Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity 2.0: Oportunidades y Retos

Published byGabriel Jefferson Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity 2.0: Oportunidades y Retos"— Presentation transcript:

1 Cybersecurity 2.0: Oportunidades y Retos
Gustavo A. Santana Torrellas Consultoria Sector Financiero PwC Agosto 2016

2 Agenda Cybersecurity 101 Cybersecurity vs Information security
Security needs Cyber crime Fintech & Cybersecurity Cyber 2.0 Challenges Opps & Trends Cybersecurity 2.0: Oportunidades y retos

3 Putting cybersecurity into perspective
Cybersecurity represents many things to many different people Key characteristics and attributes of cybersecurity: Broader than just information technology and not limited to just the enterprise Increasing attack surface due to technology connectivity and convergence An ‘outside-in view’ of the threats and potential impact facing an organization Shared responsibility that requires cross functional disciplines in order to plan, protect, defend and respond Version of security as a whole – turn things inside out from a cyber perspective It is no longer just an IT challenge – it is a business imperative! Cybersecurity 2.0: Oportunidades y retos

4 Cybersecurity? Merriam-Webster dictionary
measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term information security implies cybersecurity. Cybersecurity 2.0: Oportunidades y retos

5 What is (computer) security?
Security is enforcing a policy that describes rules for accessing resources* resource is data, devices, the system itself (i.e. its availability) Security is a system property, not a feature Security is part of reliability * Building Secure Software J. Viega, G. McGraw Cybersecurity 2.0: Oportunidades y retos

6 Cybersecurity vs Information security
Cybersecurity 2.0: Oportunidades y retos

7 Security needs / Cybersecurity objectives
INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure Elements of common understanding of security: confidentiality (risk of disclosure) integrity (data altered  data worthless) authentication (who is the person, server, software etc.) Also: authorization (what is that person allowed to do) privacy (controlling one’s personal information) anonymity (remaining unidentified to others) non-repudiation (user can’t deny having taken an action) availability (service is available as desired and designed) audit (having traces of actions in separate systems/places) INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose Cybersecurity 2.0: Oportunidades y retos

8 Global Environment in Cybercrime
Is a reality and is permanent…the actors, threats and techniques are dynamics Malware in the POS Counterfeit Credit Cards On Line Fraud sending trojans in s System Hijack trough the web Phishing s Cybersecurity 2.0: Oportunidades y retos

9 Cybercrime

10 Impacts of Cyber Crime How much do you invest in Marketing?...
Lost Financial Assets Stolen Intellectual Property Business Disruption Stolen Customer Information Damaged Reputation How much do you invest in Marketing?... You will loss all your invest and expense much more with damaged reputation Cybersecurity 2.0: Oportunidades y retos

11 What is FinTech? – FinTech is a dynamic segment at the intersection of the financial services and technology sectors where technology focused startups and new market entrants innovate on the products and services currently provided by the traditional financial services industry. Regulators & Government Investors, Incubators, and Accelerators Consumers and Users EmergingTechnologies and Tools Barclays BBVA Goldman Unicredit Westpac A. FS Institutions FIS SunGard Fiserv C. Infrastructure Players Google Apple HP Alibaba Companies B. Tech FS and tech related to FS e.g. payments, big data D. Start Ups Cybersecurity 2.0: Oportunidades y retos

12 Cybersecurity 2.0 - principles
Understand what you are trying to protect Understand the threat(s) you are trying to protect against Also, costs and risks Be prepared to establish trust by telling people how you do it Assume that the bad guys are at least as clever as you are! Cybersecurity 2.0: Oportunidades y retos

13 Cybersecurity program enhancements
Cybersecurity program enhancements Operating in the global business ecosystem requires organizations to think differently about their security program and investments Once and organization has established stable and effective foundational security practices, incremental cybersecurity capabilities and solutions should be pursued. Incremental Program Enhancements Security Foundation Elements Governance & Structure Strategy & Roadmap Resources & Capabilities Solutions & Delivery Culture & Awareness Security Program and Capabilities Strategic Threat Management Critical Asset Identification Insider Threat Management Enhanced Identity & Access Management Advanced Analytics & Detection Threat Intelligence Fusion Active Defense & Response Advanced Counter-measures Information & Privacy Protection Incident & Crisis Management Identity & Access Management Threat, Intelligence & Vulnerability Management Security Architecture & Services Strategy, Governance & Management Risk & Compliance Management Emerging Technologies & Market Trends Security Functional Domains Build – gray is there, each click adds a box Cybersecurity 2.0: Oportunidades y retos 13

14 We are not Cyber Structured
Cybersecurity 2.0: Oportunidades y retos

15 Cybercrime, cyber attacks – Core motivations
Cybersecurity 2.0: Oportunidades y retos

16 Evolving perspectives Considerations for businesses adapting to the new reality Historical IT Security Perspectives Today’s Leading Cybersecurity Insights Scope of the challenge Limited to your “four walls” and the extended enterprise Spans your interconnected global business ecosystem Ownership and accountability IT led and operated Business-aligned and owned; CEO and board accountable Adversaries’ characteristics One-off and opportunistic; motivated by notoriety, technical challenge, and individual gain Organized, funded and targeted; motivated by economic, monetary and political gain Information asset protection One-size-fits-all approach Prioritize and protect your “crown jewels” Defense posture Protect the perimeter; respond if attacked Plan, monitor, and rapidly respond when attacked Security intelligence and information sharing Keep to yourself Public/private partnerships; collaboration with industry working groups Cybersecurity 2.0: Oportunidades y retos

17 Cybersecurity risk assessment method Good News… we know how to handle
80-90% can be solved by using best practices and standards Focus on Enterprise Education so companies understand total financial cyber risk Include all company in the Cyber Risk Framework Cybersecurity 2.0: Oportunidades y retos

18 Cybersecurity risk assessment methods – 5 Opps
Cybersecurity 2.0: Oportunidades y retos

19 Cybersecurity risk assessment methods – Crystal Ball: In the Year 2025 – 10 trends
PAST, PRESENT Cyber security is a young and immature field The attackers are more innovative than defenders Defenders are mired in FUD (fear, uncertainty and doubt) and fairy tales Attack back is illegal or classified FUTURE Cyber security will become a scientific discipline Cyber security will be application and technology centric Cyber security will never be “solved” but will be “managed” Attack back will be a integral part of cyber security Cybersecurity 2.0: Oportunidades y retos

20 Cybersecurity risk assessment methodsCrystal Ball: In the Year 2025 – 10 trends
Trends are categorized per objective: Key objective 1: Developing cyberdefence policy and capabilities Key objective 2: Achieving cyber resilience: develop capabilities and efficient cooperation within public and private sector Key objective 3: Reduce cybercrime Key Objective 4: Develop the industrial and technological resources for cybersecurity Key objective 5: Secure critical information infrastructure Cybersecurity 2.0: Oportunidades y retos

21 Cybersecurity risk assessment methodsCrystal Ball: In the Year 2025 – 10 trends
Key objective 6: Key technology initiatives Cryptographic methods and systems System emerging technologies Key objective 7: Security management and assurance Key objective 8: Cloud Computing Key objective 9: Citizen Facing Authentication Key objective 10: Government-wide Security Controls and Processes Cybersecurity 2.0: Oportunidades y retos

22 Why organizations have not kept pace
Years of underinvestment in certain areas has left many organizations unable to adequately adapt and respond to dynamic cyber risks. Board, Audit Committee, and Executive Leadership Engagement Business Alignment and Enablement Physical Security Operational Technology Security Insider Threat Secure Mobile and Cloud Computing Patch & Configuration Management Threat Intelligence Process and Technology Fundamentals Product & Service Security Notification and Disclosure Critical Asset Identification and Protection Threat Modeling & Scenario Planning Public/Private Information Sharing Risk and Impact Evaluation User Administration Privileged Access Management Resource Prioritization Technology Debt Management Global Security Operations Incident and Crisis Management Technology Adoption and Enablement Security Technology Rationalization Monitoring and Detection Breach Investigation and Response Security Culture and Mindset Ecosystem & Supply Chain Security Compliance Remediation consectetur adipiscing elit Security Strategy and Roadmap Security Program, Functions, Resources and Capabilities Process and Technology fundamentals – focus on IDM

23 Business Alignment and Enablement
Have you kept pace? Questions to consider when evaluating your ability to respond to the new challenges. Evaluate and improve effectiveness of existing processes and technologies Have you patched and upgraded your core platforms and technology? How are you securing new technology adoption and managing vulnerability with your legacy technology? Have you evolved your security architecture and associated processes? Understand the threats to your industry and your business Who are your adversaries and what are their motivations? What information are they targeting and what tactics are they using? How are you anticipating and adapting your strategy and controls? Identify, prioritize, and protect the assets most essential to the business Have you identified your most critical assets and know where they are stored and transmitted? How do you evaluate their value and impact to the business if compromised? Do you prioritize the protection of your crown jewels differently than other information assets? Board, Audit Committee, and Executive Leadership Engagement Business Alignment and Enablement Physical Security Operational Technology Security Insider Threat Secure Mobile and Cloud Computing Patch & Configuration Management Threat Intelligence Process and Technology Fundamentals Product & Service Security Notification and Disclosure Critical Asset Identification and Protection Threat Modeling & Scenario Planning Public/Private Information Sharing Risk and Impact Evaluation User Administration Privileged Access Management Resource Prioritization Technology Debt Management Global Security Operations Incident and Crisis Management Technology Adoption and Enablement Security Technology Rationalization Monitoring and Detection Breach Investigation and Response Security Culture and Mindset Ecosystem & Supply Chain Security Compliance Remediation consectetur adipiscing elit Enhance situational awareness to detect and respond to security events How are you gaining visibility into internal and external security events and activities? Are you applying correlation and analytics to identify patterns or exceptions? How do you timely and efficiently determine when to take action? Develop a cross-functional incident response plan for effective crisis management Have your business leaders undertaken cyberattack scenario planning? Do you have a defined cross functional structure, process and capability to respond? Are you enhancing and aligning your plan to ongoing business changes? Establish values and behaviors to create and promote security effectiveness How is leadership engaged and committed to addressing cyber risks facing the business? What sustained activities are in place to improve awareness and sensitivity to cyber risks? How have your business practices evolved to address the threats to your business? Security Strategy and Roadmap Security Program, Functions, Resources and Capabilities

24 Cybersecurity… Cybersecurity 2.0: Oportunidades y retos

25 Questions Cybersecurity 2.0: Oportunidades y retos

Download ppt "Cybersecurity 2.0: Oportunidades y Retos"

Similar presentations

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Getting Smarter with Information An Information Agenda Approach

Getting Smarter with Information An Information Agenda Approach
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks

Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
DRAFT 1 Belfast 2015 5 th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.

DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool

Similar presentations

Ads by Google