Security Agility: Creating a Multi-Disciplinary Framework

Slides:



Advertisements
Similar presentations
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
Advertisements

Wonga example Register Question- What risks do you think businesses face due to IT developments?
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Network Security Overview Ali Shayan Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.
Ali Alhamdan, PhD National Information Center Ministry of Interior
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Understanding the Threats of and Defenses Against Cyber Warfare.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.
Computer Security By Duncan Hall.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Security Mindset Lesson Introduction Why is cyber security important?
MIS323 – Business Telecommunications Chapter 10 Security.
Digital Security Jesline James! 9cc. Contents  The CREATORS!!!! =] The CREATORS!!!! =]  What is Digital Security? What is Digital Security?  How does.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.
1 Understanding Which New Threats Operators Can Expect To Face Within The Next Two To Five Years To Improve The On- Going Management Of Security Systems.
WEBINAR Review- “Advanced Threat Protection – Can Technology alone deliver what’s needed?” Patrick Grillo, Senior Director, Security Strategy 1.From my.
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Industrial Control Systems.
Proactive Incident Response
Law Firm Data Security: What In-house Counsel Need to Know
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
ARMAGEDDON IS HERE: IDENTITY AND COMPUTER BREACHES
Information Security Program
| Data Connectors: Atlanta, GA
Today’s cyber security landscape
Healthcare Cybersecurity: State of Industry
Juniper Software-Defined Secure Network
Public Facilities and Cyber Security
Cyber Protections: First Step, Risk Assessment
Dissecting the Cyber Security Threat Landscape
CSI Survey 2007 Tiffany Gorman
Information Security: Risk Management or Business Enablement?
I have many checklists: how do I get started with cyber security?
Combining the best of Audit and Penetration Testing
Cyber Security in the Mortgage Industry
MISSION STRATEGIC DIRECTION
Security Essentials for Small Businesses
Network Security Best Practices
Securing the Threats of Tomorrow, Today.
CRITICAL INFRASTRUCTURE CYBERSECURITY
cyber insurance Tom Wilson Chief Risk Officer, Allianz SE
Faculty of Science IT Department By Raz Dara MA.
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
Anatomy of a Large Scale Attack
Threat Monitoring and Defense A fully managed and monitored security and compliance solution for cloud, hybrid, & on-premises infrastructure.
Challenges and Successes in the Zambian ICT Security Sector
By: Dorian Lockhart Wilston Johnston
Las Positas College Flex Day
Strategic threat assessment
The MobileIron® Threat Detection difference:
WELCOME AOI Tech Solutions Get Instant Tech Help & Support.
WELCOME AOI Tech Solutions - Network Security.
Houston Code Wars Bob Moore March 2, 2019 WWAS 2019 | Confidential.
CyberSecurity Strategy For Defendable ROI
Presentation transcript:

Security Agility: Creating a Multi-Disciplinary Framework Presented By: Joseph A Juchniewicz, CRISC

“Organizations must assume their networks will be breached by cyber criminals and hackers.” - Admiral Mike Rogers National Security Agency Director

Current Breaches

The Players Not deterred by normal barriers/non-opportunistic Out to prove a point Perhaps the most dangerous opponent Individuals/Groups Steal personal information Extort victims Financial Gain

The Players Steal proprietary information Personal financial gain Ideological reasons Nation state actors Steal sensitive state secrets (government) Steal propriety information (industry)

The Players Sabotage the computer systems Ideological reasons National state-actors Gain advantage over their enemy Could be against government or corporation

Handicapping Factors Factors that handicap most company The “bad guys” communicate better then us Stigma Brand name Consumer confidence Security is synonymous with the word “NO” Fines and credit monitoring Loss of jobs

Threat Vectors Threat vectors that affect the company Weakest Link - the User

“Weakest Link” User Phishing Voice Phishing Mobil devices Lack of education

Handicapping Factors Threat vectors that affect the company Weakest Link - the User Lack of Sophistication

“Weakest Link”

Handicapping Factors Threat vectors that affect the company Weakest Link - the User Lack of Sophistication Escalating number of zero-day attacks Complexity of attacks

“Defender Gap” Unchanged in 10 years.

Handicapping Factors Threat vectors that affect the company Weakest Link - the User Lack of Sophistication Escalating number of zero-day attacks Complexity of attacks Older Attacks still work

It’s Difficult to Keep Up

Strategic Vision Move away from prevention Technology irrelevance - Point solution Commoditization Vendor acquisition to create ‘solution sets’ The use of Multi-Disciplinary towards Detection and Elimination Integration of solutions – improved detection Identification and remediation focus Requires intelligence and rapid response Technology irrelevance - Point solution Commoditization Firewalls essentially commoditized by 2010 File sync/share commoditization now occurring

Execution – Create Agility Test, Validate, Exercise, Review (REPEAT!!!) True test of agility IT War Games Build team cohesiveness and responsiveness Continued education and training

“There are risks and costs to any program of action – but they are far less than the long range cost of comfortable inaction.” – John F. Kennedy

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.