Former European Capital of Culture in 2007, Sibiu is transforming few days per year in a Cybersecurity European Capital. It is one of the happy collaboration situations in which a private initiative of some enthusiastic organizers enjoy a total support from international institutions, from government organizations and from technology community.

The 4th Edition of the “Cybersecurity in RomaniaCongress is organised by the Swiss WebAcademy, in collaboration with Security Brokers International, New Strategy Center, Agora Media Group, and iBusiness.

The Cybersecurity Congress will be held in Sibiu (Hotel Ramada and Hotel Golden Tulip) on September 13th-16th 2016, under the high patronage and in the presence of the Swiss Ambassador in Romania, H.E. Urs Herren.

Like in the precedent editions, the ITU (International Telecommunication Union, UNO-Geneva), is offering the main support in Cybersecurity Congress 2016 by the presence of its cyber-security division and sustaining the presence of many internationally renowned specialists.

The value of the event is demonstrated by the interest of major government organization like the Romanian Intelligence Service (SRI) – represented by the CYBERINT Center, as well as the General Inspectorate of the Romanian Police (IGPR), the ANCOM (Romanian National Authority for Management and Regulation in Communications) and the CERT-RO (Romanian National Computer Security Incident Response Team) which decided to become partners too.

header-cyber-2016-2More important European actors accepted to become partners: The Ministry of Security and Economy of the Swiss Canton of Geneva – represented by the Geneva State Police, the center of the Special Telecommunications of the Republic of Moldova – represented by the Cyber Security Center CERT-GOV-MD, the Global Cyber Security Center (GCSEC) of the Italian Posts and the Listeners Institute of Higher Studies for National Defense in Franche-Comté (AR10 of the IHEDN).

Among professional partners, the congress is backed by two powerful associations, the CLUSIS (Swiss Association of Information Security) and its Romanian counterpart, the ANSSI (Romanian National Association for Information Systems Security).


Cynersecurity 2015 – Awareness day Success

According to the organiser’s concept the Cybersecurity Congress is the only non-technical and non-marketing orientated event in Romania – and one of the few in Central and South-Eastern Europe – in the IT&C security field. The event is addressing to both national and international experts, oriented towards international cooperation and real public-private partnership models of success identified at the global level.  Moreover, this co-participation formula is rising the international trends awareness, providing all the necessary information on security threats and data protection measures to be taken by the CEOs and decision-makers.

This formula helped the Congress to grow in quality and internationality, reaching new horizons and being since 2015 promoted as “best practice example” by the International Telecommunications Union (ITU). The first day of the Congress is dedicated special awareness training offered by specialists in two sessions:

  • One awareness training for children and teenagers
  • A non-technical security training for CEOs and executive levels.

For more details about Location, Program, Participants, Speakers and Partners list, please visit Cybersecurity Romania official Web page


 For Last Minute Registration just access the dedicated Web page


IDC IT Security Roadshow: Reaching The New Frontiers in Data Protection

 IDC2 Cover

2nd article: Facing to invasion of more and more sophisticated data security threats business leaders push IT to deploy new technologies and services.

Continuing presentation of the IDC IT Security Roadshow organised in April 14th in Bucharest, will try to review the most important security issues discussed during keynote presentations and panel sessions.

Expose the Unknown – most important driver of data prevention for Check Point

One of the hottest subjects in the industry now is zero-day attacks prevention. According to Check Point a “zero-day” exploit is any vulnerability that’s exploited immediately after its discovery. We speak here about rapid attacks that take place before the security community or the vendor knows about the vulnerability, or has been able to repair it. Such kind of exploits are a Holy Grail for hackers because they take advantage of the vendor’s lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc. Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol. Once discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites. From practice, detailed information about zero-day exploits are available only after the exploit is identified.

IDC2 Check Point

Source: IDC

“Increasing your enterprise security often means increasing your complexity and management challenges in kind. Check Point delivers a multi-layered line of defence to help you maximize your security while minimizing challenges and closing gaps”, said Cezar Varlan – Security Engineer, Check Point Software Technologies

Trying to cover multiple-layers potential vulnerabilities, many organizations are investing in a disparate mix of new security technologies from a variety of vendors. All these tools provide punctual advantage but each must be managed individually, including reporting, provisioning, configuration and testing tasks.

Check Point offers a comprehensive solution, with a full range of interoperable threat prevention blades, common policy management and monitoring, and maximum protection from emerging threats. Attackers have become more creative, reaching corporate resources with modern and complex malware attacks. Check Point SandBlast Zero-Day Protection combines innovative technologies to proactively protect against even the most dangerous targeted attacks and unknown malware, while ensuring quick delivery of safe content.

Staying ahead of the threat with Fortinet

IDC2 Fortinet

Source: IDC

Today’s threats are increasingly sophisticated and often bypass traditional malware security by masking their maliciousness. As these attacks become more advanced, organizations must similarly improve their security posture. Why do these breaches continue? “Extreme focus on compliance, reacting only to known threats, and existing of to many point solution are between main reasons”, said Adrian Danciu – Regional Director, South Eastern Europe, Fortinet. “More that, the lack of a defined perimeter offers a borderless attack surface.”

Fortinet solutions are based on a deep segmentation for protection against outside and inside threats, proactive Mitigation, Advanced Threat Visibility, and Flexible Deployment Fortinet Advanced Threat Protection relies on multiple types of security technologies, products, and research applied from the network edge through to endpoint devices. To deliver the most effective protection, they are integrated to work together automatically, continuously handing off data from one to the next to identify, evaluate and respond to attacks.

Fortinet Advanced Threat Protection Framework delivers end-to end protection across the attack chain, based on three elements which work hand-in-hand:

  • Prevent – Act on known threats and information
  • Detect – Identify previously unknown threats
  • Mitigate – Respond to potential incidents

Fortinet was recognised as major player in fastest growing market segment – network security and WLAN market (IDC, 2015), largest network security appliance vendor (units) and quickly growing (IDC – Worldwide Security Products), and second largest provider for Data Center Firewall (Infonetics research).

Applying probabilistic mathematics and machine learning to cyber threat discovery

Very interesting point of view opened by Darktrace and Safetech, based on major role machine learning could have in probabilistic identification of cyber threats.

Image result for machine learning darktrace

Source: Darktrace

Machine learning can be thought of as the third and most recent machine revolution. The first was the replacement of muscle by machine in the industrial revolution. The second involved computers taking over repetitive tasks that had originally been done by people. Machine learning represents computers being able to undertake complex thoughtful tasks.

Darktrace’s technology is powered by advanced machine learning, allowing it to learn what is normal for a company’s network environment, so that it can then determine if any behaviour is abnormal. This allows it to detect cyber-attacks of a nature that may not have been observed before, the unknown unknowns. The ability to self-learn and adapt to a changing environment in real-time allows organizations to reconcile the need for an interconnected workforce, customer base and supply chain, whilst ensuring that they protect against serious, existential threats to their businesses in the most effective and pragmatic way possible.

Legacy approaches to cyber security embody the second revolution: people describe what an attack looks for, and then ask the computer to look for a match to that description. Darktrace turns this paradigm on its head, embodying the third machine revolution: the computer analyses the data and finds areas that merit human interrogation. It is this capability that allows Darktrace to abandon the legacy approach of rules and signatures, and analyse even fast-moving, sophisticated and unknown threats in real time.

“Our vision is to apply human intelligence to cyber defence through revolutionary technology. Deep expertise in cyber defence operations and ground-breaking, self-learning technology allows organizations to keep up with the speed and sophistication of today’s attackers, “said Mateusz Flak – Cyber Security Regional Manager, Darktrace. “The age of surrounding your information with higher and higher walls is over. Legacy approaches permanently leave you a step behind. Darktrace moves at the same speed as the threat, automatically learning from an organization’s ongoing activity in real time to detect threat behaviours as they emerge.”

New approach for modern threat prevention coming from Palo Alto Networks

IDC2 Palo Alto 2

Source: IDC

Most important is everybody should understand the prevention is no negotiable. The Palo Alto Networks’ strategy for modern threat prevention is based on five simple processes every organization should implement, each of them having a well-established actions:

  • Everything must go in the funnel
  • Reduce the attack surface
  • Block known threats
  • Test and adapt to unknowns
  • Investigate and respond
  • Investigate indicators

One of most frequent cyberattacks are ransomware messages. Attackers have traditionally profited by stealing identities or credit card numbers, and then selling them on underground markets. According to the Verizon Data Breach Investigations Report, the

price for stolen records has fallen, so cyber attackers are on the hunt for new ways to make a profit. Due to technology advances in attack distribution, anonymous payments, and the ability to reliably encrypt and decrypt data, ransomware effect is decreasing.

According Palo Alto Networks, the three key steps to protect against ransomware are based on:

  • Preparation – Having a solid backup and recovery strategy in place is the key to recovery if the worst were to happen.
  • Prevention – Segment your network, control access, stop known malware, and quickly detect and prevent unknown malware as it arises.
  • Response – Understand the latest ransomware families and campaigns. Have a plan in place for engaging law enforcement agencies.

To better deserve the threat and attacks research Palo Alto Networks opened Unit42, with clear mission to analyse the data available to Palo Alto Networks to identify adversaries, their motivations and resources to better understand the threats our customers face.

Other valuable principle developed by Palo Alto is based on comprehensive concept of Threat Intelligence. What is Threat Intelligence? “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard, “ explained Peter Lechman – Regional Sales Manager – Eastern Europe, Palo Alto Networks, during his keynote in IDC Roadshow from Bucharest.

A new approach to security from Symantec

Knowing how cyber-criminals are threatening security is the first step to securing information—and any company’s goals. From data breaches to digital extortion, the 2016 Symantec Internet Security Threat Report leverages an unparalleled amount of data and is the resource you need to quickly uncover digital threats.

Here are the main key finding pf the last edition of ISTR, presented by Christos Trizoglou – Regional Manager of MiTech Systems, Symantec in his keynote from Bucharest:

  • A large business attacked once in 2015 was likely to be attacked 3 more times

    IDC Sala 3

    Source: IDC

  • 50% of all targeted attacks were against small businesses
  • 55% increase in the number of spear-phishing campaigns attacks in 2015
  • 3out of 4legitimate websites found to have unpatched vulnerabilities
  • 125% increase in the number of zero-day vulnerabilities discovered
  • 100 Million Technical Support scams blocked
  • 35% increase in crypto-ransomware as it spread beyond end-users to holding businesses hostage
  • A record 9 mega breaches occurred in 2015
  • 430 Million new pieces of unique malware discovered

Symantec is ready to deliver a unified security intelligence platform that leverages the combined visibility and intelligence of all of his offerings (augmented by 3rd-party data) to block, detect, and remediate attacks, protect information, and reduce risk. Best Practices provided by Symantec are based on following advices:

  • Don’t get caught unprepared – Use advanced threat intelligence solutions to find indicators of compromise and respond faster to incidents;
  • Employ a strong security posture – Implement multi-layered endpoint security, network security, encryption, strong authentication &reputation-based technologies. Partner with a managed security service provider to extend your IT team;
  • Prepare for the worst – Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises;
  • Provide ongoing education and training – Establish guidelines & company policies and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.

 Internet Identifiers – Your Most Undervalued and Under Risk Assets?

IDC2 Internet Security ICANN

Source: ICANN

Very interesting subject proposed by ICANN which considers Internet Identifiers for both vulnerability place and security asset. ICANN (Internet Corporation for Assigned Names and Numbers) is a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. ICANN mission is to preserve the security, stability and resiliency of the Domain Name System and domain name registration services, to promote user confidence and trust in these systems.

Obviously identifiers are common targets for loss, misuse or abuse. Domain Name are subject of various attacks, having as consequence loss of Web services, public defacement, eMail or eCommerce functions disruptions. IP addresses damages conduct to network disruption and data exfiltration. Autonomous System Numbers breaks can generate disruption of global communications systems and largescale loss of commercial hosting.


Source: IDC

From Risk Mitigation perspective Internet Identifiers could be considered as assets. The best practice is based on quick adoption of standard risk management practices: regular evaluation of organization’s identifier assets, correct appreciation of the threat landscape and the vulnerabilities status, managing risks by priorities, and correctly positioning of mitigation techniques against protection costs. Periodic analysis is a strong defense.

Resource and relationship management could play critical roles in Risk Mitigation. “Organizations should know their allies, keeping points of contact for mitigation providers, upstream ISPs, hosting providers, registries, registrars, vendors and security service technical support,” said Andrea Beccalli – Stakeholder Engagement Manager – Europe, at ICANN

A new data protection regulation is born… during IDC conference in Bucharest

A happy coincidence was the final approval of the new EU General Data Protection Regulation has successfully passed through the European Parliament in the same day with IDC conference from Bucharest. Essential regulation and the critical importance for European Commission efforts toward a future Digital Single Market were presented by Bogdan Manolea – Legal Advisor,

European Union (EU) member states will now had two years to pass the new regulations – which were proposed by former EU justice commissioner Viviane Reding four years ago – into law. The data protection reform package includes both the GDPR and the Data Protection Directive for Police and Criminal Justice Authorities. It replaces current rules based on directives laid down in 1995 and 2008.

IDC Security 1

Source: cloud☁mania

Concluding, IDC IT Security Roadshow is a professional marathon inviting industry specialists and business managers to think, to learn and to act against digital security threats. This year IT security conference series investigates the threats to key systems, data, and networks, and the main actions that organizations need to take to secure them. IDC is advising security professionals not only to look at investing in security solutions, but also at people and processes, employees and business partners, helping individuals and organizations to develop a strategic thinking.



IDC IT Security Roadshow: Cybersecurity as Key Business Effectiveness

IDC Sala

1st article*: A professional marathon inviting industry specialists and business managers to think, to learn and to act against digital security threats.

Data security has always been one of the critical points in the IT industry, which has developed a real phobia for understanding, prevention and threat intelligence that addresses the inherent vulnerabilities of a system. The digital revolution generated by large technologies adoption in business processes has led on the one hand to mitigate risks but also generated new threats associated with key unexplored.

In his permanent engagements in innovative technology research and new trends adoption, IDC is developing a large frame of activities dedicated to data security and data privacy issues. Part of this engagement, IDC IT Security Roadshow examines global and regional trends related to security and provides actionable advice and best practices for organizations in an era of digital transformation.

IDC 3rd PLatformOrganizations increasingly invest in 3rd-Platform technologies primarily to spur business efficiency and improve business agility, and transform themselves into digital enterprises. These digital enterprises have dedicated fewer resources to securing their 3rd Platform-enabled technology infrastructure in recent years. They are now giving a higher priority to deploying advanced security solutions, as next generation technology investments pose higher security risks. IDC predicts that by 2017, over 10% of security investment will be spent in connection with personal data protection and regulatory compliance.

This year IT security conference series investigates the threats to key systems, data, and networks, and the main actions that organizations need to take to secure them. IDC is inviting security professionals not only to look at investing in security solutions, but also at people and processes, employees and business partners, helping individuals and organizations to develop a strategic thinking.

IDC IT Security Roadshow 2016 is first of all a powerful concentration of forces to communicate, to invite, support and disseminate information of the highest value to a heterogeneous community of specialists. It’s hard to organize and to hold an event. IDC Security Roadshow includes 20 events, in 20 locations in 18 countries from CEMA region, addressing over 3000 experts.

Bucharest was the 10th Roadshow location, after  the conferences that have already taken place starting February in Kiev (Ukraine), Prague (Czech Republic), Moscow (Russia), Belgrade (Serbia), Zagreb (Croatia),  Nicosia (Cyprus), Budapest (Hungary), Bratislava (Slovakia), and  St. Julians (Malta).

Until September 2016, other ten conferences will be held in: Warsaw (Poland), Almaty (Kazakhstan), Athens (Greece), Tbilisi (Georgia), Baku (Azerbaijan), Minsk (Belarus), St. Petersburg (Russia), Cluj (Romania), Vienna (Austria), and Tashkent (Uzbekistan).

Tomas Vavra

Thomas Vavra – Associate Vice President Software, IDC CEMA

Bucharest conference gathered together leading specialists in IT and cyber security independent experts, recognized analytics and key market players to discuss about:  threats and vulnerability management, identity & access management, Web security & mobile security, network security, endpoint protection and threat intelligence security services.

Within last three years, many Romanian companies were exposed to an increasing number of cyber-attacks and were forced to take emergency measures to prevent the threat and overcome the consequences. Unfortunately, the number of cyber-attacks will continue to increase exponentially in the coming years. During his introductory keynote, Thomas Vavra – Associate Vice President Software IDC CEMA, presented a series of facts shaping Romanian IT security landscape related to cybersecurity law adoption and the critical importance of European efforts toward a harmonized regulation frame for all the countries. European Data Protection and EU-US Safe-Harbor Privacy Shield are key part of European Commission strategy to create the Digital Single Market.

EU Originl Data Protection Keyboard

Source: EU Commission

A happy coincidence made that just during the conference in Bucharest in April 14th, the European Parliament announced final vote for the long-awaited General Data Protection Regulation (GDPR). EU members will now had two years to implement the new regulations, proposed by former EU justice commissioner Viviane Reding four years ago. The data protection reform package includes both the GDPR and the Data Protection Directive for Police and Criminal Justice Authorities. It replaces current rules based on directives laid down in 1995 and 2008.

Made in practice, GDPR will give citizens of all 28 member states more information on how their personal data is processed, presented clearly and understandably. They have now the right to know as soon as possible if their personal data is ever compromised, while the “right to be forgotten” has been clarified and strengthened. It will also become easier for people to transfer data between service providers, with the introduction of a right to data portability. The EU also said it saw benefits for businesses, with companies having only to deal with one supervisory authority across the EU, as opposed to one in each member state in which they operate.

IDC’s critical considerations exposed by Tomas Vavra in Bucharest refers to the necessity for a correct evaluation of the impact of proposed data protection rules by a continuous monitoring of data processing procedures. Extending existing solutions to meet specific requirements of national and regional data protection regulations is also a must. Any company and any organization had to plan ahead to have data protection solutions in place prior to their impact in business and operations.

IDC Top 3 Cybersecurity Predictions

#1: Data Protection Regulations – By 2019, 25% of security spend will be driven by the EU and other jurisdictional data regulations, leading to a patchwork of compliance regimes;

#2 Data Breach Impact – By 2020, more than 1.5 Billion People will be affected by data breaches, increasing calls for regulation and alternative authentication measures;

#3: Biometric Authenticated Transactions – By 2020, one-fourth of all worldwide electronic transactions will be authenticated biometrically, driven by the use of biometric-enabled devices.

What is clear in this moment is organizations should rethink their security strategies and to adapt their prevention and protection platforms to the new paradigm. In the actual context of digital transformation, data protection and data privacy are between most disrupted factors. Cloud intensive adoption, Internet of Think platform impact in all industries and mobile apps explosion opened new fronts for new vulnerabilities and more dramatic threats.

IDC Sala 3Adoption of 3rd platform and innovation driven business demands security evolution. Next-generation security solutions should be designed for distributed architecture, incorporating intelligent threat tools offered by Big data and Analytics technologies and data security anomaly detection based on contextual awareness and machine learning advanced mathematical models.

One of the newest and most emerging trend in data security is integration of biometric identification technologies. IT providers have quickly adopted alternative identification technics launching new smartphone models with fingerprint sensors, electronic payment with fingerprint reader as secondary validation system, voice recognition sensors in call centers, facial recognition scanners at events, or iris scan authentication at ATMs.

Unfortunately, a long series of incidents caused by hackers who broke biometric safety barriers and stole entire fingerprint data bases dismounted limits of new technologies credibility. A very active opposition is generated also by a large diversity of lobby groups demonstrating against privacy issues generated by large biometrics adoption.

In his critical considerations and advises for the industries, IDC specialists recommend a carefully adoption of biometric technologies and only as supplementary identification. Passwords are not death.  Any biometric system should be designed on deeply analysis of customer behaviour, consolidating the traditional methods of biometric data protection.

Ending opening keynote Thomas Vavra outlined the IDC’s key takeaways relating to security protection and data privacy:

  • Organizations should achieve full compliancy to rapid development of national and regional regulations;
  • Legacy security solutions are insufficient against modern and advanced threats opened by digital transformation;
  • New strategies should be based on intelligent solutions and services, engaging expert partners able to deliver proactive prevention;
  • 3rd Platform development requires optimum solution for improving identity and authentication;
  • Security specialists are key assets in any organization which should consolidate more efficient recruitment and retention program, providing also properly security training for all employees.

Concluding, we have to be optimistic. Keep strong passwords and your data will be safe. Even for security industry the best is yet to come. The staffing impact of the GDPR will be huge. More than 28,000 data protection officers (DPOs) will be required in whole Europe alone according GDPR regulations, says the International Association of Privacy Professionals (IAPP).

*Note: This is the first episode in a mini-series of articles dedicated to Bucharest conference included in the IDC IT Security Roadshow.  

Photo Sources: IDC

Cu ochii catre viitoarea piata unica digitala, Parlamentul European voteaza reforma protectiei datelor propusa acum 4 ani

Photo Source: Pixabay

Joi 14 Aprilie 2016 va rămâne o zi memorabilă în istoria digitală a Europei. Un mare pas înainte către mult dorita Piață Digitală Unică, program care a preluat din mers demersurile pentru Agenda Digitală Europeană. Noile norme europene de Protecție a Datelor Generale au primit aprobarea finală. Noile reglementări stabilesc de asemenea standardele minime privind utilizarea datelor de către poliție și în scopuri judiciare.

Parlamentul European a votat noua legislație privind Protecția Datelor la doar două zile după ce s-a primit unda verde de la Comisia Libertăților Civile (LIBE). Cu toate acestea, noua legislație s-a evidențiat ca una dintre cele mai îndelung dezbătute reglementări legislative europene, aprobarea finală venind la mai mult de patru ani de la propunerea lansată de Viviane Reding, fostul comisar european pentru justiție, in ianuarie 2012.

Ce este programul Digital Single Market?

Înlocuind tradiționalul program UE axat pe Agenda Digitală, noua strategie Digital Single Market reprezintă principalul program al Comisiei Europene de focalizare pe dezvoltarea digitală. În noua viziune, cetățenii, guvernele și mediile de business pot avea acces egal la beneficiile erei digitale, favorizând unificarea celor 28 de piețe ale țărilor membre. Asta ar putea contribui cu peste 415 miliarde de euro la economia UE și ar putea crea mii de noi locuri de muncă.

Strategia Digital Single Market este bazată pe următoarele direcții strategice: ⇒Facilitarea accesului online la bunuri și servicii digitale; ⇒Un mediu emulativ pentru rețelele și serviciile digitale; ⇒Transformarea Digitală ca driver de creștere economică.

Noua legislație va înlocui actuala directivă privind protecția datelor, care datează din 1995 când Internetul era încă într-o fază incipientă, cu un regulament general prin care se dorește ca cetățenii unei Europe digitale să beneficieze de mai mult control asupra propriilor lor informații private.

“Noile norme garantează dreptul fundamental la protecția datelor cu caracter personal pentru toți. General Data Protection Regulation va contribui la stimularea pieței unice digitale din UE prin promovarea încrederii în serviciile online de către consumatori și securitate juridică pentru întreprinderi, bazate pe reguli clare și uniforme “, se afirmă într-o declarație comună semnată de Frans Timmermans – prim vicepreședinte al Comisiei Europene, Andrus Ansip – vice-președinte responsabil cu programul Digital Single Market și Věra Jourová – comisar pentru justiție, protecția consumatorilor și egalitatea între sexe în cadrul CE. “Aceste reglementări sunt în beneficiul tuturor celor din UE. Persoanele implicate trebuie să știe care sunt drepturile lor și să știe cum să-și apere drepturile în cazul în care simt că acestea nu sunt respectate. “

Noile norme europene privind Protecția Datelor includ prevederi referitoare la:

  • data privacy-policy

    Photo Source: Pixabay

    dreptul de ”a fi uitat”;

  • “consimțământ clar și afirmativ” la prelucrarea datelor cu caracter personal de către persoana în cauză;
  • dreptul de a transfera datele către un alt furnizor de servicii;
  • dreptul de a ști când datele au fost piratate;
  • asigurarea că politicile de confidențialitate sunt explicate într-un limbaj clar și ușor de înțeles;
  • o aplicare mai strictă și amenzi de până la 4% din totalul cifrei de afaceri anuale la nivel mondial al firmelor, ca un factor de descurajare pentru încălcarea regulilor.

În practică, UE speră că noile reglementări vor oferi cetățenilor din toate cele 28 de state membre, mai multe informații cu privire la modul în care sunt prelucrate datele personale, prezentate în mod clar și pe înțelesul tuturor.

logo_it_trendsMai multe despre prevederile noilor normative pentru organizatii, care sunt pedepsele celor care le incarca si cum pot fi folosite datele judiciare de catre politie si sistemul judecatoresc, cititi în forma integrala a articolului ”Parlamentul European aprobă reforma Protecției Datelor pentru era digitală”, publicat în revista IT Trends.

Network Security in Virtualized Data Centers for Dummies

Book of the Month: April 2016

Here is cloud☁mania recommendation of April in Book of the Month category. Edited by Lawrence C. Miller, with over 20 year experience in information security. He is the co-author of CISSP for Dummies and more than 30 other titlesSponsored by Palo Alto Networks – the network security company. 

Book: “Network Security in Virtualized Data Centers for Dummies


Palo Alto Network Security Book


John Wiley & Sons, Inc.

Short description:

To realize the benefits of virtualization you must adapt your security architecture to address new challenges, and today’s application and threat landscape.

Read the book and learn: 

  • How virtualization enables cloud computing
  • How Applications use SSL hiding and other techniques to thwart traditional port-based firewalls
  • What new security challenges virtualization introduces in the modern data center
  • How security needs differ for internal data centers and internal-facing data centers.


Are security implications in a virtualized computing environment essential from the cloud perspective? The book outlines the challenges of securing the virtualized data center and cloud computing environments and how to address them with next-generation firewalls.  Virtualization topics cover many technologies, including servers, storage, desktops, and applications, among others.

More info and Where to order: HERE

Thanks to Palo Alto Networks to share this book during IDC Security Roadshow, Bucharest 14 April 2016.

IDC IT Security Roadshow 2016 – Bucharest 14 April

By 2020, more than 1.5 billion people worldwide will be affected by the breach of their personal data. This situation creates a strong need for regulation and the need for alternative authentication data access.


IDC IT SECURITY ROADSHOW examines global and regional trends related to security and provides actionable advice and best practices for organizations in an era of digital transformation. This year’s series investigates the threats to our key systems, data, and networks, and the steps that organizations need to take to secure them.
We will not only look at investing in security solutions, but also at people and processes, employees and business partners, and strategic thinking.


  • EU Data Protection Regulations
  • Data Breach Impact
  • Biometric Authenticated Transactions


„IDC predicts that by 2017, over 10% of security investment will be spent in connection with personal data protection and regulatory compliance.”

Mark Child, IDC Research Manager, Software & Enterprise Applications


Virgilius Stanciulescu Virgilius Stanciulescu, Head of IT Network Administration Office, ANCOM
Bogdan Manolea Bogdan Manolea, Consultant,
Andrea Becalli Andrea Becalli, Stakeholder Engagement Manager Europe, ICANN
Peter Lechman Peter Lechman, Regional Sales Manager, Eastern Europe, Palo Alto
Dana Samson Dana Samson, Senior Research Analyst, IDC Romania
Cezar Varlan Cezar Varlan, Security Engineer, Check Point Software Technologies

You may check the latest information on the agenda, here:


  • Chief Security Officers
  • Directors of Enterprise Security
  • CIOs
  • CTOs
  • CISOs
  • IT Strategists/Specialists
  • Privacy Officers
  • IT Managers
  • Heads of Departments
  • Heads of Digital Strategy
  • Network Security Managers
  • VPN and 3A Managers




A apărut numărul 4 din 2015 al revistei Cybersecurity Trends

logo_small CybersecurityRod al colaborării dintre Agora Group și Swiss WebAcademy, Cybersecurity Trends este singura revistă de profil din România, cu apariție trimestrială, care își propune să sporească gradul de conștientizare în privința amenințărilor crescânde provocate de infracționalitatea cibernetică și să ofere sfaturi și soluții de apărare împotriva acestora prin furnizarea de informații de la principalele companii specializate pe securitate informatică, asociații de profil și instituții de stat.

Revista concepută de Agora Group, lider în media IT din România, și de Swiss WebAcademy, este rodul curajului ambelor structuri, de a porni o nouă aventură, de a răspunde unor noi provocări, de a oferi publicului ceva ce nu a mai existat înainte.” spunea E.S. Jean-Hubert Lebet, Ambasador al Elveţiei în România și Președinte de Onoare al Swiss WebAcademy în mesajul de salut de la apariția revistei.

Cybersec CoverInfracțiunile cibernetice acoperă o arie pornind de la atacuri împotriva utilizatorilor individuali și a companiilor mici și mijlocii și până la atacuri îndreptate împotriva instituțiilor de stat. Sunt compromise informații și infrastructuri private, clasificate și sensibile. Instalații militare și industriale sunt puse în situații critice. Siguranța și sănătatea personală pot fi serios deteriorate.

Valoarea conținutului editorial al revistei Cybersecurity Trends reiese la o simplă lectură a subiectelor abordate și la nivelul de reprezentabilitate al autorilor. Iată sumarul celui mai recent număr al revistei Cybersecurity Trends apărut în Decembrie 2015:

  • Editorial – Dr. Laurent Chrzanovscki, membru fondator Swiss WebAcademy
  • Mesajul Oficial al International Telecommunication Union (ITU) – Marco Obiso, Cybersecurity Coordonator, ITU Geneva
  • Anonymous: trecut, prezent și viitor – Oana Maria Iordan, Analist Centrul Național CYBERINT
  • ”Application Whitelisting”, Cea mai eficientă strategie antimalware – Cătălin Pătrașcu, Șef Serviciu Securitate Informatică și Monitorizare CERT-RO (Centrul Național de Răspuns la Incidente de Securitate Cibernetică)
  • Fraude cu carduri bancare – Virgil Spiridon, Chestor, Adjunct al Inspectorului General al Poliției Române, Director al Direcției de Combatere a Criminalității Organizate (DCCO) din Poliția Română, Coordonator al proiectului european EMPACT/ EUROPOL – fraude cu cărți de credit.
  • Rolul Conștientizării în domeniul securității cibernetice în Republica Moldova – Natalia Spinu, Head of the Cyber Security Center CERT-GOV-MD
  • OMC și lumea digitală, Interviu cu Ambasador em. Pierre-Louis Girard – Laurent Chrzanovscki
  • Zona Privată: Principiul separării zonelor de comunicare în vederea asigurării securității informaționale – Ștefan Hărșan Farr, fondator, arhitect și dezvoltator ”Earless”
  • Breșe, scurgeri de date, atacuri de pagini Web: De ce sunt importante codările de securitate împreună cu soluțiile Cyber Intelligence și sursele corecte de informare – Raoul Chiesa, Fondator și președinte Security Brokers SCpA
  • 20 de sfaturi pentru protecția eficientă a datelor – Laurent Chrzanovski
  • Cum să vă protejați în lumea digitală – Redacția cu sprijinul lui Eduard Bisceanu, expert, ex director adjunct CERT-RO
  • Carduri de debit și credit bazate pe NFC: analiză de securitate și scenarii de fraudă – Carlo de Micheli, Security Consultant la Security Brokers
  • De la eBusiness la Security Everywhere – Cisco un pionier al economiei digitale, interviu cu Dorin Pena, director general Cisco Romania – Radu Crahmaliuc, analist independent, fondator cloud☁mania
  • Ghidul Cyber Crime pentru afaceri mici și mijlocii – Aflați cum hackerii pot face ravagii și învățați ce puteți face pentru a vă proteja – Romsym Data și WatchGuard
  • Biblio – Cybersecurity Trends – Laurent Chrzanovski


logo_small CybersecurityIată interviul proaspăt publicat în revista Cybersecurity Trends sub titlul ”De la eBusiness la Security Everywhere – Cisco un pionier al economiei digitale”. Cu ocazia lansării unor produse și soluții din cadrul strategiei ”Security Everywhere”, am avut ocazia să discut cu Dorin Pena, director general Cisco Romania despre poziționarea companiei în procesul de transformare digitală, precum și despre strategia Cisco de a oferi soluții de securitate pentru orice punct al rețelei.

Recent Cisco a anunțat noi soluții în cadrul strategiei „Security Eveywhere”. Ce detalii ne puteți furniza despre conceptul acestei strategii?

Dorin Pena: Suntem într-o perioadă dinamică pentru piața de produse de securitate; amenințările informatice devin tot mai sofisticate, iar aria de dispozitive și platforme afectate se extinde, pe fondul utilizării unui număr tot mai mare de dispozitive mobile, conectate în Cloud, precum și IoT (Internet of Things). În același timp, companiile folosesc o gamă complexă de soluții punctuale, care, din design, nu sunt interoperabile. Din acest motiv, echipele de securitate au vizibilitate redusă asupra potențialelor amenințări și compromisuri la nivelul rețelelor lor. Cisco abordează piața de soluții pentru asigurarea securității de rețea ca orice altă arhitectură, prin integrarea soluțiilor de securitate la nivelul întregii infrastructuri de rețea – inclusiv routere, switch-uri și centre de date – evitând eventuale vulnerabilități în fața unui atac și reducând semnificativ timpul de detecție și de remediere. Strategia noastră Security Everywhere se dezvoltă continuu și oferă cele mai inovative soluții, inclusiv pentru Cloud, rețea și endpoints, precum și un serviciu de înțelegere a amenințărilor.

Care sunt soluțiile disponibile în acest moment și road-mapul lansărilor viitoare?

DorinPena CM 1

Dorin Pena, director general CISCO Romania

Dorin Pena: Soluțiile de securitate de la Cisco includ produse și servicii concepute să asigure securitatea la nivelul întregii infrastructuri de rețea: înainte ca atacul cibernetic să aibă loc, în timp ce acesta se întâmplă, precum și ulterior.

Portofoliul de servicii de securitate de la Cisco include:

  • Servicii de consultanță privind securitatea– Evaluarea potențialelor amenințări la adresa clienților noștri, proiectarea și dezvoltarea strategiei de securitate pentru aceștia
  • Servicii integrate– Cu ajutorul cărora, clienții sunt sprijiniți să integreze produsele lor de securitate, migrarea de la alte soluții, inclusiv soluțiile existente, și optimizarea tehnologiilor de securitate existente pentru a maximiza eficiența de securitate
  • Managed Services– Clienților le sunt oferite cele mai bune soluții de suport, găzduire și gestionare a politicii de securitate.

Portofoliul nostru de tehnologii de securitate include firewall-uri, rețele virtuale private (VPN), Unified Threat Management, servicii de acces securizat și de identitate, soluții de securitate Web și E-mail, sisteme de prevenire a atacurilor, protecție anti-malware avansată, analiză a comportamentului în rețea, și multe altele. De asemenea, recent am adăugat câteva achiziții, incluzând Sourcefire, openDNS, Lancope și multe altele.

Sistemele cu extindere regională pot utiliza soluții de analiză sau procesare la capetele rețelei, folosind sisteme FOG Computing, un concept pentru care Cisco a dezvoltat un pachet dedicat de soluții. Care sunt cele mai noi componente ale soluțiilor de tip FOG din portofoliul Cisco?

Dorin Pena: Cu interfețe de programare a aplicațiilor (API-uri) deschise, servicii de bază și o interfață cadru, pentru a proiecta, dezvolta și implementa propriile aplicații, Cisco oferă suport pentru aplicații IoT din Cloud până în FOG.

Componentele cheie în infrastructura Cisco FOG:

  • Conectivitate în rețea
  • Securitate cibernetică și fizică pentru a crește protecția bunurilor fizice și digitale
  • Dezvoltare și hosting pentru aplicații de la marginea rețelei și până în cloud
  • Analiză de date
  • Management și automatizare

Tranziția către economia digitală a produs o serie de mutații la nivelul structurilor organizaționale și a modelelor de business. În ce stadiu se află Cisco în procesul intern de transformare digitală a companiei? 

Dorin Pena: Transformarea digitală nu se rezumă la automatizarea fluxurilor de lucru existente sau la introducerea unor instrumente noi și tehnologii care să înlocuiască procesele tradiționale. Companiile digitale lideri de piață conectează toate aspectele afacerilor lor – de la software, la servicii, și toate procesele incluse – într-un mod sincronizat și agil. Astfel, transformarea digitală presupune crearea unui ciclu continuu de soluții inovative în portofoliul de produse și în modul de operare. Clienții noștri ne întreabă tot timpul despre transformare în business și reinventare pe o scară complet diferită decât chiar în epoca Internetului. Discuțiile sunt despre provocări și oportunități în business, iar tehnologia este elementul cheie. Pentru companiile care văd potențialul, dar și riscurile unei lumi tehnologizate, modul în care se întâlnesc strategiile lor de afaceri și tehnologia dintr-o industrie este acum punctul cheie.

La Cisco, încearcăm să avansăm cât de repede pentru ca mai întâi noi să beneficiem de transformarea digitală în interiorul companiei. În anii 90, Cisco era pionier în e-business; acum, ne asumăm o provocare similară, alături de partenerii și clienții noștri.

”De la eBusiness la Security Everywhere – Cisco un pionier al economiei digitale”, Cybersecurity Trends, Nr.4/ 2015, pag.34-35.


Despre Cybersecurity Trends

cybersecuritytrendsRod al colaborării dintre Agora Group și Swiss WebAcademy,  Cybersecurity Trends este singura revistă de profil din România, cu apariție trimestrială, care își propune să sporească gradul de conștientizare în privința amenințărilor crescânde provocate de infracționalitatea cibernetică și să ofere sfaturi și soluții de apărare împotriva acestora prin furnizarea de informații de la principalele companii specializate pe securitate informatică, asociații de profil și instituții de stat.

Infracțiunile cibernetice acoperă o arie pornind de la atacuri împotriva utilizatorilor individuali și a companiilor mici și mijlocii și până la atacuri îndreptate împotriva instituțiilor de stat. Sunt compromise informații și infrastructuri private, clasificate și sensibile. Instalații militare și industriale sunt puse în situații critice. Siguranța și sănătatea personală pot fi serios deteriorate.

În revista Cybersecurity Trends puteti găsi știri despre amnințările și atacurile informatice, modificări în legislația românească și europeană, cazuri ajunse în justiție și exemple de aplicare a legii, interviuri cu principalii actori din piață, studii de caz și analize, sfaturi practice.

%d bloggers like this: