
5 Smart Manufacturing Terms to Know
Monarch Metal
 
Vishnu_Murali_September 2016 CDM CIO ENERGY Summit_FINAL_FINAL
Vishnu Murali
 
2 pc enterprise summit cronin newfinal aug 18
IntelAPAC
 
Ad

More from Microsoft Österreich (20)

PDF
Shape the Future
Microsoft Österreich
 
PDF
Secure the modern Enterprise
Microsoft Österreich
 
PDF
Microsoft Digital Crimes Unit
Microsoft Österreich
 
PDF
Microsoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft Österreich
 
PDF
Digitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Microsoft Österreich
 
PPTX
Digital Transformation "Book of Dreams"
Microsoft Österreich
 
PDF
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Microsoft Österreich
 
PDF
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Microsoft Österreich
 
PPTX
Modernes Rechenzentrum - Future Decoded
Microsoft Österreich
 
PPTX
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Österreich
 
PPTX
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Österreich
 
PDF
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&T
Microsoft Österreich
 
PDF
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
Microsoft Österreich
 
PDF
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
Microsoft Österreich
 
PDF
New World of Work - Solvion
Microsoft Österreich
 
PDF
Der Hund an der digitalen Leine - tractive
Microsoft Österreich
 
PDF
Der neue Office 365 Plan E5
Microsoft Österreich
 
PDF
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Microsoft Österreich
 
PDF
Microsoft Lizenzierung – Server
Microsoft Österreich
 
PDF
ACP Referenz Österreich Werbung
Microsoft Österreich
 
Shape the Future
Microsoft Österreich
 
Secure the modern Enterprise
Microsoft Österreich
 
Microsoft Digital Crimes Unit
Microsoft Österreich
 
Microsoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft Österreich
 
Digitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Microsoft Österreich
 
Digital Transformation "Book of Dreams"
Microsoft Österreich
 
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Microsoft Österreich
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Microsoft Österreich
 
Modernes Rechenzentrum - Future Decoded
Microsoft Österreich
 
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Österreich
 
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Österreich
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&T
Microsoft Österreich
 
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
Microsoft Österreich
 
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
Microsoft Österreich
 
New World of Work - Solvion
Microsoft Österreich
 
Der Hund an der digitalen Leine - tractive
Microsoft Österreich
 
Der neue Office 365 Plan E5
Microsoft Österreich
 
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Microsoft Österreich
 
Microsoft Lizenzierung – Server
Microsoft Österreich
 
ACP Referenz Österreich Werbung
Microsoft Österreich
 
Ad

Recently uploaded (20)

PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Cloud computing and distributed systems.
kkkkkhan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
KodekX | Application Modernization Development
KodekX
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Information Security @ AVL

  • 1. H. Czamai AVL List GmbH (Headquarters) Public INFORMATION SECURITY @ AVL
  • 2. H. Czamai | | 20 März 2017 | 2Public AGENDA „Aus dem Leben eines IT-Security-Verantwortlichen“  Introduction AVL  ISMS @ AVL  How AVL survives in the Cybersecurity Jungle
  • 3. H. Czamai | | 20 März 2017 | 3Public  AVL achieves unique results in regards to the development and improvement of all types of powertrains as well as in the field of measurement and test technology.  AVL – over 65 years’ experience  Involved in more than 1,500 engine development projects  More than 4,000 engine testbed installations OUR EXPERIENCE FOR YOUR SUCCESS
  • 4. 4Public ENTERPRISE DEVELOPMENT AUTOMOTIVE 5 powertrain elements EXPERIENCE More than 65 years ! GLOBAL FOOTPRINT 30 engineering locations  >220 test beds  Global customer support network ONE PARTNER INNOVATION 1500 granted patents RESEARCH 10% of turnover in-house R&D GROWTH SALES  1995: 0.15 billion €  2015: 1.27 billion €  prev. 2016: 1.41 billion € STAFF  8,050 employees  65% engineers & scientists 0 100 200 300 400 500 600 700 800 900 1.000 1.100 1.200 1.300 1.400 1.500 Mio. €
  • 5. H. Czamai | | 20 März 2017 | 5Public SOLUTIONS FOR ALL CUSTOMER SEGMENTS Passenger Cars Racing2-Wheelers Construction Commercial Vehicle Agriculture Locomotive Power PlantsMarine Powertrain Engineering Simulation & Testing Development Platform
  • 6. H. Czamai | | 20 März 2017 | 6Public AVL – A GLOBAL PARTNER *Headquarters in Graz Austria* Croatia Czech Republic France Germany Great Britain Romania Russia Slovenia Spain Sweden Turkey Hungary Italy Poland South America Argentina Brazil Asia China India Indonesia Japan Korea Malaysia Taiwan Thailand Vietnam Australia North America Mexico USA Europe
  • 7. H. Czamai | | 20 März 2017 | 7Public AVL POWERTRAIN – A NETWORK OF TECHNICAL CENTERS *Headquarters in Graz Austria* France Germany Great Britain Hungary Sweden Turkey South America Brazil Asia China India Japan Korea Australia North America USA Europe Ann Arbor, USA Plymouth, USA Paris, FRA Lake Forest, USA Sao Paulo, BRA Sydney, AUS Gotenborg, SWEBudapest, HUN Istanbul, TUR Basildon, UK Shanghai, CHN Remscheid, GER Munich, GER Stuttgart, GER Regensburg, GERNeuenstadt, GER Ingolstadt, GERCoventry, UK Tianjin, CHN Steyr, AUT Haninge, SWE Södertälje,SWEHQ Graz, AUT + another 9 Engineering Offices Delhi-Gurgaon, IND Tokyo, JPNSeoul, KOR
  • 8. H. Czamai | | 20 März 2017 | 8Public ORIENTATION FOR AN INNOVATIVE FUTURE AFFORDABLE CO2 REDUCTION AVL PROVIDES INNOVATIVE SOLUTIONS - SUPPORTING OUR CUSTOMERS TO MEET THESE MAJOR CHALLENGES MASTERING SPEED & COMPLEXITY TO MARKET STRATEGIC GLOBAL PARTNER
  • 9. H. Czamai | | 20 März 2017 | 9Public CHALLENGES FOR INFORMATION SECURITY A STRUCTURED APPROACH (E.G. ISO27001 ISMS) ALLOWS US TO ENSURE THE NECESSARY LEVEL OF INFORMATION SECURITY MASTERING SPEED & COMPLEXITY TECHNOLOGY THREATS GLOBAL SETUP CULTURES AWARENESS
  • 10. H. Czamai | | 20 März 2017 | 10Public Internal Hannes Czamai Global IT Security Officer hannes.czamai@avl.com Phone: +43 316 787 744, Fax: +43 316 787 1473 Mobile: +43 664 4225512, Office: +43 316 787 1768 AVL LIST GMBH A-8020 Graz, Hans-List-Platz 1 www.avl.com http://www.xing.com/profile/Hannes_Czamai/xc www.linkedin.com/in/hannes-czamai 10
  • 11. H. Czamai | | 20 März 2017 | 11Public ISO 27001: THE INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) INORMATION SECURITY is more than IT SECURITY
  • 12. H. Czamai | | 20 März 2017 | 12Public Internal ISMS: INFORMATION SECURITY APPROACH 12 Organizational Measures ISO 27001 Certification, Awareness trainings, IT processes, HR processes, Contract management, Global policies, Audits, Affiliate assessments, Background checks, Security clearance, Comprehensive backup & disaster concepts, Phy. zone concept, … Technical Measures Port security, LAN / WAN / Firewall management Access- and identity management (FIM) + AD + Policies Server / Storage / Datacenter (Server room) standards, Client COE / CAx Hardware + Software standards, Patch-, Antivirus-, Antimalware- Management, Access control system, Video surveillance, Fences, and many more … technical : organizational = 30% : 70%
  • 13. H. Czamai | | 20 März 2017 | 13Public ORGANIZATION: FROM ACTING TO REACTING Reacting IT IT IT Business Acting IT User User SECURITY Reacting Security Acting Security
  • 14. H. Czamai | | 20 März 2017 | 14Public AVL PROCESS LANDSCAPE – SECURITY & PROCESSES Information Security Processes IT / Operational Processes Business Processes
  • 15. H. Czamai | | 20 März 2017 | 15Public AVL ISMS – IT RISK MANAGEMENT Information Objects IT System Business Process Estimate Damage Model IT Service Rate C I A GAP Analysis Measures Problem Mgmt. Sensitivity = Priority RATING BBB
  • 16. H. Czamai | | 20 März 2017 | 16Public
  • 17. H. Czamai | | 20 März 2017 | 17Public TOP THREATS  Lack of awareness  Industrial espionage  Data loss or theft  Social engineering  Travelling user  Vulnerabilities in Apps  CEO/Fake President Fraud Attack  Crypto Locker + Ransomware  DDOS blackmail  APTs
  • 18. H. Czamai | | 20 März 2017 | 18Public VULNERABILITY / THREAT MANAGEMENT Permanent detection of malicious activities
  • 19. H. Czamai | | 20 März 2017 | 19Public ATA – THE SWISS KNIFE AGAINST DC ATTACKS Detects with help of machine learning:  Brute force  Sensitive account exposed in plain text auth.  Service exposing accounts in plain text auth.  Honey Token account suspicious activities.  Unusual protocol implementation.  Malicious Data Protection Private Information Request.  Abnormal Behavior (pass the hash, pass the ticket).
  • 20. H. Czamai | | 20 März 2017 | 20Public CLOUD STRATEGY Customer Requirements Legal Requirements Identity / Access Management Technical Measures (crypt) Audit- Log Management Risk Analysis Contract Management
  • 21. H. Czamai | | 20 März 2017 | 21Public CLOUD PROJECTS WITH MICROSOFT AD Federation Service AVL Streaming AVL Software Repository Azure Information Protection Cloud encryption MS Intune MDM
  • 22. H. Czamai | | 20 März 2017 | 22Public ARE WE SECURE ENOUGH? YES … BUT IT IS NOT ONLY A MATTER OF TECHNOLOGY Photo: Tobias Hellsten
  • 23. H. Czamai | | 20 März 2017 | 23Public TECHNOLOGY