Download presentation
Presentation is loading. Please wait.
Published byDina Griffith Modified over 9 years ago
1
Lloyds 360 Risk Insight Dec 2010 Malcolm Harkins Malcolm Harkins Chief Information and Security Officer General Manager Intel Information Risk and Security
2
Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. BunnyPeople, Celeron, Celeron Inside, Centrino, Centrino logo, Core Inside, FlashFile, i960, InstantIP, Intel, Intel logo, Intel386, Intel486, Intel740, IntelDX2, IntelDX4, IntelSX2, Intel Core, Intel Inside, Intel Inside logo, Intel. Leap ahead., Intel. Leap ahead. logo, Intel NetBurst, Intel NetMerge, Intel NetStructure, Intel SingleDriver, Intel SpeedStep, Intel StrataFlash, Intel Viiv, Intel vPro, Intel XScale, IPLink, Itanium, Itanium Inside, MCS, MMX, Oplus, OverDrive, PDCharm, Pentium, Pentium Inside, skoool, Sound Mark, The Journey Inside, VTune, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright © 2009, Intel Corporation. All rights reserved.
3
“The Perfect Storm” Vulnerabilities Threats Controls Assets Business Impacts Confidentiality Integrity Availability which protect against exploit exposing to a loss of causing which are mitigated by increase reduce Assurance Identity Mgmt Which requires That increase the need for causing Legislation causing BusinessRisks
4
Intrusion Cycle SpywareSpamPhishing People Technology Adversary Hacker Group Organized Crime Cyber Militia Nation State Cyber Terrorism Tradecraft, Tools, Methods – not that different but the motivation and purpose can differ AssetsAssets The Web
5
Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
6
Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
7
Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
8
Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on 4) Users want to click –If they are connected to the internet, people will click on things *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
9
Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on 4) Users want to click –If they are connected to the internet, people will click on things 5) Even a security feature can be used for harm –Laws 2, 3, 4 even apply to security capabilities *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
10
Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on 4) Users want to click –If they are connected to the internet, people will click on things 5) Even a security feature can be used for harm –Laws 2, 3, 4 even apply to security capabilities Compromise is inevitable under any compute model Managing the risk and surviving is the key *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
11
So how do you manage the risk and survive? Infrastructure Protection Identity & Access Mgmt Security Business Intelligence Data Protection Predict Detect Respond Prevent Data Enclaving Risk Based Privileges Predictive Analytics Endpoint Protection Central Logging Service Data Correlation/Alerting Browser Security Training & Awareness
12
Granular Trust Enablement Multi-Level Trust
13
Key Messages The world has changed, it’s no longer flat –Mobility and Collaboration is dissolving the internet border –Cloud Computing is dissolving the Data Center border –Consumerization will dissolve the enterprise border The threat landscape is growing in complexity –Targeted intrusions and attacks leveraging wide-range of vulnerabilities and growing in sophistication –Government focus growing – “Industry can’t self-regulate” The dynamic nature of the ecosystem requires a more fluid but more granular security model Security investment needs to keep pace w/changing landscape Protect, Enable, and Manage the Risk
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.