Abstract della presentazione di Giancarlo Vercellino, Research & Consulting Manager di IDC Italia, tenuta nel corso dell'evento Outthink Threats a Roma il 6 luglio 2016
4. The weakest point in the chain …
Top 7 Human Risks
1. Phishability
2. Not Patching or Using Outdated
Systems
3. Posting too much information about self
or work
4. Reusing passwords across sites
5. Indiscriminate user of mobile media
6. Lack of situational awareness
(believing they are not a target)
7. Accidental loss or disclosure of
sensitive information
Council for Cybersecurity
5
Accept that breaches are inevitable
Focus on authentication and authrorization relative to Phishability that is related to posting too much info on social networks, reusing passwords, lack of situational awareness (entering passwords while connected to public WiFi hotspots), etc.
Critical Security Controls (CSC)
2FA
Password complexity
Patching
Mail Attachment Filtering
Web Security
Accept that breaches are inevitable
Plan, prepare & test
Migrate budget from Prevent & Protect to Detect & Respond
Regard data as the new perimeter
Identify, classify & appropriately secure data assets
Adopt a risk-based security management approach
Communicate risk to the board, and prepare to defend mitigation strategies in public
Alcuni neutrali rispetto alle dimensioni aziendali
Emphasize Authenticaiton and Authorization relative to: 1) Biometrics, 2) Supply Chain (want to be able to accurately audit who touched the products and service in case problems), 9) SaaS (talk about Pete’s Cloud Security Gateway report and the need to help people manage their IT certified and Shadow IT SaaS applications while providing the convenience of SSO across all their users, devices, and apps.
Conoscere le statistiche normali della propria rete
Ragionare sempre per scenari di rischio, moltiplicare i contingency plan
Per i rischi normali allocare il budget rispetto a una stima del valore medio del rischio, per i rischi eccezionali investire quanto necessario per preservare sopravvivenza dell’operatività