SlideShare uma empresa Scribd logo

Strategic Leadership for Managing Evolving Cybersecurity Risks

Matthew Rosenquist
Matthew Rosenquist

2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp. Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security. This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.

Tecnologia
1 de 32
Baixar para ler offline
Intel & McAfee Confidential Strategic Leadership for Managing Evolving Cybersecurity Risks NSF Cybersecurity Summit 2014 August 28th2014, Arlington Virginia Matthew RosenquistCybersecurity Strategist, Intel Corp
Opportunity and Challenges Working together to address •Burning challenges of today •Opportunities for a better tomorrow •Many roles and uncertainty •Embracing the best practices across the industry •What does success look like?
Technology connects and enriches the lives of every person on earth Security is critical to protect computing technology from threats which undermine the health of the industry
“...If security breaks down, technology breaks down” Brian Krebs Noted Cybersecurity Reporter
We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. crisis In the absence of leadership, we are left with crisis
Changing Landscape Drives Security 6 Security issues undermine the continued growth, innovation, and adoption of technology Amount & Aggregation of Valuable Data Number of Connected People
Leading Metrics & Trends ~300k New Malware/day 220m+ Total 25m+ Total‘signed’ Samples Increase of ‘signed’ malware ~50% 40% Increasein Data Breaches Organizations suffering a data breach in 2013 93% 1M+ Adults Victims each day (12 per second) Online adults victims of cybercrime or negative situations 50% ~20%-30% of overall technology spending1 Source: McAfee Cost of Cybercrime report 2014 Source: McAfee Threat Report Q1 2014 Source: McAfee Threat Report Q3 2013 Global Infection Rates Worldwide computers infected in 2012 ~32% Source: Panda Labs Source: UK Government BIS Survey Source: Symantec 2013 Norton Report $400b Annual cost ofglobal cybercrime TOTAL MALWARE
8 Source: Gartner, IDC Strategy Analytics, MachinaResearch, company filings, BII estimates Global Internet Device Installed Base Forecast
9 ~$3 Trillion Aggregate economic impact of cybersecurity on technology trends, through 20201 1Risk and Responsibility in a HyperconnectedWorld -2014 World Economic Forum, http://www.mckinsey.com/insights/business_technology/risk_and_responsibility_in_a_hyperconnected_world_implications_for_enterprises
We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. Leadership is key in organizing resources to achieve and maintain an optimal level of security value
Resource Constraints and Decisions 11 “Infinite Resources = Infinite Possibilities” Smart Decisions are Key
Balancing Security Value Aspects Optimal security is the right balance of cost, user experience, and risk tradeoffs
13 Obstacles versus Opposition
Technical & Behavioral 14 Security is comprised of both Technologyand People Intertwined and inseparable
15 Threat agents include Insiders& Outsiders
Users Increasing numbers, use cases, and expectations Sensitive Data Massive increase in data and value IT Models Rapid growth, changing architecture, new services Threats Infrastructure& Business Processes Trusted Users SensitiveData Threats Rise in sophistication, numbers, and resources
We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. An effective strategy enables operational flexibility, while driving cost efficiency, and risk manageability
Reasonable and Rational Vulnerability Management Operating Systems Applications Virtual MachinesClouds Data Formats PhysicalAccess Behavioral Weaknesses Network Devices Transport Protocols Vulnerable Business Processes Weak Authentication & Authorization Vulnerable Hardware AdvancedPersistent Threats
Process: Defense-in-DepthContinual Security DETECT Identify attacks not prevented to allow for rapid, thorough response Monitor key areas and activities for attacks which evade prevention. Identifies issues, breaches, and attacks. RESPOND Rapidly address incidents to minimize loss & return to normal Efficient management of efforts to contain, repair and recover as needed, returning the environment to normal operations. PREDICT Predict the most likely attacks, targets, & methods Proactive measures to identify attackers, their objectives and methods prior to materialization of viable attacks. PREVENT Prevent or deter attacks so no loss is experienced Secure the computing environment with current tools, patches, updates, and best-known methods in a timely manner. Educating and reinforcing good user behaviors. Cyber Security Strategy
Layered: Security Technology Integration Security must persist at multiple layers to insure consistency and comprehensiveness NETWORK •Firewalls, demilitarized zones, data loss prevention, ID management, traffic & content filters PLATFORM •Antivirus software, patching, minimum security specifications for systems APPLICATION •Secure coding, testing, security specifications FILE ANDDATA •File and data encryption, enterprise rights management CLOUD USER
Know your enemyand know yourself and you can fight a thousand battles without disaster. –Sun Tsu 21
Threat Agent Risk Assessment 22 Threat Agent Methods Objective •Identify the most likely attackers, targets, and methods •Consider accepted levels of risk and current controls •Determine the most critical exposures •Complementary to traditional ways of analyzing security risks
‘Interesting’ Threat Agents RISK High Low MOTIVATED CAPABLE to Cause Loss of Causing Loss INTENSITY
Example Threat Agent Library The Intel Threat Agent Library example is availableat communities.intel.com ThreatArchetypes RelevantAttributes
Threat Agent MethodologyDistilling the Threats Attack Methods Attacker Objectives Threat Agents Vulnerabilities without Controls for these attacks are likely Exposures Areas of highest Exposure All possible Threats, Objectives, and Methods Highest risk Threats, Objectives, and Methods Objectives Threat Agents Attack Methods
Communicating Risks of Threat Agents
We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. Two types of victims exist: those with something of value and those who are easy targetsTherefore: Don’t be an easy target, and protect your valuables
28 Bad Assumptions: I am not a target for attack -> Security is an IT/user/security/product/other-guy problem -> Closed environments -> Insiders aren’t a major problem -> Where there is value, there is risk. …(the Willie Sutton principle) It is everyone’s problem and requires everyone to contribute. …aren’t really as closed as you think. Insiders are a significant risk, but largely hidden until something big goes wrong! Bad Assumptions & Good Practices
Bad Assumptions & Good Practices 29 Good Practices: Understand primary threats (most relevant agents, their objectives, & likely methods) Value and grow security savvy users/employees Plan across the Defense-in-Depth (predict, prevent, detect, respond) Disrupt the attack cycle (threat agent -> methods -> objectives) Think ahead, but never forsake security fundamentals Gauge investments with Security Aspects (innovative, hardened, trusted, ubiquitous)
Smart Innovation to deliver more capable solutions to keep pace with threats Ubiquitous Security benefitting all users and devices across the compute landscape Trusted Well designed, built, and tested solutions backed by commitment, reputation, and expertise Strong Hardened, embedded, and faster technology, resistant to compromise Criteria for Good Choices in Technology and Security
Conclusion 31 Leadership is crucial Leverage home-field advantage, implement industry best-known-methods Know your threats, assets, controls, and exposures Treat security as a continuous cycle Seek an optimal level of security Stay positive, keep learning, and share with the community
32

Recomendados

Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistDiversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistMatthew Rosenquist
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Matthew Rosenquist
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 

Recomendados

Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistDiversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistMatthew Rosenquist
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Matthew Rosenquist
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew RosenquistMatthew Rosenquist
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016DWP Information Architects Inc.
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Supply Chain Coalition
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorOlivier Busolini
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
What are the Top 5 Cybersecurity Threats?
What are the Top 5 Cybersecurity Threats?What are the Top 5 Cybersecurity Threats?
What are the Top 5 Cybersecurity Threats?ABIresearch
 

Mais conteúdo relacionado

Mais procurados

2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew RosenquistMatthew Rosenquist
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorOlivier Busolini
 

Mais procurados (20)

2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty Visualization
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
 

Destaque

Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
What are the Top 5 Cybersecurity Threats?
What are the Top 5 Cybersecurity Threats?What are the Top 5 Cybersecurity Threats?
What are the Top 5 Cybersecurity Threats?ABIresearch
 
Trust and Ethics in Leadership.
Trust and Ethics in Leadership.Trust and Ethics in Leadership.
Trust and Ethics in Leadership.Abhishek Singh
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...NJVC, LLC
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResiliencePriyanka Aash
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Matthew Rosenquist
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTripwire
 

Destaque (20)

Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
What are the Top 5 Cybersecurity Threats?
What are the Top 5 Cybersecurity Threats?What are the Top 5 Cybersecurity Threats?
What are the Top 5 Cybersecurity Threats?
 
Trust and Ethics in Leadership.
Trust and Ethics in Leadership.Trust and Ethics in Leadership.
Trust and Ethics in Leadership.
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
 
Maturity Models21
Maturity Models21Maturity Models21
Maturity Models21
 
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security Dashboard
 

Semelhante a Strategic Leadership for Managing Evolving Cybersecurity Risks

Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Servicestsaiblake
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Cyber Security Audit.pdf
Cyber Security Audit.pdfCyber Security Audit.pdf
Cyber Security Audit.pdfVograce
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfmanoharparakh
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfmanoharparakh
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 
Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USACompanySeceon
 
CYBERSECURITYcoll[1].pptx
CYBERSECURITYcoll[1].pptxCYBERSECURITYcoll[1].pptx
CYBERSECURITYcoll[1].pptxmalik298381
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfkelyn Technology
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfforladies
 

Semelhante a Strategic Leadership for Managing Evolving Cybersecurity Risks (20)

Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Cyber Security Audit.pdf
Cyber Security Audit.pdfCyber Security Audit.pdf
Cyber Security Audit.pdf
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdf
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdf
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USA
 
CYBERSECURITYcoll[1].pptx
CYBERSECURITYcoll[1].pptxCYBERSECURITYcoll[1].pptx
CYBERSECURITYcoll[1].pptx
 
information security management
information security managementinformation security management
information security management
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
Untitled (1).pptx
Untitled (1).pptxUntitled (1).pptx
Untitled (1).pptx
 
Untitled (1).pptx
Untitled (1).pptxUntitled (1).pptx
Untitled (1).pptx
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdf
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdf
 

Mais de Matthew Rosenquist

Improving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsImproving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsMatthew Rosenquist
 
Six Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdfSix Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdfMatthew Rosenquist
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsMatthew Rosenquist
 
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...Matthew Rosenquist
 
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistCybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistMatthew Rosenquist
 
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...Matthew Rosenquist
 
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Matthew Rosenquist
 
2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat ReportMatthew Rosenquist
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Matthew Rosenquist
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Matthew Rosenquist
 

Mais de Matthew Rosenquist (16)

Improving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsImproving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security Budgets
 
Six Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdfSix Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdf
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats Predictions
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
 
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
 
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistCybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
 
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
 
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
 
2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
 

Último

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Último (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Strategic Leadership for Managing Evolving Cybersecurity Risks

  • 1. Intel & McAfee Confidential Strategic Leadership for Managing Evolving Cybersecurity Risks NSF Cybersecurity Summit 2014 August 28th2014, Arlington Virginia Matthew RosenquistCybersecurity Strategist, Intel Corp
  • 2. Opportunity and Challenges Working together to address •Burning challenges of today •Opportunities for a better tomorrow •Many roles and uncertainty •Embracing the best practices across the industry •What does success look like?
  • 3. Technology connects and enriches the lives of every person on earth Security is critical to protect computing technology from threats which undermine the health of the industry
  • 4. “...If security breaks down, technology breaks down” Brian Krebs Noted Cybersecurity Reporter
  • 5. We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. crisis In the absence of leadership, we are left with crisis
  • 6. Changing Landscape Drives Security 6 Security issues undermine the continued growth, innovation, and adoption of technology Amount & Aggregation of Valuable Data Number of Connected People
  • 7. Leading Metrics & Trends ~300k New Malware/day 220m+ Total 25m+ Total‘signed’ Samples Increase of ‘signed’ malware ~50% 40% Increasein Data Breaches Organizations suffering a data breach in 2013 93% 1M+ Adults Victims each day (12 per second) Online adults victims of cybercrime or negative situations 50% ~20%-30% of overall technology spending1 Source: McAfee Cost of Cybercrime report 2014 Source: McAfee Threat Report Q1 2014 Source: McAfee Threat Report Q3 2013 Global Infection Rates Worldwide computers infected in 2012 ~32% Source: Panda Labs Source: UK Government BIS Survey Source: Symantec 2013 Norton Report $400b Annual cost ofglobal cybercrime TOTAL MALWARE
  • 8. 8 Source: Gartner, IDC Strategy Analytics, MachinaResearch, company filings, BII estimates Global Internet Device Installed Base Forecast
  • 9. 9 ~$3 Trillion Aggregate economic impact of cybersecurity on technology trends, through 20201 1Risk and Responsibility in a HyperconnectedWorld -2014 World Economic Forum, http://www.mckinsey.com/insights/business_technology/risk_and_responsibility_in_a_hyperconnected_world_implications_for_enterprises
  • 10. We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. Leadership is key in organizing resources to achieve and maintain an optimal level of security value
  • 11. Resource Constraints and Decisions 11 “Infinite Resources = Infinite Possibilities” Smart Decisions are Key
  • 12. Balancing Security Value Aspects Optimal security is the right balance of cost, user experience, and risk tradeoffs
  • 13. 13 Obstacles versus Opposition
  • 14. Technical & Behavioral 14 Security is comprised of both Technologyand People Intertwined and inseparable
  • 15. 15 Threat agents include Insiders& Outsiders
  • 16. Users Increasing numbers, use cases, and expectations Sensitive Data Massive increase in data and value IT Models Rapid growth, changing architecture, new services Threats Infrastructure& Business Processes Trusted Users SensitiveData Threats Rise in sophistication, numbers, and resources
  • 17. We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. An effective strategy enables operational flexibility, while driving cost efficiency, and risk manageability
  • 18. Reasonable and Rational Vulnerability Management Operating Systems Applications Virtual MachinesClouds Data Formats PhysicalAccess Behavioral Weaknesses Network Devices Transport Protocols Vulnerable Business Processes Weak Authentication & Authorization Vulnerable Hardware AdvancedPersistent Threats
  • 19. Process: Defense-in-DepthContinual Security DETECT Identify attacks not prevented to allow for rapid, thorough response Monitor key areas and activities for attacks which evade prevention. Identifies issues, breaches, and attacks. RESPOND Rapidly address incidents to minimize loss & return to normal Efficient management of efforts to contain, repair and recover as needed, returning the environment to normal operations. PREDICT Predict the most likely attacks, targets, & methods Proactive measures to identify attackers, their objectives and methods prior to materialization of viable attacks. PREVENT Prevent or deter attacks so no loss is experienced Secure the computing environment with current tools, patches, updates, and best-known methods in a timely manner. Educating and reinforcing good user behaviors. Cyber Security Strategy
  • 20. Layered: Security Technology Integration Security must persist at multiple layers to insure consistency and comprehensiveness NETWORK •Firewalls, demilitarized zones, data loss prevention, ID management, traffic & content filters PLATFORM •Antivirus software, patching, minimum security specifications for systems APPLICATION •Secure coding, testing, security specifications FILE ANDDATA •File and data encryption, enterprise rights management CLOUD USER
  • 21. Know your enemyand know yourself and you can fight a thousand battles without disaster. –Sun Tsu 21
  • 22. Threat Agent Risk Assessment 22 Threat Agent Methods Objective •Identify the most likely attackers, targets, and methods •Consider accepted levels of risk and current controls •Determine the most critical exposures •Complementary to traditional ways of analyzing security risks
  • 23. ‘Interesting’ Threat Agents RISK High Low MOTIVATED CAPABLE to Cause Loss of Causing Loss INTENSITY
  • 24. Example Threat Agent Library The Intel Threat Agent Library example is availableat communities.intel.com ThreatArchetypes RelevantAttributes
  • 25. Threat Agent MethodologyDistilling the Threats Attack Methods Attacker Objectives Threat Agents Vulnerabilities without Controls for these attacks are likely Exposures Areas of highest Exposure All possible Threats, Objectives, and Methods Highest risk Threats, Objectives, and Methods Objectives Threat Agents Attack Methods
  • 26. Communicating Risks of Threat Agents
  • 27. We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. Two types of victims exist: those with something of value and those who are easy targetsTherefore: Don’t be an easy target, and protect your valuables
  • 28. 28 Bad Assumptions: I am not a target for attack -> Security is an IT/user/security/product/other-guy problem -> Closed environments -> Insiders aren’t a major problem -> Where there is value, there is risk. …(the Willie Sutton principle) It is everyone’s problem and requires everyone to contribute. …aren’t really as closed as you think. Insiders are a significant risk, but largely hidden until something big goes wrong! Bad Assumptions & Good Practices
  • 29. Bad Assumptions & Good Practices 29 Good Practices: Understand primary threats (most relevant agents, their objectives, & likely methods) Value and grow security savvy users/employees Plan across the Defense-in-Depth (predict, prevent, detect, respond) Disrupt the attack cycle (threat agent -> methods -> objectives) Think ahead, but never forsake security fundamentals Gauge investments with Security Aspects (innovative, hardened, trusted, ubiquitous)
  • 30. Smart Innovation to deliver more capable solutions to keep pace with threats Ubiquitous Security benefitting all users and devices across the compute landscape Trusted Well designed, built, and tested solutions backed by commitment, reputation, and expertise Strong Hardened, embedded, and faster technology, resistant to compromise Criteria for Good Choices in Technology and Security
  • 31. Conclusion 31 Leadership is crucial Leverage home-field advantage, implement industry best-known-methods Know your threats, assets, controls, and exposures Treat security as a continuous cycle Seek an optimal level of security Stay positive, keep learning, and share with the community
  • 32. 32