the speakers - Swiss WebAcademy

Index
5
Foreword by Silviu Borș, Director of the County Library Astra Sibiu, publisher & host
6-7
Welcome by H.E. Jean-Hubert Lebet, Ambassador of Switzerland to Romania
Welcome by Marco Obiso, World Cybersecurity Coordinator, ITU
8-9
10
Welcome by Augustin Jianu, Director of the CERT-RO
11
Welcome by Ioan-Ovidiu Sitterli, Prefect of Sibiu
12
Welcome by Ioan Cindrea, President of the Sibiu County Council
13
Welcome by Klaus Iohannis, Mayor of Sibiu
Welcome by the Rector of the “Lucian Blaga” University of Sibiu
14-15
16-17
Welcome by Laurent Chrzanovski, Conference Manager
18-19
Organizers and concept
20Thanks
Let us build together a safer IT world
21
22-23
Swiss Webacademy
International Telecommunication Union
24
25CERT-RO
26-27
Security Brokers International
Agora Media Group
28-29
30-31ASIA
32NETSEC
33
The 2014 Congress Partners
34-37
DIAMOND PARTNER: Dell
GOLD PARTNER: QEast
38-39
40-41
GOLD PARTNER: certSign
42-44
GOLD PARTNER: Bitdefender
45
SILVER PARTNER: Datanet
46
SILVER PARTNER: Check Point
SILVER PARTNER: Biss
47
48
SILVER PARTNER: Boromir
BRONZE PARTNER: Betfair
49
BRONZE PARTNER: Safetech
50
51
BRONZE PARTNER: Palo Alto
BRONZE PARTNER: Safenet
52
53
BRONZE PARTNER: National Association of Romanian Bars
54
BRONZE PARTNER: Visma
SUPPORTER: Clico
55
56
SUPPORTER: Kapsch
SUPPORTER: Cisco
57
58
Media & Awareness-raising partners
59
MEDIA PARTNER: Digi 24
MEDIA PARTNER: Q Magazine
60
61
MEDIA PARTNER: Transylvania Business
62
MEDIA PARTNER: Gateza de Cluj
63
MEDIA PARTNER: Romanian Association for Information Security Assurance
64
AWARENESS-RAISER: Swiss-Romania Chamber of Commerce
AWARENESS-RAISER: Rotary Club Sibiu
65
66
AWARENESS-RAISER: Lyons Club Millenium Sibiu, IPv6 & DefCamp5
67
Speakers and abstracts
68
Romanian State Special Guests
69
Adrian Aron (Cisco)
70
Liviu Arsene (Bitdefender)
71
Selena Arsene (Cyberghost)
72
Andrei Avadanei (CCSIR)
73
Liviu Avram (Dell)
74
Rosheen Awotar-Mauree (ITU)
75
Bogdan Botezatu (Bitdefender)
76
Gorazd Bozic (SI-CERT)
3
77 78
79
80
81
82
83
84
85
86-87
88
89
90-91
92
93
94
95
96
97-98
99
100
101
102
103
104
105
106
107
108
109
110
111
113
114
131
132
135
141
151
157
161
166
174
178
179
182
186
190-191
192
195-196
4
Cristiano Cafferata (Dell)
Raoul Chiesa (Security Brokers International)
Laurent Chrzanovski (Swiss Webacademy)
Teodor Cimpoeșu (certSIGN)
Dragoş Cioca (Kapsch)
Maria-Gabriela Ciot (Ministry of Information Society)
Ana Cobzaru (Bitdefender)
Lucian Corlan (Betfair Romania Development)
Alexandru C[t[lin Cosoi (Bitdefender)
Cristian Cucu, Bogdan Toporan (BISS I Best Internet Security)
Olga Demian (Information Society Development Institute, MD)
Adrian Floarea (certSIGN)
Ramsés Gallego (DELL)
Mihai Ghiță (Q-East Software)
Selene Giupponi (Security Brokers International)
Florin-Mihai Iliescu (Info-Logica Silverline)
ˇˇ (Palo Alto Networks)
Jakub Jirícek
Max Klaus (Swiss Federal Reporting and Analysis Centre for Information Assurance)
Besnik Limaj (ENCYSEC – Transregional Project “Enhancing Cyber Security”)
Teodor Lupan (Safetech Innovations)
Alexandru Nacea (Datanet Systems)
Valentin Necoară (certSIGN)
Takeshi Niyama (Doshisha University, Kyoto & McAfee Japan)
Darko Perhoc (HR-CERT), Maksym Pylypets (CERT-UA)
Călin Rangu (ISEE / National School of Political Sciences and Administration), Andrei Rusnac (SIS of the Republic of Moldova)
Cristian Şerban (Betfair Romania Development), Roy Shamir (Cellebrite)
Silviu Sofronie (Bitdefender)
Albena Spasova (ICT Academy, Sofia)
Natalia Spinu (CERT-GOV-MD)
Dan Tofan (CERT-RO)
Ondrej Valent (Safenet)
Ioana Vasiu (“Babes-Bolyai” University of Cluj-Napoca)
2013 Acts and 2014 Congress Information
CERT-RO 2013 report
The 2013 Congress Articles
Liviu Fleșar, Vlad Constantin, An overview of Bitcoin security
Ioana Vasiu, User generated content websites, a profitable medium for criminals
Bianca Stănescu, Studiu Bitdefender: aspecte privind securitatea in reţele sociale şi controlul parental în mediul online
Mattia Epifani, Mobile Risks and Countermeasures
Raoul Chiesa, From social media chaos to social media security
Raoul Chiesa, Major threats to small and medium enterprises, future trends and countermeasures
Paolo dal Checco, Mobile forensics
Ionel Niţu, Bogdan Aldea, The probability of a cyber attack and its impact on business environment
A congress with culture!
Sibiu, a short historical notice, by Răzvan Pop
The historical palaces and halls hosting the congress, by Răzvan Pop
What is the significance of your conference badges? by Laurent Chrzanovski
Sibiu Tourism
The ultimate bad attendee’s guide (culture, shopping & going out) by Laurent Chrzanovski
Congress Locations & map
Dr. Silviu Borș
Director of the County Library “ASTRA”, Sibiu
Lecturer at the “Lucian Blaga” University of Sibiu
This volume has been printed is proudly brought to you by the County Library “ASTRA”,
Sibiu and its printing house. In the very year we are celebrating the110th anniversary
of the publication, in Sibiu of the third and last volume of the first encyclopedia of Romania
– the fourth national encyclopedia in the world at the time it was printed, we considered,
with the support of the Sibiu County Council, that the volume - and the plenary sessions of such an important international conference finds its place among the nationwide known
events which were hosted by our institution, starting with the Congress of the Professors
of History or the International Congress of Agriculture, both held in 1929.
Your presence is an honor for us and I wish you’ll feel at home in our Gala Room and you’ll
take some minutes to visit the “special collections room” where some unique publications
are carefully preserved.
5
In my capacity of Ambassador of Switzerland to Romania, I am pleased to notice that the
initiative to build an efficient dialogue platform in the domain of cyber security, launched last
year by the Swiss Webacademy, has reached its target.
Highly ranked Romanian State officials accepted to take part to the first congress, thus
marking the importance they attach to a dialogue with the civil society in such a crucial
matter. This year, not only they are back, but they are joined by many colleagues from all the
key institutions in charge of the different and multiple aspects of the problem.
Not only the 2014 edition has met an increased interest, but it rallied a large public and
private international support, which represents a milestone for establishing in Sibiu a yearly
benchmark in the field, an objective shared by the organizers and many public and private
partners from Romania and abroad.
Moreover, the attempt to bring a “Swiss concept” adapted to Romanian skills and needs,
the real core of the way the congress had been thought since the beginning by the Swiss
Webacademy has proved to be successful.
This essential dialogue between State and Private decision makers in an international
atmosphere – a way of collaboration we are used to in Switzerland, by its traditions of
consensus, federalism and neutrality – raised the interest of the highest national and global
authorities in the field.
I wish to express my sincere gratitude to the International Telecommunications Union, and
particularly to its Secretary-General, Hamadoun I. Touré, and to its World Coordinator for
cybersecurity, Mr Marco Obiso for providing the congress with technical support and for the
generous grant aimed at enlarging the circle of key-speakers to the neighboring countries.
This decision, aimed to promote the congress to the rank of a macro-regional meeting,
demonstrates that Romania is one of the few EU places which can not be avoided in IT
matters as it represents a very central country of a fast-growing region in this field.
6
I also address my warmest thanks to the whole CERT-RO team, which constant support
and precious good advice to the organizers have been crucial in this new challenge. Since
November 2013, month after month, the CERT-RO helped in choosing the topics, selecting
international key speakers, picking and inviting the most relevant Romanian personalities,
thus giving a major contribution to the way the 2014 edition was designed.
As for Switzerland, I am glad to mention, as a proof of its sustained interest for Romania
and for this important congress, the presence of the Deputy Head of MELANI, the Swiss
Federal Reporting and Analysis Centre for Information Assurance -, within the Swiss Federal
IT Steering Unit.
In drawing, with all major public and private partners, objective conclusions of what went
well and what proved less appropriate in the first edition, the organizers have planned useful
new initiatives, such as a pre-congress training day for non technical decision-makers and
specific, pro-active, thematic workshops moderated by the most authoritative personalities
in each field.
In the constant attempt to encourage all the entrepreneurs and private decision-makers to
participate in the conference, everything has been done to provide them in a simple way
access to all the information they need directly from the best sources, according to a program,
which will allow each participant to come back to his business with an impressive valueadded knowledge.
I wish you a pleasant and productive meeting.
Jean-Hubert Lebet,
Ambassador of Switzerland to Romania
and Honorary President of the Swiss Webacademy
7
Cybersecurity is the 21st century main challenge for everybody, from the biggest state
institutions to the individual persons. Never, threats and dangers have been so numerous,
diverse and global, potentially targeting almost everyone and everywhere.
In my capacity of Cybersecurity Coordinator within the International Telecommunication Union,
I took part to the birth of this very special public-private dialogue platform, in September 2013.
I had then the pleasure to witness the general interest generated by the initiative launched
by the Swiss Webacademy under the aegida of the Embassy of Switzerland in Romania, with
very highly ranked Romanian officials showing by their presence and speeches the openness
of the highest levels of the State to collaborate actively with the private sector in this vital
topic.
This has been a crucial indicator for me to motivate an ITU technical but also a financial
assistance, devoted to bring to Sibiu top analysts, mainly from the neighbouring countries,
allowing the congress to grow macro-regional and to become, hopefully, a yearly benchmark
for the whole Central and Southern European areas.
At the time I write the present, the number of the speakers announced, the diversity of
institutions and companies represented, the 26 nations attending through state bodies or
private firms will certainly make the 2014 edition an extremely important opportunity of
exchanges, dialogues, debates and, probably, will allow thinking about new collaborations or
initiatives.
The ITU deepest gratitude goes first to our partner, the CERT-RO, who worked without rest
all the last months together with the organizers to be sure every Romanian state institution
implied in this complex problematic will be represented at Sibiu at the highest level.
The CERT-RO already proved its energy and professionalism by being one of the first, together
with its partners within the Romanian administration, to provide the ITU the complete country
documentation for one of our most important projects, the Global Cybersecurity Index (GCI)
(http://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx).
8
Coupled with the huge growth of the Romanian IT sector, both in quality and quantity, in the
last years, it is a clear signal that Romania is very well positioned to contribute to the dialogue
on global collaboration on cybersecurity and support the existing UN’s efforts in this direction.
I would also like to thank the Swiss Embassy in Romania for its constant patronage of the
initiative, a diplomatic premise of neutrality and objectivity for the debates.
Moreover, I express my deepest gratitude to the Sibiu County Council and to the Sibiu “Lucian
Blaga” University for their huge support to the event, in logistics, mediatisation, hospitality
and generosity. I can witness it is very rare to see local administrations and universities to be
so active in helping – in facts and not in words – major cybersecurity initiatives.
Last but not least, Swiss Webacademy, the professional web-learning NGO, proved that even
a 5-people team can achieve such an amazing meeting, supplying notoriety or finances with
heart, human energy and human relations. It deserves our respect and is a perfect example of
how, against one of the most important dangers for our society, a few men and women with a
good and serious project can sometimes generate an initiative which would have taken much
more time and complexity if created by a state body or a multinational company.
With regrets not to be able to take part to this year edition, but with the certitude my colleague
Mrs. Rosheen Awotar-Mauree, will adequately represent the ITU due to her experience in
managing state strategies.
I wish you a very pleasant and productive meeting.
Marco Obiso
Cybersecurity world coordinator, ITU
9
It gives us great pleasure to welcome you at this event. Last year we were guests to this event,
but because of the growing interest shown by the participants for this cooperation & dialogue
platform between government and private sector, we decided for this year to stand besides
the Swiss Embassy and ITU as co-hosts and transform the conference in an annual event.
CERT-RO team strongly believes that this type of event provides good opportunities
of knowledge transfer, from academia and private stakeholders to governmental institution,
in our common fight against cyber threats.
We all know that without cooperation it’s impossible to have a coordinate response
to cyber threats. This being said, cooperation is based on trust and it is this type of mutual
understanding and trust that we have to build between governmental and private sectors.
An acronym like APT should not only be used for Advanced Persistent Threat but also
for Advanced Persistent Talks in order to achieve and maintain Advanced Persistent Trust.
CERT-RO is honored to have you with us at this extremely constructive, educational
and successful conference for all participants.
In the end I would like to thank you for your participation and involvement in this event and for
sharing your knowledge of this complex and dynamic domain.
The National Computer Security Incidents Response Team, CERT-RO
Augustin Jianu
General Director, CERT-RO
10
ROMANIA
MINISTRY OF INTERNAL AFFAIRS
THE INSTITUTION OF THE PREFECT
SIBIU COUNTY
The organizing of the international congress “Cybersecurity in Romania” in Sibiu honors us.
The first edition of the conference, already held in Sibiu, upon the initiative of the Professional
Association Swiss Webacademy, was a success. The debated topics are of great and real
interest to the economic environment, the academic community and the public authorities.
Cyber-security is essential for ensuring the existence and the development of any company,
meaning that investments in IT security systems should become mandatory. Cyber-attacks
are a threat to private firms, but State institutions are also vulnerable to this kind of crime.
Under these conditions, it is very important to educate employees, because their mistakes
have proved to be among the main causes of security breaches, which can lead to confidential
information leakage of a company or an institution. Therefore, organizing a congress on
cyber-security is appropriate and extremely important for the entire community.
I wish a pleasant stay in Sibiu to the foreign guests and a fruitful exchange of ideas as to
ensure information security.
Ovidiu-Ioan Sitterli
Prefect of the County of Sibiu
11
It is an honor for me to have you as guests in the Sibiu County and together with you, to be
part of the 2nd edition of the “Cybersecurity in Romania” congress, ensuring that it goes
smoothly and turns fruitful.
I am pleased to see that the first edition has had a great impact on international and national
institutions and companies to the point that the present congress is no longer focused on
Romania only, but already becoming a macro-regional major dialogue platform for more than
70 specialists from 30 countries. The confirmation of Swiss Webacademy’s choice to root this
yearly venue in Sibiu is a pride for our county and a challenge for the years to come.
As shown by its cultural, ethnic and religious diversity, the Sibiu County has been throughout
its history the ideal meeting point where fruitful dialogues happen between intellectuals,
politicians or traders coming from around the world. As a fact, the very important debates,
which took place in several cities of our county during the last centuries, can be considered
as harmonious premises to your discussions, dedicated to one of the hottest topics of our
present and future.
In the hope of a successful congress, I would like to warmly wish you a pleasant stay in Sibiu,
and to seize the opportunity of inviting you to visit and return to the Sibiu County. Ioan CINDREA
President of the Sibiu County Council
12
The fact that Sibiu has been confirmed for hosting yearly the international public-private
platform devoted to Informatics Security is an honor for our city.
After the success of the first edition, we could imagine the second one will be at the same
level and hope it will become even better. With more than 70 speakers from 30 counties,
all possible wishes are outshined. It is an honor for Sibiu that so many highly ranked state
representatives and top international experts from such a number of countries gathered in
one event and for one single aim.
Our deepest gratitude for this amazing achievement goes to H.E. Mr. Jean-Hubert Lebet,
Ambassador of Switzerland to Romania, whose patronage continues to ensure neutrality and
objectivity of the debates, to the Romanian central authorities which seized the necessity of
an open dialogue and, last but not least, to the International Telecommunication Union, which
decided to provide a generous support to grow the congress macro-regional and, of course,
to the organizers.
In Transylvania, Sibiu always played a role of ideal meeting point for intellectuals, scientists
and scholars. This year, we celebrate the 120th anniversary of the birth of Hermann Oberth,
the first inventor of the space rocket. This year, we also celebrate the 110th anniversary of
the publication in Sibiu of the third and last volume of the first encyclopedia of Romania
– the fourth national encyclopedia in the world at the time it was printed. Even more, we
also celebrate the 45th anniversary of the University of Sibiu, under the grateful aegis of the
“Babes-Bolyai” University in Cluj. As a matter of fact, the direction of the Cluj University was
obliged in 1940 to abandon teachings in Romanian or to move elsewhere. A huge part of
the faculties (History, Philosophy and Medicine) and even its famous football team chose to
settle in Sibiu, until 1945. Grateful to the city’s hospitality, the Rector of the Cluj University,
Academician Constantin Daicoviciu, supported, in 1968, Sibiu’s demand to have its own
academic structure. In 1969, The University opened its doors. It now hosts over 20.000
students, many of them being granted with first-class results, in different fields among which,
obviously, the IT one.
We hope every participant will feel a guest of our city, and we are sure that all of you will feel
somehow to be the successors of the personalities who gathered in the very same historical
places chosen for your debates, which are crucial for the society we are living in.
Klaus Werner Iohannis
Mayor of Sibiu
13
A modern university can no more afford to continue following the old educational methods
consisting in a simple transfer of knowledge from professors to students within the frame of
an almost hermetic academic world.
Institutional partnerships with prestigious universities continue to be one of our top priorities.
But today’s challenges, in exact sciences, technical sciences and, I daresay, in all sciences,
do need a daily and reciprocal interaction between the academic faculties and the public and
private professional world.
In this sense, the “Lucian Blaga” University of Sibiu can be considered as a pioneer among the
Romanian Academic institutions, for the number and quality of its partnerships with the labour
world. Among them, the regular training sessions organized for our students by specialists of
different fields facing day-to-day challenges in their profession is a key factor for the success
of our formations and obviously for the professional chances and opportunities available to
our students when leaving our amphitheaters.
Among the long-term collaborations I had the pleasure to sign as a rector, the one with the
Swiss Webacademy deserves to be mentioned, by its interdisciplinarity seeing both our bodies
collaborating in cultural projects, heritage digital promotion, web and IT trainings and, of
course, our common priority to establish in Sibiu a yearly public-private international dialogue
platform dedicated to one of the most threatening aspects of the digital world we are all living
in: cybercriminality.
With a long tradition in the field of studying classical phenomena of international security, as
evidenced by our journal “Studia Securitatis/ Security Studies Review” with its 3 to 6 issues
per year along with its renowned research center of Informatics, the “Lucian Blaga” University
of Sibiu was naturally destinated for being the academic partner of the event, since its first
edition.
It is a pleasure for me to welcome, this year, a special training day taking place in our most
prestigious location, the Senate Hall. A predestinated location, as the hall was intended, at the
time of its construction, to host the guests of the lead institution in matters of international
14
security of the whole region, as a reception ‘salon’ of the Austro-Hungarian Military Commander
of Transylvania.
Another great added-value for our institution is the part devoted to top-speakers of several
of the most prestigious Academic institutions from Romania (the Military Technical Academy,
the Babes-Bolyai University of Cluj, the Academy of Economic Sciences of Bucharest and the
National School of Political and Administrative Studies).
Their presence within the well-proportioned shares of national and international, public and
private speakers achieved by the conference organizers is exactly the goal the “Lucian Blaga”
University always promoted for designing a successful knowledge transfer event. In this
sense, we are proud that our collaboration contributed to create one of the most exemplary
meetings in Romania and not only for the precise field it is devoted to.
Last but not least, the implication in the congress sessions of our professors and students is
significant, may they be lecturers or simply auditors. Their interaction with the speakers will
be, doubtlessly, mutually profitable.
May all the participants agree our gratitude for having decided to attend this meeting. I
sincerely hope that they will feel, for three days, as very welcome guests of Sibiu and as
friends of the “Lucian Blaga” University.
Prof. Univ. Ing. Dr. Ioan Bondrea
Rector
“Lucian Blaga” University of Sibiu
15
The organization of Sibiu in 1600... an example to follow for securing our cyber-society?
One of the biggest and wealthiest cities of Central Europe at the beginning of the 17th
century, Sibiu has very often been besieged by the powerful armies of the Transylvanian
princes wishing to seize its riches, mainly due to the prosperity of its guilds and the size of its
European-renowned market.
None of the assaults succeeded... and not only because the besiegers were unable to break
the excellent fortified system of the city or to face the braveness of its soldiers. The real key
of the invincibility of the city was, in fact, the complete solidarity between its authorities,
its private companies and its citizens. How could that happen? Let’s observe a little more in
detail the social and administrative configuration of city at the beginning of the 17th century.
“Within the walls of the city lived approximately 5,500 people, as estimated by István Draskóczy
for the beginning of the sixteenth century. In 1510, according to other calculations, Sibiu had
1311 taxable units (households), putting the number of tax-paying residents to 6,500. (...)
[but] Gustav Gündisch stated that at the turn of the sixteenth century one fifth of the Sibiu
inhabitants did not possess their homes (inquilini), although they did pay taxes. To these an
uncertain number of day-laborers, journeymen, apprentices and marginals should be added.”
What is particularly interesting is the organization of the administration and of the city: “[The
city was ruled by] the mayor (Bürgermeister), the royal judge (Königsrichter), the judge of
the Sibiu Seat (Stuhlsrichter) and an economic administrator (Stadthann) together with the
City Council of twelve members appointed annually governed Sibiu. The Great Council
(Hundertmannschaft) included members of the guilds and formally approved the election of
the mayor and of the Small Council (Stadtrat).”1
In addition, in Sibiu, as in all Transylvanian Saxon cities, the neighborhood organization
of the citizens was crucial for the welfare of the inhabitants, and many problems did not need
Citations from: Maria Pakucs-Willcocks, “Alle die so jnn und kreiß der Mauren wonen werden hermanstaedter genannt”:
Neighbours and Neighbourhoods in Sixteenth-Century Sibiu, in Colloquia. Journal for Central European History (XVIII/2011),
pp. 51-67)
1
16
Sibiu in 1650 © Courtesy of Radu Oltean
to be judged by any institutional or judicial body, as were peacefully solved through structures
called vicinia or Nachbarschaften, a particular trait of the Saxon cities, where all heads of
households in a given area, most usually a street or a square, were bound to mutual support
and to a well-defined rule in social relationships, as well as in facing fires, attacks or health
problems.
As far as the war is the core theme of our short page, the whole defense system was supervised
by the public authorities, but constructed, maintained in state of perfect functionality and
supplied in soldiers by the guilds. This is the reason why each entrance, tower or wall
portion bears the name of the guild, which was in charge with (coopers’, tailors’, goldsmiths’,
blacksmith’s, etc.).
As we can see, the wealth, the justice, the administration and the defense of the city, in
peaceful periods as well as in war, times, were entirely based on the perfect collaboration
between the State, the private companies and the citizens.
From the richest to the most modest, each Sibian strongly felt to be privileged to be a member
of such an equitable community and responsible of its security. He was proud to be a citizen
and was always ready to defend its city.
Let those hundreds of years of prosperity due to collaboration between all social partners
inspire all of us during this public-private dialogue, and let us try to build in the digital world
many, many, virtual “Sibiu”!
With the warmest welcome of the Organizing Committee!
Dr. Laurent Chrzanovski
Congress Manager
17
Organizers & Concept
The organizers
The 2nd Edition of the Conference “Cybersecurity in Romania” is brought to you by Swiss
WebAcademy, in collaboration with Security Brokers International, ASIA
(Association of Business Intelligence Professionals), and Agora IT Media Group.
Organizing committee
Daniela Chrzanovski, CEO, Swiss Webacademy; Dr. Laurent Chrzanovski, PR, Swiss
Webacademy; Marco Obiso, Head of Cybersecurity dpt., International Telecommunication
Union (ITU); Daniel Ionita, Head of analyzes and policies, Romanian Computer Security
Incidents Response Team (CERT-RO); Raoul Chiesa, CEO, Security Brokers International;
Romulus Maier, CEO, Agora Group; Ionel Niţu, President, ASIA.
The concept
I. Equity, neutrality, objectivity through international and national dialogue
After an in-depth analysis of the 2013 congress, the ITU (International Telecommunication
Union, UNO-Geneva), the CERT-RO (Romanian National Computer Security Incident Response
Team), decided to support the organization of the 2014 congress, by a strong presence of their
specialized directions and by ensuring the presence of internationally renowned independent
specialists. As last year, the Embassy of Switzerland to Romania accepted to place the event
under its High Patronage. By its renewed presence at the conference, H.E. Jean-Hubert
Lebet, joined this year by Mr. Max Klaus, deputy Head of MELANI (Swiss Federal Reporting
and Analysis Centre for Information Assurance), will be a warrant of the equity and neutrality,
which are compulsory for continuing to face the challenge we decided to take up in 2013,
i.e. to create the most useful and objective dialogue possible between State specialists, IT
security actors and IT consumers.
18
The precious help of the Sibiu County Council as well as the “Lucian Blaga” University of
Sibiu, together with the “Babeş-Bolyai” University of Cluj-Napoca will ensure the presence of
Romanian renowned academic and researchers, joining the State specialists and the most
skilled representatives sent form IT Security companies.
II. Macro-regional points of view, from the main neighboring countries
Moreover, contrary to the 2013 event and thanks to a generous ITU fellowship doubled by the
efforts of several partners, the congress has been raised from a national into a macro-regional
one, with State specialized services representatives from Bulgaria, Croatia, Czech Republic,
Kosovo, F.Y.R. of Macedonia, Republic of Moldova, Slovenia, and Ukraine. This will certainly
help to understand better the Romanian reality in its global context, to see which solutions
are being implemented in other countries and which Romanian solutions could help abroad.
III. Dialogue between State Institutions and private sector
The main guideline of the event is, as in 2013, to create an open dialogue between Romanian
and foreign State Institutions, which will show how their activities can help the private sector,
and private actors, which will explain their needs, in order to create a useful brainstorming,
potentially a ‘generator’ of new measures, law projects and think-tanks in plus of consolidating
the necessary mutual trust between the Public and the Private decision-makers.
IV. B2B: enhancing ideal networking and targeting for IT firms and IT consumers
The lectures will continue to be, in a compulsory way, non-marketing. But besides the lectures
and workshops, the congress aim is also to provide a useful meeting point for companies and
participants. The 2014 edition has hence be planned together with some of the most important
International and Romanian companies, allowing speakers and participants to interact and to
find in the Sibiu event an exceptional networking occasion.
V. New congress structure: lectures and workshops
Contrary to the 2013 edition, the number of key lectures to be held in the plenary sessions
has been limited to the most relevant topics. The congress has been structured into four
workshops, each one being moderated by two skilled personalities, from both public and
private sector, who will contribute to stimulate dialogue, debates and discussions between
the speakers and the assistance, under the “Chatham House Rule”. During the conclusions,
to be held in the last plenary session, each moderator will draw a synthesis of the most
important issues and data of his workshop.
VI. Open-minded, open to society, open to researchers
The 2013 congress with its feedbacks proved that Romania needs a fully transparent dialogue
platform on cyber-security issues. Providing free attendance for a selected panel of journalists
to a dedicated press point, disseminating goals and then results to national and international
media will help to raise the population interest on the issue and grow the awareness of the
problematic among the decision-makers.
19
Special thanks
The organizers express all their gratefulness to the institutions and companies, which
supported the congress. In particular, our deepest thanks to all the persons who made this
event possible, in particular:
Dr. Hamadoun I. Touré, ITU Secretary-General
The Ambassador of Switzerland to Romania, H.E. Jean-Hubert Lebet
The Prefect of Sibiu, Mr Ovidiu-Ioan Sitterli
The President of the County Council of Sibiu, Mr Ioan Cindrea
The Mayor of Sibiu, Mr Klaus Werner Iohannis
Prof. Dr. Ing. Ioan Bondrea, Rector, Lucian Blaga University of Sibiu
Acad. Prof. Dr. Ioan-Aurel Pop, Rector, Babeş-Bolyai University of Cluj-Napoca
Prof. Dr. Marian Tiplic, Pro-rector, Lucian Blaga University of Sibiu
Dr. Silviu Borş, Manager, Astra County Library, Sibiu
Dr. Ciprian Ștefan, Manager, Astra Museum
Mrs. Simina Manea, Head of Sibiu County’s Tourism Association
Mr. Razvan Pop, Head of the County Direction for Culture, Sibiu
Mrs. Cristina Doris Banciu, Counselor for International Relations, Sibiu County Council
Mr. Radu Nechit, Counselor of the President, Sibiu County Council
Mr. Valentin Vasilescu, IT Manager, Sibiu County Council
Mrs. Carmen Nicula, Responsible for International Relations, Sibiu City Hall
Av. Lucian Chirila, Lawyer, Sibiu
Mr. Mircea Ureche, Sibiu
Mr. Liviu Fleşar, Bucharest
Mrs. Maria-Mirela Moldor, Sibiu
The Rotary Club Sibiu
The Lions Club Millennium, Sibiu
And the whole Swiss Webacademy team:
Marius-Valentin Amza, IT Manager
Lucian Corneliu Hirceagă, Responsible trainings
Oana-Vladiana Gudea, Assistant
Andreea Miheț, IT Expert
Doina Popp, Web Designer
Ovidiu Fulea, Web Designer
20
Miruna Marinescu, Trainee
Anca-Maria Irimina, Volunteer
Daniel Crețu, Volunteer
Ionuț Suciu, Volunteer
Mircea-Ioan Gudea, Volunteer
Mirela-Maria Moldor, Volunteer
LET US BUILD TOGETHER A SAFER IT WORLD
IN ROMANIA!
Why not follow the example of the oldest European codes,
made in Romania and never «hacked» after more than 7000 years?
The tablet of Turdas (Turdas, departement of Hunedoara, Transylvania), 5th millenium BC.
© Courtesy of Prof. Dr. Sabin Adrian Luca
Few are those who know that the first European proto-writing was born in Romania. To be
exact, dozens of small clay slabs with signs, symbols or figures have been found in southern
Transylvania, mainly in the Hunedoara, Alba and Sibiu provinces.
This amulet, belonging to a group of ca. 30 similar artefacts, is considered by specialists as a
priceless witness of the oldest forms of proto-writing in Europe. In contrast to what will happen
some centuries later in the Near East, the language expressed here has never been decrypted,
as these tablets never gave birth to an alphabet we could retrace. All these mysterious
documents appear during the 6th millennium BC, mainly in huge Neolithic settlements near
the river Mures, such as Turdas and Tartaria. They were probably made by priests and their
initiates to perform religious cults.
Those small artifacts are priceless witnesses of the very first attempt on our continent to
establish a written code to transcribe concepts, phrases or words.
In contrast to the famous tablets of the neighbouring
site of Tartaria, found accidentally in 1961, the tablet
of Turdas was unearthed during regular archaeological
excavations in 1992 and dated in laboratory to the 5th
millenium BC. According to Professor Sabin Adrian
Luca, the signs depicted on it could represent a
sledge (S1), a man in movement (S2), a man reclining
(S4) and waves (S3, S5), all sacred symbols which
representations are well attested in the Neolithic
period.
21
The NGO Swiss Web Academy is a Professional Association, which aims to provide
high-quality courses and products in the IT domain.
Its strength and major difference with its competitors resides in its unique working method:
Swiss quality combined with Romanian flexibility.
SWA’s courses and products have been elaborated together with the
Federal University of Applied Sciences, Dpt. of Engineering (Saint-Imier, Switzerland) and
adapted to the specific needs of the Romanian market.
SWA proposes a large panel of state-of-the-art trainings allowing students to apply directly
their new knowledge in their professional environment. All the trainings are available either
at our brand new classes in the heart of Sibiu’s old town, or online – one-to-one or in small
groups –, thanks to the Webacademy concept.
SWA offers two ranges of exclusive trainings:
- Long haul in-depth trainings: Webdesigner, Webprogrammer, Webexpert, all crowned with
an official Professional Certificate delivered by the Romanian Ministry of Labor.
- Short haul specialized trainings for a specific software: Autocad, Archicad, 3D StudioMax,
Java, C++, Photoshop, PhP MySQL, etc.
But SWA provides also special coaching for entrepreneurs, such as “Basics of IT for Business”,
“Basics of IT adaptation” and “Basics of Web-marketing, IT promotion and IT strategy”
as well as tailor-made complete web solutions for individuals, companies as well as State
administrations.
Last but not least, SWA delivers state-of-the-art mobile sites and websites. Among its latest
products, we can quote the website of Artpassions, Switzerland’s most prestigious Frenchwritten Art & Culture Journal.
As a non-profit NGO, it is one of Swiss Webacademy’s top priorities to play a significant role
in the Sibian and Romanian civil society, bringing knowledge, culture and, moreover, dialogue
at the heart of its core projects.
Without a broad and open dialogue between the main actors, our society is condemned to
evolve in a binary way, which is certainly the worst solution possible. Interdisciplinary meetings,
combined brainstorming, information sharing and knowledge of the others’ needs and hopes
are, in our opinion, the only key for a more stable, equitable and fair society we all would like
to live in.
We strongly believe that we live in an era where public and private capacities need to cooperate
as much as possible, each one bringing its part and skills to build a common project.
Coming to the subject of cyber security, it is clear that, more than ever, this topic reaches the
heart of our daily lives, from the simple spams we have to trash daily to the unfortunate event
of a virus contamination of our vital working tools.
22
www.swissacademy.eu
SWA idea to approach the phenomenon is to combining the Swiss capacity of federating
the different public and private actors and the Romanian world-recognized skills in IT and IT
security field.
We wish to offer an ideal frame to encourage the best dialogue opportunity possible between
specialists and users, between Romanians and Foreigners, between State representatives
and the private sector.
Besides, SWA launched several innovative public-private projects, among which we can
mention the website marginimeasibiului.com, bringing to tourists and to researchers useful
information and, moreover, wishing to become the very first Romanian exhaustive-aimed
digitized archives dedicated to a single micro-region, offering documents, photographs and
pictures of heritage objects from more than a dozen State, Provincial and Private Museums
collections as well as from local administrations and private citizens.
In the cultural domain, SWA has always been a pioneer, bringing into Romanian temporary
exhibitions the latest IT technologies, allowing museums to regain the sympathy of the teenage
public. “From the first writings to multimedia. A short history of communication and much
more...” (2010), awarded the Unesco-prize for the best exhibition in Romania, brought for the
first time 2D barcodes into showcases, enabling the visitor to choose the description (and
the language) and keep a small photo-souvenir of the artifact he wanted to learn more about.
“Social Media Heroes, Social Media Victims. Form Hyeroglyphs to Facebook”, on show at
the ITU and in Romania in 2013, brought augmented reality and trininguism through several
smartphone applications.
Last but not least, “LVMEN
EST OMEN. Art, history
and spirituality of artificial
lighting”, actually on tour in
major Romanian Museums,
is the first exhibition in the
country with a selection
of artifacts brought “into
life”: thanks to augmented
reality, 55 lamps among
the 400 on show appear on
your smartphone lightened
and perfectly functional
with their original fuels and
wicks, with a screenplay and
short sequences realized
by Claudiu Moisescu, a
famous TV filmmaker.
23
A fundamental role of ITU, following the World Summit on the
Information Society (WSIS) and the 2010 ITU Plenipotentiary
Conference, is to build confidence and security in the use of
Information and Communication Technologies (ICTs). At WSIS,
Heads of States and world leaders entrusted ITU to be the
Facilitator of Action Line C5, «Building confidence and security
in the use of ICTs», in response to which ITU Secretary-General,
Dr. Hamadoun I. Touré launched, in 2007, the Global Cybersecurity
Agenda (GCA), as a framework for international cooperation in
this area.
24
National CIRT Programme
Global cybersecurity index
The absence of institutional structures to deal
with cyber incidents and attacks resulting in
fraud or the destruction of information, is a
genuine problem in responding to cyber threats.
The Global Cybersecurity Index (GCI) is a project
to measure the cybersecurity capabilities of nation
states and hence enable informed decisions to
foster a global culture of cybersecurity.
Child Online Protection (COP)
Enhancing Cybersecurity in LDCs
COP has been established as an international
collaborative network for action to promote the
online protection of children worldwide.
In a context of ever increasing global spread
of malicious cyber activities, this project aims
at ensuring that LDCs can maximize the socioeconomic benefits of access to ICTs in a
cybersecure environment.
Standardizing Security
Securing Radiocommunications
ITU-T’s Study Group 17 is responsible for building
confidence and security in the use of Information
and Communication Technologies (ICTs). This
includes studies of several technologies with
regards to cybersecurity.
ITU-R established clear security principles for
IMT (3G and 4G) networks. It has also issued
recommendations on security issues in network
management architecture for digital satellite
systems and performance enhancements of
transmission control protocol over satellite
networks.
http://www.itu.int/en/action/cybersecurity/
www.cert-ro.eu
CERT – RO is the Romanian National Computer Security Incident Response Team, established
as an independent structure in charge with preventing, analyzing, identifying and reacting to
cyber security incidents on national level.
Our institution is responsible for elaborating and distributing public policies for prevention
and counteracting the incidents that occur within cyber infrastructures and establish the
minimum criteria that the other CERTs must fulfill in order to become part of the Romanian
cyber security community.
CERT-RO is managed by a general director and a deputy director, supported by the
Coordination Committee consisting of representatives from the following authorities: Ministry
of Communication and Informational Society, National Authority for Management and
Regulation in Communications, Ministry of National Defense, Ministry of Administration and
Interior and others.
CERT-RO responsibilities include preventive, reactive and consultancy public services, like
performing security audit and penetration tests on request, sending alerts and notifications
regarding post-attack activities, managing incidents that occurred on national level, informing
the CERT-RO partners on the investigation results regarding cyber security incidents, according
to the cooperation agreements signed CERT-RO constituency is composed of all users,
systems and networks from Romanian cyber-space; this includes commercial, government
and research/education oriented teams as well as service providers and ISPs. The strength of
CERT-RO lays in the close relationship between us and our constituency.
Currently, CERT-RO is implementing a project financed in part by the European Commission,
named ACDC – Advanced Cyber Defense Centre where we are partners with 27 organizations
from 14 European countries. The main objectives of the projects are as follows: foster sharing
of information across Member States to improve the early detection of botnets, provide a
complete set of solutions accessible online for mitigating on-going attacks, use the pool
of knowledge to create best practices that support organizations, create a European wide
network of cyber - defense centers.
Last month, we completed another project, European Social Fund funded through Operational
Program for Administrative Capabilities Development. The main goal of that project was
the proper framework establishment in order to achieve a higher competitiveness in public
policies elaboration and a better strategic planning through partnership strengthening at
public institution level and private sector in countering cyber crime. We are proud to say now
that the first countering cyber crime team – “Romanian Cyber Crime Team”, was set up within
one of our project and the tools for such a team are located with CERT-RO.
25
Think unconventional, act global
http://www.security-brokers.com
THE COMPANY
Security Brokers is a European, privately held, security consulting company and WHQ located
in Italy, which operates globally in the Cyber Defense market with cutting-edge backgrounds
and skills in the Information Security field.
Today’s Information Technology’s deep integration within our professional and personal everyday
life - along with markets becoming more and more global and competitive - force enterprises,
organizations, Governments and individuals to look for vertical solutions and experts in order
to protect IT systems and critical infrastructures, which guard the most valuable resource:
the information.
The Security Brokers proposition towards these markets comes along with a business model able
to deal with Cyber Defense topics and key issues from different perspectives, developing ad-hoc
security services which match with very different needs, thus providing the best customized
solution – specialist, service or product – at the best available market’s conditions.
OUR APPROACH
The modus operandi of Security Brokers allows focusing on Customer’s goals and practical
needs, supporting them with tailored security solutions able to anticipate the quantitative and
qualitative threats evolution, as well as preventing those consequent risks and collateral damages.
Our cooperative joint stock company’s model, highly innovative for the European market, along
with an international network of ICT Security Professionals, and our multidisciplinary approach,
are the key elements on which we have built our organizational model, based on a flexible, agile,
open and informal structure, facilitating relationships both internally and externally, towards our
Customers and Technology Partners.
26
Security Brokers can count on the best experts in the fields of ICT Security Research, Information
Security, Compliance, ICT Law, Training, Ethical Hacking, Disaster Recovery, Crisis Management
and Communication; all of them joining and making available for each projects their competences
and specific know-how, all of them freelancers and independent companies acting as a sole,
unique entity, since they share values, goals, ethics and respect among themselves.
OUR VALUES
Excellence: design, development and delivery of high quality, professional services.
Innovation: new, ahead of times multidisciplinary solutions, building added value and protection
for our Customers.
Ethics: correctness and transparency towards the Customer, and those professionals
working with us.
Agility: our services are designed in order to gain the lowest impact both on Customer’s
processes and activities, as well as on the economical side; being competent also means
to operate in a agile, fast and discreet way.
MAIN OPERATING AREAS
• Academy: Security Awareness for the Management, Technical Security Trainings for ICT staff,
Crisis Management, International Professional Certifications, Digital Forensics and much more
(refer to our SB Academy Training Catalogue).
• Coaching, Certifications and Solutions: Data-loss Prevention, Mobile Security, Digital Forensics
Cyber Intelligence, Cyber Defense, Database Security Evaluation & Hardening, End-point
Protection, Social Media Security, Cloud Security, etc.
• Security Evaluations: Networks, Servers, Clients, Wi-Fi networks, Web sites, Mobile systems,
Payment and Counter-fraud systems.
• Compliance Evaluations: Data-Privacy related laws, Country-specific regulations, main ISO/IEC
standards, European and industry-driven regulations (Finance, Telco, Energy, Utilities, etc.).
• Risk Assessment and Management: Identification, Analysis and Estimation of risks based on the
ISO 31000 standard, Certification Audits based on the ISO/IEC 27001 standard.
• Disaster Recovery and Business Continuity: Design & Delivery of critical processes and Impact
Analysis, including Recovery Time (goals VS available scenarios), planning, test and maintenance
and/or company’s Business Continuity, training and BC/DR certification.
• Managed Security Services: Log Management, Patch Management, security plans, policies, etc.
• Incident management, frauds and crisis: from a Cyber, Legal and Communication perspective. 27
• Information Superiority on military and Government environments.
28
29
The Association of Business Intelligence Professionals (ASIA in Romania) is a professional
association whose members are specialised in business intelligence. (Business /Competitive
Intelligence) which has introduced this new field in Romania, writing into the Classification
of Occupations in Romania of two new occupations: Business Intelligence manager and
Business Intelligence expert.
ASIA is a non-profit association whose members are experts, academic and or
organizational specialists who have the necessary credibility to define and set professional
guidelines for all those that want to know and systematically use business intelligence in
order to increase the performance of their organisations.
The goal of ASIA is to develop the field of business intelligence (Business / Competitive
Intelligency) thus to contribute to the increase of the competitiveness of the Romanian
business field.
ASIA, one of the few non-profit associations in Romania, has the propensity to help
companies to get accustomed with the procedures specific to this field.
30
The Romanian companies stand in great need of increasing their competitiveness, but there
is a lack of knowledge and how it can systematically be used.
This lack of knowledge is due to the fact that companies are not aware of the professional
expertise they could resort to.
ASIA is determined to solve this problem by becoming the focal point of promoting
Business / Competitive Intelligence field and by standing as a guarantor for the observance
of the professional standards and deontological principles of the field.
The association also aims at establishing and developing relations with national or
international government or nongovernment organizations in order to promote the business
intelligence field and keep developing its methods with the view of improving the security
and competitiveness of Romanian companies and developing a high performance business
environment.
www.asia.org.ro
31
The cybersecurity conference website is proudly secured by:
Who we are
We are a Security Company founded in 2009 consisting of talented, forward-thinking
professionals.
What we do
We provide penetration testing, secure storage devices, online privacy & security and security
consulting services such as ISO/IEC 27001 implementation.
Get in touch with us
[email protected] +40(37)215-9746 266-268 Calea Rahovei Street,
Bldg. 61, 3rd Floor, 5th district,
050912, Bucharest, Romania
VAT ID: RO25170841
Company Reg. Number: J40/2322/2009
32
THE 2014 CONFERENCE
PARTNERS
33
Women in traditional dress at a popular feast
© Courtesy of Louis Guermond.
Diamond PARTNER
Overview of solutions
Simplify IT management, mitigate risk, and
accelerate results
Opportunities abound today for
information technology (IT) to drive
value for enterprises. The right
solutions can deliver business agility
and innovation for staying ahead of
the market curves as well as attracting
and retaining more customers than
you ever imagined. But for your
organization to truly fulfill the promise
of IT, you have to efficiently manage
its myriad pitfalls and intricacies. Only
Dell Software can deliver the extensive
capabilities you need to tackle these
challenges and thrive. We make it
easy to securely manage and protect
applications, systems, devices and data
for organizations of all sizes. Our simple
yet powerful software – combined with
Dell hardware and services – provide
scalable, integrated, end-to-end
solutions to drive value and accelerate
results. Whether it’s Windows
infrastructure, the cloud and mobile
computing, or networks, databases and
business intelligence, we dramatically
reduce complexity and risk to unlock
the power of IT.
Empowering IT leaders with solutions
to address the most strategic needs
We’re experiencing an era where mega
trends are converging on IT at a scale
and at a pace that are unprecedented.
To address all of the mega trends
impacting IT today, Dell Software
offers products in five compelling
solution areas:
“Dell helps us elevate the
perception of our IT team.
IT can now demonstrate
its value in real, tangible
and measurable ways that
weren’t possible before.
We can now prove that
we’re a profit center, not a
cost center.”
Stephen Baumer, CTO
GoPro
Our purpose
We believe complexity and risk
prevent companies from unlocking
the power of technology, so we:
•
•
•
Data center &
cloud management
•
•
•
•
Information
management
Client management
Performance management
Virtualization & cloud management
Windows server management
• Database management
•
•
•
Business intelligence/analytics
Application & data integration
Big data analytics
Security
•
•
•
•
Mobile workforce
management
Identity & access management
Network security
Endpoint security
Email security
•
•
•
•
Mobile device management
Desktop virtualization
Application/data access
Secure remote access
Data protection
•
•
•
•
Enterprise backup/recovery
Virtual protection
Application protection
Disaster recovery
These solutions span four key pillars: Connect, Transform, Inform, and Protect.
Dell Software supports these pillars in both standalone products and end-to-end
solutions that also include Dell hardware and services.
•
Make the complex simple and the
powerful easy to use
Drive out inefficiency and risk
Enable organizations to seamlessly
integrate and scale
Deliver superior results more quickly
Services
Take advantage of fast, expert
implementation and training
assistance—tailored to your
business objectives—to get the
most from your investments.
•
•
Implementations: Our consultants
and partners quickly get the job
done right the first time to promote
user adoption.
Training and post-implementation:
Our course offerings and guidance
will increase productivity and
operational efficiency while
mitigating the risks from employee
turnover.
Key products
•
your entire IT infrastructure.
Get the most from your technology
investments in Windows infrastructure,
enterprise applications, critical systems
and virtual environments.
Migration Manager: Reduce the time,
•
•
Foglight: Find and fix issues fast for
Multi-Cloud Manager: Deploy and
manage applications across your
private, public and hybrid clouds.
•
•
OS deployment, and updates.
•
•
•
Information management:
•
Integrate applications and data from
multiple, disparate silos across your
•
•
KACE: Accelerate endpoint
•
business whether on premises or in
the cloud.
Desktop Authority: Easily configure,
manage and secure desktops.
vWorkspace: Use multiple
approaches to desktop virtualization.
SonicWALL: Enable users to use SSL
and VPN technology from desktops,
laptops, smartphones, and tablets.
Security and data protection:
Mobile workforce management:
Give your users the power to work
efficiently and securely, no matter where
they are, which devices they’re using, or
what platform they’re working on.
•
Dell One Identity Management:
Efficiently manage access
governance, privileged accounts and
•
user activity.
•
AppAssure: Do rapid backup,
replication and recovery across
multiple environments.
•
vRanger: Perform fast VMware
backup/recovery.
•
Data protection:
Simplify database design and
administration, database monitoring, and
database replication.
Transform structured, semi-structured, and
unstructured data into actionable insights
to turn big data into big ideas.
complexity.
•
email and web application protection, from
any device and any location.
•
SharePlex: Ensure database availability
management risks, costs and
•
user accounts.
Provide secure remote access, including
types of data through one interface.
deployments while reducing,
•
•
Control access to enterprise applications
and information, including privileged
integrate and synchronize different
Mobile workforce management:
•
•
Streamline management of business
intelligence, big data analytics, and
databases on any technology platform.
Toad B.I. Suite: Access, analyze,
with robust replication and integration.
•
with powerful threat detection and
content filtering.
Improve performance monitoring and
systems management across servers,
desktops, laptops, and mobile devices.
Protect your network perimeter
Protect the business-critical data in your
physical, virtual, application and cloud
environments – quickly, easily
and affordably.
Boomi: Ensure your data is accurate,
complete and integrated.
•
•
Toad: Automate database
development and management .
environment.
Automate workload administration and
migration for Exchange, SharePoint, Active
Directory and Lync.
KACE: Simplify software distribution,
Information management:
Simplify management of applications
whether they’re on premises, virtualized,
on a private cloud, or in a multi-cloud
costs, and risks of migrations.
•
Security:
Secure your environment with awardwinning solutions for identity and
access management, network defense,
remote access, email protection and
endpoint control.
Data center & cloud
management:
•
Data center and cloud
management:
•
Streamline deployment of desktop
virtualization and provide users secure
remote access, no matter where they
are located.
Implement network security and endpoint
security from the device through the
infrastructure to the application.
Reduce complexity with endpoint
management solutions that centralize a
variety of endpoint devices – iOS, Android
and Windows.
•
Back up data and applications continuously
across your physical and virtual
environments.
Recover applications and data quickly,
from complete systems to individual files
and objects.
Replicate critical data to other locations for
off-site protection and improved availability.
About Dell Software
Dell Software helps customers unlock
greater potential through the power
of technology—delivering scalable,
affordable and simple-to-use solutions
that simplify IT and mitigate risk. This
software, when combined with Dell
hardware and services, drives unmatched
efficiency and productivity to accelerate
business results. www.dellsoftware.com.
NetVault: Protect data in
heterogeneous environments,
including disk and tape.
•
SonicWall: Prevent intrusions, block
malware and gather application
intelligence.
Dell Software
5 Polaris Way, Aliso Viejo, CA 92656 | www.dell.com
If you are located outside North America, you can find local
office information on our Web site.
© 2013 Dell, Inc. ALL RIGHTS RESERVED. Dell, Dell Software, the Dell Software logo and products—as
identified in this document—are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries.
All other trademarks and registered trademarks are property of their respective owners.
Datasheet-DSG-CorpOverview-US-VG-2013-09-10
For deeper network security and control
look beyond the obvious.
Dell™ SonicWALL™ next-gen firewalls provide a deeper level of network
security and application control without affecting performance.
Not all next-generation firewalls are the same. Dell SonicWALL firewall appliances scan every
byte of every packet while maintaining high performance and low latency. And, Dell SonicWALL network security
provides high-performance SSL decryption and inspection, an intrusion prevention system that features sophisticated
anti-evasion technology, context-aware application control and network-based malware protection that leverages the
power of the cloud. Now your organization can stay productive while blocking sophisticated new threats.
Go deeper at: sonicwall.com/deep
Copyright 2014 Dell Inc. All rights reserved. Dell SonicWALL is a trademark of Dell Inc. and all other Dell SonicWALL product and service names and slogans are trademarks of Dell Inc.
GOLD PARTNER
Q-EAST SOFTWARE - A MISSION FOR PERFORMANCE AND SECURITY
Q-East Software has built 13 years of excellence in delivering top IT&C services, as the only
authorized Dell Software distributor for Romania, Moldavia, Bulgaria and the Adriatic Region.
With vision and expertise, Q-East Software manages to provide state of the art solutions for
systems management, database security and applications management for the use of both
private and public organizations. Given the ever-changing and increasingly risky information
environment, the company distinguishes itself by the efficient implementation of management
and disaster recovery systems for IT infrastructures. It also provides intelligent security
solutions for critical platforms and for user identity and access management.
Q-East Software approaches the cybernetic space as the fifth dimension of the national
security space and considers it equally important to the other four existing dimensions terrestrial, naval, aerial and cosmic. For over a decade, Q-East Software has been a pioneer in
promoting cybersecurity solutions and has remained close to all visionary companies, which
are aware that data management and protection must be a high priority in their development
policies. In the field of cybersecurity and security standards compliance, Q-East Software
implements security and event-log management solutions, reaching over 2,000 optimized
systems implementations, for the best use of 100,000 beneficiaries.
CERTIFIED EXPERTISE
Starting with September 12, 2013, Q-East Software is Support Providing Partner (SPP) for
Dell Software products and is exclusively authorized by the producer of Dell Software licenses
to provide technical support for users of Dell Software products in Romania, Bulgaria and
Moldavia, during the development, sales and implementation of software solutions.
Dell Software is an innovator in the field of IT solutions suppliers, developing products
and services meant to offer more performance, proactivity and security to organizations.
Dell Software has been declared:
No.1 in “Application Management Software” Gartner Dataquest
No.1 in “Distributed Data Management Facilities” IDC
No.1 in “Windows Server Platform Management“ Forrester Research
Q-East Software has a long-standing history of employing the industry’s leading experts
(Senior Oracle DBA’s, Microsoft Certified Specialists, Security Consultants, etc.), integrating
38
the expertise gained in so many years into the innovative solutions delivered to customers.
SOLUTIONS OFFERED TO COMPANIES
The company offers best-of-breed solutions and consultants with remarkable expertise to
assist customers with platform migrations and identity and access management, as well as
optimizing, simplifying and extending IT infrastructures. On both national and international
scale projects, the certifications of Q-East Software Expert Team allow complex solution
implementation and management.
PREMIER SUPPORT CUSTOMER SERVICE
Customers can rely on Q-East Software Expert Team and its regional network of service delivery
teams to receive the full value of the acquired solutions within their unique environments.
The Premier Support Customer Service is designed to provide online tehnical support, a
closer service relationship and a faster response to any challenge, delivered in the language
of the technical manager.
Through its solid commitment to customer service, Q-East Software has built a long-term
business partnership with over 450 customers, from telecommunications, utilities, media,
financial, oil & gas, energy, automotive, to the public administration, governmental structures
and defense agencies.
TRAINING IT EXCELLENCE
Based on its flexible and proactive approach, Q-East Software delivers training, implementation
services and ongoing product/client support, both directly and through a network of strategic
partner/resellers for local, national and multi-national customers across all industry segments.
Q-East Software has also launched its own Training&Expertise Centre, located at the company’s
headquarters in Bucharest. Aimed to set the highest standards of professional services for
IT managers, the Centre has space for 15 trainees. It is equipped with the latest technology,
an interactive whiteboard and state of the art information architecture for desktop and server
virtualization. The training sessions are delivered to tehnical staff and IT managers coming
from private and public institutions. Here, the trainees have direct access to the advanced
expertise of Dell Software, Dell Wyse and Dell KACE trainers and consultants. The company’s
Training&Expertise Centre actively collaborates with high profile technology institutions, such
as The Agency for Romanian Digital Agenda, CERT-RO, The Advanced Technology Institute,
The Technical Military Academy, University Politehnica of Bucharest and Q-EAST 10 - The
Research Centre.
From research and development to ongoing service support, customers can rely on Q-East
Software’s unrivalled expertise to address complex IT challenges.
39
GOLD PARTNER
certSIGN: a brief overview
certSIGN is a Romanian company specialized in developing information security software
applications and providing services related to the protection of information systems. certSIGN
focuses on building confidence and security in the use of Information and Communication
Technologies (ICTs) in order to help its customers to use a stable, safe, and resilient cyberspace.
certSIGN is part from UTI Group of companies, a major system integrator on the Romanian
market.
Also, certSIGN is an Accredited Qualified Certification Services Provider, in compliance with
the stipulations of Romanian Law 455/2001 regarding the electronic signature, law issued to
transpose at national level the Directive 1999/93/EC of the European Parliament and of the
Council on a Community framework for electronic signatures.
In order to reach this goal certSIGN acts in several directions, covering the following sectors
and providing products and services:
1. Development of information security software using Public Keys Infrastructures (PKI) that
is guaranteeing information confidentiality, authenticity, integrity and non-repudiation. The
software developed by certSIGN is used to manage the digital identities of the users, provide
secure authentication and authorization services and guarantee data protection while stored
on any type of equipment, from mobile devices to servers in datacenters, and in transit.
Products developed by certSIGN engineers are present, under UTI Systems brand, within
NATO Catalogue (N) and the catalogue published by the Romanian National Security Agency
(ORNISS). The products are accredited to protect classified information.
2. Trusted security services provider offering several key components for the development
of electronic business and support of e-Government initiatives: Digital certificates services,
provider, Time stamp services provider, Electronic archiving services provider and Electronic
invoices services provider.
3. Card personalization and digital tachograph cards issuance, with customers in Romania,
Bulgaria, Finland, Norway, Moldavia, Serbia, Tajikistan, Ukraine and Uzbekistan.
4. Cyber security services and development of highly secure and resilient information systems
both to conduct its daily business and to protect the critical systems of key customers from
national defense and homeland security, banking and telecom.
40
certSIGN provides innovative solutions for both organizations that need to protect their assets
from possible threats and for customers who want to improve their information system.
Our wide range of security products and solutions allow both international corporations
and small organizations to protect their assets, while improving and optimizing business
operations.
The main cybersecurity services provided by certSIGN regard:
•
•
•
•
•
•
Security consulting
Pen Test and Red Team Testing
Managed Security
CSIRT
Forensics
Trainning
Decisions regarding IT Security can determine your organization’s security and resilience
for years to come. Our comprehensive security consulting services enable you to feel more
confident about the actions you take to protect your office, employees, operations, facilities,
and assets.
CertSign’s Penetration Testing services help organizations test
their network security defences and comply with government
or industry regulations. A penetration test determines how well
organization’s information security technologies and policies
protect their asset by trying to gain access to the network and
information assets in the same way a hacker would. The results
of a Penetration Test are used to reduce exposed vulnerabilities
and better protect the technology assets.
As threats are growing at a very high rate, budgets are becoming
more and more tight, skills are at a premium rate and business
imperatives like mobility, social media, web applications, big
data and virtualization pose risks as well as inefficiencies if
they are not properly managed. certSIGN Managed Security
Services can help solve these challenges and close that gap, by integrated and innovating
technologies, advanced threat intelligence and highly flexible services designed to meet your
unique needs.
CSIRT is a team that responds to computer security incidents by providing all necessary
services to solve the problem(s) or to support the resolution of them. In order to mitigate
risks and minimize the number of required responses, most CSIRTs also provide preventative
and educational services for their constituency. They issue advisories on vulnerabilities and
viruses in the soft- and hardware running on their constituent’s systems. These constituents
can therefore quickly patch and update their systems.
41
GOLD PARTNER
Bitdefender – The Rise of the Dragon Wolf
While Romania was still dusting itself off from one of the harshest communist dictatorships
in Europe in the early 1990s, the ingenuity that helped honest citizens survive the years of
scarcity – from pre-dawn bread lineups to shoddy clothing to cultural isolation – sowed
tentative seeds of greatness.
In that unstable era of tentative democracy and economic chaos, Florin Talpes became one of
the first to plant. At a time of sudden unemployment after decades of state-guaranteed jobs,
he founded a small outsourcing company to design software for firms in countries that, until
recently, were closed to Romanians.
Although computer imports were virtually banned in Romania in the 1980s, Mr. Talpes
encountered no trouble finding highly qualified help from his fellow countrymen. Earlier in the
communist period, in the comparatively open 1970s, Romania had been a world leader in
the use of computers, with fledgling programmers at the cutting edge of the birth of personal
computing. The intensely dedicated education system at the time produced an abundance of
brilliance in the IT field.
In the 1980s, Romanian dictator Nicolae Ceausescu promoted a policy of paying off all of
the country’s foreign debt by forcing mass exports of everything from clothing to food to
machinery while banning most imports – including those of computers and computer parts. A
generation of IT geniuses risked falling behind the rest of the world as it no longer had handson experience with the latest technology from the West. It was then that the brilliance of
Romanian graduates shone through. If they could manage to import just a single latest-model
computer, they could solve the problem. Under such a policy, they became world leaders in
reverse engineering imported computers to make their own. When Ceausescu was shot in
1989, the country was ripe for international excellence in the IT field yet again.
In the early days of democracy in the `Wild East,’ computer viruses spread as fast as Western
jeans and music in the newly opened markets. Mr. Talpes’ company was repeatedly hit by
viruses created by fledgling cybercriminals in neighboring countries. The damage forced him
to design programs in-house to fight the viruses that were increasingly infecting his business.
Mr. Talpes started giving away his anti-virus solutions in the hopes of ridding the region of
malware. He soon found greater demand for the anti-virus software than for his company’s
services as an outsourcer.
42
By the year 2000, Bitdefender became the first antivirus company in the world to offer
intelligent updating. It was the first of many global trends the company would set.
Close on the heels of the intelligent updates, Bitdefender became the first antivirus product
to include an application firewall. The company revolutionized the antivirus industry with
MIDAS, the Malware Intrusion Detection Advanced System. Bitdefender pulled further ahead
by releasing its hourly update system and its proprietary anti-spam technology in 2003 and
2004.
Not even half way into the company’s first decade as an anti-virus producer, Bitdefender had
staked out a formidable reputation, both among its competitors and virus creators.
Throughout its first decade, Bitdefender managed to match virus makers and other online illdoers even as they steadily created new threats.
But the technology used to spread nefarious schemes was changing as fast as the viruses
themselves.
Smartphones and Facebook. Cloud technology and 4G. Cyberwarfare and governmentsponsored espionage. As Bitdefender celebrated its 10th birthday, new battlegrounds were
opening up constantly in the war on malware.
It was time for a bolder, even more aggressive phase in the company’s history – the phase of
the Dragon Wolf.
As the company sallied forth into the new battlegrounds, it waved a new banner. A successful
rebranding campaign, awarded with a prestigious Rebrand 100 Award, chose the Dacian wolf
symbol to represent the Bitdefender philosophy: we are awake, always on guard.
Nowadays, Bitdefender combines cutting edge antimalware technologies with anti-spam
and anti-phishing modules, firewalls and intrusion detection to offer complete protection for
Internet users around the world, around the clock.
The antimalware technology fights viruses, worms, Trojans, spyware and rootkits by scanning,
detecting, disinfecting and cleaning the system. Bitdefender detection methods are multiple
and vary from signature-based and heuristic-based detections to behavior analysis, also
known by the name of Active Virus Control that continuously monitors each program running
on the PC, as it executes, and notes any malware-like actions. Each of these actions is scored
and, when a given threshold is reached, the process is reported as harmful.
The Bitdefender anti-spam module is powered by a proprietary technology called NeuNet
(short from Neural Network) - a network of neuron-like processing elements structured and
made to work as a well-trained brain. The NeuNet filter is trained to detect new spam by
recognizing similarities with some messages it had previously seen.
BItdefender TuneUp increases PCs’ speed, stability and performance through automated
optimizations.
Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, and
Bitdefender Sphere offer the best protection to end-users. With state-of-the-art antiphishing
43
& antispam modules, excellent firewall and anti-virus protection, Bitdefender Total Security
and Bitdefender Sphere protect all aspects of the user’s digital life, both online and offline.
Large companies can choose Cloud Security for Endpoints that provides enterprise-class
security with no hardware or dedicated resources while Small Business Solution is meant to
protect, manage and configure 5, 10 or 20 small office workstations and mobile.
The all-around protection of Bitdefender – anywhere, anytime, and on any platform – has
earned it a fierce reputation in the anti-malware world.
PC Mag noted that “all that protection may be overwhelming.”
Indeed. But overwhelming defense has become a solid tradition at Bitdefender, one that has
won it numerous accolades and awards and which the company intends to continue.
In the last three years, Bitdefender has come out #1 worldwide in testing by AV TEST, the
independent antivirus testing organization. Numerous trials by AV-Comparatives, another
leading independent testing organization, have placed Bitdefender on top of the industry, with
a protection rate of 99.6 percent that earned it the coveted Advanced + Award.
The world of malware, and the global industry devoted to fighting it, is rapidly changing.
Today, the battlefront may be on social media and mobile. And the battlefronts of tomorrow
are still in their infancy today.
What is clear, however, is that the greatest and fiercest of the coming battles against a new
generation of malware creators will be fought under the banner of the Dragon Wolf.
Bitdefender remains,
Awake.
44
SILVER PARTNER
SILVER PARTNER
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing
the Internet, provides customers with uncompromised protection against all types of threats, reduces
security complexity and lowers total cost of ownership. Check Point first pioneered the industry
with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to
develop new innovations based on the Software Blade Architecture, providing customers with
flexible and simple solutions that can be fully customized to meet the exact security needs of any
organization. Check Point is the only vendor to go beyond technology and define security as a
business process. Check Point 3D Security uniquely combines policy, people and enforcement for
greater protection of information assets and helps organizations implement a blueprint for security
that aligns with business needs. Customers include tens of thousands of organizations of all
sizes, including all Fortune and Global 100 companies. Check Point’s award-winning ZoneAlarm
solutions protect millions of consumers from hackers, spyware and identity theft.
Business Highlights
Check Point 2014 Security Report – We published our annual industry security report which
provides insight into the major security events that occurred in organizations across the world
and offers recommendations on how to protect against them. The report is based on collaborative
research from our Security Checkup assessments, Threat Emulation sensors, ThreatCloud™ and
Endpoint Security reports, and includes in-depth analysis of 200,000+ hours of monitored network
traffic from over 9,000 security gateways across 996 organizations of various industries worldwide.
The report is available at http://www.checkpoint.com/securityreport.
During the second quarter of 2014, Check Point launched new products and services, including:
41000 Security System – New datacenter and telco grade high performance system
based on the multi-blade hardware architecture of the 61000. The 41000 has a
smaller footprint, enabling more customers to deploy high performance scalable
security. The 41000 delivers performance of up to 11,000 SecurityPower™ units
(SPU), 40 Gbps of real-life firewall throughput, and 25 Gbps of real-life IPS throughput.
Smart-1 Appliance Family – Upgraded the entire line of the Smart-1 security management
appliance family with five new appliances that deliver cyber security management for
the era of big data. Smart-1 appliances enable organizations to consolidate security
policy, log, and event management. The new Smart-1 Appliances allow for three
times more effective storage capacity and report generation is greatly accelerated.
Next-Generation SmartEvent – Announced the availability of Next-Generation SmartEvent, a new and
powerful event monitoring solution for real-time processing and storing of threat detection data. NextGeneration SmartEvent offers one single view for all security threats and network components, to more
easily manage and analyze big data security, and to make faster and more informed security decisions.
ThreatCloud IntelliStore – The ThreatCloud IntelliStore provides a threat intelligence marketplace
that enables organizations to select from a wide range of threat intelligence feeds relevant to them
and simultaneously uses this intelligence to proactively stop threats at their Check Point Security
Gateways.
Check Point Software Technologies
46
Calea Serban Voda nr. 133, Central Business Park, Cladirea A, Etaj 2, Sectiunea A 2.18., Sector 4,
Bucharest, Romania / Tel: +40 749 150378 / [email protected] / www.checkpoint.com
SILVER PARTNER
Best Internet Security (BISS) is a security-dedicated company, focused on providing towards
Romanian organizations of all types and sizes, strong solutions to manage risk, meet
compliance requirements, and maximize operational efficiency.
As an organization, our core values are driven by a desire to constantly improve our knowledge,
achieve excellence, operate with the highest standards of integrity, expand access to our
products and employ an experienced and skilled workforce that values collaboration. As
proof to our concern for the quality and trustworthiness of our solutions and services, we hold
international ISO 9001 ISO 27001 certifications.
Our beginnings are strongly related to Internet Security Systems (ISS), a pioneer and leader of
the security market, whose strong vision we shared, committed to become “the security team”
that our customers and partners would rely on. IDS, IPS, VAM and first security correlation in
the market cemented our foundations.
Our services are related to every aspect of cyber security, from consulting to assessment,
reporting and resolution. We are an innovative team – a security partner with permanent
exposure to the dynamics of IT Sec environment, utilizing cutting-edge advanced technology
to provide the highest quality solutions.
In 2010 BISS partnered with Q1 Labs and started writing the
security intelligence story in Romania.As IBM acquired both
ISS and Q1 Labs, BISS is today an IBM Advanced Partner for
security. We also rely on strong partnerships with leaders as:
Symantec, Fortinet, Blue Coat, Websense, Rapid 7, Rio Rey,
Barracuda Networks etc.
Our breadth of offerings, security knowledge and experience, makes us a trusted provider
of information security solutions that combine technology, services, support, and training.
In more than 13 years we grew from being a pioneer in a highly specialized IT niche, to be a
trusted information security integrator for Romanian customers in a wide range of industries.
Our customers and partners are the most important thing to us. We build our business
connections on honesty and integrity, ensuring that our relationships last years not months.
At BISS, we consider IT Security as a full time job, that we dedicate our efforts, talent
and constant training.
We’re training constantly to maintain a high level of expertise, delivered to our customers and
partners.
47
SILVER PARTNER
Born in respect of tradition but with a modern approach to baking, this incredibly old and
yet unexploited technique, the company has grown and diversified its activity, offering
both traditional and new products that the Romanian market needed.
Our Mission & Values
We have always considered our customers as part of the big Boromir family, therefore, our
concern has always been and remains meeting all the requirements with top quality and
professionalism. For us, quality and professionalism mean product diversity, swiftly offered
services and large production capacity.
Boromir centers its concerns around fully satisfying the client, a client that always comes
back to a quality product, designed and offered with professionalism in order for it to respond
to all of his requirements and desires. A confirmation that we respect our clients came from
them in the year 2009. After participating in the “Product of the year Romania 2009” contest,
the Boromir Cozonac with Nut Cream was designated the winner of the Pastry Products
category by the Romanian consumers. The study was made by the prestigious international
firm Nielsen and included 4000 people.
Boromir Today
Over the course of 16 years, Boromir has developed in a dynamic rhythm so that today it
controls 10% of the milling market in Romania, with a milling capacity of 1500t per day. This
is possible due to the acquisition of new milling and baking plants situated in parts of the
country that have great development potential and also through the upgrade and retooling
of all the owned production facilities. In order to accommodate the needs of today’s market
and better meet our customers’ demands we have developed and diversified our activity so
that by combining innovation with tradition, we can offer products that satisfy the highest
standards of quality, health and safety.
48
BRONZE PARTNER
Part of the British Betfair Group, Betfair Romania is the company’s largest Development
Centre. Based in Cluj, it employs over 250 people skilled in a wide range of programming
languages, business analysis, Information security and programme management. The Cluj
centre’s work is focused on 5 main streams: Platform Development, e-Commerce, Gaming,
Product and Enterprise Data Services.
The people in our Technology teams are passionate about creating products that are unrivalled
across the industry.
We take pride in having the best people, the best ideas and the best products. So it’s not
surprising that we lead in the industry. In fact, we’re the best there is. If you’re got the ambition
to work on the challenging projects and take responsibility from the word go, it’s time we got
together.
49
BRONZE PARTNER
50
BRONZE PARTNER
Palo Alto Networks, Inc. has pioneered the next generation of network security with our
innovative platform that allows you to secure your network and safely enable an increasingly
complex and rapidly growing number of applications. At the core of this platform is our nextgeneration firewall, which delivers visibility and control over applications, users, and content
within the firewall using a highly optimized hardware and software architecture.
Our platform uniquely offers you the ability to identify, control, and safely enable applications
while inspecting all of your content for all threats all the time. These capabilities, combined
with superior performance, surpass all traditional approaches including UTM and software
blade. Our approach allows you to simplify your network security infrastructure and eliminate
a variety of stand-alone and bolt-on security devices. Our platform can address a broad range
of your network security requirements - from your datacenter to your enterprise perimeter, to
the far edges of your network and more - including branch offices and mobile devices.
Our Industry. The world is rapidly changing. You need to respond faster than ever with
innovative and proven approaches to better enable your organization, manage risks, and
keep pace with technology developments. Networks have become more vulnerable due to
fundamental shifts in the: Application landscape, User behavior, Cybersecurity dynamics,
Infrastructure changes.
SaaS, Web 2.0, social media, and cloud-based applications are everywhere. Mobile devices,
cloud, and virtualization are changing your network architecture. The way your users consume
and your company manages IT has made you more and more susceptible to security breaches
and compromised data.Traditional network security products are incapable of enabling the
next generation of applications, users, and infrastructures. It is time for a fundamentally new
approach to your network security.
Innovation. Our next-generation network security platform, with our next-generation firewall
at its core, can safely enable applications for certain users while protecting against a wide
array of security threats. Built from the ground up, we deliver unmatched capabilities and
continue to push the envelope. Innovation is at the core of everything we do. We were the
first company to define and lead the industry’s transition from the stateful inspection firewall
approach to the next-generation firewall paradigm. We were also the first to define and lead
the transition from malware detection to malware prevention. We continue to deliver new
products and services that benefit you in unique ways.
Customers First. Customer satisfaction is our focus and priority. We take your success very
seriously in how we develop our products, provide customer support, and ensure a great
experience. By joining the Palo Alto Networks family, you’ll be in the company of more than
14,500 customers around the world.
51
BRONZE PARTNER
About SafeNet
The Foundation of Information Security SafeNet is the largest company exclusively focused
on the protection of high-value information assets.
SafeNet protects:
• The Most Money That Moves - Securing 80% of all electronic banking transfers,
the equivalent of $1 Trillion daily
• The Most Digital Identities - Protecting government and Fortune 100 public key
infrastructures (PKI’s) with industry-leading strong authentication
• The Most High Value Software - Over 80 million hardware keys sold, protecting intellectual
property and providing efficient license management solutions
Today, We Are:
• A Global Success - Over 25,000 customers in 100 countries, with 1,600 employees in 25
countries
• Proven and Stable - Founded in 1983 with revenues in the hundreds of millions of dollars,
and under private ownership
• Best-in-class - Security technology products certified to the highest security standards
• Experts - More than 550 security engineers developing cutting-edge technologies and
patents
At-a-Glance:
Established: 1983
URL: www.safenet-inc.com
Global Headquarters: 4690 Millennium Drive, Belcamp, Maryland 21017, United States
Office Locations: 50 offices worldwide
Employees: Approximately 1,600 employees worldwide
Corporate Structure: SafeNet is comprised of three market verticals:
Commercial Data Protection, Government Data Protection, Software Rights Management
Customers: 25,000 in over 100 countries
Patents: Nearly 100 U.S. and over 70 foreign-issued patents, with an additional 39 U.S and
69 foreign patents pending
Certifications: FIPS, Common Criteria, National Security Type 1 Portfolio includes 100 NISTapproved products; 60 Type 1 for U.S. Classified Applications
President and CEO: Prakash Panjwani
52
BRONZE PARTNER
The activity of lawyers, as practitioners of a liberal profession, was first organized formally back
in 19th century. In 1864, the law stipulated that lawyers were obliged to register themselves in
every county’s [Rom.judeţ] roll of lawyers, which was kept by a “discipline commission”. The
“lawyers’ corps” was constituted by lawyers registered in the roll of lawyers. The expression
had a wider meaning (all lawyers in Romania) and a narrow meaning (all lawyers registered in
the roll of a certain county).
After the law of January 1948 that dissolved Bars and replaced them with lawyers’ colleges,
In 1995, the central structure of the professional lawyers’ order was re-created, and the law
passed in 2010 stipulates even more clearly tat the lawyer’s profession may only be exercised
by lawyers who are registered in the roll of the Bar they are part of, which – in its turn – must
be part of the National Association of Romanian Bars, further referred to as NARB (UNBR in
its Romanian Abreviation). It is forbidden to create and operate Bars outside the NARB. Bars,
together with the NARB, ensure the qualified provision of the right to defense, competence
and professional discipline, protection of the dignity and honor of its members. Only one Bar
is allowed to exist and operate in each county and Bucharest, and they must be members of
the NARB.
In Romania, the lawyer’s profession is being continuously adjusted to the requirements
imposed by the institution of “European lawyer”, because Romania’s EU accession has
substantially changed the scope of the professional relations and specialties in a world whose
dynamics makes it mandatory to revisit the concept of “traditional lawyer”, considering that
the constant values of the profession are increasingly subject to the pressures of reality.
The NARB is an active member of many high-profile organisations, such as the Council of Bars
and Law Societies of Europe (CCBE, full member); the International Association of Lawyers
(UIA – Union Internationale des Avocats, founding member), The International Bar Association
(I.B.A., full member) or the Union of the Balkan Bar Associations (founding member).
53
BRONZE PARTNER
Visma is the leading provider of business software and services for accounting and
administration. The group comprises five business areas which are Visma Software, Visma
BPO, Visma Commerce Solutions, Visma Retail and Visma Projects & Consulting. As one
of few suppliers yet to combine software and BPO, Visma has been a Nordic and European
consolidator as the products and services have become increasingly popular among the
company’s more than 340 000 customers. Today, Visma is known for developing leading
software solutions and high-quality services for satisfied customers in combination with
financial strength and solid growth. The objective is to make the customers more efficient and
competitive through freedom of choice between software solutions and outsourcing services.
Total group revenues for 2012 were NOK 5 749 million.
Visma Software offers a wide range of specialized business software solutions within
Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Human
Resource Management (HRM) and payroll. The solutions can be delivered as a service (SaaS)
and enable businesses to streamline their operations, work smarter and more efficiently.
Additionally, Visma offers a range of tailor-made and industry specific solutions covering
enterprise software for the public sector and health care, small enterprises and accounting
agencies. As a local software developer with nearly 25 years of experience in Northern Europe,
Visma’s aim has always been to combine the best of Nordic design and culture with state of the
art performance by utilizing Nordic colors and style when developing simplistic, user-friendly
and interaction based business applications. Visma Software has more than 1620 developers
located in Europe. Visma Software International R&D creates products that address the
increasing demands for reliability, ease of use, seamless integration, and security. We believe
that excellent software is the result of highly skilled and motivated employees collaborating
in teams applying modern methods and best practice in the software industry. A large part of
our products are built using the Microsoft development platform. We also take advantage of
frameworks and tools outside the Microsoft platform, such as Java, Ajax, Db2, and Oracle.
Visit our web page www.visma.ro for more information about Visma.
54
SUPPORTING PARTNER
About CLICO
Clico’s mission and ambition is to offer first class security, networking and management
products along with the best technical and sales support. Active since 1991 as the largest
specialized distributor with an added value (VAD) on Polish and Eastern European markets,
they have been successfully introducing and promoting unique solutions that have been
continuously nominated as market leaders by independent analysts such as (Gartner, IDC) eg. Check Point, Juniper Networks, Trend Micro, Websense.
Clico understands business needs and delivers the necessary and effective tools to protect
information on multiple levels, build efficient and secure networks, enable secure access and
support consistent management.
We constantly educate the market on threats, optimization, efficiency, security of cable and
wireless networks. We track global trends, assess available products and technologies that
allow their partners and customers to choose solutions best reflecting their needs.
As an authorized centre, Clico has always been priding itself in delivering outstanding preand post sales support services along with both independent and authorized – such as the
CISSP - training courses.
Our mission and ambition is to offer best in their class products in scope of security, networking
and management along with best technical and sales support. Acting since 1991 year as a
largest specialized distributor with an added value (VAD) on Polish and Eastern European
markets we have been successfully introducing and promoting unique solutions, which
leading position in their segments is being consequently confirmed by reports of independent
analysts (Gartner, IDC).
- Trainings: CLICO offers a broad range of training - including authorized, custom and
independent (like CISSP) ones.
- Authorised Training Centre opened in Bucharest, Romania: Starting from October 2013
we are providing authorised courses in Bucharest, Romania. On the list we have many of
Juniper Networks and Check Point Software authorised trainings.
Based on many years experience in IT security, CLICO Professional Services (PS) offers
the customers and partners the security auditing and safeguards design services.
CLICO PS offers complete range of IT security services - from practical penetration tests
with the elements of controlled break-in simulation, analysis of the security design and
configuration, etc. to verification of the companies’ security policy compliance with low
regulations and security standards (i.e. ISO/IEC-27001).
55
SUPPORTING PARTNER
SUPPORTING PARTNER
Cisco
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the
opportunities of tomorrow by proving that amazing things can happen when you connect the
previously unconnected.
At Cisco customers come first and an integral part of our DNA is creating long-lasting customer
partnerships and working with them to identify their needs and provide solutions that support
their success.
The concept of solutions being driven to address specific customer challenges has been with
Cisco since its inception. Husband and wife Len Bosack and Sandy Lerner, both working
for Stanford University, wanted to email each other from their respective offices located in
different buildings but were unable to due to technological shortcomings. A technology had
to be invented to deal with disparate local area protocols; and as a result of solving their
challenge - the multi-protocol router was born.
Since then Cisco has shaped the future of the Internet by creating unprecedented value and
opportunity for our customers, employees, investors and ecosystem partners and has become
the worldwide leader in networking - transforming how people connect, communicate and
collaborate.
57
MEDIA &
AWARENESS-RAISING
PARTNERS
58
MEDIA PARTNER
59
MEDIA PARTNER
Q Magazine – 7 years of creating attitude
Q Magazine is the only general magazine in Romania focused on political, economic, social
and cultural matters in our country and around the world, the correspondent of “Time”
Magazine. Projected to be a challenge for the Romanian market, it was first released in
2007, being the first complete magazine for a complex public.
Q Magazine asserted itself on the Romanian magazine market thanks to its unique
combination of subjects: from political and economical to security matters, from social
inquires to cultural information and sports, from investigations to interviews with national
and international personalities. It satisfies the reader’s both intellectual and emotional
necessities.
Q Magazine targets a sophisticated, intelligent, curious and mature audience, with an active
presence in the society; an actual, complex public, with a need of being connected to all
domains that interact with its.
Q Magazine benefits of a reference brand for the Romanian journalism: Floriana Jucan,
with more than 20 years of experience in this field (Evenimentul Zilei, Ziua etc.)
The Journal editorial, under the Floriana Jucan “brand”, managed to achieve a devoted
public in the last 10 years. By using an analytical but at the same time emotional and one
of a kind style, The Journal makes a review of the main events, analyzes political decisions,
makes recommendations, promotes social campaigns, shapes personalities and draws
valuable trends.
Q Magazine managed to bring into its pages editorials signed by landmark personalities
in different fields. They joined us with permanent columns: IULIAN CHIFU – presidential
counselor on matters of external politics; IONUT VULPESCU – executive secretary in PSD;
MIRCEA GEOANĂ – president of the ASPEN club Romania; SIMONA POLADIAN – director
at the Institute of World Economy of the Romanian Academy; ZOE PETRE – Historian,
presidential counselor in the years 1996-2000; PASCAL BRUCKNER – French writer; ION
CRISTOIU – journalist, writer and political analyst; HARLAN ULLMAN – Senior Advisor at
Washington D.C.’s Atlantic Council, the theoretician of Shock and awe military doctrine and
many more.
Q Magazine : 18 Aviatorilor Boulevard, ground floor, ap. 2, sector 1, Bucharest
60
+40 21 230 39 91 / [email protected]
MEDIA PARTNER
61
MEDIA PARTNER
62
MEDIA PARTNER
RAISA (www.raisa.org)
is a professional organization that promotes
research and education in information security field
IJISC (www.ijisc.com)
is a scientific journal edited by RAISA with the purpose of analyzing
information security and identifying new valences of the cybercrime phenomenon
IJISC is indexed in prestigious international databases:
EBSCO, Index Copernicus, Google Scholar
63
AWARENESS-RAISING PARTNERS
The Chamber of Commerce Switzerland – Romania has been legally set up as a Romanian
non-profit Association in December 2000 and has been active since then.
The Chamber of Commerce Switzerland – Romania is the representative in Romania of the
Chamber of Commerce Switzerland – Central Europe (SEC), a member of SwissCham (Association of Swiss Foreign Trade Chambers), and a collaborator of osec – Business Network
Switzerland all based in Zürich, Switzerland.
Our current members include the most important Swiss investors, such as Holcim, Nestlé,
ABB, Ameropa, Ringier, Franke, Syngenta, as well as the major commercial Swiss companies represented in Romania, such as SGS, Swiss International Air Lines, etc. As a result,
the activities of our members cover a large range of business areas, such as concrete and
construction industry, food and beverages, medicine and pharmaceutical industry, mass-media, air transportation, heating technology, agriculture, power technology, financial and legal
consultancy, training, luxury products and third sector services etc.
Membership is open to any registered entity interested in the economic relationships between
Switzerland and Romania and sharing the objectives and goals of the Chamber.
The goals of the Chamber of Commerce Switzerland – Romania are to stimulate and facilitate
the economic relations between Swiss and Romanian entities, to promote and represent the
interests of its members in Romania and Switzerland, to represent the business interests of
the Swiss-Romanian business community and to provide economic information and business
consultancy services to its members and other potential partners.
Contact:
CHAMBER OF COMMERCE SWITZERLAND - ROMANIA
21, Plantelor Str., Entr. 2 (c/o Swiss House)
RO-023971 Bucharest
Phone / Fax: +40 21 212 27 07
Mobile: +40 745 63 53 83
E-mail: [email protected]; Website: www.ccer.ro
64
AWARENESS-RAISING PARTNERS
ONE OF THE OLDEST CLUBS IN ROMANIA
Rotary clubs were numerous in Romania: after the foundation of first club, in Bucharest, in
1929, the Romanian district numbered up to 84 Clubs before being forbidden by law by the
regime in 1939.
At the end of 1994, an initiative group, led by Prof. Dr. Paul Philippi, a senior Rotary member
of the RC Heidelberg, and the late Eng. Ec. Nicolae Popescu, director of The Chamber of
Commerce, Industry and Agriculture of Sibiu, undertook the challenge to found a Rotary
Club in Sibiu. The work of the Initiative Group has been very successful, succeeding until
late January 1995 to gather the necessary 25 founding members, which were joined by two
more persons in February.
The next months were devoted to undertaking all necessary actions to elaborate the
Statutes of the Club and its organizational rules, as well as all due formalities compulsory to
obtain the governmental approval and the legal establishment of the Rotary Club Sibiu.
According to the Rotary International rules, the new club joined the District 1660 of Paris,
France to guide its first steps in the global Rotarian movement.
In May 15, 1995, in a solemn and festive day, with the participation of the District 1660
Governor, Patric Waler, as well as several Rotarians from France, Germany and USA, the
Rotary Club is chartered in Sibiu, and officially becomes part of the Rotary International.
The RC Sibiu was one of the 13 pioneer Romanian Clubs, which succeeded to give birth to
the actual District 2241 (Romania and Republic of Moldova), which was officially funded the
1st of September 1999, by decree of the Rotary International Committee.
Nowadays, RC Sibiu is one of the most active organizations in the city, succeeding through
its own forces, but also with several international grants, to help the society.
Besides its countless events devoted to promote excellence among the youth, the Club is
proud to have been able to provide several sections of the County Hospital by the very last
generation equipment and supplies fulfilling the needs of the patients.
65
AWARENESS-RAISING PARTNERS
The Lions Millenium Club, Sibiu, gives life to its own projects by organizing numerous
actions and events with outstanding impact in society, culture and education.
The Lions Club Millenium Club promotes and supports children with exceptional performances
in domains taught at school and outside school.
We stand besides and help children with good results at school when coming from
disadvantaged environments
Our Club gives special attention, through its programs, to the helpless elder and to those
hosted in specialized institutions.
The Club’s members organize and are involved in cultural, economic, social actions,
dedicated in priority to promote health and wellness to the Sibian community.
66
THE SPEAKERS
(in alphabetical order)
Saint-John celebration at T[lm[cel © Courtesy of Louis Guermond
67
ROMANIAN STATE SPECIAL GUESTS
Mr. Bebe Viorel Ionică
Secretary of State
Ministry of Communications and Informational Society
http://www.mcsi.ro
General Marcel Opriș
Director of the Special Telecommunications Services (STS)
http://www.stsnet.ro
Mr. Florin Cosmoiu
Head of the CYBERINT National Center within the Romanian Intelligence Service (SRI)
www. http://www.sri.ro/
Mr. Virgil Spiridon
Appointed Head of the Direction for Countering Organized Crime (DCCO)
Head of the Romanian National Police’s Service for Countering Cyber Criminality
Romanian Police General Inspectorate
http://www.politiaromana.ro; www.efrauda.ro
Dr. Ioana Albani
Chief prosecutor, Service for Countering Cyber Criminality (CC.U)
Directorate for the Investigation of Organized Crime and Terrorism (DIICOT)
www.diicot.ro
68
Adrian Aron
System Engineer - Cisco Systems Romania
Adrian Aron is currently a System Engineer at Cisco Systems Romania and worked for
3 years as a Security Consultant, bringing his expertise and knowledge within the Cisco
company for more than 8 years.
Security policy today, security as a process
Today threats change far more faster than are perceived. There is a parallel industry that is
working as hard as we do, but their focus is to get what we value. This leads us into a silent
fight, where the rules of engagement are not always fair or known and in most cases are
against our odds. What we do in work time is as important as what we do in private life. The
attackers seek points in time when our defenses are lowered due to our comfort at home,
at our well known coffee shop, at our neighbors or friends houses. When I talk about “our
defenses” I mean our attention to suspicious activities or suspicious requests.
Let’s say as an example, in a hotel I am staying, a good looking girl kindly asks me to
help her print a file to the hotel printer, because she has just the iPad and no USB ports,
what’s on that file on that USB stick, might have an obvious relation to the hotel. But, that’s
a deceiving request, that’s a method to compromise my laptop, not through all in place
defenses, but through old school techniques with new technology.
Why this is happening now? Well the underground economy, or underground industries have
been there for a long time, but related to other operations that in most cases do not target
directly good intended people. Today’s underground industries involve bitcoin forced mining,
electronic bank fraud, industrial espionage, identity theft and impersonation and a lot of
others. All of these black verticals can be applied to anyone, anyone can lose money with a
bank fraud botnet, anyone can be part of a bitcoin mining network for the bad guys, anyone
can have their identity stolen for money laundering. That is why the underground economy
is revealing itself. What can we do? For sure we cannot ignore it and consider we will never be part of the
bad guys. That is what they want us to believe. Further we will discuss how to change our
behavior and focus our attention to use the technology we have today at hand, to help us in
a safe manner and not allow it to work against us.
69
Liviu Arsene
Security Researcher, Bitdefender
Liviu Arsene (born 1986) is a PC and mobile security geek. Having a detailed understanding
of computer and mobile malware, he’s always watchful for news and trends.
As a Security Researcher for Bitdefender, he reports on global trends and developments in
computer/mobile security. Writing about malware outbreaks and other breaking issues, he
coordinates with technical and research departments to publicize studies and landscapes
based on trending threats. As the proud owner of the secret to the fountain of never-ending
energy, his passions revolve around technology and breaking down gadgets to see how
they work. When he’s not online, he’s either swimming or jogging.
Current threat situation in Romania
If security were all that mattered, computers would never be turned on, let alone hooked into
a network with literally millions of potential intruders.” — Dan Farmer, System Administrators
Guide to Cracking. Security breaches can be counted on to happen repeatedly, unless
the route of compromise has been identified and successfully shut off. History has taught
us never to underestimate the amount of money, time, and effort someone will expend to
breach a security system.
70
Selena Arsene
PR Manager, CyberGhost
Selena Arsene is the PR Manager of CyberGhost VPN, a Romanian-German security startup
focused on offering online privacy to those who are concerned about their personal data.
She graduated the National Bilingual High School “George Cosbuc”, and she’s currently
studying Communication and Public Relations at SNSPA, Bucharest. Selena is a passionate
writer, lover of all things tech, and security enthusiast. She has a long list of personal
nuisances, on top of which lay: people who write way more then they read, criticism,
conformism and narrow minded, prejudiced persons.
The Future Of Security and Privacy as a Service Companies in The Post Snowden Era,
Under Romanian Legislation
My speech starts by pointing out the link between security and privacy and then defining
the concept of privacy and underlining its importance. Later on, I approach the notion of
security threats from an unconventional point of view: mass surveillance in “The Age of
Knowledge” and the effect it has on individuals and society as a whole. Then I have a few
statistics and data gathered from primary research regarding what netizens expect from
their digital life when it comes to security, as well as their preferences and the factors that
they consider to be of high importance. Following I present a short overview of the legal
context in the world, compared with the one in Romania, which explains why the latter is an
ideal place for SPaaS companies and can be regarded as a safe harbor for personal data.
Next, I expose a few predictions regarding the future of SPaaS in Romania, as well as a
few ideas on how the matter should be handled. The speech ends with final comments and
conclusions.
71
Andrei Avadanei
President of the NGO Cyber Security Research Center from Romania - CCSIR
Andrei Avadanei is the President of the CCSIR, an NGO that conducts research on topics
related to cyber security in order to help the development of new security solutions and
services. The organisation can help you with their experience in black, white & grey box
pentest and organise trainings, seminars, workshops or security conferences. Andrei also
created DefCamp, the most important conference on Hacking & Information Security in
Central Eastern Europe. The goal is bringing hands-on talks about latest research and
practices from the INFOSEC field, gathering under the same roof security specialists,
entrepreneurs, academic, private and public sectors. The event is hosted by CCSIR in
Bucharest, Romania every year and was founded by Andrei in 2011.With more than eight
years of experience in the cyber security field, Andrei has been awarded at more than 60
international and national competitions of web & software development, algorithms and
security. He is also a regular speaker, mentor or judge at local and international festivals or
conferences.
Offensive Honeypots - the good, the bad and the ugly
One of the biggest challenges when you have an IT infrastructure with critical information
from an economic perspective or one that manages classified information is to have
a hands-on reaction in defending and preventing attacks. There are several types of
organizations that work deeply in the field of identifying intruders but most of the time,
it’s impossible due to different political reglementations of the cyber space. In any kind
of attack, there is a time frame when the attackers are the most vulnerable and in this
presentation I will introduce several perspectives along with examples of how we can
fingerprint and counter-attack the intruder. I will discuss about honeypots, offensive
approaches, social networks, APTs, malware and multi-layered counter-attacks.
72
Liviu Avram
SE – Network Security, Dell Corporation Limited
Liviu Avram joined Dell in 2012 as Sales Engineer. He delivers technical trainings for the
Dell SonicWALL product portofolio and supports the sales team, partners and end-users
in the Emerging Markets region. Previously, he held the position of Pre-Sales Engineer at
SonicWALL, having a strong background in network security.
Information and data security in law enforcement
Information and data security is a vital part of any corporate function and it’s even more
so in case of law enforcement. The gathered data should be able to be safely and securely
stored, easily accesible and easile distributable. Access to this data should be seamless,
as it could easily mean the difference between life and death. Communication between
officers and agents should be secure and easy, as critical information is always on transit.
Join us and let’s discuss how you can leverage today’s technology to use the existing data
more efficiently and gather new information more easily.
What is hiding behind the seemingly trusted connection?
With the explosion of technology and encryption, everybody jumped on the wagon and
thought that the information they exchange over the secure connections is safe from spies.
Lately, we encountered more and more evidence that this is not always the case. What
is hiding behind the seemingly trusted connection? What are the dangers that we should
expect and how to start protecting ourselves against them? We invite you to an open
discussion on how to improve the security of our data on the internet.
73
Rosheen Awotar-Mauree
Cybersecurity Officer, BDT, ITU
Rosheen received her first degree in Computer Science with honors in Information Systems,
in 1994 and her MBA in 1996, both from Murdoch University, Perth, Australia.
Before joining ITU, Rosheen was working for the Ministry of ICT in Mauritius where she was
in charge of the IT Security Unit, which is the key facilitator in ensuring that Government
information systems are secure.
She has been managing IT Security initiatives in the field of sensitization, audits,
implementation of information security management systems (ISMS) based on ISO 27001/2
standards and in international cooperation to operationalize the national CERT and the
national PKI. She has also been involved in the elaboration of a national ICT security
strategy and two national ICT strategies. She has over 12 years of experience in the field of
IT Security and IT Project Management.
In February 2013 she joined the ITU’s Telecommunication Development Bureau (BDT) as
Cybersecurity Officer in Geneva where she assists in the coordination and implementation
of Cybersecurity initiatives.
A global approach to build cybersecurity capacity
ITU (International Telecommunication Union) is the United Nations specialized agency
for information and communication technologies – ICTs. A fundamental role of ITU,
following the World Summit on the Information Society (WSIS) and the 2010 ITU
Plenipotentiary Conference, is to build confidence and security in the use of Information
and Communication Technologies (ICTs). At WSIS, Heads of States and world leaders
entrusted ITU to be the Facilitator of Action Line C5, «Building confidence and security
in the use of ICTs», in response to which ITU Secretary-General, Dr. Hamadoun I. Touré
launched, in 2007, the Global Cybersecurity Agenda (GCA), as a framework for international
cooperation in this area. This intervention will provide an appreciation of the mandate and
initiatives undertaken by ITU in addressing Cybersecurity with the collaboration of relevant
stakeholders including other international organisations, regional groups and industry
partners.
74
Bogdan Botezatu
Senior e-threat analyst for Bitdefender
Bogdan Botezatu is a computer security expert and editor of HOTforSecurity.com. He has
a strong background in computer networking and antimalware research. He has worked for
the Romanian provider of innovative antivirus solutions since 2007. His areas of expertise
are cyberwarfare, mobile and social networks malware. As Senior e-threat analyst, he was
part of the teams that developed the Bitdefender USB Immunizer and Bitdefender Removal
Tools. More than that, he was the author of Malware History, an overview of the most
notable developments in the malware landscape, Securing Wireless Networks, that provides
tips and tricks on how to shield your home network from intruders, and Safe Blogging
Guide, that highlights key recommendations on how to keep your blog and identity safe.
Bogdan Botezatu has spoken at various computer security conferences around the world,
including IPEXPO, DefCAMP and international seminars, such as “Current Methods for
Combating Cybercrime”, organized by IMPACT Alliance. Before joining Bitdefender he has
activated as system administrator at the Alexandru Ioan Cuza University of Iasi, where he
supervised the implementation of IT functions in the educational sector for non-IT-related
specialties.
Exploit packs and malvertising: Silent attacks that changed the world
Welcome to the world of automated attacks, where hackers can subvert any computer in no
time without any user interaction. Turnkey cybercrime software is unanimously regarded as
the most effective breed of malware to date, but little is publicly known about how exploit
packs work, what their impact on the e-crime lifecycle is and what needs to be done to
avoid subversion. During this presentation we will discuss the predominance of exploitbased attacks in the global e-threat landscape and we will also do a live demonstration of a
completely automated attack.
75
Gorazd Bozic
Head of the Slovenian national CERT (SI-CERT)
Gorazd Bozic is the Head of the Slovenian national CERT (SI-CERT), which was established
in 1995. Between 2000 and 2008 Gorazd was the Chairman of the European CERT group
TF-CSIRT, which brings together all known CERTs in the wider European region. Gorazd has
been also the Slovenian representative to the Management Board of ENISA, the European
Network and Information Security Agency, since its formation in 2004. European CERT Cooperation
76
Cristiano Cafferata
Country Manager, Dell Software Group, Italy
Cristiano Cafferata worked for security giant SonicWALL for eight years prior to DELL’s
acquisition of that organization. During that time, he held the positions of Business
Development Manager and System Engineer, with a mission to develop secure
communication systems. In 2011 he was leading Dell Software’s Security for Italy and
Greece. Great qualities such as team leader, dedication and passion for computer security,
make him fit to lead DSG’s Italian security team. Cristiano is a key figure in the computing
world, participating as a spokesman for the Vendor to Talk and roadshows on security
systems and industry hot topics around the world, putting his own experience and culture
available to the public. Great experience in high tech products, member of the CASD
in order to cooperate in the protection of critical infrastructure, Cristiano embraces the
challenges in every field that involves the use of security systems. His professionalism,
dedication and commitment have been awarded by DELL in August 2012 with the
appointment as Country Manager for Security for Italy and Greece, in which he led a steady
growth in business until July 2014 when he received the appointment of DSG Team Leader
for Italy and is now at the helm of the entire Italian DELL Software team, with the goal of
building a strong and prosperous channel.
Forensic solution – focus on SPEKTOR
Simplifying the evidence research and the hidden items with the simplest and fastest
solution of the land is not enough – The product and the Cloud based Forensic services
need some other tools. Are we able to deliver secure communication systems, adaptive
security solutions and especially a dedicated team of experts ? the answer is yes.
Investigation means being able to check who has logged in when and how, investigations
means being able to deep dive into ssl connections and we can teach how !
The bad news are that as you see in the agenda the time we have is not so much, the good
is that Spektor is able to collect more data in the remaining 10 minutes we have than what
you can ever guess !
Who will catch the exact amount of data ( +/- 5% ) will win a Dell-SonicWALL TZ unit.
Then a secured and encrypted communication channel will be established between two
NGFW endpoints and the data will be securely stored, join us and discover how !
77
Raoul Chiesa
Founder and CEO, Security Brokers International
Raoul Chiesa has been among the first Italian hackers back in the 90´s (1986-1995). Then,
he decided to move to professional InfoSec. Since 2003 he started its cooperation with
the United Nations Interregional Crime and Justice Research Institute, working on “HPP”,
the Hackers Profiling Project run by ISECOM and UNICRI; in 2005 he has been officially
recognized as a cybercrime advisor. Nowadays his role at UNICRI is that of “Independent
Senior Advisor on Cybercrime”. Since February 2010, Raoul Chiesa is a Member of the
European Network & Information Security Agency (ENISA) Permanent Stakeholders’ Group
(PSG) covering the previous two mandates, 2010-2012 and 2012-2015. On November 2012
Raoul launched “Security Brokers”, an innovative and global think-tank focused on vertical
security issues, along with international networks of high-level InfoSec professionals. Both
Raoul and his associates work on research areas such as X.25 and PSDN networks, VoIP
Security, malware analysis, social engineering, SCADA & industrial automation, home
automation, satellite communication, mobile security, SS7 threats and much more.
He is regular key speaker at official security events such as National Security Observatory
at the Italian MoD, Security Summit, CCDCoE/NATO in Estonia, World Institute for Nuclear
Security (WINS), Italian Senate, HackCon Norway, RACVIAC Croatia, Swiss Cyber Storm,
Secure Poland by CERT-PL, GOV.CERT-NL, SANS, ESA (European Space Agency), ISF
China (Internet Security Forum), IDC China (Internet Data Centers Conference) 8.8 (Chile)
and many more.
From Cybercrime to Cyber Espionage and Information Warfare: what happened,
what’s happening right now?
This Key Note presentation will focus on the existing «fil rouge» among Cybercrime, Cyber
Espionage and Information Warfare, highlighting the actors and their modus operandi in the
21st Century world.
The trainer, thanks to its +20 years of field experience in the Information Security science,
will map out the shared «assets» and will fill the dots among three «scenarios of incidents»
which, apparently, do not have any specific common points. This is a very common mistake
tough, often encountered in the private industry, in governmental and military environments.
Nowaday’s world evolved that much faster, and the Information & Communication
Technology - as well the Internet of Things and the Big Data - has reached nearly a total
impact on our lives.
Botnets, 0 days vulnerabilities, Advanced Persistent Threats, e-warriors and mercenaries,
Cyber Armies and e-soldiers.... there’s a lot to talk about, and new lessons to be learnt, so that
new approaches, scenarios and decisions can be taken without conceptual mistakes.
78
Laurent Chrzanovski
Independent Historian & Cultural Events Manager
With a PhD in Roman Archaeology obtained at the University of Lausanne, a Postdoctoral
Research Degree in History and Sociology at the Romanian Academy of Sciences, Cluj-Napoca
Branch and a Habilitation in History obtained at the Babes-Bolyai University, Cluj-Napoca,
Laurent CHRZANOVSKI teaches at the doctoral school of the Univeryity Lyon II Lumière as well as at the Faculties of History of Cluj and Sibiu Universities. Obliged by his wife to enter the domain of internet and then the niche of cyber security,
Laurent is responsible for the international relations, and head organizer of the yearly
congress “Cybersecurity in Romania. An International public-private dialogue platform“.
He also conceived the awareness-raising exhibition “Social media heroes, social media
victims. From hieroglyphs to Facebook” designed for the Romanian Mission at the UNOG
and first shown at the ITU headquarters (Geneva) in 2013. Contaminated by the virus, he
delivered a few conferences in cyber security congresses, mainly based on the necessary
philosophy and trans-disciplinary approaches needed to understand the phenomenon.
His professional dreams are to keep his beloved lamps (main part of his academic research)
out of reach of cyber-attacks by forbidding untested network-enabled leds and to introduce
stratigraphical techniques in security strategies.
Historical thoughts and philosophical approaches for a safer cyberworld
Many times in human history, civilizations raised, declined or died because of their capacity of adaptation to the
surrounding worlds. In warfare, for example, the cleverness shown by the Roman Empire during its golden age
is significant: after discovering new techniques, new armors, new weapons used by the enemies the Romans
fought, they simply adopted the most successful of them, many times by incorporating in the auxiliary troops
of the legions the elite bodies of the enemies of yesterday. As a fascinating example, at a some 150 km of Sibiu,
immediately south of the Carpathians, at the fort of Tibiscum (near Caransebes), three bilingual funerary slabs,
written in Latin and Palmyrene, remind us that three young soldiers of the Syrian desert city died for the Empire
in Southern Transylvania, fighting the Marcomanni invasion. Why? Because they were considered the very best
mounted archers of their times. This is not without reminding us that the Athenian city police was, at least since
the 5th century BC, ensured by Scythians archers and soldiers, strong and disciplined men. Those few examples
show well that the most prestigious antique civilizations perfectly seized the importance of profiting of the
“globalization” to get the best at their service.
On the contrary, their very own fall is due to the reverse of the medal. Only a man like Attila, raised by the best
professors in Constantinople when he was a prince-hostage (a custom to secure peace treaties with certain
tribes) has been able to unify tribes of his people and knew perfectly the languages, the mentality, the skills
and the weakness of the gigantic Empire he was going to strike.
What we witness today is not very different, at a planetary scale. But facing the proliferation of cyber-attackers
from all continents, understanding their way of thinking and each major country’s culture and educational
background could be a real plus. Philosophically, Occident has to free his mind from the everlasting Kantian
approach, which is perfectly reflected in texts such as the 2013 “Cybersecurity Strategy” of the EU, where
most of the pages could be classified as “useless and wishful thinking”. The Chinese approach, based on a
combination of Taoism, Confucianism and Sun-Tzu’s ever-useful “Art of War” is certainly much more efficient.
Not to mention the ultra-pragmatic “ Cybersecurity Act of 2013” initiatied by Senator Rockefeller in June 2013,
which is, again, a perfect concentrate of American philosophy of immediate and concrete reaction which has
always been part of the “New World”. And the European Union? Well, in our opinion, if we do not profit of the
amazing diversities and talents of the 28 countries associated into an Aristotle’s concept of deliberation with
immediate action, we are simply putting ourselves out of the global cyber map.
79
Teodor Cimpoeşu
CyberSecurity Director at certSIGN
Teodor is a seasoned information security professional, with a background formation in
management and marketing as well. For the past 5 years he held the position of managing
director for Kaspersky Lab Romania and Bulgaria, building upon other previous 5 years
of technical and project and product management experience inside the company. Since
mid 2014 he now holds the position of CyberSecurity Director with CERTSIGN, a UTI Grup
company, leading the business unit responsible of delivering cyber security services on a
MSSP model, along with complex infosec projects and formal training. In current position,
he is responsible of establishing a dominant foothold on the security services market,
getting ahead of all regional competition with an unprecendented level of security services,
aligned with top standards and staffed with top professionals.
Advanced attacks and countermeasures. Why CSOs must have military thinking
Modern attacks usually bypass antimalware measures, firewalls and standard protection
means. We shall go through several highly sound cyber espionage campaigns, emphasising
the tactics and procedures of operations, and what would had been possible to be done
to better prepare and deflect this kind of attacks, minimising the damages and the window
of response. We propose in this content, that the thinking of the defenders should change
accordingly with the thinking of threat actors, and take into account several dimensions of
cyber warfare and cyber espionage, drawing parallel with concepts from military thinking.
Cybercrime: brace for impact
Law enforcement officers are already facing a new wave of cyber criminality they don’t
seem prepared for. Most of the time, the legal framework or the link with the applicable
law is not obvious or rather doubtful. There is a general perception that more training
and higher level of cyber competencies are required. Yet, a consistent set of skills and
knowledge is already there. We propose a simplified look at cybercrime (the phenomenon)
and information systems (the medium), and call for raised awareness and increased usage
of existing knowledge, both within existing personnel and private sector partners willing to
help combatting this asymmetric new fight.
80
Dragoș Cioca
Business Solutions Consultant – Kapsch Romania
Dragoș Cioca is Business Solution Consultant at Kapsch Romania and he has more than
10 years experience in ICT projects. Dragos is involved in a broad range of activities from
presales, consultancy and solutions architecture to delivery and implementation of business
solutions. He is an innovative person with high capacity to understand and implement new
technology and concepts that would deliver the best value for the customer.
Actual challenges in Cybersecurity
In a world of ever-changing cyber threats, organizations are facing the unprecedented
growth of unknown malware. These attacks focus on stealing data, sabotaging business
continuity, or damaging a company’s reputation. To protect against this threat, companies
should choose a solution that provides the best catch rate against unknown malware.
Within the security community, an explosion of unknown malware—not just new threats,
but new ways of creating and deploying undetectable threats on a massive scale—brought
into question the viability of existing strategies and technologies. This in-depth analysis of
security threats and trends will help security and business decision-makers understand the
range of threats facing their organisations.”
81
Melania-Gabriela CIOT
Counsellor of the Minister for Information Society
Ph.D. Assoc. Prof. at Babeş-Bolyai University, Cluj-Napoca
Gabriela Ciot is associate professor at Babeş-Bolyai University and from May, 2014
Councellor of the Minister for Information Society. She is currently teaching courses on
International Relations and European Studies. She holds a PhD in Educational Sciences
from Ghent University Belgium, and one in International Relations and European Studies
from Babeş-Bolyai University. Gabriela Ciot has an intense scientific and research activity,
which includes books, articles and studies in international and national journals. Her
research interests are the psychology of decision-making process, especially in foreign
policy, European and international negotiations, mediation and management of conflict and
cooperation.
Open Government – a solution for European citizens?
Governments are increasingly aware of the importance of making their online services userfriendly. However, their focus is still mostly on making services available, leaving ample
room for improvement in areas such as speed and ease of use, and transparency. Lack of
progress in these areas can undermine citizen’s trust in online public services and impede
their use. The 11th eGovernment Benchmark Report shows that there is a significant group
of non-believers (38%) that refuse to use the online channel for public services. This could
be partly because users’ expectations are driven up by their experience with private service
providers (e.g., online banking), and online public services don’t always live up to those
expectations.
In order to close the gap, the Commission will engage with Member States to promote
and adopt the Open Government approach: by opening their data, their processes and
their services governments can provide better, more attractive services at less cost, create
jobs and growth opportunities and increase accountability and trust. It also allows citizens
to participate in the design, creation and delivery of digital public services. Future actions
under Horizon 2020 and the Digital Services Infrastructures of the Connecting Europe
Facility will support this Open Government approach.
Just one question needs a proper answer: is the Open Government a good solution, able to
protect European citizens?
82
Ana Cobzaru
Senior Business Development Manager, Bitdefender, Romania
Ana is working in Bitdefender for 8 years now and she is one of the oldest members
of the team that covers Romania and the Republic of Moldova. She is in charge of business
development, ensuring a good cooperation between Bitdefender and the most important
Romanian public institutions, and also with important private entities that chose the number
one security suite for its top notch performance.
Bitdefender is the creator of one of the world’s fastest and most effective lines of
internationally certified internet security software. The company is an industry pioneer,
introducing and developing award-winning protection since 2001. Today, Bitdefender
technology secures the digital experience of 500 million home and corporate users across
the globe.
Enterprise Security. Reinvented. How enterprises can adapt and meet the challenges
of today’s security landscape.
Using security management tools that were designed for yesterday’s environments
forces IT to spend excessive time to maintain or workaround the very solutions that were
intended to simplify things and put them in control. The disruptive power of virtualization,
cloud computing, and BYOD compounds the problem of protecting a complex enterprise
environment. This leads to the use of point solutions that must be maintained on top of the
existing stack.
83
Lucian Corlan
Country Manager, Information Security&Governance at Betfair
Lucian holds CISSP, CISM, CISA, CEH, and is an experienced IT & Information Security
professional. He worked for several multi-national organizations in the financial and telecom
sectors, and provided consulting and audit services for EU private sector organizations.
He holds an M.Sc. in IT&C Security and an M.A. in Security Studies from the University
of Bucharest, Faculty of Sociology. He contributed the chapter “Globalisation and Security
in the information Age” in the book “Security Studies” (2011).
Resilience through cyber threat intelligence
This presentation will be going through some of today’s sources of information, the steps
taken by a hacker in preparing an attack such as information gathering, reconnaissance,
scanning and motivations such as intimidation and bragging. Main objective is to answer
the following questions: How do we proactively protect our business by employing cyber
threat intelligence services? Basically, how do we digest as a business (especially online
businesses) answers to questions such as: What are we saying about us online? What do
others say about us? How are we perceived on the market and by the larger public? Who
are our competitors and how aggressive are they? Can we trust cyber intelligence when
taking important business decisions? How could a cyber-threat profile of my company help
achieve increased security and bring value to the business?
84
Alexandru Catalin Cosoi
Chief Security Strategist, Bitdefender
Tasked with energizing and publicizing the company’s technological progress, Catalin
specializes in pattern extraction and recognition technologies, with an accent on neural
networks and clustering algorithms. His technical achievements have so far materialized
in four granted patents and a series of classification technologies being implemented mostly
in Bitdefender software. As a consequence of his interests, he is also pursuing a PhD in
natural language processing. He lists his professional goals as “gaining a Nobel prize and
achieving clinical immortality”, is married and lives in Bucharest, Romania at the rare times
when his job isn’t sending him around the globe.
Cyberwar today
We are at the brink of cyberwar, and institutions worldwide are blindly trying to cope. In isolation, they struggle to identify the main actors on the scene. But things are moving
at breakneck speed. Without global cooperation, no one can assemble a full picture of the
conflicts on the horizon.
85
Cristian Cucu
Founder and General Manager of BISS I Best Internet Security
Bogdan Toporan
Founder and Managing Partner of BISS I Best Internet Security
Mr. Cucu is a graduate of both business and law Universities in Bucharest and holds an
MBA from Northwood Universtity in Michigan USA. As a cyber-security professional he is
also certified as CISA, CISM and CRISC. Passionate about information security, Mr. Cucu
was involved in all BISS projects, from security base lining, to valid protection, remediation
and resolution. Current interests outline security intelligence mapped on the Romanian
security ecosystem.
Mr. Toporan carries an expertise of over 13 years of dedication to the cyber security
field, actively introducing security technologies to the Romanian marketplace, along with
leveraging the hype type of information that this particularly dynamic field of work has to
deliver. Passionate about information security and practical models of making it work for
very heterogeneous environments, Mr. Toporan was involved in all BISS projects, from
security base lining, to valid protection, remediation and resolution. Current interests outline
security intelligence and forensics, mapped on the Romanian security ecosystem.
Security intelligence – ear to the ground. Actionable Information – velocity for Romania.
Do you know where your data is, or what it does? Do you actually know who uses it
and how? Do you know who needs it? Do you see it? Do you see them? Can you see
your network? What is security intelligence and why does it matter today? BISS carries
a strong experience within the SIEM/ Next Generation SIEM and Security Intelligence
area, being the first to introduce such technology to the Romanian space, back in 2010,
when our collaboration with Q1 Labs started. We aim with our topic for Cyber-Security
86
Romania Event to leverage the real story of technology evolution and its applicability in the
Romanian environment, together with presenting our efforts to make it available for our
market. Security Intelligence solutions have evolved from a number of technologies you
may be familiar with. In short, Security Intelligence builds on the data collection capabilities
and compliance benefits of log management, the correlation, normalization and analysis
capabilities of SIEM (security information and event management), the network visibility
and advanced threat detection of NBAD (network behavior anomaly detection), the ability
to reduce breaches and ensure compliance provided by risk management, and the network
traffic and application content insight afforded by network forensics. Yet what distinguishes
a modern Security Intelligence solution is that it’s not a gift basket of discrete technologies
wrapped together with duct tape, or worse, PowerPoint. It’s a truly integrated solution built
on a common codebase, with a single data management architecture and a single user
interface. As we see it, Security Intelligence isn’t just for companies with big budgets, staff
and lots of patience. Today’s modern Security Intelligence solutions has evolved from the
dinosaurs known as first-gen SIEM offerings that required major upfront implementation
work and actually added to your ongoing headcount needs, rather than easing them. Today
it’s just the opposite – which means Security Intelligence is within the reach of any size
organization. Collecting and analyzing all the relevant data in your network is a good start,
but data (logs, query results, etc.) by themselves are worthless; and do you know what is
relevant data?A Security Intelligence solution must make sense of your data and help you
quickly research and remediate incidents, by giving you Actionable and comprehensive
insight. BISS will address real world scenarios, covering the hype of current security topics
from APT, to Profiling and Visibility, narrowing it down to a concrete approach and solid
proposal suited for the level of our market at the end of 2014.
87
Olga Demian
Lawyer, Information Society Development Institute (Moldova)
Olga Demian holds an LLM Diploma with merit from Queen Mary, University of London
where she explored aspects of Computer and Communication Law (2010), including
Privacy and Information Law. For nearly 12 years, Ms. Demian has been involved in
strategic litigation and various law reform projects. In her position as an UNDP Consultant,
she advised the e-Governance Center (Moldova) in the process of elaboration and
implementation of the e-Government Agenda by addressing legal matters concerning
information security in relation to various projects, including the Governmental platform
based on the Cloud technology and interoperability. She also focused on legal aspects of
information security in the context of projects implemented by the E-Governance Academy
(Estonia) and the Data Exchange Agency of the Ministry of Justice (Georgia). Since 2011,
in her capacity as a Member of the Consultancy Council by the Center for Personal Data
Protection of Moldova, Olga has contributed to development and implementation of the
national legal framework on personal data protection. At present, in cooperation with the
Information Society Development Institute (Moldova), Ms. Demian is engaged in a research
project, which aims to analyze specific legal factors surrounding information security.
Cybersecurity and the Law: Implications and Future Perspectives with Regard to
e-Government
Innovative e-government solutions can provide considerable opportunities to reform public
administrations for sustainable development. The smooth functioning and overall security is
vital in this process. Potential challenges in these fields call for sound strategies to amend
and enforce the legal and institutional frameworks. Particularly, to avoid complexities,
matters such as lack of regulatory alignment, conflicting compliance requirements,
organisational risks and clients privacy concerns are recommended, by experts, to be
addressed. This presentation focuses on several regulatory challenges and technical
trends which are most likely to shape the cybersecurity environment and sets the platform
for discussions about these and other related matters, finding inspiration in the work of
regulatory scholars who have formulated their opinion in relation to approaches adopted
by public administrations with regard to cybersecurity, in particular, in the context of
e-government strategies. 88
Adrian Floarea
CISA, CISM & CRISC, Commercial Director, CertSIGN, Romania
Adrian Floarea has been dealing with the development of IT security applications (electronic
signature, disc encryption, data destruction), being one of the founders of the R&D
team within the deptarment of Informatic Systems Security of the UTI Group, the very
basic department upon which certSign was created. Before working for UTI – and hence
certSIGN – Adrian Floarea was scientific researcher within the Research Agency for Military
Techniques and Technologies (ACTTM).
Time to secure mobile devices!
The explosive development of mobile devices has opened the path to innovation and
business development, but generated new risk vectors for companies. By their nature,
mobile devices are used in locations that are not controlled by the organization.
In these circumstances, the need for management and security of mobile devices
is obvious. Organizations must be prepared not only for the current expansion of mobile
devices, but also for the future, so they can manage the risks. Firstly it is a change
of perspective in terms of endpoint security for mobile devices.
89
Ramsés Gallego
Security Strategist & Evangelist, Dell Software
With a background education in Business Administration (MBA) and Law, Ramsés is a +15
year security professional with deep expertise in the Risk Management and Governance
areas. Ramsés is now Security Strategist & Evangelist for Dell Software, where he defines
the vision of the security discipline and evangelizes on its mission and strategy. Before, he
was at CA Technologies for 8 years, was Regional Manager for SurfControl in Spain and
Portugal, and just recently Chief Strategy Officer of the Security and Risk Management
practice at Entelgy. Ramsés has served for three years in ISACA’s CISM and CGEIT
Certification Committees and also in the the Guidance & Practices Committee for three
years from where deliverables have been created for the community. He is honored to
have been the Chair for ISACA’s ISRM Conference and part of the Program Committee
for the events SecureCloud 2010 and 2012. He is now President at the Barcelona Chapter
and played an instrumental role in the Planning Committee that prepared first-ever ISACA’s
World Congress in Washington, June 2011. He has also been part of the ISACA’s CISM
PATF Task Force. Ramsés believes that a revolution (rather than an evolution) is needed
when considering the move from technology to enterprise risk and that the cloud dimension
offers incredible opportunities for businesses today. Ramsés thinks that Governance is
essential to facilitate innovation in this changing business environment and holds many
certifications that combine different knowledge areas and broaden his vision on technology
within the marketplace. Ramsés is a CISM (Certified Information Security Manager),
CGEIT (Certified in the Governance of the Enterprise IT) and a CISSP (Certified Information
Systems Security Professional). He is the proud owner of the SCPM (Stanford Certified
Project Manager) from Stanford University, California, one of the first experts with the CCSK
(Certificate of Cloud Security Knowledge) and also an ITIL and COBIT Foundations certified
professional. He develops results-oriented, business-focused, people-driven projects due
to his Six Sigma Black Belt accreditation. An internationally recognized public speaker, has
visited +20 different countries in the past 12 months and has been awarded ‘Best Speaker’
many times. He received the John Kuyers Award for Best Speaker/Conference Contributor
in June 2013. He has been named ‘Privacy by Design Ambassador’ by the Government of
Ontario, Canada and is proud of serving as International VP for ISACA for third year ian row
90
with a seat in its Board of Directors. He lives in Barcelona, Spain, with his wonderful wife
and his two loved kids.
From Technology Risk to Enterprise Risk: A New Beginning
Information is the currency in today’s world. Companies are understanding that a
new approach is needed when it comes to provide assurance that sensitive data will
be protected to fight the threats to cybersecurity. Organizations around the globe are
embracing a new vision that will become the foundations for tomorrow. This is the need
of a shift in perception. We need to move from Technology Risk to Enterprise Risk.
A new beginning. A new dawn. Enterprises are moving from what once was a domain of
technology to a new reality; that, at the end of the day, what it really matters is mitigating
enterprise risk, the risk appetite of the company as a whole. What it is really important these
days is to realize that not only is instrumental to execute correctly, with the proper attitude,
with the right mindset, but also to embrace the overarching discipline of Governance,
to empower end users while, at the very same time, the assurance of the responsible use
of resources is guaranteed.
By attending this session, insights will be gained on how to provide value for the business,
through technology, in a changing security landscape. The attendee will be able to
discover new angles for engaging with the business and provide communication channels
and reporting methods to protect the two most important assets for a company: people
and information. Knowledge will be shared in the area of metrics and indicators that provide
tangible value, in business terms for the C-level suite. This is the very much needed new
dimension. From Technology Risk to Enterprise Risk. A New Beginning.
The Future of NOW
If there is something constant in the universe, that’s speed of light. And change.
Change is a constant in today’s world. We are living through times where the present
is leaving us... every single second. These are times where present is already past and the
need to adapt and adopt new and emerging technologies have become instrumental
for success. Organizations are being pressed with time-to-market issues while, in reality,
they should a have time-to-value perspective. In an epoch where technology is pervasive
and you can hardly find businesses that do not depend on technology, we have to face
change as one critical variable in the planning of enterprise strategy. Because we have
something crystal clear: that the future...is going to change. We have to capture the present
realizing that it has already become past and that the next business iteration has already
happened, whether we like it or not.
By attending this session, the attendee will enhance her/his perception on the importance
of time when designing, planning and executing a business strategy. The difference
between strategy and tactics will be mentioned as well as the need of adapting to change
in a world with no secrets, no barriers, no frontiers. The attendee will gain a deeper
understanding on the issues of adaptability, trustability and reliability and, more important,
will discover that we are living in the future. The Future of NOW.
91
Mihai Ghiță
Business Development Manager at Q-East Software
With 20 years of experience in IT industry and over 15 years’ experience in database
technology, Mihai managed numerous implementations for performance management
and security projects. In the past years he created “Business Continuity” plans and designed
“Disaster Recovery” sites, addressing management, performance and security challenges
in the dynamic business continuity context. He is Oracle Certified Expert and ITIL Certified.
Mihai has a heavy experience in solving design, performance and security issues for
systems and databases. His extensive knowledge covers complex projects related to
the identification, planning, delivery and IT services support for businesses. Mihai has
implemented many IT projects in critical infrastructures and cybersecurity for large
enterprises. He is “Cloud Computing” technology and “Big Data” enthusiast. As one of the
most prolific consultants of the industry, Mihai is an active speaker in most of the advanced
technology exhibitions and events. “Computers are useless. They can only give you
answers.” (Pablo Picasso)
The man who disabled his firewall
Traditional stateful firewalls are blind to modern cyber attacks. Inside a network, users are
frequently attacked by malicious traffic considered 100% legitimate by stateful firewalls.
On the other hand, next-generation firewalls and unified threat management firewalls, as
well as intrusion prevention systems, are designed to protect networks from such attacks. But… unfortunately, latest studies showed that 69% of confirmed security incidents were
perpetuated by insiders. More than 50% of them were former employees who regained
access via backdoors or corporate accounts that were never disabled. Two-thirds
of breaches involved data stored or “at rest” on assets like databases and file servers.
On average, a typical enterprise end-user must access 27 different applications and has
a minimum of 6 enterprise-issued passwords. Plus, it takes more than a day and a half
to provision a new user and more than half a day to de-provision a user.
Discover, assess and assign ownership of multi-platform data to address the root of these
challenges and then secure your environment moving forward with change monitoring,
compliance reporting and dashboards for the business owner. Learn how Dell (Quest)
Software makes it easy to securely manage and protect applications, systems, devices
and data, helping organizations of all sizes fully deliver on the promise of technology.
92
Prepare your employees against cyber and social engineering attacks. With Dell solutions,
you can assess training programs by top IT security advisors and address areas of greatest
concern to your organization. Going beyond compliance, Dell can change employee
behavior and reduce risk to your organization.
Eng. Selene Giupponi
Head of the Digital Forensics Unit, Security Brokers International
Mrs. Selene Giupponi is one of the (very) few ladies involved in Digital Forensics, at least
AFAWK. Born in 1984, she graduated as a Computer Engineer back in 2008 at Università
La Sapienza in Rome, while working on many digital forensics investigations, during and after
her University studies; then she graduated in Computer Forensics & Digital Investigations
with the Italian Postal and Communication Police (Min. of Interiors) over the very same year.
She’s a member of IISFA (Information Systems Forensics Association, Italian Chapter) and
CLUSIT (Italian Information Security Association), holding the CIFI and the FTK certifications,
plus the Advanced Course of Digital Investigations by IISFA Italian Chapter (2011).
Selene is a consultant and assessor in those criminal cases where DF is called-in. Currently
she’s working at The Security Brokers as Head of the Digital Forensics Unit, also as a
Security research for NFC Technology.
In the DF environment, her main areas of research are:AS/400 Forensics; Forensis analysis
on Windows and Mac; Live forensics and anti-forensics: Mobile Forensics; Setting up DF
Labs: Antiforensics Mitigation and Windows Registry’s Secrets; Computer Forensics and
Investigation Activity; Data Retention issues; TomTom Forensics; Incident handling
The world of Digital Forensics today: from host and network Forensics to Mobile and
GPS; big picture and real-life case studies
This presentation will supply a first introduction to the world of Digital Forensics,
its sub-markets, the rising-up niches, then showcasing some real-life case studies. Digital
Forensics is a science, which encompass very different investigation scenarios, from
economical frauds to ICT attacks, as well as murders and missing people. The workshop
will provide an high-level view, giving the small available time, to Digital Forensics modus
operandi and correct working approaches, then will showcase a few real-life case studies,
and will provide useful information on the right tools to be used, both hardware and
software.
93
Florin-Mihai Iliescu
Founder, Info-Logica Silverline
Florin-Mihai Iliescu, CISA, CISSP is licensed in Computer Science by University Politehnica
of Bucharest, holds a Master Degree in Architecture of Information Systems and has about
20 years of experience in Information Technology. In 2004, Florin-Mihai Iliescu founded
Info-Logica Silverline, where he acts as a security professional, information systems auditor
and consultant. His experience in Info-Logica Silverline includes more than 200 projects
of information systems audit, ethical-hacking, vulnerability assessment, risk analysis
development, information technology strategy development and implementation.
Florin-Mihai Iliescu is one of the contributors of CISA Review Manual and author of CISA
Exam Questions, contribution awarded by ISACA with Certificate of Appreciation for
development CISA Study Materials.
Intelligence for Cyber Defense
The nature and extent of cyber attacks occurred in past years determined NATO to set up
cyber defence groups with the status of military organizations. Cyber defence strategies
plays now an important role in present wars, along with traditional combat forces.
A security officer has to be capable to fingerprint cyber attacks analysing system and
traffic data. With thousands of logs, limited retention capabilities, and sophisticated attack
patterns it is highly difficult to identify effectively critical security events.
On top of traditional security infrastructure composed by firewalls, intrusion detection
systems, anti-virus applications, authentication and authorization services, automated
systems to collect, aggregate and correlate network activities are required of an effective
security management.
Intelligence for Cyber Defence presents top features of security incidents management
systems and how these systems should be implemented to achieve best results.
94
Jakub Jirícek
šš
Systems Engineer & Information Security Consultant, Palo Alto
š š has over 15 years of experience in IT and information security. During various
Jakub Jiricek
systems engineering, pre-sales and consulting roles he took part in many security related
projects at enterprise and government organizations. Currently he works as a pre-sales
engineer for Palo Alto Networks and he is responsible for technical sales engagements
in the Eastern Europe. He has studied Computer Science and Networking on Czech
Technical University in Prague (CVUT FEL). He holds CISSP, CCSK and CNSE certifications.
Next generation protection against yet-unknown threats
IT environments are getting more and more complex and with the introduction of modern
concepts (cloud, BYOD, routine use of encryptions) it is not always easy to keep on the
track with cyber attackers. One of the most efficient attack methods is represented
by advanced persistent threats, which tend to be very targeted and unique. Malware authors
often misuse vulnerabilities and exploitation techniques in a way that makes them difficult
to be detected, at least for traditional signature-based detection technologies. Palo Alto
Networks combined next-generation firewall with closed-loop threat intelligence system
and created automatic prevention mechanism effective against such class of threats. This
combination has already proven itself at 18.000+ customers and security professionals from
all over the world gain in-depth visibility into their network traffic and overall risk is reduced.
But there is more to come ­the same protection level should be available not only for the
perimeter but also for all segments of the internal network and also for (even software
defined) data centers. Additional protection elements should take care of endpoint clients ­
both PC based and mobile. All this together creates true enterprise security platform.
95
Max Klaus
Deputy Head of MELANI - the Swiss Federal Reporting and Analysis Centre
for Information Assurance -, within the Swiss Federal IT Steering Unit
Max Klaus has been working for the Swiss Government since 2002 and has a polytechnic
degree in IT security. He started in the Swiss Federal Chancellery, where he worked for
different E-Government and E-Voting projects. After 18 months as IT Security Officer in
the Federal Department of Defence, People’s Protection and Sports, he started his work
as Deputy Head of MELANI on September 1st, 2008. He is responsible for the strategic
development of this organization as well as for parliamentary affairs and public relation.
Reporting and Analysis Centre for Information Assurance – a 10 year’s history of
success
The Reporting and Analysis Centre for Information Assurance MELANI is Switzerland’s
National Cyber Security Centre and was mandated by the Swiss Federal Council, which is
the highest political authority in Switzerland, to protect Critical Infrastructures in this country.
As in Switzerland, most of the Critical Infrastructures are operated by the private industry,
has to have an excellent cooperation with the operators of Critical Infrastructures in
Switzerland.
This presentation will explain how MELANI is organized and what are the strengths and
weaknesses. In a second part, the speaker will show a selection of cyber attacks against
institutions and enterprises in Switzerland and abroad. Finally, in a third part, the speaker will
also explain the basics of the “National Strategy to protect Switzerland from Cyber-Risks”.
96
Besnik Limaj
Team Leader of the EU funded transregional Project «Enhancing Cyber Security»
Besnik Limaj has an extensive background as a Chief Executive Officer and Team Leader.
Leading large International funded projects Besnik is also a lead architect of various
software solutions and certified trainer for Information Systems Management. He holds an
MBA degree from the University of Sheffield and Level 7 Diploma in Strategic Management
and Leadership. With extensive experience in Business Process Reengineering,
Technology, TQM, Performance management and in development of strategies, Besnik
utilises a combination of unique skills which he has blended over the past twenty years
of his experience in various projects. Besnik has has strong knowledge of programming
languages and technologies: SQL Server 2000-2008, MySQL, ASP.NET, VB.NET, C#, COM+,
ANSI SQL, Transact-SQL, ASP.net, XML, DML, Java, PHP, Apache on Unix Platform, HTML,
middle tier design and programming with COM.
The EU-funded “Instrument For Stability - Enhancing Cyber Security: protecting
information and communication networks” project.
The project is funded by European Union’s Instrument contributing to Stability and Peace
and it falls within the framework of EU effort to built Capacities in Partner Countries for
protection of Critical Infrastructure including Electronic Information and Communication
Networks for Cyber Security. Commencement date of the Project is 6th of January and will
last for 24 months. Total budget of the project is 1.485,000 Euros and is implemented by a
consortium led by ADETEF (http://www.adetef.fr/) and CIVI.POL Conseil (http://www.civipol.
fr/en). Specifically, the main partner countries are in South East Europe and the Western
Balkans regions. In these regions, three countries: FYROM (the Former Yugoslav Republic of
Macedonia), Kosovo and Moldova have been selected as principal partner target countries.
The overall objective of the project is to increase the security and resilience of Information
Communication Technology networks in the partner countries by building and training local
capacities to adequately prevent, respond to and prosecute cyber attacks and/or accidental
failures and by establishing an appropriate legal framework where applicable at regional
level. There are five main expected results to be achieved:
Creation of a trans-regional cyber security coordination framework to increase the resilience
of critical IT infrastructures, and the harmonisation of national legislation with the relevant EU
standards in the field
Development of cyber threat analysis capacities of national authorities, and the creation
of national specialised cyber security units; Creation and/or the development of national
Computer Emergency Response Teams (CERTs) and 24/7 Contact Points; Introduction and/
or the development of technical and organisational mechanisms ensuring resilience and
preparedness, and first of all the creation of a National Cyber Security Strategy (NCSS);
Development of effective international cooperation in the field and national and regional
network building between law enforcement, private sector, and CERTs.
97
These will be achieved throughout three Main Components of the Project:
COMPONENT 1: Cyber security strategies and awareness raising; COMPONENT 2: CERT
Capacity Building: COMPONENT 3: Enhancing Cooperation: PPPs and International
cooperation
Main key stakeholders of the Project are:
Government representatives in charge of overall cyber security policy and protection
of critical infrastructure of the country; IT/Telecommunication ministry representatives
(cyber security regulation and enforcement); CERT representatives; Ministry of Interior
representatives (Law Enforcement); Ministry of Justice representatives (Legal framework);
Private/Civil Society/Academia representatives and possible other actors as specified in the ToR.
The following approach will be used per Components:
OMPONENT - 1 - Cyber security strategies and awareness raising
involves advice on development of the cyber security strategy while organising one workshop
for each partner country with the involvement of decision makers. Much attention will be
paid here not only to the policy concepts that should be addressed through the proposed
activities, but also to the coordination among stakeholders, as well as promotion of
enhanced institutional involvement. The exact dates of the workshops will be determined in
cooperation with each country project interlocutors / stakeholders for this activity. In addition
it involves the design and implementation of cyber security awareness raising activities
taking into consideration the relevant awareness initiatives that have been undertaken to
date. The project team will initially map current awareness activities and campaigns, before
proceeding with the development of a detailed awareness raising plan to be implemented
within this project. Much attention will be paid here to the coordination among stakeholders,
as well as promotion of enhanced institutional involvement.
COMPONENT 2 - CERT Capacity Building
aims to create and develop comprehensive and sustainable capacities of the National
CERT’s notably through conducting a Training Needs Assessment, designing and
implementing specific trainings, developing specific guidelines for them based on ENISA
good practices on setting up CERT’s , and conducting a study visit to share good practices
from another countries with relevant experience. Support in creation of the national CERT
will be done in FYROM and Kosovo, while Moldova will be supported in strengthening their
operational national CERTs. To follow-up and capitalise two joint cyber security exercises will
be organized with the partner countries of this project.
COMPONENT 3 - Enhancing Cooperation: PPPs and International cooperation
will tackle the issue of public and private partnerships and collaboration between
government and academia for cyber security, and put in place a stable and organised
network between these different actors. In addition, cooperation and systematic exchanges
at the regional and international levels are needed in order to better understand and tackle
the cyber security phenomenon. Consequently the project will support participation in joint
international events. An ambitious, though realistic, plan of activities for implementation
aims at making tangible contributions and addressing priority needs in cyber security in the
partner Countries of the project.
98
Teodor Lupan
Technical Director, Safetech
I am a dedicated person with strong knowledge of Ethical Hacking&Penetration Testing
practice methodologies, tools, attacks and countermeasures, very good hands-on
experience on security testing and real-world hacking scenarios. As a proof, in 2011, I
have participated as the Subject matter Expert to develop the exam evaluation for Certified
Ethical Hacker – CEHv.7 certification within the EC-Council and Prometric.
As Technical Director in an Information Security consultancy firm I am in charge with
providing our customers security services like penetration testing,cloud security consultancy
and secure software consultancy amongst others. Over time I have also acquired key
skills in Banking & online transactions security, IT security, operating systems, networking,
programming, cryptography, web technologies, monitoring, system administration,
VoIP telephony, RFID technologies and others. This experience is proved by numerous
certifications obtained: OSCP Offensive Security Certified Professional; LPT Licensed
Penetration Tester; ECSA Certified Security Analyst; CEH Certified Ethical Hacker; RHCE
Red Hat Certified Engineer
Penetration testing of Mobile Applications
Mobile applications security represents a major concern for businesses, and the variety
and the increasing number of attacks demonstrates that this concern is very real. We will
analyze the Who, Why and How factors in mobile applications (in)security, while focusing on
the mobile applications vulnerabilities and how a security tester discovers them during the
penetration testing process.
99
Alexandru Nacea
Senior Consultant - Information Security - Datanet Systems
Alexandru Nacea is a Senior Consultant on Information Security at Datanet System for
almost a year, being in charge of Security Solutions, and worked for 8 years in the public
sector providing design and implementation of nation-wide communications network for
public institutions.”
Threat focused security
Datanet Systems, as a Cisco Gold Partner and also one of the leading system integrators
of IP communication and data center infrastructure, within the Romanian market, delivers
intelligent CyberSecurity solutions for the real world, using the Cisco latest technology
that provides one of the industry’s most comprehensive advanced threat protection.
Cisco’s threat-centric approach to security reduces complexity, while providing unmatched
visibility, continuous control and advanced threat protection across the entire attack
continuum, allowing customers to act smarter and more quickly -- before, during, and
after an attack. The issue our customers are facing today is the dynamic threat landscape.
Modern attacks are more sophisticated, well targeted and launched by experimented
hackers. They will study you, probe your defenses and countermeasures, then create
malware to penetrate your environment. And they will test it, against all the AV they
know you run. And only when it fails to be detected by ANY of them they will release it
into “production” and deploy it into your network. Only when the malware has deployed
successfully their real work will begin - data exfiltration, strategic deletion or alteration,
etc. Given the sophisticated threat environment, the customers need solutions that offer
protection against new attacks and a reduced complexity.
100
Security solutions should offer security before, during and after attacks:
• Before an attack: implement access controls, enforce policy and block applications.
• During the attack: must have the best detection of threats that you can get.
• After the attack: must determine the scope of the damage, contain the event, remediate
and bring operations back to normal.
For a better protection against advanced malware Cisco offers AMP for hosts (FireAMP),
network (ASA and FirePower) and gateways (CWS, ESA and WSA). Key fetures of AMP on
content security are file reputation, file sandboxing and file retrospection. AMP offers:
• Malicious files block where no signatures exist;
• Continuous files monitoring that have traversed the gateway;
• Protection across the attack continuum – before, during, and after.
Based on the experience of implementing security solutions and using the latest technology
offered by Cisco, Datanet Systems provides access to the industry’s latest innovations, thus
guaranteeing advanced protection of resources at the whole enterprise lever. During more
than 16 years of activity, Datanet Systems ensures a complete and competitive security
solution portfolio at international standards covering intrusion prevention, firewalls, access
control systems, highly scalable solutions for Layer 2 and 3 OSI network traffic encryption,
data loss prevention, document classification, and web and email security solutions.
Valentin Necoar[
PKI&Crypto Business Unit Manager, certSIGN, Romania
Ing Valentin Necoar[ (37 years) – responsible on behalf of 2nd Partner (certSIGN) is
PKI&Crypto Business Unit Manager. He graduated from Automatics and Computers Faculty,
“Politehnica” University of Bucharest and has a MSc in Information Security Management at
the Military Technical Academy in Bucharest. Mr. Necoara has the expertise required in
the project described in this proposal having an extensive experience in industrial projects
implementation especially on information security field. From his position as Product
Manager, Valentin Necoara planned and coordinated developemnt and implementation
of several security information products from certSIGN’s portfolio, the most important
achievement being the PKI Certificate Authority product certSAFE which is used as a
qualified CA nationwide. certSIGN CA is included as a Trusted Root Certification Authority
in most of the existing browsers and in the process of becoming trusted for the rest of the
systems that manage such trusted certificate providers, for desktop and mobile systems
also. Mr. Necoara coordinated the implementation of certSAFE in the RO-FSCH 4.2
(SCHENGEN facility,), the biggest PKI project implemented in Romania. Over the years, at
certSIGN, Mr. Necoara was involved in research and development activities in collaboration
with local and foreign institutions, collaboration which included : digital signatures,
cryptographic algorithms, security protocols, PKI infrastructures and trusted electronic
services, authentication services, smartcard security and many more. In Romania, with
certSIGN, he was involved in several projects won on national research competitions:
• “Serviciu de Posta Electronica Nerepudiabila Securizata cu valoare legala (SPENS)”,
– “Non-repudiation secure e-mail system with legal value” 2008-2011.
• “Platforma informatica pentru managementul securizat al datelor personale bazata pe smart
card-uri si infrastructuri PKI (PLATSEC)” “Information system for secure management of
personal data based on smartcards“, contract Nr. 82105/ 01.10.2008, 2008 – 2011.
• “Studiu privind modalităţile de autentificare în cadrul sistemelor e-Government”,
“Authentication Methods valid for e-Government systems analysis” contract nr. 56 /
06.11.2008, 2008 – 2010.
Web Content and Non Repudiation. What is possible and what is not
One of the major threats in cyber business is regarded by the authenticity of the content
delivered by web servers to web clients. In this regard one major point that need to be
addressed regards the possibilities to certify that content which was delivered by web
servers to web browser clients at a certain point in time. Points to be addressed during the
presentation will also include cloud based services and dynamic content along with issues
regarding trusted third party as a web content certification service.
101
Takeshi Niiyama
McAfee Japan & doctoral school of Doshisha University, Kyoto
Takeshi Niiyama works for McAfee Japan and also follows the doctoral school of Doshisha
University Graduate School of Policy and Management Technology and Innovative
Management, Kyoto in Japan. For McAfee, Takeshi Niiyama is responsible for new product
and business development in Japan.
Especially, Takeshi Niiyama is expert in the mobile security worked on android OS fields and
worked with Ministry of Internal Affairs and Communications from January to April 2014. At
the doctoral school, his major research topic is Information Security in National Identification
Number called My Number which will be effective from January 2016 in Japan. It is a new
hot topic, which will be useful and beneficial for the Japanese society. He graduated
Master of Science information Technology Information Security (MS-IT IS) of Carnegie
Mellon University strongly related to CERT. Knowledge of Technology, economics, Low and
Legal, and Organization behaviour was acquired during master course.
Information Security in National Identification Number, called My Number in Japan.
Risk evaluation in Commercial Use
National Identification Number called “My Number” was passed by the House of Councilors
on May 24th 2013. It will be effective from Jan 2016. Most significant concern is information
leakage of My Number. In this paper, Information leakage incidents oversea situation was
researched and analyzed the situation. Through this research, some counter proposal
against the information leakage incidents of My Number.
Alessandro Acquisti et al reported at Black Hat 2012 that SSN (Social Security Number)
is defined using facial identification. Anyone could not assume that SSN was identified
using picture on Facebook. By using Google research for 10 hour for each foreign country,
34 information leakage incidents of Resident Registration Code (RRC) -called Juki-Net
in Japan, 16 information leakage incidents of Social Security Number in United States, 7
information leakage incidents of Residential Register Code in South Korea.
In this paper, many Information Leakage incidents in Japan and outside Japan were reported
and analyzed. Based on this report, it is predicable when “My Number” is used for commercial
service, information leakage incidents happened would be increased at various places.
Many patterns of attack were clarified. Many hints to prevent the incidents were shown.
Recommend necessary solution or measure against information leakage shall be proposed for
government for their public policy. All possible use case of “My Number” was thought.
When ISMS was used to evaluate the commercial user of “My Number” based on use
cases, some learning items were found. Frequent incidents were IT Theft or lost
“My Number on the train or road. Therefore, it is important for people to treat “My Number”
carefully or not to expose their ID including “My Number”.
102
For future work, risk evaluation of “My Number” at Campus of University will be done soon.
Based on the results, finally, public policy will be proposed for government.
Darko Perhoc
Deputy CEO, HR-CERT - National CERT department
Croatian Academic and Research Network - CARNet
Darko Perhoc has a master’s degree in Faculty of Engineering and Computing (FER) in
Zagreb. He worked in Croatian telecom (HT) and Vipnet mobile operator where he was
in charge of design and security of IP core networks and services. He also worked in the
Zagreb Stock Exchange, where he designed and led several years of network and security
services. Now he’s the employee of CARNet- Croatian Academic and Research Network
and his responsibility is CARNet Assistant Director and Head of National CERT department. He has more professional level international certifications pertaining to the field of networking
and security: CISSP, CEH, CCNP Security, CCIP, CCDP, CCNP Routing & switching
The role of Croatian National CERT and ACDC - Advanced Cyber Defense Project
This presentation consists of two parts. The first part will describe legal framework as a
basis for foundation of National CERT since Information security act describes National
CERT position and determines its jurisdiction and work area. Practical aspects of
coordination with CERT reactive and proactive services will be described as well as the
procedure for incident handling. CERT reactive services are mostly automatized and the
presentation will describe the way how open source and developed tools were integrated
into incident handling procedure. The tools are also generating some statistics about
incidents and some basic statistics about incidents will be presented.
In the second part of presentation will be explained why ACDC project, co-funded by EC, is
important for National CERT. Presentation will describe some basic fact about the projects
and its objectives. After introduction, some principles of project infrastructure and Croatian
national support centre will be described as well as CARNet role in the project.
Maksym Pylypets
CERT-UA (Computer Emergency Response Team of Ukraine);
Mr. Maksym Pylypets is an information security specialist (unit of cyber threats mitigation
and information security audits). He graduated from the Institute of Special Communication
and Information Security National Technical University of Ukraine “Kyiv Polytechnic
Institute”. Since 2013 member of CERT-UA (Computer Emergency Response Team of
Ukraine); he is an advisor for government agencies on cyber security-related issues.
Protecting Ukraine from cyber threats: CERT-UA’s practical approach
103
Dr. C[lin Rangu
Manager of Extreme Events Institute organised within thee SNSPA
Călin is manager of Extreme Events Institute organised within the SNSPA. He is deputy
director of Integrated Supervision Directorate of Romanian FSA, holding a PhD in neural
networks applied in financial series processing, MBA in banking and finance, double
licensed in economics and engineering, Lector at Financial & Banking University, MBA
Lector for City University of Seattle and Romanian Banking Institute, he has a broad
experience in management, banking, operational risks, IT and financial services, products
and technologies. He acted over 13 years as director at the National Bank of Romania and
Raiffeisen Bank, and general director of Romanian subsidiary of Raiffeisen Informatik Austria
Group. He acts in several associations, being president of Intellectual Capital and Change
Management Institute.
Cloud risks vs enterprise risk
All time people are saying that cloud is unsecured. Is truth? From operational risk
management where you more safe, to an outsourcing company or in out private company?
If something happen who is more liable, the oursoircer or the IT director? And a lot of more
other questions are having responses.
Andrei Rusnac
Head of the Directorate of IT Security, Security and Intelligence Service,
Republic of Moldova
The necessity of complex and effective approaches to the process of ensuring
national cyberspace security
The intensive and extensive scale development of electronic communications and
information technology, beside undeniable benefits, generates new risks and threats
to information security – important component of the national security of the
Republic of Moldova as a whole.
104
The intention of criminal structures to use modern information technology for their
illegal purposes, the need to ensure the rights of citizens in cyberspace, as well as the
current variety of threats cause an urgent need to protect data in the information and
telecommunication systems. The necessity of complex and effective approaches to the
process of ensuring national cyberspace security significantly increased, including national
critical infrastructure, insurance and protection of information qualified as state secret,
to prevent and combat crime, cyber extremism and terrorism.
Cristian Şerban
Application Security Specialist at Betfair
Cristian Serban is a renowned senior specialist for software security. He worked 5 years
ar Betfair as Senior Apllication Security Analyst, before joining William Hill, where he was
responsible for software security developed in 3 development offices. He coordinated
security testing of wide range of products, mobile, web internal and externally developed.
He also implements SDLC in Agile projects by training Security Champions in each dev
team and include dautomated security testing in continuous delivery environment.
Since a year, he’s back at Betfair as Application Security Specialist.
Quick overview of an application security department, who am I and what I do.
Who is my enemy, my stakeholders and my partners; the hackers, the developers or the product owners?
Bad publicity and money losses are surprises that no company needs. Security Champions
and white hat hackers work together to ensure the business continuity. The problem we are
trying to address is that software is analysed, designed, developed and tested by people
and people are destined to make mistakes from time to time. Not only the mistakes but also
the imperfect teaching system the often time pressure to release to market yesterday and
other reasons lead to shipping software with bugs. Some of the bugs can be exploited for
the advantage of someone usually the attacker. We call this bugs security vulnerabilities.
The Application Security department is specialised in testing and identifying vulnerabilities,
advising the correct fixes, training the people to recognize on these issues and prevent
introducing them again in future releases. The best way to identify and address security
risks is to act throughout the entire software development lifecycle.
Roy Shamir
Regional Sales Director for the forensics division, CELLEBRITE
Mr. Roy Shamir joined Cellebrite in May 2013, as Regional Sales Director for the forensics
division. He brings to Cellebrite over 13 years of sales experience from various companies
including Bezeq INT, CMYK Global and Bynet Data Communication. Roy holds both a
Masters and a Bachelors degree in Business Administration.
Mobile devices: the latest tools available for the forensics investigator
With the proliferation of mobile devices to our everyday lives and the ever growing amounts
of data they store, so increases their importance to law enforcement professionals in fighting
crimes and with every device holding an ever growing amounts of data, the investigator’s
work is becoming challenging by the day. Join us get a glimpse of the latest tools available for
the forensics investigator to extract, decode, discover, analyze and report of critical evidences
from mobile devices.
105
Silviu Sofronie
Forensics, Sysadmin, DEV-Ops, Networking, Jazz and (in)Security Addict, Bitdefender
Silviu is leading the gathering and analysis of Threat Intelligence feeds, from Honeypot
deployments to Law Enforcement & CERT collaborations. He owns 500+ honeypots,
providing real time feeds on threats that are emerging, as well as monitoring known threats
to observe any changes in behavior from good old hacks and hackers. TOR Hidden
Services opened a new opportunity to bring fresh blood to the team of 20+ whitehats he
is relentlessly calling upon to solve real challenges, amongst other of his own inSecurities
that must be researched. Law Enforcement & CERTs collaborations were his best excuse
to wonder through Europe and the USA, with Asia coming up. TOR, Internet of Things,
Botnets, Ransomware, Mobile Security, Honeypots, IPv6, politics, good stories, choose any,
that’s enough to have him join you for a long documented discussion on the topic. Silviu
lives and breathes Bitdefender since 2009, right after college, starting as a Network&System
Admin in the Antispam Lab, and moving trough DevOps to help deliver a Cloud based
Antispam Product. Seeing that Antispam is an important vector of infection for popular
botnets, he surprised everybody by moving to a more exposed attack surface, the Internet
and all it offers. User behaviour centric honeypots, TOR Hidden Command and Control
Servers, propagating malware and plain old school botnets seemed like a better choice for
protecting a bigger chunk of the Internet users.
Bitdefender forensics global initiatives
106
The Presentation will cover previous investigations Bitdefender Forensics team did,
and will underline the importance of colaboration between security companies and Law
Enforcements agencies.
Analysing malware and reverse engineering the processes that
implement a botnets functionality is only the start of an investigation. The purpose of our
Forensics work is to succesfully takedown a threat that has a big impact on the security
of the Internet. The journey from the malware sample discovery to the takedown operation
itself consists of many international endeavours, some which last longer than others.
This adventure is more than anything an unpredictable one, with twists and turns that
shatter the route we had planned at the begining of the day. From the speed of light on
the wire to the crawl of having to sort through gigabytes of logs and dozens of scripts,
this endeavour is certaintly an interesting one.
Collaboration is key, especially when you’re
repeating the same process someone else has worked on before you. Speed is of the
essence in botnet takedowns, and a shared investigation could lead to much better results,
quicker.
Albena Spasova
President of the Management Board, International Cyber Investigation Training
Academy
Latest attacks and the role of an early warning system for cybercrime detection and
prevention model
In the 21st century most of the crimes are committed through the use of information and
communication technologies. Which are the current threats and what are the tools used to
commit these threats is the theme of the presentation “Latest attacks and the early warning
system for cybercrime detection and prevention model”. The Bulgarian response to the
expansion of cybercrimes is an effective public-private partnership with main focus on
prevention. According to 78% of the participants in the “Survey on assessing the needs to
develop an early warning system for cybercrime detection and prevention”, conducted by
the International Cyber Investigation Training Academy in 2013, an early warning system for
the cybercrime detection and prevention is needed. The successful model for combating
cybercrime is when we all share the responsibility - government institutions, businesses,
public administration, academia and non-governmental sector and users.
107
Natalia Spinu
Head of the Cyber Security Center CERT-GOV-MD
Natalia Spinu is the head of the Cyber Security Center CERT-GOV-MD, S.E. Center for
Special Telecommunications, State Chancellery of the Republic of Moldova. She has been
department chief of Moldova’s Special Telecommunications Centre and project coordinator
at the Information and Documentation Centre on NATO. She is a 2012 graduate of the
Marshall Center’s Program in Advanced Security Studies, a graduate of the European
Training Course in Security Policy at the Geneva Centre for Security Policy, and has a
master’s degree from the European Institute of the University of Geneva.
Current Threat Landscape in the Republic of Moldova
In our days, protecting highly sensitive information and critical infrastructure is the most
important aspect of domestic security. Protection of the data and ensuring of high
availability of communications systems have become matters of survival in our century.
Republic of Moldova tends to become a country with an advanced information society
where the use of information and communication technology and advanced informational
services drives to economic competitiveness, population welfare and good governance
of the country. Thus, the lack of security in the cyber space area reflects as well upon the
development of our country and e-governance program.
The goal of this presentation consists in providing of an insight in the regard of current
threats faced by the Republic of Moldova. The presentation will try to identify the problems
in the most different aspects of cyber security domain, as well as it will answer what was
already done and what is need to be done in order to protect critical infrastructure and
Moldavian society.
In this regard, Cyber Security Center CERT-GOV-MD as an only governmental organization
in charge of cyber defence of Moldavian public administration authorities and critical
infrastructure providers, that aims to prevent cyber-attacks and to provide quick responses
in case of a cyber-incident, supports this presentation by proving the most relevant and upto-date data and an overview of current threat landscape in the Republic of Moldova.
108
Dan Tofan
Technical Director
Dan Tofan is a technical expert, with an extensive experience, in the field of cyber
security, gathered from the governmental, academic and private sector as well. He
holds a PhD in computer sciences – cyber security, and has multiple cyber security and
project management related certifications. In present he coordinates all technical projects
developed by CERT-RO, being also part in several European workgroups related to cyber
security policy making and standardization.
State of cyber security in Romania
The presentation will cover facts about current state of cyber security within Romania,
based on the information collected by CERT-RO regarding cyber security incidents that
affected RO.
You will find out about the main type of cyber security incidents that affected RO
organisations, common types of malware affecting RO populations and info regarding
compromised websites.The presentation will also focus on some current projects developed
by CERT-RO.
109
Ondrej Valent
Regional Sales Manager of SafeNet responsible for Central EMEA region
Ondrej Valent is Regional Sales Manager of SafeNet responsible for Central EMEA region.
Prior to this position he was responsible for CEE South Region as Regional Channel Sales
Manager. He is working for SafeNet Since 2010 and prior SafeNet Ondrej held a Product
Manager position at VAD DNS a.s. in Czech republic. Ondrej is experienced security
professional in the industry for almost a decade. Ondrej is absolvent of Czech University
of Life Sciences in Prague where he achieved title Ing. on faculty of Economics and
Management.
Secure the Breach: SafeNet’s three step approach takes into account, where your
data resides, how you store and manage that data and who has access to it.
Learn how to encrypt all sensitive data at rest and in motion, securely manage and store all
of your encryption keys, and control access and authentication of users.
Protect What Matters Where it Matters: In an age where data is distributed across and
beyond the enterprise, organizations cannot rely solely on perimeter security. An air-tight
solution accepts that a security breach will occur and ensures that sensitive data remains
concealed. Integration and usage examples, like Palo Alto, etc.
110
Ioana Vasiu
Faculty of Law, Babeş-Bolyai University
Ioana Vasiu is Professor at the Faculty of Law, Babeş-Bolyai University and Director for
International Affairs of “Paul Negulescu” Institute of Administrative Sciences, Sibiu.
She holds a Doctor of Law degree (1994) and attended a number of scientific programs,
such as those offered by the Academy of European Law at the European University Institute
(Italy), European Commission (Grotius II Criminal) or UNDP/ILO Torino. Between 2010-2013,
she was Project manager in the FP7 CONSENT Project: Consumer sentiment regarding
privacy on user generated content (UGC) services in the digital economy (funded by the
European Commission). Between 2004 and 2005 she worked as researcher for the OLAF
Project: Rights of Defence. In 2004 she was invited as expert at the seminar Implementing
High Quality Regulation: Communication, Compliance and Enforcement, organized by
the OECD. Between 2002 and 2005 she was co-chair of the Management and Delivery of
Justice Group of the EGPA. Between 2002 and 2003, she was team Leader of the GROTIUS
(PENAL 2) Project of the European Commission. Since 1997, she is Vice-President of
the Romanian Association of Criminal Sciences, Cluj-Napoca Branch. In the year 2000
she worked as expert for the UNDP Romania. She is Vice-President of the Romanian
Association of Criminal Sciences, Cluj-Napoca Branch, member of the Romanian Intellectual
Property Law Association and member of the International Association of Penal Law. She
published a large number of books, journal articles and conference papers in cybercrimes.
User generated content websites. A profitable medium for cybercriminals
User generated content (UGC) websites represent a very large global phenomenon,
encompassing numerous types of content and interactions. Apart from many benefits,
however, these websites present numerous criminal opportunities. In this article, we discuss
the main end-user security threats and means of perpetration on UGC websites.
We conclude with recommendations.
111
112
La demoiselle au chapeau. Sibiu, 2011 © Courtesy of Louis Guermond