Automation of risk-based vulnerability management based on a cyber kill chain model (C&ESAR 2021: Automation in Cybersecurity - Call for Papers)

Who

Paul Varela, Alexis Ulliac, Jean-Luc Simoni, Thomas Massip, Thomas Devaux

Track

C&ESAR 2021: Automation in Cybersecurity Call for Papers

Time Zone

The program is currently displayed in (GMT+01:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+01:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Wed 17 Nov 2021 11:20 - 11:40 at Grand Auditorium - Security Analysis Chair(s): Gurvan LE GUERNIC

Abstract

Risk management and Vulnerability management are both essential cybersecurity domains. They are often managed independently without a proper interface to provide context information to each other’s and share information. This paper proposes an approach to connect risk management and vulnerability management processes and provide automation in both ways to help to categorize and sort a large number of vulnerabilities and build operational risk scenarios relevant to the business. A four steps approach presents the process for connecting and adjusting information from Operational Scenario (OpeSce) and Vulnerabilities: STEP 1 Link Operational Scenarios and Vulnerabilities, STEP 2 Re-assessment scoring of the Operational Scenario, STEP 3 Re-assessment scoring of the Vulnerabilities.

Paul Varela

Thales SIX GTS France

France

Alexis Ulliac

Thales SIX GTS France

France

Jean-Luc Simoni

Thales SIX GTS France

France

Thomas Massip

Thales SIX GTS France

France

Thomas Devaux

Thales SIX GTS France

France

PPTX slide deck

PDF slide deck

Audio recording

Proceedings paper

Time Zone

The program is currently displayed in (GMT+01:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+01:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Wed 17 Nov
Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

11:00 - 12:00	Security AnalysisCall for Papers at Grand Auditorium Chair(s): Gurvan LE GUERNIC DGA MI & Université de Rennes 1

11:00 20m Talk		Systématisation d’une démarche de sécurisation par conformité ajustée aux besoins et enjeux de sécurité – une revue critique // A critical review of approaches to securing proportionally to the needs and stakes – with automation considerations Call for Papers Stephane Paul Thales Research and Technology, Nicolas Van Cauter Thales SIX GTS France, Paul Varela Thales SIX GTS France, Simon Leboeuf Thales Services Numériques, Michael Catroux Thales Services Numériques Media Attached
11:20 20m Talk		Automation of risk-based vulnerability management based on a cyber kill chain model Call for Papers Paul Varela Thales SIX GTS France, Alexis Ulliac Thales SIX GTS France, Jean-Luc Simoni Thales SIX GTS France, Thomas Massip Thales SIX GTS France, Thomas Devaux Thales SIX GTS France Media Attached
11:40 10m Day closing		Closing by the General Chair Call for Papers Gurvan LE GUERNIC DGA MI & Université de Rennes 1 Media Attached
11:50 10m Day closing		Official Closing Call for Papers