Figure 1. Current Threat Landscape Sentiment

Slides:

Advertisements

Similar presentations

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Advertisements

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

To Outsource or Not to Outsource Scott McWilliams Executive Chairman, OHL.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.

Managing the Information Technology Resource Jerry N. Luftman

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Session 3 – Information Security Policies

Joel Maloff Phone.com February, 2012.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

1 Entire contents © 2007 Forrester Research, Inc. All rights reserved. Theme The convergence of B2B, SOA & BPM technologies has led to the creation of.

A National approach to Cyber security/CIIP: Raising awareness.

Chapter 1 Accounting Information Systems: An Overview Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 1-1.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.

Information Security IBK3IBV01 College 2 Paul J. Cornelisse.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

BTS730 – Systems Analysis and Project Management Cost Management.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

Exercising, Maintaining and Reviewing BCM Arrangements ERMAN TASKIN

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Win Phillips, Ph.D Win Phillips, Ph.D. Clinical Assistant Professor University of Missouri Columbia, MO.

Figure 1. Critical Infrastructure Organizations Believe that the Cyber-threat Landscape Is Getting Worse From: ESG Brief: Critical Infrastructure Organizations.

BIS 303 Entire Course FOR MORE CLASSES VISIT BIS 303 Week 1 Discussion Question 1 BIS 303 Week 1 Discussion Question 2 BIS 303 Week.

Figure 1. Current Threat Landscape Sentiment From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015.

Business Continuity Planning Securing the Enterprise by Juanita Ellis Sponsored by WITI- Women In Technology International.

Cybersecurity as a Business Differentiator

Information Security Program

Application Outsourcing: Achieving Success & Avoiding Risk

The IT Budgeting Process

Data Minimization Framework

Cyber Risk Presentation to the Board of Directors

Figure 1. Critical Infrastructure Organizations Believe that the Cyber-threat Landscape Is Getting Worse From: ESG Brief: Critical Infrastructure Organizations.

and Security Management: ISO 28000

Part 6: Staffing System and Retention Management

TRAINING NEED ANALYSIS

Information Systems: Concepts and Management

Figure 1. Stimulus-response Model

Part 6: Staffing System and Retention Management

Cybersecurity Policies & Procedures ICA

Procurement: Use of Metrics

ISO : Specifications for IT Service Management-

NIST Cybersecurity Framework

ESG 2010 IT Spending Intentions Survey

Microsoft SAM Managed Service Program

Information Security: Risk Management or Business Enablement?

8 Building Blocks of National Cyber Strategies

General Counsel and Chief Privacy Officer

Cisco Systems Architecture: Enterprise Resource Planning

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

PGE Chris Nolke, Director of Cybersecurity

Cybersecurity compliance for attorneys

ECT 589: E-Commerce Management

Microsoft SAM Managed Service Program

Forensic and Investigative Accounting

THE CYBER LANDSCAPE UNCLASSIFIED CROSS DOMAIN NETWORK & INFO SHARING

GRC - A Strategic Approach

Protecting Knowledge Assets – Case & Method for New CISO Portfolio

Presentation transcript:

Figure 1. Current Threat Landscape Sentiment From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 1

Figure 2. Security Incidents Organizations Have Experienced Over the Past 24 Months From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 2

Figure 3. Consequences of the Security Incidents Organizations Have Experienced Over the Past 24 Months From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 3

Figure 4. Primary Drivers of Organization’s Cybersecurity Strategy From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 4

Figure 5. Cyber Supply Chain Security Sentiment From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 5

Figure 6. Why Organizations Believe Cyber Supply Chain Security Is Becoming More Difficult From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 6

Figure 7. Most Important Security Considerations During Product Evaluation and Purchasing Processes From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 7

Figure 8. Audits of Strategic Suppliers From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 8

Figure 9. Internal Groups Responsible for IT Vendor Security Audit Processes From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 9

Figure 10. Mechanisms Used to Conduct IT Vendor Security Audits From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 10

Figure 11. Current IT Vendor Security Audit Process From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 11

Figure 12. Measurement of IT Vendor Security Audits From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 12

Figure 13. Respondents Rate IT Vendors’ Commitment to/Communications about Internal Security Processes and Procedures From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 13

Figure 14. Confidence Level in Organization’s Knowledge of the Purchasing Origin of Hardware and Software From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 14

Figure 15. Use of Suspect Vendors From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 15

Figure 16. Internal Software Development From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 16

Figure 17. Confidence Level in Security of Internally Developed Software From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 17

Figure 18. Security Incidents Related to the Compromise of Internally Developed Software From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 18

Figure 19. Security Activities Included as Part of the Software Development Process From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 19

Figure 20. Secure Software Development Initiatives From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 20

Figure 21. Why Organizations Chose to Establish a Secure Software Development Program From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 21

Figure 22. Plans to Include Security Activities as Part of the Software Development Process From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 22

Figure 23. Outsourcing of Software Maintenance or Development Activities From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 23

Figure 24. Security Safeguards Mandated of Service Providers From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 24

Figure 25. Sharing of IT Services or Business Applications with Third Parties From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 25

Figure 26. Approximate Number of External Third Parties with which Respondent Organizations Share IT Services or Business Applications From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 26

Figure 27. Security Controls Partners Require When Receiving IT Services or Business Applications from Critical Infrastructure Organizations From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 27

Figure 28. Security Controls Critical Infrastructure Organizations Require When Using IT Services or Business Applications from Third Parties From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 28

Figure 29. Groups Responsible for Security Policies and Safeguards for Interaction with Third Parties From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 29

Figure 30. Establishment of Security Policies and Safeguards for Interaction with Third Parties From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 30

Figure 31. Respondents’ Opinion of the U. S Figure 31. Respondents’ Opinion of the U.S. Federal Government’s Cybersecurity Strategy From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 31

Figure 32. Role of the U.S. Federal Government with Regard to Cybersecurity From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 32

Figure 33. Suggested Actions for the U. S Figure 33. Suggested Actions for the U.S. Federal Government with Regard to Cybersecurity From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 33

Figure 34. Survey Respondents by Current Job Function From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 34

Figure 35. Survey Respondents by Number of Employees From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 35

Figure 36. Survey Respondents by Industry From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 36

Figure 37. Survey Respondents by Annual Revenue From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015. Created for , Guest. IP Address: 46.3.204.93 © 2015 Enterprise Strategy Group, Inc. All Rights Reserved 37