© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.

Slides:



Advertisements
Similar presentations
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Advertisements

12 August 2004 Strategic Alignment By Maria Rojas.
Driving change in information risk within the financial services industry Subtitle Date.
Hedge fund flows on pace to nearly double 2012
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
2 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The CPA Profession Chapter 2.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
The following slides are approved for external use but may not be altered in any way. For additional information, contact Tom Agoston at Tom Agoston/Somers/IBM.
Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.
Chapter 3 Organizational Environments and Culture
Study conducted on behalf of Microsoft by Harris Interactive Inc. Study conducted on behalf of Microsoft by Harris Interactive, Inc. Study conducted on.
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.
Managing Cybersecurity Risk in the Emerging Healthcare Eco-System
The CPA Profession Chapter 2.
Copyright 2004 John Wiley & Sons, Inc Information Technology: Strategic Decision Making For Managers Henry C. Lucas Jr. John Wiley & Sons, Inc Dinesh.
Mercer’s Climate Change Research 2011 to 2015
Ethics in Information Technology, Second Edition 1 Chapter 1 An Overview of Ethics.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network security policy: best practices
Security Governance 1.
Lloyd’s Strategy January © Lloyd’s2 Lloyd’s vision Key Characteristics A subscription market backed by mutual security A broker market;
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Organizational Environments and Cultures
How Do Your Clients Perceive IT?
1. 2 IT innovations in specialized areas where competitors will have difficulty copying Excellence in design of processes and activities and how they.
You Don’t Need an Application Strategy
The CPA Profession Chapter 2 By Arens et. al. Learning Objective 1 Describe the nature of CPA firms, what they do, and their structure.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.
Permission to reprint or distribute any content from this presentation requires the prior written approval of Standard & Poor’s. Copyright © 2010 Standard.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Connecting Vehicles and Transport to the Cloud GSMA Connected Living - mAutomotive Johan Gentzell. Industry Market Development Manager, Microsoft Corporation.
Big Data Bijan Barikbin Denisa Teme Matthew Joseph.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
1.less than 3 million. 2.less than 10 million. 3.over 23 million. 4.over 100 million. 5.Not sure In the U.S., the number of managers that rely on Information.
Developing Competitive Advantage and Strategic Focus
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Friday 22nd April 2016 DS Chris Greatorex SEROCU
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Permission to reprint or distribute any content from this presentation requires the prior written approval of Standard & Poor’s. Copyright © 2011 Standard.
IDC Says, "Don't Move To The Cloud" Richard Whitehead Director, Intelligent Workload Management August, 2010 Ben Goodman Principal.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Securing Enterprise Identities Against Cyberthreats Brian Krause Manager of North America.
The time to address enterprise mobility is now
Information Security Program
Journey to Microsoft Secure Cloud
Perry Carpenter, MSIA, C|CISO Leadership Partner
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Behavior Analytics Market to surpass $3.5bn by 2024: Global Market Insights,
Value Creation and Successful Management
CYBER SECURITY MARKET Global Cyber Security Market, Size, Share, Market Intelligence, Company Profiles, Market Trends, Strategy, Analysis, Forecast
The CPA Profession Chapter 2.
cyberopsalliance.com |
TITLE Source: Footnotes:. TITLE Source: Footnotes:
Microsoft Data Insights Summit
Utilizing the Network Edge
Anatomy of a Common Cyber Attack
Presentation transcript:

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity."Usage Guidelines for Gartner ServicesGuiding Principles on Independence and Objectivity Perry Carpenter, MSIA, C|CISO Leadership Partner EITL Security & Risk Management The Future of Global Information Security: Information Security Five-Year Scenario

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Controls Help Us Achieve the Target Level of Security But with hundreds of potential controls, we need a way to select the right ones The Strategy Tool: Four strategies for selecting controls Search & Destroy Castles & Moats Psy Ops Behavior Jujitsu

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Fact: The Real World Changes It no longer works to base control decisions on past performance We need a way to plan for the ways the world might become, not how it was We need a five-year planning guide that: -Identifies possible future conditions -Provides a way of detecting shifts in direction (guideposts) -Calls out control requirements early

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Problem Statement How will the Nexus of Forces (cloud, mobile, social and big data) plus other forces and trends, transform the practice of information security and IT risk management between 2014 and 2019? What are the two most powerful uncertain forces driving change? How might those forces interact? What evidence exists now?

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Critical Issues How the world might change? How shall we detect that change? How shall we deal with that change?

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Threats Against Targets: A Moving Target As servers move into the cloud As enterprise security improves As mobility drives increased connectivity out to the edge As the value at the edge increases As end-node compromise tools continue to become more automated And …

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Orders of Magnitude … as the number of highly trained cyber-students increases by orders of magnitude: -Over 100 "white hat" hacker university degree programs in U.S. funded by NSA and DHS. -Similar programs in UK. -10 th through 12 th grade training for all in Israel. -Similar programs growing worldwide. - China in a leadership position? Now assume that 90% stay on the "white hat" side.

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Trend: Our X Axis Security compromise of enterprise accounts may become more heavily weighted to indirect attacks through captured end nodes, or may focus even more clearly on servers. Enterprise TARGET Individual

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Who Will Save Us … … From the chaos that is the Internet? Nation-states want to carve the Internet into manageable pieces. Cloud and Big Data push toward less regulation. Governments threaten to regulate. "Critical infrastructure" is continuously redefined. But very little actually gets done. And what does get done takes a looooong time.

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Trend: Our Y Axis The level of market intervention can vary dramatically, shifting costs and influencing business flexibility. Monolithic Tribal AUTHORITY

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. The Gartner Security Scenario How we select from and apply our four control strategies will depend on how the world changes for our organization. Coalition Rule Neighborhood Watch Regulated Risk Controlling Parent

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. The Gartner Security Scenario TARGET EnterpriseIndividual Tribal Monolithic AUTHORITY

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Attack publicizedPublic shaming and finesNATO cybersecurity divisionInt'l cyberwar convention Additional regulations Gov't disclosure of breach Software liability defined Enterprise Target Centralized Authority PUSHING TOWARD THE CORNER Cyber "Monroe Doctrine" RoE Regulated Risk 1 Governments use regulation to provide safety An attack can become an act of war All infrastructure becomes critical infrastructure Enterprises are held responsible for actions of employees Evidence: Critical infrastructure directive

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Enterprise Target Fragmented Authority Corporate counterattackCyberwar merc. co. IPOCyberinsurance fails Cyberwar dept. in financeCrypto-extortion schemes$100 million cyberblackmail PUSHING TOWARD THE CORNER Coalition Rule 2 Evidence: Cyber and Cloud Security Alliances; drug cartel use of Internet Warlords and cartels rule Corporations establish fiefdoms, suppress independent innovation Aggressive corporate and national espionage Supply chain for offensive activities Underground economy grows

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. CPSC/FTC take action School training Individual Target Centralized Authority ISPs retain transactionsUser databaseU.S. class action lawsuits 3 Evidence: Do not call list; FISA amendments Controlling Parent Attacks against individuals push government to act Governments try to establish a norm of personal responsibility Theft-oriented botnets proliferate Surveillance society grows Strong privacy regulations emerge Mobile devices become closed, curated PUSHING TOWARD THE CORNER

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Anonymous focus on CEOsCyberbullyingE-commerce slows Individual Target Authority Breakdown CybermilitiasRefusal to hold personal infoFacebook loses members 4 Neighborhood Watch PUSHING TOWARD THE CORNER Evidence: Islamic Internet efforts; increase in identity theft; "net nanny" approaches E-militia emerge — self-organizing protection societies Extreme anarcho-hacktivism Internet resembles gangs of New York Corporate and communal walled gardens form Extensive darknet and dependence on anonymity E-commerce declines due to distrust

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Tribal Monolithic EnterpriseIndividual The Gartner Security Scenario: Evidence for Every Direction CSA DNC Islamic Internet CID NOW

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. So Watch for the Milestones Monolithic EnterpriseIndividual Tribal

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Four Different Threats and Opportunities Regulated Risk: -Threat: Over-regulation increases cost without decreasing risk -Opportunity: Lobbying can influence direction and degree Coalition Rule: -Threat: Increase in attacks could cause severe damage -Opportunity: Found (then dominate) an industry standards group Controlling Parent: -Threat: Privacy regulations will inhibit business operations -Opportunity: Surveillance society benefits those who do Big Data well Neighborhood Watch: -Threat: E-commerce drop; reputation and trust failures -Opportunity: Form your own protection society for your customers

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Understanding the Strategy Tool Active Controls Passive Controls Behavioral Controls Technical Controls Search & Destroy Castles & Moats Psy. Ops. Behavior Jujitsu

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Four Control Directions Castles and Moats: -Traditional passive technical controls -Isolation via network architecture and access controls Behavior Jujitsu: -Improved security training programs as passive (defensive) behavioral controls Search and Destroy: -Active technical approach to returning fire Psy. Ops.: -Advanced behavioral intervention

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. The Controls We Need Vary With the Environment We Are in Coalition Rule Neighborhood Watch Regulated Risk Controlling Parent

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Control Interdependence SIEMAdmin Usage Guideline SWG TECHNOLOGICAL BEHAVIORAL ACTIVE PASSIVE

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Building a Strategic Response Acceptable Use Guide Event Log TECHNOLOGICAL BEHAVIORAL ACTIVE PASSIVE Report Incident Confront Tailgaters

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Using the Strategy Tool — an Example Neighborhood Watch: Threat: E-commerce drop; reputation and trust failures. Opportunity: Form your own protection society for your customers. Control requirements? Distributed, autonomous: ˗ Can run in isolation on consumer endpoints. Extended perimeter (VPN): ˗ Centrally managed but remotely initiated. Endpoint neutralization: ˗ DDoS of attack sources. Control options? Passive behavioral: ˗ Observe and report. Passive technological: ˗ EPP platform with VPN agent. Active technological: ˗ Identify and attack apparent attack sources via neighborhood watch botnet. Coalition Rule Neighborhood Watch Regulated Risk Controlling Parent

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. To Do List Gartner: -Special report phase 1 -Special report phase 2 -Ongoing research publication You: -Analyze the impact of the four quadrants on your organization -Outline your response to each of the four quadrants using the strategy tool -Monitor the environment for milestones as they occur -Shift your controls strategy as change happens

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.