Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Am I concerned?

Published byValentin Mathieu Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity Am I concerned?"— Presentation transcript:

1 Cybersecurity Am I concerned?
An awareness raising campaign for Competent Bodies using the Ecolabel system Does anyone know what cybersecurity is about? Do you as a user and stakeholder of the Ecolabel system feel that you are concerned with cybersecurity? Are you aware of any security threats to the Ecolabel system? Eddy Philippaerts Ecolabel Competent Bodies Forum Brussels 19/01/2016

2 Cybersecurity What is it about?
Cybersecurity is about protecting the confidentiality, integrity and availability of IT systems and services IT systems and services should have a security plan describing its overall security. The classification of a system according to the levels of confidentiality, integrity and availability of their data determines whether the system is STANDARD or SPECIFIC. Specific systems require a risk assessment where the magnitude of risks are determined based on its probability and impact. Risks should be mitigated by putting in place adequate measures. Confidentiality Integrity Availability Risk Asst Classification PUBLIC LIMITED BASIC LIMITED HIGH RESTREINT UE CONFIDENTIEL UE SECRET UE TOP SECRET UE MODERATE CRITICAL STRATEGIC STANDARD SPECIFIC + OR = Not required Limited Full

3 Cybersecurity Are you concerned?
Ecolabel is classified as standard with A limited basic confidentiality level (=unauthorised disclosure would cause moderate prejudice to the Commission and/or Member States) A moderate integrity level (= loss of integrity might threaten the internal working of the Commission, Member States, third parties) A moderate availability level (= loss of availability might threaten the internal working of the Commission; Member States, third parties) The Ecolabel security plan identifies 34 risks and 87 mitigating measures 33 risks are owned by the system owner and/or system supplier 1 risk is owned by the end users

4 Cybersecurity The main risk for end users of Ecolabel
Unauthorised access, use of the system and/or modification of data by non-registered users Motivation Damage the image of Ecolabel, the Commission, the Member States, a company (e.g. a competitor), an Eco labelled product or service… Mitigating measures Authentication via ECAS Split application in front and back offices Implement strong protection mechanisms (firewalls, antivirus, antispyware, …) Don't share logins/passwords Don't reveal information that could help hackers to get access to the system Use secure transaction mode (https) Apply best practices in software programming to mitigate application vulnerabilities Log and monitor connections and data modifications Implement reconciliation procedures and do regular quality checks to ensure that data is consistent, properly computed and not changed by any means Who is behind such threats and what are their motivations? Anyone wanting to damage the image of the Ecolabel Anyone wanting to damage the image of the Commission or Member State Anyone wanting to damage the image of a specific product/service

5 Cybersecurity : Are you concerned ?

6 How is my PC infected? Phishing attacks
By visiting malicious or compromised legitimate sites Social engineering (used by many rogue security software applications) By downloading free programmes (freeware) Malicious Advertisements By downloading and using pirated software (warez web sites) By using infected USB keys Difference between phishing and spear phishing attacks (see next slide) Importance of an up-to-date anti-virus Sharing a business PC with someone else (e.g. your children) is not a good idea. You lose control and the PC could be infected when downloading malicious software.

7

8 Cyber protection: the golden rules
Keep the PC updated with security patches Install and keep updated an antivirus Make sure that you use strong passwords (ECAS) and keep them secret : don’t share passwords or leave them accessible to others. Don’t use the same passwords at work and at home. Be aware of risks listed above Don’t copy Commission information (in particular non-public information) onto removable media or mobile devices or take them off premises unless you really need to. Delete any data from them as soon as possible Avira, Avast or Malwarebytes are good options for a free anti-virus Windows includes the Defender anti-virus

9 Cyber protection: the golden rules
Report to the helpdesk any system malfunctions, security weaknesses, data breaches or unauthorised access to systems. Most important if personal data is involved. Propose actions, procedures, enhancements, to improve security of operations Take extra care when accessing Commission systems from home or using mobile devices. Are you using your own PC? Is it well controlled and secure? Can anybody watch you? Lock your computer when you leave the place (for a meeting or a pause) Do not use admin account. Get a normal account with less privilegies. Avoid non-Commission systems for Commission business (e.g. Dropbox, Google drive, Skype, etc.) unless having specific authorisation. Use Commission systems in the way intended and comply with the security rules.

10 Every user has security responsibilities
Q & A Every user has security responsibilities

Download ppt "Cybersecurity Am I concerned?"

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
1.1 System Performance Security Module 1 Version 5.

1.1 System Performance Security Module 1 Version 5.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

Similar presentations

Ads by Google