SlideShare uma empresa Scribd logo

csxnewsletter

D
Dominic Vogel
1 de 6
Baixar para ler offline
FIVESECURITYINSIGHTSFROMBRIANKREBS 1. If organizations are not pen testing their users on a regular basis, it is a near certainty that the bad guys are. 2. If a device is plugged in and it has an IP address, eventually it’s going to be hacked (this includes toasters!). 3. Organizations need to drill their breach response in advance—or they will likely make a bad situation worse. 4. If people are not actively working toward securing and maintaining their privacy on a continuing basis, they don’t have privacy. 5. IoT is a national security priority—or it should be. The amount of firepower available to attackers is tremendous. CYBERSECURITY BY THE NUMBERS Brett Kelsey, vice president and CTO-Americas of Intel Security, took the stage at CSX North America to discuss achieving better efficiency in security. Kelsey shared interesting insights into current security numbers. Below is a snapshot: 26 OCTOBER 2016 CSX NORTH AMERICA CONFERENCE REPORT $ 10 98DAYS 345 197DAYS COST TO PURCHASE A HEALTH RECORD ON THE DARK WEB MEAN TIME TO DETECT A BREACH IN THE FINANCE INDUSTRY AVERAGE COST PER BREACH Note: All costs are in US dollars. ANNUAL COST OF CYBERCRIME GLOBALLY KNOWN CYBERSECURITY INCIDENTS FROM APRIL-JUNE 2016 MEAN TIME TO DETECT A BREACH IN THE RETAIL INDUSTRY $ $ 3.79 MILLION 618.16 BILLION
GLOBAL CISOS SHARE PRIORITIES AT CSX The CISO Forum at ISACA’s CSX 2016 North America Conference provided chief information security officers the opportunity to share perspectives about many of the most pressing challenges and opportunities shaping today’s security landscape. The wide-ranging forum included several presentations but was largely centered on interaction among the attendees. Among the day’s many discussion points were: • Suggestions on how to engender support for security programs from senior management. Leveraging audit reports, identifying control gaps in security programs and providing timely examples of how other organizations have been damaged by high-profile security breaches are among the tactics that can help deliver buy-in. • The value of industry certifications. David Foote, chief analyst and research officer for Foote Partners LLC shared extensive data portraying an uptick in the value of security certifications in recent months. As a group, ISACA certifications have gained more than 15% in cash market value in the last six months, compared to nearly 8% growth in pay across all security-related certifications. • The need to embed security in functions throughout an organization. • The public relations upside of having a robust security program. When positioned properly, a well-executed security program can help organizations differentiate themselves in an environment when security is more commonly a source of anxiety than a point of pride. • How to handle various use cases regarding data management, such as employees mishandling data, guarding against various forms of malware and the pros and cons of relying upon third-party services • Striking the appropriate balance between deep technical expertise and “soft skills”—such as communications skills and relationship-building—in evaluating prospective hires GAINING BOARD AND C-SUITE SUPPORT FOR A SECURITY CULTURE Change organizational mindsets to understand and adapt priorities, policies and programs, now that cyber risk is a pervasive business risk was Phillip Ferraro’s call-to-action during his CSX NA session, “How to Gain Board and C-Suite Support for your Program.” Ferraro, Senior Vice President and Global CISO for The Nielson Co., noted that mindsets and organizational alignment to a “security culture” must shift as technology and business professionals conduct executive education efforts, and build business cases for initial and sustained investment in the platforms and people to thwart cyberattacks. Effective communications that “leave the techno-babble behind” and turning return-on-investment questions from board members and senior executives into “cost-avoidance conversations” are tactics to gain attention, influence and buy-in, Ferraro said. Among the factors Ferraro listed to calculate the cost of breach impact were: value of actual data and IP lost, reputation and brand damages, shareholder and stock value impact, current and ongoing revenue lost, and regulatory fines and sanctions. 2
GUIDE TO CONTAINERIZATION: WHAT YOU NEED TO KNOW NOW Application containers can bring tremendous utility and business value, albeit while posing substantial security challenges, according to a presentation delivered at ISACA’s CSX North America conference. “Containerization Security: What Security Pros Need to Know,” presented by Ed Moyle, ISACA director of Thought Leadership and Research, and Diana Kelley, executive security advisor with IBM Security, highlighted both the risks and rewards of containers— mechanisms used to isolate applications from each other within the context of a running operating system instance. Kelley and Moyle contended that containers are redefining the tech landscape in the data center and among development teams. Containers are easy to update, can move from machine to machine and can decrease development time due to migration of containers between environments. Several of the security challenges presented by containerization are reminiscent of challenges that have been overcome in the world of virtualization. Security professionals can mitigate some of the potential risks associated with containerization on the front end by reading guidance on the topic, including a new pair of white papers released by ISACA. “There are some things that security pros really should know about, and that message really hasn’t gotten out there in terms of the mainstream security community,” Moyle said. FIRMWARE: THE FORGOTTEN SECURITY CONTROL Firmware, or embedded software in connected devices, is “low-hanging fruit” for attackers, according to keynote Justine Bone, CEO of MedSec. ISACA conducted a study on firmware security, and the results are presented in the infographic here. A key finding: organizations are not sufficiently prepared, and firmware is highly vulnerable. 3 INSIGHTS FROM JUSTINE BONE “We are seeing more and more that firmware security is no longer a theoretical problem. The evidence is showing us that attackers are targeting firmware—many breaches and vulnerability discoveries these days can be attributed to firmware problems. Solutions are emerging, but most enterprise environments remain unprepared. While it’s clear that knowledge is power in this instance, it’s also evident from this research that company culture and overall attitude to security is a major contribution to vulnerability.”
SECURING THE INTERNET OF THINGS Application containers can bring tremendous utility and business value, albeit while posing substantial security challenges, according to a presentation delivered at ISACA’s CSX North America conference. That was among the thought-provoking questions posed by presenters Mike Krajecki, Director, Emerging Technology and Risk Services, KMPG LLP, and Milan Patel, Program Director, IoT Security, IBM, during the “Connecting the Risks: Securing the Internet of Things” presentation at CSX North America. Patel noted that as challenging as it has been to secure data and applications in the traditional IT environment, the anticipated proliferation of tens of billions IoT devices will call for even greater resourcefulness from security professionals. Among the many security risks associated with IoT are the large number of new network endpoints, the mobility and vulnerability of devices, the privacy and security of data generated by the devices and compromised network access points. The complexity of IoT security results in what Patel described as a “protocol zoo” that poses challenges for security professionals. The session emphasized that security and privacy must be embedded into the strategy and design of a connected device program and that full life-cycle protection must be emphasized. Security specific to each category of device—including strong authentication and access control, data privacy protection and robust application security—also is recommended. WHAT IS YOUR TOP TIP FOR WOMEN ENTERING THE CYBERSECURITY FIELD? “ Find a mentor who supports you and gives you guidance, and be a source of information—whether it is networking with other people or referring to various standards that you might need for some of the work that you are doing.” Christina Cruz, CISA New York, NY “ Do not get discouraged when you feel like you are in the minority. We need women in this field. We look at things in a different viewpoint, sometimes, than our male counter- parts. So with that, stay focused and get to your goal. Amanda Prince, CISM, CRISC Tampa, FL “ Women need to own their space and not be afraid to be fierce and have a voice. So, if you are considering going into cybersecurity, learn what is out there that you can teach yourself—and be bold about it because that is what it takes to run with a demographic where it is 10% women.” Michelle Covert, CISA East Lansing, MI Connecting Women Leaders in Technology ENGAGE. EMPOWER. ELEVATE. WISDOM FROM HACKER AND INVENTOR PABLOS HOLMAN “ You will never get anything new by reading the directions.” “ Vision without action is a daydream. Action without vision is a nightmare.” “ There is a really important job to do that is not being done: figuring out how to take care of humans.” 4
MITIGATING MALWARE’S THREAT TO CRITICAL INFRASTRUCTURE The shift from isolated systems to open protocols, the evolution of modern equipment and ever-expanding business pressures are creating a major cybersecurity challenge impacting major infrastructure across the globe. Ed Cabrera, chief cybersecurity officer with Trend Micro, highlighted those dynamics during his “Malware’s Threat to Critical Infrastructure” presentation at CSX North America. Citing examples of attacks aimed at the Ukrainian electric grid and mining and rail companies, Cabrera outlined the far-reaching scope of threats to infrastructure. Improved alignment between IT and operational technology functions and a layered defense program can help stave off these potentially devastating attacks. Cabrera also noted that tapping into behavior analytics can be highly beneficial. “Behavior analytics has to become an accepted strategy to go from being the hunted to the hunter, to go after and try to find this activity on the business side and the operational side,” Cabrera said. He said that all aspects of an components of an organization—including Human Resources—has a part to play to attain increased vigilance, and that includes keeping closer tabs on the security risks of employees. “There has to be much more of a process-oriented approach to insider threats,” Cabrera said. WHAT DO YOU THINK SHOULD BE THE BIGGEST CYBER SECURITY PRIORITY FOR ORGANIZATIONS IN 2017? “ Right now, perennially at the top of the list is APT.” William Westwater, CISA, CGEIT, CRISC Redmond, WA “ I think organizations should focus on cyber resilience more so than just the security aspect. A lot of organizations are only focusing on the protection/ cyber security piece, and not necessarily the sustaining piece because attacks are increasing at a significant rate. They should focus on a resilient strategy that looks at both protection and sustaining.” Andrew Hoover, CISA, CRISC Arlington, VA “ All organizations are working on preventive security. The reality is the weakest link within organizations is people. So, if your security awareness programs are not up to snuff, if they’re not robust, if they’re not focused on people, you’re going to lose in the end.” Scott Newman, CISA Tacoma, WA “ Securing the company’s data while using mobile apps has been a challenge, and it’s going to be a bigger challenge going forward.” Denise Calvert, CISA, CISM Oklahoma City, OK CSX attendees had the opportunity to participate in a network assessment and network defense competition, where they competed for control of common resources and services. Congratulations to the Cyber Challenge winners! ESSENTIAL LEVEL Annie Cheng Bank of San Francisco ADVANCED LEVEL 1ST PLACE Marcelle Lee, CSXP, Fractal Security Group LLC 2ND PLACE Jed Santiago, CISA, CISSP, Visa Inc. 3RD PLACE Eduard Delgado Yparraguirre, CISA, CISM, CRISC, CISSP, CEH, PMP, TD Bank CONGRATULATIONS TO THE CYBER CHALLENGE WINNERS! 5
SOCIAL MEDIA ROUNDUP SECURITY FOR THE MILLENNIAL AGE Creating a positive security culture, devising security solutions that are as straightforward as possible and strategic prioritization of risk appetite are key pillars of an effective security program, according to the “Security for the Millennial Age” session at CSX North America. Session presenter Dominic Vogel, chief security strategist at Cyber SC, contended that relationship-building is critical on several levels – not only between security professionals and their CIO or CISO, but also with other employees, auditors and top business leaders. Vogel said it is important to treat security mistakes made by employees as a learning opportunity rather than being too heavy-handed, or employees might not feel comfortable bringing issues to light in the future. Security teams sometimes make the mistake of taking a knee-jerk approach to the “threat du jour,” rather than sticking to a holistic approach to problem-solving and focusing on building resilience within their people, processes and technology. Vogel also warned against overly ambitious security programs, saying that that the attempt to protect everything often is counterproductive. Effective risk prioritization is critical. Conquering complexity is another practical consideration in today’s security landscape. If security processes are deemed too complex by the stakeholders, chances are they will be ignored. Vogel said the benefits to an upbeat and strategic security culture that is embraced by all ages and levels include better collaboration, improved business efficiency and greater value for security dollars. 6

Recomendados

SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Mighty Guides, Inc.
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
Jonny Nässlander
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
Susan Darby
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
 

Recomendados

SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Mighty Guides, Inc.
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
Jonny Nässlander
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
Susan Darby
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
Devendra kashyap
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
Mark Lanterman
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Sarah Nirschl
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
Bill Besse
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
Booz Allen Hamilton
 
Research Paper
Research PaperResearch Paper
Research Paper
Brian Kasha
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
Envision Technology Advisors
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
Christine Maligec, CRM-E, CRIS
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
Lydia Shepherd
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
Yigal Behar
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
EMC
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
EMC
 
Why conquering complexity is a critical component of an effective security pr...
Why conquering complexity is a critical component of an effective security pr...Why conquering complexity is a critical component of an effective security pr...
Why conquering complexity is a critical component of an effective security pr...
Dominic Vogel
 
GMITCS-2016-Agenda.August
GMITCS-2016-Agenda.AugustGMITCS-2016-Agenda.August
GMITCS-2016-Agenda.August
Dominic Vogel
 

Mais conteúdo relacionado

Mais procurados

Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
Mark Lanterman
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
Bill Besse
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
Lydia Shepherd
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
Yigal Behar
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
EMC
 

Mais procurados (20)

Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 

Destaque

GMITCS-2016-Agenda.August
GMITCS-2016-Agenda.AugustGMITCS-2016-Agenda.August
GMITCS-2016-Agenda.August
Dominic Vogel
 
#WIKILEAKS : De la transparence à l’aveuglement ?
#WIKILEAKS : De la transparence à l’aveuglement ?#WIKILEAKS : De la transparence à l’aveuglement ?
#WIKILEAKS : De la transparence à l’aveuglement ?
Laurence Allard
 
Presentation du cabinet de Talent Management, Eureka Time, Paris
Presentation du cabinet de Talent Management, Eureka Time, Paris Presentation du cabinet de Talent Management, Eureka Time, Paris
Presentation du cabinet de Talent Management, Eureka Time, Paris
Lucile Merra
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_Proof
Dominic Vogel
 
Hacking Security - Tech Talent Meetup (Vancouver, BC) _ Meetup
Hacking Security - Tech Talent Meetup (Vancouver, BC) _ MeetupHacking Security - Tech Talent Meetup (Vancouver, BC) _ Meetup
Hacking Security - Tech Talent Meetup (Vancouver, BC) _ Meetup
Dominic Vogel
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
Dominic Vogel
 

Destaque (20)

Why conquering complexity is a critical component of an effective security pr...
Why conquering complexity is a critical component of an effective security pr...Why conquering complexity is a critical component of an effective security pr...
Why conquering complexity is a critical component of an effective security pr...
 
GMITCS-2016-Agenda.August
GMITCS-2016-Agenda.AugustGMITCS-2016-Agenda.August
GMITCS-2016-Agenda.August
 
Treball final
Treball finalTreball final
Treball final
 
#WIKILEAKS : De la transparence à l’aveuglement ?
#WIKILEAKS : De la transparence à l’aveuglement ?#WIKILEAKS : De la transparence à l’aveuglement ?
#WIKILEAKS : De la transparence à l’aveuglement ?
 
Image_00264
Image_00264Image_00264
Image_00264
 
Awaamiirta dhaqan galianta iibka dawlada DDSI
Awaamiirta dhaqan galianta iibka dawlada DDSIAwaamiirta dhaqan galianta iibka dawlada DDSI
Awaamiirta dhaqan galianta iibka dawlada DDSI
 
Analyse strategie social media - Web2day2015
Analyse strategie social media - Web2day2015Analyse strategie social media - Web2day2015
Analyse strategie social media - Web2day2015
 
Intervention Assises Randonnées & Activités Pleine Nature 26 avril 2016 - Sa...
Intervention Assises Randonnées & Activités Pleine Nature 26 avril 2016 - Sa...Intervention Assises Randonnées & Activités Pleine Nature 26 avril 2016 - Sa...
Intervention Assises Randonnées & Activités Pleine Nature 26 avril 2016 - Sa...
 
Presentation du cabinet de Talent Management, Eureka Time, Paris
Presentation du cabinet de Talent Management, Eureka Time, Paris Presentation du cabinet de Talent Management, Eureka Time, Paris
Presentation du cabinet de Talent Management, Eureka Time, Paris
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_Proof
 
Hacking Security - Tech Talent Meetup (Vancouver, BC) _ Meetup
Hacking Security - Tech Talent Meetup (Vancouver, BC) _ MeetupHacking Security - Tech Talent Meetup (Vancouver, BC) _ Meetup
Hacking Security - Tech Talent Meetup (Vancouver, BC) _ Meetup
 
Le goût de la micro vidéo
Le goût de la micro vidéoLe goût de la micro vidéo
Le goût de la micro vidéo
 
Gestion des avis avec la centrale de résevation resadirect, un exemple départ...
Gestion des avis avec la centrale de résevation resadirect, un exemple départ...Gestion des avis avec la centrale de résevation resadirect, un exemple départ...
Gestion des avis avec la centrale de résevation resadirect, un exemple départ...
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14
 
Plus belle la marque
Plus belle la marquePlus belle la marque
Plus belle la marque
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
Marketing digital international 25112015
Marketing digital international 25112015Marketing digital international 25112015
Marketing digital international 25112015
 
Marketing Positioning Tesla / Positioning a product
Marketing Positioning Tesla / Positioning a product Marketing Positioning Tesla / Positioning a product
Marketing Positioning Tesla / Positioning a product
 
miniOMNIAlog - Short Version
miniOMNIAlog - Short VersionminiOMNIAlog - Short Version
miniOMNIAlog - Short Version
 
Casos de éxito y fracaso
Casos de éxito y fracasoCasos de éxito y fracaso
Casos de éxito y fracaso
 

Semelhante a csxnewsletter

Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
Casey Fleming
 
ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)
Julie Bridgen
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
John Budriss
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
charisellington63520
 

Semelhante a csxnewsletter (20)

Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
GITA March 2015 Newsletter
GITA March 2015 NewsletterGITA March 2015 Newsletter
GITA March 2015 Newsletter
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?
 

csxnewsletter

  • 1. FIVESECURITYINSIGHTSFROMBRIANKREBS 1. If organizations are not pen testing their users on a regular basis, it is a near certainty that the bad guys are. 2. If a device is plugged in and it has an IP address, eventually it’s going to be hacked (this includes toasters!). 3. Organizations need to drill their breach response in advance—or they will likely make a bad situation worse. 4. If people are not actively working toward securing and maintaining their privacy on a continuing basis, they don’t have privacy. 5. IoT is a national security priority—or it should be. The amount of firepower available to attackers is tremendous. CYBERSECURITY BY THE NUMBERS Brett Kelsey, vice president and CTO-Americas of Intel Security, took the stage at CSX North America to discuss achieving better efficiency in security. Kelsey shared interesting insights into current security numbers. Below is a snapshot: 26 OCTOBER 2016 CSX NORTH AMERICA CONFERENCE REPORT $ 10 98DAYS 345 197DAYS COST TO PURCHASE A HEALTH RECORD ON THE DARK WEB MEAN TIME TO DETECT A BREACH IN THE FINANCE INDUSTRY AVERAGE COST PER BREACH Note: All costs are in US dollars. ANNUAL COST OF CYBERCRIME GLOBALLY KNOWN CYBERSECURITY INCIDENTS FROM APRIL-JUNE 2016 MEAN TIME TO DETECT A BREACH IN THE RETAIL INDUSTRY $ $ 3.79 MILLION 618.16 BILLION
  • 2. GLOBAL CISOS SHARE PRIORITIES AT CSX The CISO Forum at ISACA’s CSX 2016 North America Conference provided chief information security officers the opportunity to share perspectives about many of the most pressing challenges and opportunities shaping today’s security landscape. The wide-ranging forum included several presentations but was largely centered on interaction among the attendees. Among the day’s many discussion points were: • Suggestions on how to engender support for security programs from senior management. Leveraging audit reports, identifying control gaps in security programs and providing timely examples of how other organizations have been damaged by high-profile security breaches are among the tactics that can help deliver buy-in. • The value of industry certifications. David Foote, chief analyst and research officer for Foote Partners LLC shared extensive data portraying an uptick in the value of security certifications in recent months. As a group, ISACA certifications have gained more than 15% in cash market value in the last six months, compared to nearly 8% growth in pay across all security-related certifications. • The need to embed security in functions throughout an organization. • The public relations upside of having a robust security program. When positioned properly, a well-executed security program can help organizations differentiate themselves in an environment when security is more commonly a source of anxiety than a point of pride. • How to handle various use cases regarding data management, such as employees mishandling data, guarding against various forms of malware and the pros and cons of relying upon third-party services • Striking the appropriate balance between deep technical expertise and “soft skills”—such as communications skills and relationship-building—in evaluating prospective hires GAINING BOARD AND C-SUITE SUPPORT FOR A SECURITY CULTURE Change organizational mindsets to understand and adapt priorities, policies and programs, now that cyber risk is a pervasive business risk was Phillip Ferraro’s call-to-action during his CSX NA session, “How to Gain Board and C-Suite Support for your Program.” Ferraro, Senior Vice President and Global CISO for The Nielson Co., noted that mindsets and organizational alignment to a “security culture” must shift as technology and business professionals conduct executive education efforts, and build business cases for initial and sustained investment in the platforms and people to thwart cyberattacks. Effective communications that “leave the techno-babble behind” and turning return-on-investment questions from board members and senior executives into “cost-avoidance conversations” are tactics to gain attention, influence and buy-in, Ferraro said. Among the factors Ferraro listed to calculate the cost of breach impact were: value of actual data and IP lost, reputation and brand damages, shareholder and stock value impact, current and ongoing revenue lost, and regulatory fines and sanctions. 2
  • 3. GUIDE TO CONTAINERIZATION: WHAT YOU NEED TO KNOW NOW Application containers can bring tremendous utility and business value, albeit while posing substantial security challenges, according to a presentation delivered at ISACA’s CSX North America conference. “Containerization Security: What Security Pros Need to Know,” presented by Ed Moyle, ISACA director of Thought Leadership and Research, and Diana Kelley, executive security advisor with IBM Security, highlighted both the risks and rewards of containers— mechanisms used to isolate applications from each other within the context of a running operating system instance. Kelley and Moyle contended that containers are redefining the tech landscape in the data center and among development teams. Containers are easy to update, can move from machine to machine and can decrease development time due to migration of containers between environments. Several of the security challenges presented by containerization are reminiscent of challenges that have been overcome in the world of virtualization. Security professionals can mitigate some of the potential risks associated with containerization on the front end by reading guidance on the topic, including a new pair of white papers released by ISACA. “There are some things that security pros really should know about, and that message really hasn’t gotten out there in terms of the mainstream security community,” Moyle said. FIRMWARE: THE FORGOTTEN SECURITY CONTROL Firmware, or embedded software in connected devices, is “low-hanging fruit” for attackers, according to keynote Justine Bone, CEO of MedSec. ISACA conducted a study on firmware security, and the results are presented in the infographic here. A key finding: organizations are not sufficiently prepared, and firmware is highly vulnerable. 3 INSIGHTS FROM JUSTINE BONE “We are seeing more and more that firmware security is no longer a theoretical problem. The evidence is showing us that attackers are targeting firmware—many breaches and vulnerability discoveries these days can be attributed to firmware problems. Solutions are emerging, but most enterprise environments remain unprepared. While it’s clear that knowledge is power in this instance, it’s also evident from this research that company culture and overall attitude to security is a major contribution to vulnerability.”
  • 4. SECURING THE INTERNET OF THINGS Application containers can bring tremendous utility and business value, albeit while posing substantial security challenges, according to a presentation delivered at ISACA’s CSX North America conference. That was among the thought-provoking questions posed by presenters Mike Krajecki, Director, Emerging Technology and Risk Services, KMPG LLP, and Milan Patel, Program Director, IoT Security, IBM, during the “Connecting the Risks: Securing the Internet of Things” presentation at CSX North America. Patel noted that as challenging as it has been to secure data and applications in the traditional IT environment, the anticipated proliferation of tens of billions IoT devices will call for even greater resourcefulness from security professionals. Among the many security risks associated with IoT are the large number of new network endpoints, the mobility and vulnerability of devices, the privacy and security of data generated by the devices and compromised network access points. The complexity of IoT security results in what Patel described as a “protocol zoo” that poses challenges for security professionals. The session emphasized that security and privacy must be embedded into the strategy and design of a connected device program and that full life-cycle protection must be emphasized. Security specific to each category of device—including strong authentication and access control, data privacy protection and robust application security—also is recommended. WHAT IS YOUR TOP TIP FOR WOMEN ENTERING THE CYBERSECURITY FIELD? “ Find a mentor who supports you and gives you guidance, and be a source of information—whether it is networking with other people or referring to various standards that you might need for some of the work that you are doing.” Christina Cruz, CISA New York, NY “ Do not get discouraged when you feel like you are in the minority. We need women in this field. We look at things in a different viewpoint, sometimes, than our male counter- parts. So with that, stay focused and get to your goal. Amanda Prince, CISM, CRISC Tampa, FL “ Women need to own their space and not be afraid to be fierce and have a voice. So, if you are considering going into cybersecurity, learn what is out there that you can teach yourself—and be bold about it because that is what it takes to run with a demographic where it is 10% women.” Michelle Covert, CISA East Lansing, MI Connecting Women Leaders in Technology ENGAGE. EMPOWER. ELEVATE. WISDOM FROM HACKER AND INVENTOR PABLOS HOLMAN “ You will never get anything new by reading the directions.” “ Vision without action is a daydream. Action without vision is a nightmare.” “ There is a really important job to do that is not being done: figuring out how to take care of humans.” 4
  • 5. MITIGATING MALWARE’S THREAT TO CRITICAL INFRASTRUCTURE The shift from isolated systems to open protocols, the evolution of modern equipment and ever-expanding business pressures are creating a major cybersecurity challenge impacting major infrastructure across the globe. Ed Cabrera, chief cybersecurity officer with Trend Micro, highlighted those dynamics during his “Malware’s Threat to Critical Infrastructure” presentation at CSX North America. Citing examples of attacks aimed at the Ukrainian electric grid and mining and rail companies, Cabrera outlined the far-reaching scope of threats to infrastructure. Improved alignment between IT and operational technology functions and a layered defense program can help stave off these potentially devastating attacks. Cabrera also noted that tapping into behavior analytics can be highly beneficial. “Behavior analytics has to become an accepted strategy to go from being the hunted to the hunter, to go after and try to find this activity on the business side and the operational side,” Cabrera said. He said that all aspects of an components of an organization—including Human Resources—has a part to play to attain increased vigilance, and that includes keeping closer tabs on the security risks of employees. “There has to be much more of a process-oriented approach to insider threats,” Cabrera said. WHAT DO YOU THINK SHOULD BE THE BIGGEST CYBER SECURITY PRIORITY FOR ORGANIZATIONS IN 2017? “ Right now, perennially at the top of the list is APT.” William Westwater, CISA, CGEIT, CRISC Redmond, WA “ I think organizations should focus on cyber resilience more so than just the security aspect. A lot of organizations are only focusing on the protection/ cyber security piece, and not necessarily the sustaining piece because attacks are increasing at a significant rate. They should focus on a resilient strategy that looks at both protection and sustaining.” Andrew Hoover, CISA, CRISC Arlington, VA “ All organizations are working on preventive security. The reality is the weakest link within organizations is people. So, if your security awareness programs are not up to snuff, if they’re not robust, if they’re not focused on people, you’re going to lose in the end.” Scott Newman, CISA Tacoma, WA “ Securing the company’s data while using mobile apps has been a challenge, and it’s going to be a bigger challenge going forward.” Denise Calvert, CISA, CISM Oklahoma City, OK CSX attendees had the opportunity to participate in a network assessment and network defense competition, where they competed for control of common resources and services. Congratulations to the Cyber Challenge winners! ESSENTIAL LEVEL Annie Cheng Bank of San Francisco ADVANCED LEVEL 1ST PLACE Marcelle Lee, CSXP, Fractal Security Group LLC 2ND PLACE Jed Santiago, CISA, CISSP, Visa Inc. 3RD PLACE Eduard Delgado Yparraguirre, CISA, CISM, CRISC, CISSP, CEH, PMP, TD Bank CONGRATULATIONS TO THE CYBER CHALLENGE WINNERS! 5
  • 6. SOCIAL MEDIA ROUNDUP SECURITY FOR THE MILLENNIAL AGE Creating a positive security culture, devising security solutions that are as straightforward as possible and strategic prioritization of risk appetite are key pillars of an effective security program, according to the “Security for the Millennial Age” session at CSX North America. Session presenter Dominic Vogel, chief security strategist at Cyber SC, contended that relationship-building is critical on several levels – not only between security professionals and their CIO or CISO, but also with other employees, auditors and top business leaders. Vogel said it is important to treat security mistakes made by employees as a learning opportunity rather than being too heavy-handed, or employees might not feel comfortable bringing issues to light in the future. Security teams sometimes make the mistake of taking a knee-jerk approach to the “threat du jour,” rather than sticking to a holistic approach to problem-solving and focusing on building resilience within their people, processes and technology. Vogel also warned against overly ambitious security programs, saying that that the attempt to protect everything often is counterproductive. Effective risk prioritization is critical. Conquering complexity is another practical consideration in today’s security landscape. If security processes are deemed too complex by the stakeholders, chances are they will be ignored. Vogel said the benefits to an upbeat and strategic security culture that is embraced by all ages and levels include better collaboration, improved business efficiency and greater value for security dollars. 6