Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISE Confidential - not for distribution THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013.

Published byMillicent Stevenson Modified over 9 years ago

Similar presentations

Presentation on theme: "ISE Confidential - not for distribution THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013."— Presentation transcript:

1 ISE Confidential - not for distribution THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013

2 Agenda ISE Confidential - not for distribution Objectives About ISE I. Security Separated from Functionality II. Black Box vs. White Box III. Secure Assets, Not Perimeters IV. “Build It In,” Not “Bolt It On” V. Security as Ongoing Process Q&A

3 Objectives ISE Confidential - not for distribution Analyze trending best practices Keep pace with the rapidly evolving adversaries Streamline resource and financial investment

4 About ISE ISE Confidential - not for distribution

5 About ISE ISE Confidential - not for distribution Analysts Fortune 500 Enterprises Media & Entertainment, Security Software, Healthcare, etc Customers White box Perspective Computer Scientists Ethical Hackers Research Recent: Browsers; Routers Upcoming: Digital Cinema; Hospital Pilot

6 I. Security Separated From Functionality ISE Confidential - not for distribution

7 I. Security Separated From Functionality ISE Confidential - not for distribution CONFLICT IS GOOD! There, I said it.

8 I. Security Separated From Functionality ISE Confidential - not for distribution

9 FunctionalitySecurity I. Security Separated From Functionality ISE Confidential - not for distribution I.T.

10 I. Security Separated From Functionality ISE Confidential - not for distribution

11 I. Security Separated From Functionality ISE Confidential - not for distribution

12 I. Security Separated From Functionality ISE Confidential - not for distribution

13 I. Security Separated From Functionality ISE Confidential - not for distribution Objective of Conflict Facilitate dialogue amongst teams to arrive at a usable system, on deadline, that entails an acceptable level of security protocols.

14 II. Black Box vs. White Box ISE Confidential - not for distribution

15 II. Black Box vs. White Box ISE Confidential - not for distribution Evaluation Types Penetration Test Vulnerability Assessment Methodologies Black Box White Box

16 II. Black Box vs. White Box ISE Confidential - not for distribution Black Box Perspective

17 II. Black Box vs. White Box ISE Confidential - not for distribution White Box Perspective

18 II. Black Box vs. White Box ISE Confidential - not for distribution

19 III. Secure Assets, Not Perimeters ISE Confidential - not for distribution

20 III. Secure Assets, Not Perimeters Traditional AttacksTraditional Defenses 20

21 III. Secure Assets, Not Perimeters 21 Modern Attacks

22 III. Secure Assets, Not Perimeters 22

23 IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution

24 IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution Determine Business & User Needs Requirements Define Architecture Design Coding Implementation System Testing Testing Customer Roll-out Deployment Resolve bugs Maintenance

25 IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution Determine Business & User Needs Create Threat Model Requirements Define Architecture Defense in Depth Design Coding Audit Code Implementation System Testing White Box Vulnerability Assessment Testing Customer Roll-out Configuration Guidance Deployment Resolve bugs Iteration Hardening Maintenance

26 IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution

27 IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution

28 V. Security as Ongoing Process ISE Confidential - not for distribution

29 V. Security as Ongoing Process ISE Confidential - not for distribution

30 V. Security as Ongoing Process ISE Confidential - not for distribution

31 V. Security as Ongoing Process ISE Confidential - not for distribution

32 V. Security as Ongoing Process ISE Confidential - not for distribution

33 Recap ISE Confidential - not for distribution I. Security Separated from Functionality II. Black Box vs. White Box III. Secure Assets, Not Perimeters IV. “Build It In”, Not “Bolt It On” V. Security as Ongoing Process Whitepaper forthcoming

34 Questions? ISE Confidential - not for distribution Ted Harrington Executive Partner ted.harrington@securityevaluators.com

Download ppt "ISE Confidential - not for distribution THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013."

Similar presentations

Testing and Quality Assurance

Testing and Quality Assurance
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
Comp 8130 Presentation Security Testing Group Members: U4266680 Hui Chen U4242754 Ming Chen U4266538 Xiaobin Wang.

Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.
Agile Testing with Testing Anywhere The road to automation need not be long.

Agile Testing with Testing Anywhere The road to automation need not be long.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
CORE 1: PROJECT MANAGEMENT Overview TECHNIQUES FOR MANAGING A PROJECT Communication Skills Active Listening Mirroring Paraphrasing Summarizing Clarifying.

CORE 1: PROJECT MANAGEMENT Overview TECHNIQUES FOR MANAGING A PROJECT Communication Skills Active Listening Mirroring Paraphrasing Summarizing Clarifying.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

Similar presentations

Ads by Google