Le Groupe Banque Finance Assurance de la SFdS s'associe au Working Group on Risk de l'ESSEC-CREAR pour sa prochaine conférence sur le thème :
"CYBER DEFENCE – TWO CASES OF PRACTICAL ATTACKS IN BUSINESS COMMUNICATIONS"
par Patrick LEGAND
Directeur de XIRIUS Informatique
La conférence aura lieu le jeudi 20 décembre à 12h30 à l’ESSEC campus La Défense (CNIT) - Salle 202.
Short bio of the speaker:
Patrick LEGAND is the Managing Director of XIRIUS Informatique, in charge of Cyber Defence and Digital Security. He has provided consultancy for nearly 30 years in IT security critical areas (Operators of Vital Importance, France / NATO Military programs, French Administrations). He is accredited by ANSSI to perform, in collaboration with LSTI, RGS / eIDAS certification audits (all Trusted Service Providers in France and several in Europe), and is the designer of the French “EBIOS Risk Manager” review. He periodically organizes or participates to international conferences in Cyber Defence, and is expert to the European Commission in the areas of Trust & Confidence and e-Business Security. He is the author of « Sécuriser enfin son PC » (Eyrolles, 2006).
Recent cyber-attacks, among which the most remarkable ransomwares Petya or Wannacry, have shown that the compromise of IT systems has today critical impacts on production, disruption of customers (e.g. health sector), costs (loss of about 200 million in turnover for Saint-Gobain) or even survivability of companies. The most popular attack vectors still rely on well-known techniques, essentially USB sticks and malicious e-mails, and the countermeasures remain simple: user’s security awareness and the application of security good practices, as recommended by the French ANSSI Agency. However, powerful organizations, governments, mafias or competitors, are able to develop specific and targeted attacks, undetectable by security products in place, capable of trapping security professionals and making an overall company to be silently compromised. The first case will address this issue, and will show, towards very specific examples, how to simply detect potentially malicious attacks on e-mail systems, and efficiently escape from such intrusion attempts. The second case will explain how, in certain circumstances, electronically signing a contract may lead to the elaboration of a fraudulent contract. To achieve the demonstration, we will shortly explain the principles of hash and public key algorithms, and see how to make an optimal use of electronic signatures in order to avoid attacks.
Retrouvez toutes les informations pratiques et les précédentes conférences
sur le site de CREAR-ESSEC : http://crear.essec.edu/working-group-on-risk