Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lloyds 360 Risk Insight Dec 2010 Malcolm Harkins Malcolm Harkins Chief Information and Security Officer General Manager Intel Information Risk and Security.

Published byDina Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "Lloyds 360 Risk Insight Dec 2010 Malcolm Harkins Malcolm Harkins Chief Information and Security Officer General Manager Intel Information Risk and Security."— Presentation transcript:

1 Lloyds 360 Risk Insight Dec 2010 Malcolm Harkins Malcolm Harkins Chief Information and Security Officer General Manager Intel Information Risk and Security

2 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. BunnyPeople, Celeron, Celeron Inside, Centrino, Centrino logo, Core Inside, FlashFile, i960, InstantIP, Intel, Intel logo, Intel386, Intel486, Intel740, IntelDX2, IntelDX4, IntelSX2, Intel Core, Intel Inside, Intel Inside logo, Intel. Leap ahead., Intel. Leap ahead. logo, Intel NetBurst, Intel NetMerge, Intel NetStructure, Intel SingleDriver, Intel SpeedStep, Intel StrataFlash, Intel Viiv, Intel vPro, Intel XScale, IPLink, Itanium, Itanium Inside, MCS, MMX, Oplus, OverDrive, PDCharm, Pentium, Pentium Inside, skoool, Sound Mark, The Journey Inside, VTune, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright © 2009, Intel Corporation. All rights reserved.

3 “The Perfect Storm” Vulnerabilities Threats Controls Assets Business Impacts Confidentiality Integrity Availability which protect against exploit exposing to a loss of causing which are mitigated by increase reduce Assurance Identity Mgmt Which requires That increase the need for causing Legislation causing BusinessRisks

4 Intrusion Cycle SpywareSpamPhishing People Technology Adversary Hacker Group Organized Crime Cyber Militia Nation State Cyber Terrorism Tradecraft, Tools, Methods – not that different but the motivation and purpose can differ AssetsAssets The Web

5 Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources

6 Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources

7 Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources

8 Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on 4) Users want to click –If they are connected to the internet, people will click on things *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources

9 Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on 4) Users want to click –If they are connected to the internet, people will click on things 5) Even a security feature can be used for harm –Laws 2, 3, 4 even apply to security capabilities *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources

10 Irrefutable Laws of Information Security 1) Information wants to be free –People want to talk, post, and share 2) Code wants to be wrong –We will never have 100% error free s/w 3) Services want to be on –Some background processes will need to be on 4) Users want to click –If they are connected to the internet, people will click on things 5) Even a security feature can be used for harm –Laws 2, 3, 4 even apply to security capabilities Compromise is inevitable under any compute model Managing the risk and surviving is the key *Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources

11 So how do you manage the risk and survive? Infrastructure Protection Identity & Access Mgmt Security Business Intelligence Data Protection Predict Detect Respond Prevent Data Enclaving Risk Based Privileges Predictive Analytics Endpoint Protection Central Logging Service Data Correlation/Alerting Browser Security Training & Awareness

12 Granular Trust Enablement Multi-Level Trust

13 Key Messages  The world has changed, it’s no longer flat –Mobility and Collaboration is dissolving the internet border –Cloud Computing is dissolving the Data Center border –Consumerization will dissolve the enterprise border  The threat landscape is growing in complexity –Targeted intrusions and attacks leveraging wide-range of vulnerabilities and growing in sophistication –Government focus growing – “Industry can’t self-regulate”  The dynamic nature of the ecosystem requires a more fluid but more granular security model  Security investment needs to keep pace w/changing landscape Protect, Enable, and Manage the Risk

14

Download ppt "Lloyds 360 Risk Insight Dec 2010 Malcolm Harkins Malcolm Harkins Chief Information and Security Officer General Manager Intel Information Risk and Security."

Similar presentations

Software & Services Group Developer Products Division Copyright© 2011, Intel Corporation. All rights reserved. *Other brands and names are the property.

Software & Services Group Developer Products Division Copyright© 2011, Intel Corporation. All rights reserved. *Other brands and names are the property.
Ray Ozzie Chief Software Architect. Applications and Solutions Cloud Infrastructure Services Live Platform Services Global Foundation Services Services.

Ray Ozzie Chief Software Architect. Applications and Solutions Cloud Infrastructure Services Live Platform Services Global Foundation Services Services.
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Software & Services Group Developer Products Division Copyright© 2013, Intel Corporation. All rights reserved. *Other brands and names are the property.

Software & Services Group Developer Products Division Copyright© 2013, Intel Corporation. All rights reserved. *Other brands and names are the property.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.

Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
Controls for Information Security

Controls for Information Security
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
A Move Toward Agile APM: Application Performance Management Frank Ober, Performance Engineer June 2012.

A Move Toward Agile APM: Application Performance Management Frank Ober, Performance Engineer June 2012.
Yabin Liu Senior Program Manager Business Intelligence and Reporting.

Yabin Liu Senior Program Manager Business Intelligence and Reporting.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Scott Tucker Program Manager Customer and Loyalty.

Scott Tucker Program Manager Customer and Loyalty.
Software & Services Group, Developer Products Division Copyright © 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.

Software & Services Group, Developer Products Division Copyright © 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.
Intel - Public Get Rich or Get Thin: The Secure Client Jeff Moriarty, CISSP Security Program Manager Intel Information Risk and Security.

Intel - Public Get Rich or Get Thin: The Secure Client Jeff Moriarty, CISSP Security Program Manager Intel Information Risk and Security.

Similar presentations

Ads by Google