Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Agility: Creating a Multi-Disciplinary Framework

Published byJoana Marreiro Silva Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Agility: Creating a Multi-Disciplinary Framework"— Presentation transcript:

1 Security Agility: Creating a Multi-Disciplinary Framework
Presented By: Joseph A Juchniewicz, CRISC

2 “Organizations must assume their networks will be breached by cyber criminals and hackers.”
- Admiral Mike Rogers National Security Agency Director

3 Current Breaches

4 The Players Not deterred by normal barriers/non-opportunistic
Out to prove a point Perhaps the most dangerous opponent Individuals/Groups Steal personal information Extort victims Financial Gain

5 The Players Steal proprietary information Personal financial gain
Ideological reasons Nation state actors Steal sensitive state secrets (government) Steal propriety information (industry)

6 The Players Sabotage the computer systems Ideological reasons
National state-actors Gain advantage over their enemy Could be against government or corporation

7 Handicapping Factors Factors that handicap most company
The “bad guys” communicate better then us Stigma Brand name Consumer confidence Security is synonymous with the word “NO” Fines and credit monitoring Loss of jobs

8 Threat Vectors Threat vectors that affect the company
Weakest Link - the User

9 “Weakest Link” User Phishing Voice Phishing Mobil devices
Lack of education

10 Handicapping Factors Threat vectors that affect the company
Weakest Link - the User Lack of Sophistication

11 “Weakest Link”

12 Handicapping Factors Threat vectors that affect the company
Weakest Link - the User Lack of Sophistication Escalating number of zero-day attacks Complexity of attacks

13 “Defender Gap” Unchanged in 10 years.

14 Handicapping Factors Threat vectors that affect the company
Weakest Link - the User Lack of Sophistication Escalating number of zero-day attacks Complexity of attacks Older Attacks still work

15 It’s Difficult to Keep Up

16 Strategic Vision Move away from prevention
Technology irrelevance - Point solution Commoditization Vendor acquisition to create ‘solution sets’ The use of Multi-Disciplinary towards Detection and Elimination Integration of solutions – improved detection Identification and remediation focus Requires intelligence and rapid response Technology irrelevance - Point solution Commoditization Firewalls essentially commoditized by 2010 File sync/share commoditization now occurring

17 Execution – Create Agility
Test, Validate, Exercise, Review (REPEAT!!!) True test of agility IT War Games Build team cohesiveness and responsiveness Continued education and training

18 “There are risks and costs to any program of action – but they are far less than the long range cost of comfortable inaction.” – John F. Kennedy

19 Questions?

Download ppt "Security Agility: Creating a Multi-Disciplinary Framework"

Similar presentations

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
Wonga example Register Question- What risks do you think businesses face due to IT developments?

Wonga example Register Question- What risks do you think businesses face due to IT developments?
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Network Security Overview Ali Shayan 2008.08.06. Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.

Network Security Overview Ali Shayan Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.

Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Understanding the Threats of and Defenses Against Cyber Warfare.

Understanding the Threats of and Defenses Against Cyber Warfare.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Similar presentations

Ads by Google