SlideShare uma empresa Scribd logo

Csa summit la transformación digital y el nuevo rol del ciso

CSA Argentina
CSA Argentina

The document discusses the evolving role of the Chief Information Security Officer (CISO) in light of digital transformation trends like cloud computing, the Internet of Things, and mobile technology. It notes that CISOs now need to take a more strategic role focusing on skills development, adaptive security architectures, and extending security to new digital business models. The use of managed security services is also positioned as an opportunity for CISOs to help address skills shortages and the increasing complexity of securing modern IT infrastructures.

Tecnologia
1 de 35
Baixar para ler offline
Alexis Aguirre Security Director for LATAM BT Global Services Digital Revolution and The CISO’s new role
Social Mobile Internet of Things CloudAnalytics SMACIT
8 15Tr 6.2 Tr 2.7 Tr ~4.0 Tr 1.9 Tr 10 Tr We Are Here IoT value projections
9 Internet of Things (IoT) - Increasing convergence of operational technology (OT) and IT will drive consolidation of the industrial control system (ICS) security market, and the provider landscape is expected to evolve alongside this trend. • THREAT: Internal access to unconnected components (open ICSs to physical and wireless networks & devices) • THREAT: Exposure to external threats and cybercriminals‘ increased motivation and sophistication • High visibility and awareness of cyber threats to operational technology (OT) environments is expected to drive interest in security solutions • Market requirements are driving high-specialization platforms and a protocol- specific ecosystem deployed within OT. • ICS security is available at different levels of the technology stack, but network security-based approaches are predominant. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP Business development managers must take into account that technology capabilities are not enough for success. Partnerships and integration with operators and OT platform providers are key aspects to growing business. Gartner’s Take IoT could be an opportunity only with partnerships in the ICS market. But MSSPs don’t know the ICS market. Maybe there are special SOC requirements to explore? Internet of Things
10 Machine to machine communication: “The science imitates art”!
11 Security cannot and should not be an afterthought for IoT infrastructure. Manufacturers of endpoint devices and network connectivity need to factor security into their products. The vast majority of IoT devices are likely to be low-powered, with comparatively little on-board compute power. However, it is still too early to say exactly what damage could be caused by a hacker compromising several million of them. Products, services, and devices that can be connected using IoT – sensors, capital goods, connected home, connected car, industrial automation, wearables, healthcare. The current and pressing IoT security issues: • Passwords are often left as the default setting that all hackers know • Too much communication between IoT nodes and back-end systems is left in the clear rather than being encrypted. • Manufacturers embedding connectivity into their devices are doing so for the first time, and as such have never had to think about cyber security before. 2016 Security Trends in an evolving Security landscape IoT Security Challenge Because most will be mobile devices, one way to think of the challenge of IoT security is “mobile security on steroids”, with billions more devices to monitor and no end users to notify when a device has been compromised. Ovum’s Take Ovum sees a role for perimeter security vendors keeping malware out of IoT networks, but also for developers of identity management technology, as there will be a need to determine that a remote device has “gone rogue”. Trend: Next generation business systems: IoT and mobile security
12 IAM is not just about the security controls. The digital identity world is evolving and moving on. As such, business-focused IAM will be needed even more to support the complete lifecycle management requirements of business-to-consumer, business-to- employee, business-to-business, and business-to-privileged user interactions. • IAM must support business-to-consumer relationships • For provisioning access for employees, partners, and contractors, Privileged Identity Management (PIM) technology has an increasingly important role to play. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP Business-to-consumer relationships have many different stages across the lifecycle. IAM technology providers must acknowledge the reality of this situation. Combining the more traditional components of PIM with the use of analytical and forensic tools is increasingly seen as the way forward. Trend: IAM in the complete digital lifecycle Customer-focused IAM has to deliver on three key objectives: • Easing access and improving the customer experience. • Gathering information that benefits the business and its customers. • Maintaining appropriate levels of security. Privileged Identity Management • Historically PIM emphasis has been on hardening the password vault, session management, detection and monitoring. • The use of identity analytics and information intelligence to provide a more complete, enterprise-wide picture of privileged users and their activities.
13 For today’s digital businesses, identity and access management (IAM) involves far more than just provisioning and enforcing employee access to corporate resources. They now must govern access across a variety of populations, from employees to partners to customers. And they must protect corporate resources that may or may not live in the cloud. Vendors will provide more scalable, highly productized customer IAM offerings that will provide cross channel capabilities. • IAM budgets will increase at least 5% in 2016. Security decision-makers will finally dump home-grown IAM for commercial solutions. • As firms strive to improve CX, productized customer IAM solutions emerge. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP IAM is no longer just a boring back-office technology. With network security perimeters disappearing and data commerce flowing freely between companies, identity has become the No. 1 peg to hang access controls on when it comes to data protection, cloud workload access, and management of customer populations. Trend: Customers will boost IAM
14 The pervasive digital presence required nowadays means a convergence of security disciplines. Data security is key (confidentiality, integrity, and availability) Top Security Trends for 2016-17 Gartner, 2015, 2016 Security Disciplines Converge - Pervasive Digital Presence Opportunity for MSSP • Establish security governance and planning relationships with industrial counterparts • Improve cross- discipline procurement methods • Modify security architecture to reflect all layers • Investigate changes in security management and operations to accommodate convergence
15 In the middle of all this revolution, what is the new role of the CISO (Chief Information Security Officer)?
16 How CISOs Spend their Time Poneman Institute, 2014 While asked to be thinkers and leaders, CISOs still spend a lot of time with monitoring, policy management, incident management
17 Barriers to CISO Success Many of these hurdles can be addressed by a efficient MSSP Poneman Institute, 2014
18 Know the Different Types of CISOs Evolution of the CISO • Technology oriented • Focused on the infrastructure – firewall, IPS, IDS • Likes “silver bullet” technology (i.e. FireEye) • Likely reports to CIO in a non-strategic role • Relationship with CIO may be complicated • High potential for being made a scapegoat Tactical CISO • Has moved up the IT organization • Very technical, narrow mindset • Focused on the infrastructure – firewall, IPS, IDS • Does not have a seat at the leadership table. • Their management may not view security as a strategic asset • High potential for being made a scapegoat IT Manager in charge of Security Strategic CISO • Fortune 500 • Leadership table • Seeks visibility • Internally focused • Collaborative • Forward thinking • Trusts big vendors • Favors MSS • Considers alternatives • Relationship-driven • Knows their vertical • Knows their value chain • C-level relationships could be more strategic • Likes trusted advisors • Can survive an attack Transformational CISO • Fortune 500 • Transformational leader • Security positioning helps win business • Helps define brand • Seeks visibility • Externally focused • Collaborative • Digital transformation • Favors outsourcing • Knows their vertical • Knows their value chain • C-level relationships to understand IT goals, strategies, visions • Does own research • Trusts their gut • Can survive an attack 1 2 30
19 The C-Suite Relationships Around the CISO CISOCIO CFO CEO The CEO needs to hear directly, and frequently, about RISK. CTO This trio is excellent at avoiding breaches and data loss by investing in and implementing cutting-edge technologies Legal HR This trio possesses an extensive knowledge base that helps the CISO improve security practices (through financial transactions, compliance and culture), obviate losses due to a breach or incident and translates metrics into business results. Finance, Legal, HR Information & Technology COO This trio brings more value to the business by enhancing its security program and risk processes, minimizing operational downtime and integrating security metrics with business risk measurements. CRO Chief Risk Officer Operations & Risk Value of an MSSP MSSPs This marketing executive is typically focused on the use of the Web, such as email campaigns, mobile app development, website updates, blogs and SEO … email is the most common attack vector. CMO Marketing Note: The CTO owns the company’s technology strategy; communicates this to partners and customers. The CEO and CISO should be best friends. They rarely speak about security but rather about business imperatives. CIOs themselves are either tactical, strategic, or transformational – which affects their relationship with the CISO
20 The Dynamic Between the CIO, the CISO, and the CEO CIO The CIO and CISO can have a complicated relationship, with competing agendas, often involving C-Level turf. Using a football analogy, the CIO is the Offensive Coordinator (increasing efficiencies, access, and resiliency). Activities are aligned to business strategy. CISO Using a football analogy, the CISO is the Defensive Coordinator (improve security and risk management across all operational silos)…BUT IN ADDITION…CISOs are in need of a mandate befitting an executive with more far-reaching responsibilities. The best scenario is to report to the COO or CEO. IDC reports in a 2015 security executives survey (n=269), that 65% of CISOs today report to the CEO. However, Gartner reports that most CISOs still report to the CIO or the IT department. In spite of this discrepancy, reporting to the CEO is a growing trend, especially if the CISO has previous experience as a CISO elsewhere. The CIO and the CISO are both increasingly strategic and both want and need the attention of the CEO. Include key decision influencers in the IT & Security staff – focus on three groups: architects, users, and senior executives and sell accordingly. CEO CIO CISO Digital Business Strategy Risk BOARD SecurityIT Security Budget Control ResilienceResilience Efficiency
21 How to become a strategic or transformational CISO?
22 Assess the most critical Impacts of cloud, IoT, Digital Business and generate the necessary skills Top Security Trends for 2016-17 Gartner, 2015, 2016 Find Security People & Skills – IoT, Cloud, Digital Business Opportunity for MSSP • Build a long-term IT security workforce plan reflecting digital business • Shift roles to coaching and developing • Develop high potential specialists into versatilists. • Seek versatilists to better execute the organization digital business strategy. • Mix traditional and agile recruitment techniques to fill skill gaps. • Continuous skills development.
23 Develop an Adaptive Security Architecture. Utilize intelligence platforms to allow you to visualize, correlate, and gain context. Top Security Trends for 2016-17 Gartner, 2015, 2016 Embrace Adaptive Security – Software-defined everything / architecture Opportunity for MSSP • Shift security mindset from "incident response" to "continuous response" • invest in detection, response and predictive capabilities • Favor context-aware network, endpoint and application security protection • Develop a security operations center • Architect for continuous monitoring at all layers of the IT stack
24 Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize segmentation and access initially. Top Security Trends for 2016-17 Gartner, 2015, 2016 Extend Security for Pervasive Digital Business – IoT, IAM Opportunity for MSSP Security requirements –Policy management, enforcement –Monitoring, detection and response –Access control and management –Protect data, apps, network, platform Key challenges –Scale –Diversity (age and type) –Function –Regulation –Privacy –Standardization
25 Social media is an important — and therefore risky — engagement channel for organizations. The possibility of mistakes and malicious behavior fuels the risk of exposing data, eroding the brand or otherwise hurting the company’s top line. Social Media Trends • Social Media platforms will be prioritized: FB, Twitter, Instagram, Vine, etc • Focus on branded communities and blogs to build relationships • Customer touchpoints (customer service) will extend to the social platforms • Social platform ads will grow as media teams manage this marketing spend • Listening and relationship platforms will merge • Better crisis detection tools will make social less risky Opportunity: Marketing and risk pros alike will take advantage of advanced early warning monitoring systems and new analytics techniques to identify potential social risk events and automate response actions more effectively. 2016 Security Trends in an evolving Security landscape Trend: Social Media Risk Opportunity for MSSP A risk perspective is sorely missing from the way corporations operate their digital presence today. In 2016, risk pros need to get more involved in helping monitor digital risk environments to mitigate digital and physical risks and to better protect the brand. Forrester’s Take Security must work with marketing and business leaders to form a shared understanding of the most critical aspects of the company brand and its vulnerabilities
26 Cloud apps are a challenge and an opportunity. The mobilization of enterprise employees and the expanding trend toward teleworking, remote working has resulted in an explosion of new cloud applications, The apps are often not selected not by the company but by the employee. This so-called “shadow IT” phenomenon obviously puts corporate data at risk. A group of vendors has emerged delivering visibility into shadow IT: • SkyHigh and Netskope offer corporate IT departments with an enterprise-wide view of cloud applications employees use to do their work. • CipherCloud, Bitglass, Protegrity, and Vormetric focus on enabling control of what happens to data that is going into cloud applications the IT department has authorized for employee use, imposing obfuscation techniques such as encryption and tokenization. • Technology analysts have put both groups of vendors into an overarching category called Cloud Access Security Brokers (CASB). IBM has already launched CASB functionality coupled with identity management in a single box. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP Corporate IT departments need to regain control by obtaining an enterprise- wide view of what cloud applications employees are accessing. Ovum’s Take During 2016, CASB functionality may well end up being integrated into broader technology offerings such as secure web gateways, as well as being paired with other key security capabilities. Trend: Protect Business Data in the Cloud
27 Cloud Access Security Broker (CASB) Technology
28 By 2020, over half of Web security revenue will be coming from cloud based offerings versus traditional on-premisegateway. 2016 Security Trends in an evolving Security landscape Growth in cloud-based web security
29 By the End of 2017, 60% of Enterprises Will Rely on Third-Party Management of Their Security Infrastructure. Security requires a heavy investment in people, process, and tools. Two of the biggest obstacles that enterprises encounter are the lack of skilled in- house security experts and the high cost of building an effective security team. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP A broad portfolio of managed security services fits this scenario well into the foreseeable future Managed Security Services will Thrive Associated Drivers • Disruption: Accelerating business disruption from digital transformation • Digitization: Escalating digitization and accessibility of vast amounts of data • Cloud life: The merging of real life with digital identity • Intelligences /Analytics: An interconnected, informed, interactive, intrusive, intelligent, and cognitive ecosystem • Talent quest: High demand for next-generation business/IT skills — scarce supply IT Impact • Distributed, loosely coupled next-gen architectures make securing the IT infrastructure more complex. • Greater use of analytics moves security management to a more predictive state. • Enterprises want IT security to enable innovation, not hinder it.
30 • MSS market growing at 10% globally. 2 x drivers: • People and skills shortage: • 30-50% Security jobs can’t be filled. Increased need for automation. • Security spending: • Today average ~10% of IT budget, 80% of this for defending perimeter • By 2021, spending on defending perimeter will be <50%, 50% + will be spent to detect and respond • We will see a shift in how Security is deployed to embrace the cloud: • AWS, Google and Microsoft will start to bake in Security services soon – they will disrupt the market • Market is moving to continuously analyse user and entity behaviour – building up individual behavioural patterns for people and things to see small anomalies which are outside of ordinary. Key market insight shared by Gartner 51% 31% 10% 8% Today 29% 35% 18% 12% 4% 2% In next three years On-premise Private cloud Public cloud Hosted private cloud No plan to upgrade Don’t know
31 What does “Success” Look Like for a Strategic or Transformational CISO? Maturity of Security Program Control Coverage & Maturity Processes Documented Technology & Automation Adoption Operational Resilience Risk Management Employee Education Compliance Outcomes Communication & Collaboration Strategic Influence Board & Executive Sponsorships Key Partnerships with CEO and CIO Seat at the Executive Table Addresses Vertical Sector Challenges Articulates Risk Marries Strategic Vision with Security Vision Security Budget for Reducing Future Risks Strong Organizational Network Subject Matter Experts IT Department Relationships Empowers the Enterprise Key Partnerships with CEO, CIO, CRO, SVPs, GMs, LoB Managers Cross Functional Team Relationships Security Team Relationships Vendors & MSSPs Professional Strengths Understands Internal Environment and Value Chain CISO Peer Relationships Leadership Style & Philosophy Supported by CEO Emotional Intelligence Technical Curiosity Analytical Skills Vertical Sector Knowledge Strategic CISO Success Forward Thinking New HiresCollaboration Executive Education Facilitate CISO Success
32 Last question: Who is BT?
33
34 BT Security 34 BT Security - one of the world's 10 best cyber security companies in 2016 http://goo.gl/GPv6Yt BT Security, a division of British Telecommunications Plc (BT), a subsidiary of BT Group, broke new ground in the situational awareness market in 2015 with the launch of its BT Assure Cyber service. The platform combines cutting edge risk analysis and cyber threat detection and prevention tools with BT’s security experts, its partners who add their own services, and a managed services model for corporations and government agencies globally. The cost of data breaches are expected to quadruple and reach $2 trillion by 2019, according to Juniper Research. BT’s Cyber Assure alongside its other security products and services positions BT Security as the top listed international (non-U.S) company on the Cyber Top 10.
bt.com/globalservices

Recomendados

Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavisCSA Argentina
 
Csa summit seguridad en el sddc
Csa summit seguridad en el sddcCsa summit seguridad en el sddc
Csa summit seguridad en el sddcCSA Argentina
 
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...CSA Argentina
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 

Recomendados

Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavisCSA Argentina
 
Csa summit seguridad en el sddc
Csa summit seguridad en el sddcCsa summit seguridad en el sddc
Csa summit seguridad en el sddcCSA Argentina
 
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...CSA Argentina
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business CaseEnterprise Technology Management (ETM)
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBECristian Garcia G.
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
The value of our data
The value of our dataThe value of our data
The value of our dataEnterpriseGRC Solutions, Inc.
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 
Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...
Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...
Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...Gestión de la Calidad de UTN BA
 
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud Csa summit el circulo de la confianza entre el cliente y el proveedor cloud
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud CSA Argentina
 

Mais conteúdo relacionado

Mais procurados

5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBECristian Garcia G.
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 

Mais procurados (20)

Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
 

Destaque

Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...
Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...
Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...Gestión de la Calidad de UTN BA
 
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud Csa summit el circulo de la confianza entre el cliente y el proveedor cloud
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud CSA Argentina
 
Csa summit presentacion crozono
Csa summit presentacion crozonoCsa summit presentacion crozono
Csa summit presentacion crozonoCSA Argentina
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
Csa summit cloud security. tendencias de mercado
Csa summit cloud security. tendencias de mercadoCsa summit cloud security. tendencias de mercado
Csa summit cloud security. tendencias de mercadoCSA Argentina
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT ProcessesNatarajan V
 

Destaque (6)

Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...
Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...
Seguridad de la Información - IV Congreso Nacional de Sistemas de Gestión y ...
 
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud Csa summit el circulo de la confianza entre el cliente y el proveedor cloud
Csa summit el circulo de la confianza entre el cliente y el proveedor cloud
 
Csa summit presentacion crozono
Csa summit presentacion crozonoCsa summit presentacion crozono
Csa summit presentacion crozono
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
Csa summit cloud security. tendencias de mercado
Csa summit cloud security. tendencias de mercadoCsa summit cloud security. tendencias de mercado
Csa summit cloud security. tendencias de mercado
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT Processes
 

Semelhante a Csa summit la transformación digital y el nuevo rol del ciso

New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence reportSimon Clements FIRP DipRP
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
CIOs and Cybersecurity Safeguarding the Digital Frontier
CIOs and Cybersecurity Safeguarding the Digital FrontierCIOs and Cybersecurity Safeguarding the Digital Frontier
CIOs and Cybersecurity Safeguarding the Digital Frontierwilliamshakes1
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBookPablo Junco
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-securityskumartarget
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportAccenture Technology
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itAvancercorp
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economyaccenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmPriyanka Aash
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondNandita Nityanandam
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017Bill Chamberlin
 

Semelhante a Csa summit la transformación digital y el nuevo rol del ciso (20)

New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence report
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
CIOs and Cybersecurity Safeguarding the Digital Frontier
CIOs and Cybersecurity Safeguarding the Digital FrontierCIOs and Cybersecurity Safeguarding the Digital Frontier
CIOs and Cybersecurity Safeguarding the Digital Frontier
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBook
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive Report
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid it
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economy
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security Services
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security Services
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017
 

Mais de CSA Argentina

7o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v2
7o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v27o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v2
7o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v2CSA Argentina
 
Cloud native y donde esta el piloto
Cloud native y donde esta el pilotoCloud native y donde esta el piloto
Cloud native y donde esta el pilotoCSA Argentina
 
Iam dev secops the infinity loop saga
Iam dev secops the infinity loop sagaIam dev secops the infinity loop saga
Iam dev secops the infinity loop sagaCSA Argentina
 
Presentacion DevSecOps Argentina
Presentacion DevSecOps ArgentinaPresentacion DevSecOps Argentina
Presentacion DevSecOps ArgentinaCSA Argentina
 
Revista CSA LATAM FORUM 2019
Revista CSA LATAM FORUM 2019Revista CSA LATAM FORUM 2019
Revista CSA LATAM FORUM 2019CSA Argentina
 
Cloud security adoption sophos
Cloud security adoption sophosCloud security adoption sophos
Cloud security adoption sophosCSA Argentina
 
CSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPECSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPECSA Argentina
 
Hardening usuarios smartfense
Hardening usuarios smartfenseHardening usuarios smartfense
Hardening usuarios smartfenseCSA Argentina
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecCSA Argentina
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0CSA Argentina
 
2018 cyberark evento cloud
2018 cyberark evento cloud2018 cyberark evento cloud
2018 cyberark evento cloudCSA Argentina
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCSA Argentina
 
Csa Summit 2017 - Managing multicloud environments
Csa Summit 2017 - Managing multicloud environmentsCsa Summit 2017 - Managing multicloud environments
Csa Summit 2017 - Managing multicloud environmentsCSA Argentina
 
Csa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos CloudCsa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos CloudCSA Argentina
 
Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...
Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...
Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...CSA Argentina
 
Csa Summit 2017 - Csa Star for dummies
Csa Summit 2017 - Csa Star for dummiesCsa Summit 2017 - Csa Star for dummies
Csa Summit 2017 - Csa Star for dummiesCSA Argentina
 
CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...
CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...
CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...CSA Argentina
 
UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTEUNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTECSA Argentina
 
SECURITY AS A WAR - Infosecurity 2015
SECURITY AS A WAR - Infosecurity 2015SECURITY AS A WAR - Infosecurity 2015
SECURITY AS A WAR - Infosecurity 2015CSA Argentina
 
CIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
CIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTECIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
CIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTECSA Argentina
 

Mais de CSA Argentina (20)

7o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v2
7o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v27o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v2
7o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v2
 
Cloud native y donde esta el piloto
Cloud native y donde esta el pilotoCloud native y donde esta el piloto
Cloud native y donde esta el piloto
 
Iam dev secops the infinity loop saga
Iam dev secops the infinity loop sagaIam dev secops the infinity loop saga
Iam dev secops the infinity loop saga
 
Presentacion DevSecOps Argentina
Presentacion DevSecOps ArgentinaPresentacion DevSecOps Argentina
Presentacion DevSecOps Argentina
 
Revista CSA LATAM FORUM 2019
Revista CSA LATAM FORUM 2019Revista CSA LATAM FORUM 2019
Revista CSA LATAM FORUM 2019
 
Cloud security adoption sophos
Cloud security adoption sophosCloud security adoption sophos
Cloud security adoption sophos
 
CSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPECSA LATAM FORUM - NETSKOPE
CSA LATAM FORUM - NETSKOPE
 
Hardening usuarios smartfense
Hardening usuarios smartfenseHardening usuarios smartfense
Hardening usuarios smartfense
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0
 
2018 cyberark evento cloud
2018 cyberark evento cloud2018 cyberark evento cloud
2018 cyberark evento cloud
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nube
 
Csa Summit 2017 - Managing multicloud environments
Csa Summit 2017 - Managing multicloud environmentsCsa Summit 2017 - Managing multicloud environments
Csa Summit 2017 - Managing multicloud environments
 
Csa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos CloudCsa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos Cloud
 
Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...
Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...
Csa Summit 2017 - Obteniendo información de tu organización a través de aplic...
 
Csa Summit 2017 - Csa Star for dummies
Csa Summit 2017 - Csa Star for dummiesCsa Summit 2017 - Csa Star for dummies
Csa Summit 2017 - Csa Star for dummies
 
CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...
CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...
CSA Summit 2017 - Infraestructuras Ágiles y Delivery Continuo, del testing ma...
 
UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTEUNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
 
SECURITY AS A WAR - Infosecurity 2015
SECURITY AS A WAR - Infosecurity 2015SECURITY AS A WAR - Infosecurity 2015
SECURITY AS A WAR - Infosecurity 2015
 
CIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
CIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTECIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
CIBER 2015 UNDER THE DOME - SEGURIDAD SI, PERO TRANSPARENTE
 

Último

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Csa summit la transformación digital y el nuevo rol del ciso

  • 1. Alexis Aguirre Security Director for LATAM BT Global Services Digital Revolution and The CISO’s new role
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 8. 8 15Tr 6.2 Tr 2.7 Tr ~4.0 Tr 1.9 Tr 10 Tr We Are Here IoT value projections
  • 9. 9 Internet of Things (IoT) - Increasing convergence of operational technology (OT) and IT will drive consolidation of the industrial control system (ICS) security market, and the provider landscape is expected to evolve alongside this trend. • THREAT: Internal access to unconnected components (open ICSs to physical and wireless networks & devices) • THREAT: Exposure to external threats and cybercriminals‘ increased motivation and sophistication • High visibility and awareness of cyber threats to operational technology (OT) environments is expected to drive interest in security solutions • Market requirements are driving high-specialization platforms and a protocol- specific ecosystem deployed within OT. • ICS security is available at different levels of the technology stack, but network security-based approaches are predominant. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP Business development managers must take into account that technology capabilities are not enough for success. Partnerships and integration with operators and OT platform providers are key aspects to growing business. Gartner’s Take IoT could be an opportunity only with partnerships in the ICS market. But MSSPs don’t know the ICS market. Maybe there are special SOC requirements to explore? Internet of Things
  • 10. 10 Machine to machine communication: “The science imitates art”!
  • 11. 11 Security cannot and should not be an afterthought for IoT infrastructure. Manufacturers of endpoint devices and network connectivity need to factor security into their products. The vast majority of IoT devices are likely to be low-powered, with comparatively little on-board compute power. However, it is still too early to say exactly what damage could be caused by a hacker compromising several million of them. Products, services, and devices that can be connected using IoT – sensors, capital goods, connected home, connected car, industrial automation, wearables, healthcare. The current and pressing IoT security issues: • Passwords are often left as the default setting that all hackers know • Too much communication between IoT nodes and back-end systems is left in the clear rather than being encrypted. • Manufacturers embedding connectivity into their devices are doing so for the first time, and as such have never had to think about cyber security before. 2016 Security Trends in an evolving Security landscape IoT Security Challenge Because most will be mobile devices, one way to think of the challenge of IoT security is “mobile security on steroids”, with billions more devices to monitor and no end users to notify when a device has been compromised. Ovum’s Take Ovum sees a role for perimeter security vendors keeping malware out of IoT networks, but also for developers of identity management technology, as there will be a need to determine that a remote device has “gone rogue”. Trend: Next generation business systems: IoT and mobile security
  • 12. 12 IAM is not just about the security controls. The digital identity world is evolving and moving on. As such, business-focused IAM will be needed even more to support the complete lifecycle management requirements of business-to-consumer, business-to- employee, business-to-business, and business-to-privileged user interactions. • IAM must support business-to-consumer relationships • For provisioning access for employees, partners, and contractors, Privileged Identity Management (PIM) technology has an increasingly important role to play. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP Business-to-consumer relationships have many different stages across the lifecycle. IAM technology providers must acknowledge the reality of this situation. Combining the more traditional components of PIM with the use of analytical and forensic tools is increasingly seen as the way forward. Trend: IAM in the complete digital lifecycle Customer-focused IAM has to deliver on three key objectives: • Easing access and improving the customer experience. • Gathering information that benefits the business and its customers. • Maintaining appropriate levels of security. Privileged Identity Management • Historically PIM emphasis has been on hardening the password vault, session management, detection and monitoring. • The use of identity analytics and information intelligence to provide a more complete, enterprise-wide picture of privileged users and their activities.
  • 13. 13 For today’s digital businesses, identity and access management (IAM) involves far more than just provisioning and enforcing employee access to corporate resources. They now must govern access across a variety of populations, from employees to partners to customers. And they must protect corporate resources that may or may not live in the cloud. Vendors will provide more scalable, highly productized customer IAM offerings that will provide cross channel capabilities. • IAM budgets will increase at least 5% in 2016. Security decision-makers will finally dump home-grown IAM for commercial solutions. • As firms strive to improve CX, productized customer IAM solutions emerge. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP IAM is no longer just a boring back-office technology. With network security perimeters disappearing and data commerce flowing freely between companies, identity has become the No. 1 peg to hang access controls on when it comes to data protection, cloud workload access, and management of customer populations. Trend: Customers will boost IAM
  • 14. 14 The pervasive digital presence required nowadays means a convergence of security disciplines. Data security is key (confidentiality, integrity, and availability) Top Security Trends for 2016-17 Gartner, 2015, 2016 Security Disciplines Converge - Pervasive Digital Presence Opportunity for MSSP • Establish security governance and planning relationships with industrial counterparts • Improve cross- discipline procurement methods • Modify security architecture to reflect all layers • Investigate changes in security management and operations to accommodate convergence
  • 15. 15 In the middle of all this revolution, what is the new role of the CISO (Chief Information Security Officer)?
  • 16. 16 How CISOs Spend their Time Poneman Institute, 2014 While asked to be thinkers and leaders, CISOs still spend a lot of time with monitoring, policy management, incident management
  • 17. 17 Barriers to CISO Success Many of these hurdles can be addressed by a efficient MSSP Poneman Institute, 2014
  • 18. 18 Know the Different Types of CISOs Evolution of the CISO • Technology oriented • Focused on the infrastructure – firewall, IPS, IDS • Likes “silver bullet” technology (i.e. FireEye) • Likely reports to CIO in a non-strategic role • Relationship with CIO may be complicated • High potential for being made a scapegoat Tactical CISO • Has moved up the IT organization • Very technical, narrow mindset • Focused on the infrastructure – firewall, IPS, IDS • Does not have a seat at the leadership table. • Their management may not view security as a strategic asset • High potential for being made a scapegoat IT Manager in charge of Security Strategic CISO • Fortune 500 • Leadership table • Seeks visibility • Internally focused • Collaborative • Forward thinking • Trusts big vendors • Favors MSS • Considers alternatives • Relationship-driven • Knows their vertical • Knows their value chain • C-level relationships could be more strategic • Likes trusted advisors • Can survive an attack Transformational CISO • Fortune 500 • Transformational leader • Security positioning helps win business • Helps define brand • Seeks visibility • Externally focused • Collaborative • Digital transformation • Favors outsourcing • Knows their vertical • Knows their value chain • C-level relationships to understand IT goals, strategies, visions • Does own research • Trusts their gut • Can survive an attack 1 2 30
  • 19. 19 The C-Suite Relationships Around the CISO CISOCIO CFO CEO The CEO needs to hear directly, and frequently, about RISK. CTO This trio is excellent at avoiding breaches and data loss by investing in and implementing cutting-edge technologies Legal HR This trio possesses an extensive knowledge base that helps the CISO improve security practices (through financial transactions, compliance and culture), obviate losses due to a breach or incident and translates metrics into business results. Finance, Legal, HR Information & Technology COO This trio brings more value to the business by enhancing its security program and risk processes, minimizing operational downtime and integrating security metrics with business risk measurements. CRO Chief Risk Officer Operations & Risk Value of an MSSP MSSPs This marketing executive is typically focused on the use of the Web, such as email campaigns, mobile app development, website updates, blogs and SEO … email is the most common attack vector. CMO Marketing Note: The CTO owns the company’s technology strategy; communicates this to partners and customers. The CEO and CISO should be best friends. They rarely speak about security but rather about business imperatives. CIOs themselves are either tactical, strategic, or transformational – which affects their relationship with the CISO
  • 20. 20 The Dynamic Between the CIO, the CISO, and the CEO CIO The CIO and CISO can have a complicated relationship, with competing agendas, often involving C-Level turf. Using a football analogy, the CIO is the Offensive Coordinator (increasing efficiencies, access, and resiliency). Activities are aligned to business strategy. CISO Using a football analogy, the CISO is the Defensive Coordinator (improve security and risk management across all operational silos)…BUT IN ADDITION…CISOs are in need of a mandate befitting an executive with more far-reaching responsibilities. The best scenario is to report to the COO or CEO. IDC reports in a 2015 security executives survey (n=269), that 65% of CISOs today report to the CEO. However, Gartner reports that most CISOs still report to the CIO or the IT department. In spite of this discrepancy, reporting to the CEO is a growing trend, especially if the CISO has previous experience as a CISO elsewhere. The CIO and the CISO are both increasingly strategic and both want and need the attention of the CEO. Include key decision influencers in the IT & Security staff – focus on three groups: architects, users, and senior executives and sell accordingly. CEO CIO CISO Digital Business Strategy Risk BOARD SecurityIT Security Budget Control ResilienceResilience Efficiency
  • 21. 21 How to become a strategic or transformational CISO?
  • 22. 22 Assess the most critical Impacts of cloud, IoT, Digital Business and generate the necessary skills Top Security Trends for 2016-17 Gartner, 2015, 2016 Find Security People & Skills – IoT, Cloud, Digital Business Opportunity for MSSP • Build a long-term IT security workforce plan reflecting digital business • Shift roles to coaching and developing • Develop high potential specialists into versatilists. • Seek versatilists to better execute the organization digital business strategy. • Mix traditional and agile recruitment techniques to fill skill gaps. • Continuous skills development.
  • 23. 23 Develop an Adaptive Security Architecture. Utilize intelligence platforms to allow you to visualize, correlate, and gain context. Top Security Trends for 2016-17 Gartner, 2015, 2016 Embrace Adaptive Security – Software-defined everything / architecture Opportunity for MSSP • Shift security mindset from "incident response" to "continuous response" • invest in detection, response and predictive capabilities • Favor context-aware network, endpoint and application security protection • Develop a security operations center • Architect for continuous monitoring at all layers of the IT stack
  • 24. 24 Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize segmentation and access initially. Top Security Trends for 2016-17 Gartner, 2015, 2016 Extend Security for Pervasive Digital Business – IoT, IAM Opportunity for MSSP Security requirements –Policy management, enforcement –Monitoring, detection and response –Access control and management –Protect data, apps, network, platform Key challenges –Scale –Diversity (age and type) –Function –Regulation –Privacy –Standardization
  • 25. 25 Social media is an important — and therefore risky — engagement channel for organizations. The possibility of mistakes and malicious behavior fuels the risk of exposing data, eroding the brand or otherwise hurting the company’s top line. Social Media Trends • Social Media platforms will be prioritized: FB, Twitter, Instagram, Vine, etc • Focus on branded communities and blogs to build relationships • Customer touchpoints (customer service) will extend to the social platforms • Social platform ads will grow as media teams manage this marketing spend • Listening and relationship platforms will merge • Better crisis detection tools will make social less risky Opportunity: Marketing and risk pros alike will take advantage of advanced early warning monitoring systems and new analytics techniques to identify potential social risk events and automate response actions more effectively. 2016 Security Trends in an evolving Security landscape Trend: Social Media Risk Opportunity for MSSP A risk perspective is sorely missing from the way corporations operate their digital presence today. In 2016, risk pros need to get more involved in helping monitor digital risk environments to mitigate digital and physical risks and to better protect the brand. Forrester’s Take Security must work with marketing and business leaders to form a shared understanding of the most critical aspects of the company brand and its vulnerabilities
  • 26. 26 Cloud apps are a challenge and an opportunity. The mobilization of enterprise employees and the expanding trend toward teleworking, remote working has resulted in an explosion of new cloud applications, The apps are often not selected not by the company but by the employee. This so-called “shadow IT” phenomenon obviously puts corporate data at risk. A group of vendors has emerged delivering visibility into shadow IT: • SkyHigh and Netskope offer corporate IT departments with an enterprise-wide view of cloud applications employees use to do their work. • CipherCloud, Bitglass, Protegrity, and Vormetric focus on enabling control of what happens to data that is going into cloud applications the IT department has authorized for employee use, imposing obfuscation techniques such as encryption and tokenization. • Technology analysts have put both groups of vendors into an overarching category called Cloud Access Security Brokers (CASB). IBM has already launched CASB functionality coupled with identity management in a single box. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP Corporate IT departments need to regain control by obtaining an enterprise- wide view of what cloud applications employees are accessing. Ovum’s Take During 2016, CASB functionality may well end up being integrated into broader technology offerings such as secure web gateways, as well as being paired with other key security capabilities. Trend: Protect Business Data in the Cloud
  • 27. 27 Cloud Access Security Broker (CASB) Technology
  • 28. 28 By 2020, over half of Web security revenue will be coming from cloud based offerings versus traditional on-premisegateway. 2016 Security Trends in an evolving Security landscape Growth in cloud-based web security
  • 29. 29 By the End of 2017, 60% of Enterprises Will Rely on Third-Party Management of Their Security Infrastructure. Security requires a heavy investment in people, process, and tools. Two of the biggest obstacles that enterprises encounter are the lack of skilled in- house security experts and the high cost of building an effective security team. 2016 Security Trends in an evolving Security landscape Opportunity for MSSP A broad portfolio of managed security services fits this scenario well into the foreseeable future Managed Security Services will Thrive Associated Drivers • Disruption: Accelerating business disruption from digital transformation • Digitization: Escalating digitization and accessibility of vast amounts of data • Cloud life: The merging of real life with digital identity • Intelligences /Analytics: An interconnected, informed, interactive, intrusive, intelligent, and cognitive ecosystem • Talent quest: High demand for next-generation business/IT skills — scarce supply IT Impact • Distributed, loosely coupled next-gen architectures make securing the IT infrastructure more complex. • Greater use of analytics moves security management to a more predictive state. • Enterprises want IT security to enable innovation, not hinder it.
  • 30. 30 • MSS market growing at 10% globally. 2 x drivers: • People and skills shortage: • 30-50% Security jobs can’t be filled. Increased need for automation. • Security spending: • Today average ~10% of IT budget, 80% of this for defending perimeter • By 2021, spending on defending perimeter will be <50%, 50% + will be spent to detect and respond • We will see a shift in how Security is deployed to embrace the cloud: • AWS, Google and Microsoft will start to bake in Security services soon – they will disrupt the market • Market is moving to continuously analyse user and entity behaviour – building up individual behavioural patterns for people and things to see small anomalies which are outside of ordinary. Key market insight shared by Gartner 51% 31% 10% 8% Today 29% 35% 18% 12% 4% 2% In next three years On-premise Private cloud Public cloud Hosted private cloud No plan to upgrade Don’t know
  • 31. 31 What does “Success” Look Like for a Strategic or Transformational CISO? Maturity of Security Program Control Coverage & Maturity Processes Documented Technology & Automation Adoption Operational Resilience Risk Management Employee Education Compliance Outcomes Communication & Collaboration Strategic Influence Board & Executive Sponsorships Key Partnerships with CEO and CIO Seat at the Executive Table Addresses Vertical Sector Challenges Articulates Risk Marries Strategic Vision with Security Vision Security Budget for Reducing Future Risks Strong Organizational Network Subject Matter Experts IT Department Relationships Empowers the Enterprise Key Partnerships with CEO, CIO, CRO, SVPs, GMs, LoB Managers Cross Functional Team Relationships Security Team Relationships Vendors & MSSPs Professional Strengths Understands Internal Environment and Value Chain CISO Peer Relationships Leadership Style & Philosophy Supported by CEO Emotional Intelligence Technical Curiosity Analytical Skills Vertical Sector Knowledge Strategic CISO Success Forward Thinking New HiresCollaboration Executive Education Facilitate CISO Success
  • 33. 33
  • 34. 34 BT Security 34 BT Security - one of the world's 10 best cyber security companies in 2016 http://goo.gl/GPv6Yt BT Security, a division of British Telecommunications Plc (BT), a subsidiary of BT Group, broke new ground in the situational awareness market in 2015 with the launch of its BT Assure Cyber service. The platform combines cutting edge risk analysis and cyber threat detection and prevention tools with BT’s security experts, its partners who add their own services, and a managed services model for corporations and government agencies globally. The cost of data breaches are expected to quadruple and reach $2 trillion by 2019, according to Juniper Research. BT’s Cyber Assure alongside its other security products and services positions BT Security as the top listed international (non-U.S) company on the Cyber Top 10.