Converged Security in Critical National Infrastructure**A Risk-Modelled Approach to Defining...
-
Upload
dan-solomon -
Category
Documents
-
view
410 -
download
0
description
Transcript of Converged Security in Critical National Infrastructure**A Risk-Modelled Approach to Defining...
Converged Security in Critical National Infrastructure
A Risk-Modelled Approach to Defining Priorities
Presented by: Dan Solomon
Senior Partner, Hawk ISM.
Vice President, Security Art
Security Risk Orbits
High Impact Cyber Threats 2012
Recent Research Findings
Problems with Current Approach
Converged Risk
Threat-Modelled Risk Framework
Factor Analysis System
PresentationStructure
EISN meeting Groningen March 2012 ©Dan Solomon. All rights reserved 2012.
2
Converged Risk Scenario Building
EISN meeting Groningen March 2012
FraudExtortion
Trade Secrets
Kidnapping
TerrorismAccident
IndustrialAccident
EnvironmentalProductLiability
Health &Safety
ProfessionalLiability
Designs
Forgery
Plans
TrademarkInfringement
DistributionContinuity
Sourcing &Supply Chain
ProductionSystems
ProductionContinuity
Vandalism
Stock
Arson
EquipmentDataLoss
ClientConfidentiality
IntellectualProperty
Reputation
YourOrganisation
LIABILITY
DISASTER
THEFT & DAMAGE:PHYSICAL ASSETS
CRIME
INTANGIBLE ASSETS
PRODUCT
CONTINUITY
Security Risk Orbits
EISN meeting Groningen March 2012 3 ©Dan Solomon. All rights reserved 2012.
Source: Dan Solomon. All Rights reserved 2012.
FraudExtortion
Trade Secrets
Kidnapping
TerrorismAccident
IndustrialAccident
EnvironmentalProductLiability
Health &Safety
ProfessionalLiability
Designs
Forgery
Plans
TrademarkInfringement
DistributionContinuity
Sourcing &Supply Chain
ProductionSystems
ProductionContinuity
Vandalism
Stock
Arson
EquipmentDataLoss
ClientConfidentiality
IntellectualProperty
Reputation
YourOrganisation
LIABILITY
DISASTER
THEFT & DAMAGE:PHYSICAL ASSETS
CRIME
INTANGIBLE ASSETS
PRODUCT
CONTINUITY
Cyber Security Risk Orbits
Source: Dan Solomon. All Rights reserved 2012.
EISN meeting Groningen March 2012 4 ©Dan Solomon. All rights reserved 2012.
5
High Impact Cyber Threats for 2012
All rights reserved. Source: Security Art Ltd
Most malware operate in a simple 'one shot‘. The next generation of malware will be 'conditioned' hence. i.e. A ‘learning mode’
Malware are growing 'smarter', and in the future experts expect to see malware that have multidisciplinary features and attacking vectors:
1.Most of the current static security measures would be come obsolete (firewall, IPS, Anti Virus, etc).
2.Security measures will require identification and prevention measures using newly developed methods of behaviour analysis and malware family DNA
Stuxnet 2.0: Permanent Denial of Service
• Most organisations are unfamiliar with Stuxnet in detail.
• Most are not aware of the potential for Stuxnet to damage and destroy hardware.
• Most are not capable of handling defence against such a threat
• The next version of Stuxnet will become more expansive and may even impact hardware and mobile devices
The next version will be characterised by permanent Denial-of-Service attacks which will be independent, orchestrated, remotely triggered, and therefore an attractive mode of attack for terrorists & state-sponsored organised crime.
EISN meeting Groningen March 2012 ©security Art. All rights reserved 2012
6
High Impact Cyber Threats for 2012
All rights reserved. Source: Security Art Ltd
Permanent Denial-of-Service attacks will range from rendering hardware useless by crashing hard drives, machine-level PLCs and by increasing the voltage within CPU’s.
Permanent Denial-of-Service attacks can aim to push hardware to its extreme performance, or conduct actions for which it was not designed as well as the more obvious corrupting of internal program and data structures:
Permanent Denial-of-Service Attacks will include:
•Over-volting•Over-clocking•Over-usage•Power Cycling•Phlashing
Implications
Invariably the recovery will require replacement with new hardware, which will extend to millions of Euros within Critical Infrastructure sectors, and exposes the vulnerability of not holding redundant capacity.
In many cases it is not practical to hold spare parts for major pieces of infrastructure. The resultant downtime could be catastrophic for some businesses, if suitable redundancy and capacity does not exist.
Reactive security strategies are too high-risk for these potential high impact threats, and operators must shift to a more proactive approach, and improve awareness & testing of vulnerabilities.
EISN meeting Groningen March 2012 ©security Art. All rights reserved 2012
UtilitiesFinance IT & Telecomms
Source: Hawk ISM.Low HighKey :
3rd Party Risk Low High
1 52 3 4
Low High
1 52 3 4
Low High
3.5
Engaging SeniorManagement
Low High
1 52 3 4
Low High
1 52 3 4
Low High 4.0
Security Culture
Low High
1 52 3 4
Low High
1 52 3 4
Low High 4.4
ComplexThreats
Low High
1 52 3 4
Low High
1 52 3 4
Low High 4.4
Investment Low High
1 52 3 4
Low High
1 52 3 4
Low High 3.8
Full Spectrum Awareness
Low High
1 52 3 4
Low High
1 52 3 4
Low High 3.8
Overall*
Leading Security Planning Concerns by Industry
EISN meeting Groningen March 2012
The majority of firms struggle with time, resources, intelligence, or expertise to deal with a comprehensive range of scenarios, and consequently they don’t adequately consider the full spectrum of security risks.
In most cases, companies lack the awareness of the threat landscape and therefore the drivers to upgrade their security risk agenda.
The lack of urgency tends to limit the budgets available to acquire intelligence, or engage experts to provide greater awareness.
Senior management must display leadership, and promote understanding of the importance of security.
Engaging senior management in this mission remains problematic in many firms
APTs have made executives more aware of the threats when subjected to cyber attacks, but this is still not translating into more robust policies to manage the threat to IT systems
7 ©Dan Solomon. All rights reserved 2012.
Recent Research Findings
Company 6
Company 2
Company 4
Physical Security
Executive LevelConfidence
Preparedness to Prevent
Overall ConfidenceRating
Low High
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
IT Security
Preparednessto Manage
Business Continuity
Company 6
Company 2
Company 4
Risk-led Approach to Business Continuity
Risk-led Approach to Security Planning
Divisional Involvement in Security Planning
Incidence Rating
Low High
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
Risk-led Approach to IT Security Planning
Central Planning for Physical Security
Central Planning for IT Security
EISN meeting Groningen March 2012
Patterns of confidence are roughly similar among most industries with a few notable exceptions among energy & utilities companies which tend to be less confident in their cyber security and IT networks compared with other firms like business and financial services.
The complexities of structuring risk and security programs, and then integrating them tend to increase among larger firms and this is most evident in matrix organisations with multiple divisions, where decentralised responsibility for risk and security tends to lead to inconsistencies, and therefore weaknesses
Risk-led and Centralized Approach
Confidence in Security by Element
8 ©Dan Solomon. All rights reserved 2012.
Company 2
Company 4
Changes Due To 3rd Party Risk
Changes Due To Threat Of Espionage
Changes To Business Continuity Processes
Incidence Rating
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
Changes To Back-up Procedures
Changes To IT Security Processes
Company 2
Company 4
Expressed Intent to Raise Investment
Claim to beUnder-funded
Recent Focus on Espionage
Incidence Rating
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
Recent Investment Appropriate to Need
Have Experienced a Security Breach
Recent Research Findings
EISN meeting Groningen March 2012
Security Investment& Focus
Implemented Changes to Business Practices
The majority of companies have made few changes to business processes in order to facilitate business continuity preparedness, despite the changes in the security risk environment, which tends to indicate complacency and lack of awareness, as much as budgetary limitations.
Little evidence of sufficiently & appropriate before 2010, aligned with a realistic awareness of their vulnerabilities.
This reinforces the point that executives are more inclined to invest when their awareness is more acute.
9 ©Dan Solomon. All rights reserved 2012.
Company 2
Company 4
Lower Probability Scenarios
Considering a broader range of scenarios
Led to Revision of Continuity Plans
Incidence Rating
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
Higher Probability Scenarios
Led to Revision of Security Plans
Company 2
Company 4
Risk Assessment of Cyber H.I.Ts
Claim to Awareness of H.I.Ts
Confidence in Managing Cyber H.I.Ts
Incidence Rating
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
Risk Assessment of H.I.Ts
Confidence in Managing H.I.Ts
High Impact Threats [H.I.Ts]
EISN meeting Groningen March 2012
Low-Probability High-Impact Threats [H.I.Ts]
Cyber High-Impact Threats [C.H.I.Ts]
The broader focus on scenarios tends to concentrate on scenarios that are more probable rather than plausible.
This serves to reinforce executives’ confidence in existing plans, when they recognise that they are relevant to many different potential incidents.
Among most firms there remains a degree of ignorance about the potential threats to physical assets from a cyber attack, and many organisations that lack integrated and formal plans for crisis management, and business continuity plans for such incidents.
10 ©Dan Solomon. All rights reserved 2012.
Company 2
Company 4
Recent Assessment Of Espionage Impact Risk
Recent Mapping Of Interdependencies
Recent Review Of Risk Assessment Methods
Incidence Rating
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
Recent Assessment Of Sabotage Impact Risk
Recent Review Of Risk Scenario Assumptions
Company 2
Company 4
Register Updated Regularly
Maintain A Formal Security Risk Register
Cross-departmental Participation
Incidence Rating
Low High
Low High
Low High
Low High
Low High
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
1 52 3 4
Register Includes Estimated Impact Value
Supported By Comprehensive Process
Risk Register & Processes
EISN meeting Groningen March 2012
Review of Risk Agenda
New risk methodologies need to adopt a multi-dimensional analysis of converged and cyber risk. Many companies require a methodology that can be adapted to different ‘domains’ whether upstream or downstream, and for different types of risk...from operational security to operation management & process control software security.
A poor register is often a factor for not engaging in a comprehensive risk assessment process. Many registers are not fully referenced in risk-led decision-making because of common deficiencies in the construct of the register.
If companies were aware of all plausible risks and probabilities they would be able to adopt a more systematic approach to tackling a broader range of emerging converged threats.
Risk Registers and their Management
11 ©Dan Solomon. All rights reserved 2012.
Challenges & Concerns
• Management often does not understand the scale, threat,or requirements for a solution
• Demarcation and ownership of IT security
• ‘CSO’ does not have sufficient exposure among C-level
• Some key security measures are not widely adopted
• Clash of cultures with S-A-I-C of OT with IT
• Risk assessment methods for catastrophic events
• ‘Black Swans’
• Access to Intelligence: How much can it deliver on cyber
• Interdependencies: Can these threats really be qualified
• Doubts about whether banking and phone systems can withstand attack
EISN meeting Groningen March 2012 12 ©Dan Solomon. All rights reserved 2012.
A Converged Approach
• Converged risk combines IT and physical security risk into one over-arching risk landscape.
• A converged approach better recognises and addresses interdependencies and multiple and/or simultaneous incidents
• Aim being to integrate business processes or assetsi.e. people, technology and information [no need to redesign the stool]
• By bringing together IT and physical security, it considers vulnerabilities dynamically:
– across the three recognised dimensions of physical risks, people risks, and process risks:
– across infrastructure, operations, and specific events.
EISN meeting Groningen March 2012 14 ©Dan Solomon. All rights reserved 2012.
C-level RiskResponsibility
Cross-Dept. Risk Team& Budget
ResponseTeams &
Scenario Plans
SecurityAwareness
Training
FormalizedPolicies
PersonnelBackground
ChecksVPNs
Authentic’n& AccessControl
FirewallsIntrusionDetectionSystems
Encryption ComputerLevel
Back-ups &
Updates
Log FileAnalysis
SecureSoftware
Configuration
PhysicalSecurity
Contingency Planning
Audits &Vulnerability
Analyses Systems
Processes
People
EISN meeting Groningen March 2012
A Converged Risk Model
15 ©Dan Solomon. All rights reserved 2012.
Source: Dan Solomon. All Rights reserved 2012.
16
Benefits of A Converged Risk Approach
All rights reserved to Hawk ISMEISN meeting Groningen March 2012 ©Dan Solomon. All rights reserved 2012.
• Develops appropriate emphasis on both the staff andthe security processes they follow.
• Positions information security appropriately within the security risk landscape to support the company’s overall risk appetite.
• Reconciles conflicting views between cyber and physical security.
• Incorporates intuitive issues, when qualifying risk, through a judgement-aided metrics-based process.
• Risk-informed decision-making, requires complete and unbiased vulnerability & impact assessments.
• The integrity of management decisions requires an appreciation of threats, and true capabilities.
• Ensures appropriate investment, directed towards the right priorities, to provide suitable defence against converged risk.
17
Threat-modelled Risk
Framework
Risk Modelling
IntelligenceGathering
ProcessMapping
AssetMapping
Vulnerability
ThreatModelling
DataProtection
Threat-Modelled = Risk-Informed Management
To enable decision making for security-related issues for organizations, based on accurate threat modelling, a quantifiable asset valuation, and ‘what if’ scenarios that consider both the deterrence factors of a security measure or process, as well as their cost.
A continuous practice evaluating risk posture based on: past experiences, up to date intelligence feeds, recognition of ‐ ‐trends, and a valuation of the organizational assets, transient value (i.e. Marketing; reputation; legal implications of it on top of the actual base value).
Intelligence Gathering
Performed on two levels – informational and human.
Business Process Mapping
The first step in identifying every aspect of the business operations, and any interactions that the business has is required for its ongoing operations with external resources (3rd party suppliers, partners, resellers, etc.).
The mapping should take into account primarily the critical processes, and then the rest of the operations.
Identification of critical assets, and critical IT to be used later in the threat modelling and risk management process.
The
Ris
k M
odel
ling
Cyc
le -
1
EISN meeting Groningen March 2012 ©security Art. All rights reserved 2012
Risk Modelling
IntelligenceGathering
ProcessMapping
AssetMapping
Vulnerability
ThreatModelling
DataProtection
18
Asset Mapping
Designed to provide the organization a clear view of all its assets, and the participating business processes that relate to these assets.
A valuation of the asset is required for every aspect of the business that the asset relates to: including “replacement” value, additional intrinsic values, and a marketing/competitive damages value.
Vulnerability and Exposure Analysis
This phase is not limited to technical vulnerabilities of but also includes risks to business processes, 3rd parties and any other aspect of the asset lifecycle.
The human factor can be usually evaluated in relation to the criticality of the assets, and the general awareness to risks related to the business process at stake – both logical as well as physical ones.
Each vulnerability should include as much information on the ability to exploit such opportunity, to gain access, as well as the current countermeasures placed in order to mitigate such incident.
The
Ris
k M
odel
ling
Cyc
le -
2
Threat-modelled Risk
Framework
Risk Modelling
IntelligenceGathering
ProcessMapping
AssetMapping
Vulnerability
ThreatModelling
DataProtection
EISN meeting Groningen March 2012
Key technical evaluations focused on the less standard devices such as mobile equipment, custom systems and applications, control systems, embedded devices, etc. to ensure that the entire infrastructure have been reviewed – as a motivated attacker would.
©security Art. All rights reserved 2012
Threat-Modelled = Risk-Informed Management
EISN meeting Groningen March 2012 ©security Art. All rights reserved 2012
The
Ris
k M
odel
ling
Cyc
le –
Hum
an F
acto
rs
Mapping the Relevant Threat Agents
20
Threat Modelling
In the threat-modelling phase, the relevant threats for each asset are identified, correlated to the intelligence gathered, and evaluated on the basis of the threat’s exposure frequency to the asset, and its capability to successfully attack the asset.
This modelling should be expressed in statistical terms that can be repeated independently even when based on different subject matter expert opinions.
Dataflow Protections
The last element of the base evaluation phase is the analysis of any means that are designed to detect incorrect data flows, critical to identifying cyber threats.
This includes DLP systems (Data Leak Protection/Prevention), as well as business processes that are in place to prevent information from getting to the wrong places inside the organization and outside of it.
The
Ris
k M
odel
ling
Cyc
le -
3
Threat-modelled Risk
Framework
Risk Modelling
IntelligenceGathering
ProcessMapping
AssetMapping
Vulnerability
ThreatModelling
DataProtection
EISN meeting Groningen March 2012
All the communication systems should be included in this phase – data, voice, image, and physical.
©security Art. All rights reserved 2012
Threat-Modelled = Risk-Informed Management
21
Risk Modelling
A risk model should be created for all the identified assets, and a quantitative compound score applied to it, based on the expected liability it yields and the probability/frequency.
What-If Modelling
A what if scenario can be analyzed for both ‐incident handling, as well as placing & modifying controls.
This is critical to decision making for organizations that need to adapt to a changing threat landscape or other circumstances.
Both infrastructure, and individual security measures can be modelled to see how they reflect on the overall future risk posture of the business.
The
Ris
k M
odel
ling
Cyc
le -
4
Threat-modelled Risk
Framework
Risk Modelling
IntelligenceGathering
ProcessMapping
AssetMapping
Vulnerability
ThreatModelling
DataProtection
EISN meeting Groningen March 2012 ©security Art. All rights reserved 2012
Threat-Modelled = Risk-Informed Management
Ultimately
Outputs need to be quantitative values to enable a real appreciation of the potential loss exposure.
Threat CommunityShared Database
Import Selected Threat Communities from Public Threat Community Library
NAICS Classification Keyword Search:
Industry Threat Community Name Information Source Rating Select + All
+ Agriculture - Finance & Insurance Cyber Criminals - Pro Hackers Shared - Anonymous
Trusted Vendors Shared - Anonymous
Field Employees Premium - Security Art
HQ Physical Security Premium - Security Art
Natural - Earthquake Shared - Anonymous
Natural - Tornado Shared - Anonymous
+ Government
+ Healthcare
+ Real Estate & Renting
+ Retail Trade
+ Services
+ Transportation + Utilities
+ Wholesale Trade
View
View
View
View
View
View
FAIRiq – Intuitive Graphical Input
Copyright 2012 CXOWARE, Inc. CXOWARE 22
FAIRiq – Meaningful Reporting
$0 $10 $20 $30 $40 $50 $60 $70 $80
AccountingFinance
HRIT
MarketingRetail
R&DSales
Loss Exposure: Millions
0 50 100 150 200 250 300 350 400 450
AccountingFinance
HRIT
MarketingRetail
R&DSales
Loss Event Frequency: Number of Times p/year
Departmental Loss Exposure & Loss Event Frequency Report Loss Exposure & Percent Vulnerability Loss Exposure & Loss Event Frequency
0% 25% 50% 75% 100%$0
$5,000,000
$10,000,000
$15,000,000
$20,000,000
$25,000,000
$30,000,000
$35,000,000
$40,000,000
$45,000,000
$0
$5
$10
$15
$20
$25
$30
$35
$40
$45
0 50 100 150 200
% Vulnerability Loss Event Frequency (times p/year)
Loss
Mag
nitu
de -
Mill
ions
Loss
Mag
nitu
de -
Mill
ions
Copyright 2012 CXOWARE, Inc. CXOWARE 23
24
Risk Management and Decision Making
1. Senior management needs to define its tolerance to risk for each one of the assets or processes it owns, by analysing the risk capacity provided by the model, identifying the resources & capabilities that the organization already possesses to mitigate the risk, and any applicable regulation that may contribute to defining the risk tolerance.
2. Any value propositions that would affect the risk model should be identified and analysed, and the overall impact to the risk posture should be calculated for these, along with the required internal and capital resources of such a proposition.
3. Finally, the organization can view the comprehensive risk model along with all the alternatives for impacting the risk posture and their cost & resource impacts in a way that allows informed decision- making processes. ‐
The
Ris
k M
odel
ling
Cyc
le -
5
Threat-modelled Risk
Framework
Threat-modelled Risk
Framework
Risk Modelling
IntelligenceGathering
ProcessMapping
AssetMapping
Vulnerability
ThreatModelling
DataProtection
EISN meeting Groningen March 2012 ©security Art. All rights reserved 2012
Closing the Cycle
The full cycle is ongoing > The model should be updated, challenged, and assumptions adapted from different areas of the organization..refined to better reflect current status as the threat landscape shifts
Threat-Modelled = Risk-Informed Management
Scenario Building for Security Planning
More suited than any other approach for developing a better appreciation of converged threats, because it is now near-impossible to identify precisely how future threats will manifest themselves in a combined cyber/physical domain.
Working with Converged Risk Scenarios
EISN meeting Groningen March 2012 ©Dan Solomon. All rights reserved 2012.
Wor
king
with
Sce
nario
s
Presentations Review of Analysis
Mapping Assumptions Priorities & Fears
Presentations Review of Analysis
Mapping Assumptions Priorities & Fears
TwoTwoOneOne
Create Element
‘Batches’
Create Element
‘Batches’
Assumptions Factors
Vulnerabilities Uncertainties
Assumptions Factors
Vulnerabilities Uncertainties
ThreeThree
ScenarioExerciseSessions
ScenarioExerciseSessions
Interdependencies Factor Impact Dynamics of Uncertainties
Interdependencies Factor Impact Dynamics of Uncertainties
FourFour
Short-listingShort-listing
Trade-Offs Trade-Offs
FiveFive
Capture Current Understanding
Define Elements
& IssuesExamine Uncertainties
Identify macro issues to be examined
Interpret and apply risk intelligence
Develop an insightful understanding of the
operating context
Build Consensus
Incorporate a range of opinions & inputs
Target macro-factors or vulnerabilities that
should drive focus
Characterise degree of uncertainties that
are critical to the focus issues
Acknowledge & examine the nature
of uncertainties
Recognise when assumptions are challenged by
events
Create recognition of vulnerabilities
Creating new awareness among all decision-makers
Inform where to short-list options for investment &
planning
Implications for the trade-offs
Scenario-Building Workshop Process Map
Phase
Aims
Activity
SessionObjectives
Source: Hawk ISM
• Scenarios enable managers to prepare a schedule of responses, and serve as roadmaps for setting future investment & priorities without dismissing certain risks on the basis of lack of awareness, or misunderstanding of interdependent dynamics.
• Scenarios are specifically relevant to developing a shared appreciation of risks, particularly when mapping interdependencies, and their function within the larger networks of infrastructure
• Outcomes lead to decisions that effectively mitigate risk across several possible future threats or attacks.
• Scenarios illustrate several ways that one threat can evolve and develop into different plausible outcomes, that planners need to be able to cope with.
• Helps managers recognise when assumptions are being challenged by events, while exercises will develop the ability to respond appropriately.
• Creates awareness of how changes in underlying factors can change the way events unfold during an crisis, and better understand the relationship between different factors.
• Creates the recognition of vulnerabilities, and informs managers of where to short-list options for investment planning, and implications for the trade-offs they may need to consider.
• Accommodates both qualitative & quantitative inputs and reconsiders multiple views & priorities across physical & cyber security.
26
High Reliability Organisations
• Preoccupation with Failure
• Reluctance to Simplify
• Sensitivity to Operations
• Commitment to Resilience
• Deference to Expertise
R e s i l i e n c e ©Malcolm Baker (T/A Resilience). All rights reserved 2012.
©Dan Solomon. All rights reserved 2012.
Dan SolomonSenior Partner
Tel: +44 7850 761834Email: [email protected]
Security and Risk Consultingwww.hawk-ism.com
Dan SolomonVice President, Europe
Tel: +44 7850 761834Email: [email protected]
Proactive Security in a Reactive World
Risk & Resilience Consulting
Workshops & Scenario-Building
‘Red Team’ Exercises
Strategy Consulting
Added Value Analytics
Intelligence Gathering
Threat Modelling
Factor Impact Analysis
Risk Analysis
Management support
Workshops
Security Policy Analysis
Scenarios-Building
Risk Management
Your Contact
EISN meeting Groningen March 2012 29