Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISACA Many thanks to the ISACA Belgium Chapter, who created the original slide deck.

Published byChastity Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "ISACA Many thanks to the ISACA Belgium Chapter, who created the original slide deck."— Presentation transcript:

1 ISACA Many thanks to the ISACA Belgium Chapter, who created the original slide deck.

2 © 2013 ISACA. All rights reserved Contact: admin@isaca-london.orgadmin@isaca-london.org www.isaca.org

3 ISACA Facts >100,000 members worldwide, in more than 180 countries >2,900 members in London.

4

5 www.isaca-london.org ISACA Certifications Be recognised in your profession

6 OFFICIAL REVISION WORKSHOP London 13-14 May 2013 www.isaca-london.org ISACA Certifications Be recognised in your profession

7 OFFICIAL REVISION WORKSHOP London 1-3 May 2013!!! www.isaca-london.org

8 ISACA Certifications Be recognised in your profession

9 © 2013 ISACA. All rights reserved Contact: admin@isaca-london.orgadmin@isaca-london.org www: isaca.org

10

11

12

13

14

15 © 2013 ISACA. All rights reserved Contact: admin@isaca-london.orgadmin@isaca-london.org www: isaca.org

16

17

18

19

20 Monthly seminars on industry related issues – free to members, £20 to non-members. A saving of over £200 a year for members.

21 ISACA membership Be aware of current, industry issues

22

23 © 2013 ISACA. All rights reserved Contact: admin@isaca-london.orgadmin@isaca-london.org www: isaca.org

24 Study Results Advanced Persistent Threat Awareness

25 The 2010 Google Aurora attack forever changed the way we look at Internet security. This large-scale, sophisticated attack showed us that all sectors, from private to public, are vulnerable to a new class of security breach: The Advanced Persistent Threat © 2013 ISACA. All rights reserved

26 in its adaptability, APTs were once thought to be limited to attacks on government networks. APTs exploit zero-day threats – unknown weakness. APTs also often take the form of well-designed spear phishing attacks. © 2013 ISACA. All rights reserved ADVANCED, STEALTHY AND CHAMELEON-LIKE

27 The 2011 RSA SecurID attack was attributed to an APT. So was the Internet worm “Flame.” Following the Google attacks* similar targeted intrusions quickly followed, garnering media scrutiny – and growing concern that the APT was more damaging than it seemed. *Google attacks affected nearly three dozen well-known tech, finance and defense enterprises © 2013 ISACA. All rights reserved

28 How well do security professionals understand APTs? How are they affecting different industries and organizations throughout the world? What is being done to prevent them? In Q4 of 2012, ISACA launched the APT Awareness Survey to find out. © 2013 ISACA. All rights reserved

29 So ISACA asked 1,500 people worldwide – from tech service consultants, to people in the banking industry – about APTs. 19 % Asia 32 % 8%8% 3%3% 38 % Europe / Africa North America Latin America Oceania © 2013 ISACA. All rights reserved

30 42.5% of respondents were familiar… 28.6%, somewhat familiar… And only 25.1% very familiar about APTs. Overall, 96.2% were somewhat familiar with APTs… But most importantly: AWARENESS of respondents understood APTs as a very credible, serious threat to national security and economic stability. 93.6% 25 % 42 % 29 % 4%4% Very Familiar Familiar Somewhat Familiar Not at All Familiar © 2013 ISACA. All rights reserved

31 Just 46.6% of respondents believed that APTs were a unique threat. And more than half (53.4%) believe this advanced set of threats is no different to what they’ve been dealing with in the past. WHAT DOES THIS MEAN? 53 % Similar 47 % Unique © 2013 ISACA. All rights reserved

32 There’s a huge disconnect in the IT industry about APTs … A lack of understanding and education. © 2013 ISACA. All rights reserved

33 Highest Risks on Enterprises from APTs Other key highlights 89.7% of respondents believe the use of social networking sites like Facebook or Twitter increases the likelihood of a successful APT attack. BELIEVE THAT 87.3% JAILBREAKS, ROOTING & BYOD GREATLY INCREASE THE CHANCES OF AN APT OCCURRING. © 2013 ISACA. All rights reserved

34 Although just 21.6% of respondents reported having been victims of an APT attack 63% – three times that amount – believe it’s only a matter of time before their business is targeted. Suffering with an APT 63% BELIEVE IT’S ONLY A MATTER OF TIME BEFORE THEIR BUSINESS IS TARGETED. © 2013 ISACA. All rights reserved

35 The majority of survey takers – up to 60% – believed that they have the ability to ID, respond to and stop a successful APT attack. 31.1% said they have incident management plans in place to fight an APT. 49.5% are prepared, but without a concrete solution. Detect APT Attacks Respond to APT Attacks Stop a Successful Attack 0%20%40%60% How able is your enterprise to deal with an APT attack? Very Able Able Not Able Not at All Able © 2013 ISACA. All rights reserved

36 How are people handling the threats? Most respondents are using technology in a risk based layered approach to prevent and combat APTs. 94.9% Anti-Virus / Anti-Malware 92.8% Network Tech (Firewalls, etc.) 71.2% IPS © 2013 ISACA. All rights reserved

37 There aren’t enough precautions being taken against the threat of an APT. Up to 81.8% of survey takers have not updated their agreements with vendors who provide protection against APT. And 67.3% reported that they haven’t held any APT awareness training programs for their employees. A Troubling Lack of Initiative Has your enterprise increased security training as a result of APTs? Very Likely Likely Not Very likely Not at All Likely 0%20%40%60%80% © 2013 ISACA. All rights reserved Yes No

38 APTs are serious threats. We need more consideration to their consequences. Enterprises must adopt more technology awareness training, vendor management, incident management and increased attention from executives. © 2013 ISACA. All rights reserved

39 Advanced Persistent Threats differ from the traditional, average virus, and need to be classified as such. Many enterprises and companies have made some positive inroads into fighting APTs, like better security management. But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. Market conditions have not sufficiently changed, and the technology to fight APTs isn’t fully evolved yet. Conclusion But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. © 2013 ISACA. All rights reserved

40 ISACA is here to provide its members guidance in identifying and eradicating security breaches A series of educational products to address challenges in cyber security, and guard against APTs, is currently in development. Take Action Against APTs To learn more visit us at WWW.ISACA.ORG/CYBERSECURITY

41 © 2013 ISACA. All rights reserved Contact: admin@isaca-london.orgadmin@isaca-london.org www: isaca.org

42 NEXT “CAN’T MISS” EVENT – INSIGHTS 2013 10 – 12 June 2013, Berlin, Germany InfoSec attendees receive a 40% discount

43 INSIGHTS 2013 Puts you in smart company with unprecedented access to CEOs, CIOs and other business leaders from around the world. Get inspired and see how organizations are integrating IT into business strategies to drive innovation and results. Gain vital information through spotlights and networking sessions with industry leaders.

44 Questions Contact ISACA's Education/Conference Department: Tel: +1.847.660.5585 Fax: +1.847.253.1443 conference@isaca.org conference@isaca.org Media Inquiries Contact the ISACA Communications Department: Tel: +1.847.660.5512 or +1.847.660.5564 news@isaca.org news@isaca.org INSIGHTS 2013

45 © 2013 ISACA. All rights reserved Contact: admin@isaca-london.orgadmin@isaca-london.org www: isaca.org

Download ppt "ISACA Many thanks to the ISACA Belgium Chapter, who created the original slide deck."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel:+230 201 36 04 Helpdesk:+230.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
Why AMEC and measurement has never been as important! January, 2015.

Why AMEC and measurement has never been as important! January, 2015.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
Dark Reading Threat Intelligence Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

Dark Reading Threat Intelligence Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
Introduction to Cyber Crime Investigation Course Conducted in English Institute for Information Industry Decision Group.

Introduction to Cyber Crime Investigation Course Conducted in English Institute for Information Industry Decision Group.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.

1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.
Information Security Governance

Information Security Governance
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
(ISC) 2 2015 Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.

(ISC) Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA (www.isaca.org) November 2010.

Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA ( November 2010.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.

Similar presentations

Ads by Google