A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.
OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
Lecture 11 Reliability and Security in IT infrastructure.
(Geneva, Switzerland, September 2014)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Information Security Technological Security Implementation and Privacy Protection.
SEC835 Database and Web application security Information Security Architecture.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
11 Canal Center Plaza, Alexandria, VA T F Enterprise Computing Conference (ECC) Workshop Alma R. Cole,
What does “secure” mean? Protecting Valuables
COBIT Information Security An Introduction Tanvir Orakzai,PhD
Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Chap1: Is there a Security Problem in Computing?.
Enterprise Cybersecurity Strategy
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Security: Emerging Threats & Trends Danielle Alvarez, CISO.
Computer Security By Duncan Hall.
Chapter 9 The People in Information Systems. Learning Objectives Upon successful completion of this chapter, you will be able to: Describe each of the.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Basic Security Concepts University of Sunderland CSEM02 Harry R Erwin, PhD.
Basic Security Concepts University of Sunderland CIT304 Harry R Erwin, PhD.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Reach us at Call: | Visit:
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
CS457 Introduction to Information Security Systems
Information Security Program
Security Standard: “reasonable security”
Compliance with hardening standards
UNIT I INTRODUCTION Growing IT Security Importance and New Career Opportunities – Becoming an Information Security Specialist – Conceptualizing.
How to Mitigate the Consequences What are the Countermeasures?
GRC, A holistic Road Map for Information Security Transformation
The MobileIron® Threat Detection difference:
Cyber Security in a Risk Management Framework
Presentation transcript:

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified ISO (1 st Female COBIT 5 Assessor Certified in Africa) March 2015 Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions

1 Introduction 2 Definitions 3 The Role of a CISO 4 The need for CISO 5 CISO and the Business - Issues 6 CISO and the Business - Solutions 7 Defense in Depth 8 Scenarios 9 Q & A 10 Closing Thoughts

| INTRODUCTION | Information security is the process of protecting the availability, confidentiality, and integrity of data. No security system is foolproof, but taking basic and practical steps to protect data is critical for good information security. Information Security is not complete without addressing the key components of strategy, people, process, technology and compliance.

| DEFINITION | Security Lock the doors and windows and you are secure (No) Call the police when you feel insecure (Really?) Computers are powerful, programmable machines (Whoever programs them controls them (and not you) Information Security Information Security (IS) – The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Information A collection of organized fact A key resource for all enterprises. Assets Something you own that has value Can gain value over time Can lose value over time

| DEFINITION | Vulnerability A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats. Risk Risk is generally defined as the combination of the probability of an event and its consequence Information risk is a business issue and the CISO's role is to enable those discussions and support sensible business decisions. Threat The potential to cause unauthorized disclosure, changes, or destruction to an asset. Impact: potential breach in confidentiality, unavailability of information, and integrity failure Types: natural, environmental, and man-made Cyber Security Cyber security is the body of technologies, processes and practices [information technology security] designed to protect networks, computers, programs and data from unintended or unauthorized access, change or destruction.

| The Role of a CISO | CISOs (Chief Information Security Officers) are responsible for establishing a strategy, execution of that strategy, risk management, communicating effectively with senior executives and business leaders, complying with regulators, and leading the charge against escalating cyber threats using various security technologies.

| The need for a CISO | No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a Security Program by Information Security professionals

| CISO and the Business – Issues | CISOs are concerned about the intensity, volume and complexity of cyber threats that run the gamut from malicious code to zero- day attacks. CISOs face various internal challenges when procuring security solutions. They need to justify the purchase and deal effectively with internal stakeholders. CISOs always have the technical awareness but may not have procurement authority. But CISOs are always influencers; they impact everyone in a company because the security organisation is pervasive in all departments and business functions. Speak the Boardroom Language - Executive leaders are asking CISOs to be strategic thinkers as well as IT administrators. In other to become successful in the role of CISO - CISOs will need to understand and influence business risk decisions and be involved with everything from developing privacy policies to preparing disaster recovery plans Emergence trends - the threat landscape continues to grow while budgets and access to skilled resources get harder to come by. Budget-strategy disconnect -. They may not control the budget and may not be the ultimate decision maker.

Risk Issues?

Risk Issues? Internal Threats

Risk Issues? External Threats

Risk Issues? Physical

Risk Issues? Security issues

| CISO and the Business – Solution | Security must enable visibility and appropriate action. Security solutions with open security architecture enable security teams to determine whether those solutions are truly effective. Most organizations have approached cyber security by trying to put increasingly sophisticated defences around their perimeter. The reality is that a motivated attacker will likely find a vulnerability—or an employee may inadvertently create an opening therefore Security must be viewed as a “people problem.” A technology-centric approach to security does not improve security; in fact, it exacerbates it. Security must be considered a growth engine for the business. Security should never be a roadblock or hassle that undermines user productivity and stands in the way of business innovation Security must work with existing architecture, and be usable. Security teams should not have to create or re-build an architecture to accommodate new technology solutions that are meant to improve security. Security must be transparent and informative. Users should be presented with information that helps them understand why security is stopping them from taking a particular action.

| Defence in Depth | Malware Detection & Mitigation Mobile Security DDoS Prevention & Remediation Network Visibility Cloud Services Identity & Access Management Compliance Program Development Threat Intelligence - Information Security Program Model

Distributed DoS (DDoS) Attack | Defence in Depth |

| Closing Thoughts | Information Security is a journey not a destination and there will always be new ways of doing things, new threats, new vulnerabilities, new methodologies, new technologies and countermeasures…  Security is never a destination but a journey  Never forget Security is YOU and YOU are security  Do not be the weakest link that breaks the CHAIN Security is everyone’s RESPONSIBILITY.

| Summary | Cyber security has come to stay with us There is no 100% security, it is a continuous process and journey without a destination Everyone is involved, it’s a shared responsibility

Questions?