SlideShare uma empresa Scribd logo

Information Security Managing Risks & Building Cyber Resilience

Donald Tabone
Donald Tabone

The document discusses approaches to information security, risk management, and cyber resilience. It recommends taking a three-pronged approach to information security that includes awareness, technical controls, and periodic reviews. It also suggests adopting a framework for cyber risk management that is appropriate for the organization's needs and risk appetite. Finally, it outlines six key points to achieving cyber resilience: organizational readiness, situational awareness, detection, cyber defense, mitigation and containment, and recovery.

Tecnologia
1 de 26
Baixar para ler offline
Dealing with Information Security, Risk Management & Cyber Resilience Donald Tabone 27/01/2015
2 Introductions Introductions • >19 years working in all areas of IT • Former Associate Director, KPMG • Former Lead Security Analyst & Architect for American-based CCBill • Lecturer on Information Security & Computer Forensics, NCC • >6 years PCI-DSS industry • Information Security, Software Engineering, IT & Telecoms Law
3 1. Why the need to think about it? 2. What exactly are we talking about? 3. How do we go about doing something about it? 4. Is there a one-size-fits-all framework? Brief Agenda Brief Agenda [Information Security]
4 IT Governance Information Security? • After an incident occurs? • If budget permits? • Because you are mandated to comply? • Who possesses the knowledge within your company to advise? • Is it even a priority or a concern? • Is there any structure to your approach? • Are you really prepared / in control? [Information Security] is the preservation of confidentiality, integrity and availability of information. But how do you really go about it within your business?
5 Establishing IT Governance IT Governance..1/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf • IT is aligned with the business • IT enables the business and maximizes benefits • IT resources are used responsibly • IT risks are managed appropriately [COBIT (4.1) Framework]
6 Establishing IT Governance IT Governance..2/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
7 Establishing IT Governance IT Governance..3/3 • Periodic assessments of IT processes for their quality and compliance • Performance management • Monitoring internal controls • Regulatory compliance • Provide IT governance • Is IT’s performance measured to detect problems before it is too late? • Are internal controls effective and efficient? • Are adequate confidentiality, integrity and availability controls in place for information Security? Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
8 Incidents Incidents
9 The targets? Who are the targets? * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business •30% of its members were victims of fraud as a result of virus infections •50% hit by malware •8% victims of hacking •5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that •53% of the British public is worried about the damage of cyber attacks •40% feel more vulnerable to cyber attacks now than a year ago •38% feel that their personal data exchanged with organisations they do business with may already have been compromised Increased attack sophistication Inappropriate business response UNCERTAINITY =
10 Meanwhile in a non-descript building Should we be concerned? … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Source: Hello, Unit 61398, The Economist Meanwhile.. … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks…
11 Threat horizon for 2015 Threat horizon • Reputation is a new target for cyber-attacks, from insider activists who leak information, and hacktivist collectives who vote on who they dislike this week. • Criminals value your information, they’re highly motivated to obtain it, or to use what leaks out of your organization. • The changing pace of technology doesn’t help; bring your own cloud (BYOC) and bring your own device (BYOD) also bring their own risks. Source: Information Security Forum
12 Approach 1 Approach 1
13 A Strategy Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Technical Controls Risk Assessments Information Security Requirements Policies ManagementCommitment Awareness Periodic reviews Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Awareness Technical Controls Periodic reviews Policies Awareness Technical Controls PoliciesRisk Assessments • Identify critical information assets • Obtain management buy-in • Take a 3 pronged approach • Conduct periodic reviews Approach 2
14 Approach 3 Adopting a framework “What does good cyber risk management look like?” By definition a framework is an agreed structured approach to dealing with a particular subject. • There is no such thing as a one-size-fits-all framework • Use / implement the appropriate framework for your organisation’s requirements • i.e. access your requirements and design the appropriate framework for your needs • Such that your organisation is not trying to ‘fit’ to a particular benchmark or rule book Implement what is appropriate to your business objectives, risk appetite and facilitates reporting to any third party against international generic cyber risk frameworks. Source: Paul C Dwyer, Cyber Risk Expert
15 Approach 3 Adopting a framework Source: Paul C Dwyer, Cyber Risk Expert
16 Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk •With appropriate due diligence, management accept the potential risk and continue operatingRisk Assumption •Management approve the implementation of controls to lower risk to an acceptable levelRisk Alleviation •Eliminate the process that could cause the risks Risk Avoidance •Management limit the risk exposure by putting controls to limit the impact of a threatRisk Limitation •A process to manage risk by developing an architecture that prioritises, implements and maintains controlsRisk Planning •Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policyRisk Transference Juggling the risks Dealing with the risks
18 “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies Cyber Resilience 3. Detection 1. Organizational Readiness 2. Situational awareness 4. Cyber defence 5. Mitigation and containment 6. Recovery Six Point action plan Becoming resilient
19 Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences #1 Organisational Readiness Becoming resilient
20 Specialist knowledge Keep abreast of the latest advanced threats Hacking for fame & glory Cybercrime moved into monetisation Criminal gangs Protest hacktivism Anonymous & Lulzsec target corporate infrastructures Corporate espionage Disruption Know your information assets Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group #2 Situational Intelligence Becoming resilient
21 Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction #3 - Detection Becoming resilient
22 Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target #4 – Cyber Defence Becoming resilient
23 The aim is to limit the damage to your services and reputation Limit the impact / shutdown the source Being prepared is the key Contingency planning – define and review your plans Ensure adequate testing of business continuity plans Prepared PR statements Continuity of Operations Plan Disaster Recovery Plan IT / Network Contingency Plans Crisis Communication Plan Cyber Incident Plan Occupant Emergency Plan #5 – Mitigation and containment Becoming resilient
24 You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it #6 - Recovery Becoming resilient
25 Cyber Resiliency Business Continuity IT Service Continuity Management functions BEING PROACTIVE IS THE NAME OF THE GAME Awareness Knowledge Controls Detection Mitigation Recovery • Good IT governance by following a framework gives structure and business alignment • Apply some form of strategy to the way you deal with information security • Cyber threats are on the increase, so prevention and detection are always better than cure • Becoming cyber resilient gives you the benefit of knowing how to tackle IT risks • Take a pragmatic approach to investing in your defences Conclusions Take back conclusions
Thank you! Donald Tabone  dtabone@gmail.com
Nineteen Twenty Three, Valletta Road, Marsa MRS 3000, Malta. T. (+356) 2144 5566 E. info@ptl.com.mt | www.ptl.com.mt IT & SECURITY EXPERTS

Recomendados

The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanDr David Probert
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityANGIEPAEZ304
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 

Recomendados

The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanDr David Probert
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityANGIEPAEZ304
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesSlideTeam
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesSlideTeam
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 

Mais procurados (20)

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
 

Destaque

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Crew
 
Six Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecuritySix Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecurityIT@Intel
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
The cyber resilient enterprise
The cyber resilient enterpriseThe cyber resilient enterprise
The cyber resilient enterpriseAndrew Bycroft
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...pero periuc
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementCA Technologies
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Swiss Digital Index 2015
Swiss Digital Index 2015Swiss Digital Index 2015
Swiss Digital Index 2015accenture
 

Destaque (20)

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
ICTSA v2
ICTSA v2ICTSA v2
ICTSA v2
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
 
Six Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecuritySix Irrefutable Laws of Information Security
Six Irrefutable Laws of Information Security
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
 
The cyber resilient enterprise
The cyber resilient enterpriseThe cyber resilient enterprise
The cyber resilient enterprise
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information Systems
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity Management
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Swiss Digital Index 2015
Swiss Digital Index 2015Swiss Digital Index 2015
Swiss Digital Index 2015
 

Semelhante a Information Security Managing Risks & Building Cyber Resilience

Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Security-Invest Where it Matters Most
Security-Invest Where it Matters MostSecurity-Invest Where it Matters Most
Security-Invest Where it Matters MostInnoTech
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assetscyberprosocial
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Matthew Rosenquist
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 

Semelhante a Information Security Managing Risks & Building Cyber Resilience (20)

Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Security-Invest Where it Matters Most
Security-Invest Where it Matters MostSecurity-Invest Where it Matters Most
Security-Invest Where it Matters Most
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Topic11
Topic11Topic11
Topic11
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 

Mais de Donald Tabone

Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security StrategyDonald Tabone
 
ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologistDonald Tabone
 
MARM State of Security v2
MARM State of Security v2MARM State of Security v2
MARM State of Security v2Donald Tabone
 
The Realm Of Digital Forensics
The Realm Of Digital ForensicsThe Realm Of Digital Forensics
The Realm Of Digital ForensicsDonald Tabone
 

Mais de Donald Tabone (6)

Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security Strategy
 
ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologist
 
ELPUB_2015
ELPUB_2015ELPUB_2015
ELPUB_2015
 
MARM State of Security v2
MARM State of Security v2MARM State of Security v2
MARM State of Security v2
 
Mca Erg Oct 09
Mca Erg Oct 09Mca Erg Oct 09
Mca Erg Oct 09
 
The Realm Of Digital Forensics
The Realm Of Digital ForensicsThe Realm Of Digital Forensics
The Realm Of Digital Forensics
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Information Security Managing Risks & Building Cyber Resilience

  • 1. Dealing with Information Security, Risk Management & Cyber Resilience Donald Tabone 27/01/2015
  • 2. 2 Introductions Introductions • >19 years working in all areas of IT • Former Associate Director, KPMG • Former Lead Security Analyst & Architect for American-based CCBill • Lecturer on Information Security & Computer Forensics, NCC • >6 years PCI-DSS industry • Information Security, Software Engineering, IT & Telecoms Law
  • 3. 3 1. Why the need to think about it? 2. What exactly are we talking about? 3. How do we go about doing something about it? 4. Is there a one-size-fits-all framework? Brief Agenda Brief Agenda [Information Security]
  • 4. 4 IT Governance Information Security? • After an incident occurs? • If budget permits? • Because you are mandated to comply? • Who possesses the knowledge within your company to advise? • Is it even a priority or a concern? • Is there any structure to your approach? • Are you really prepared / in control? [Information Security] is the preservation of confidentiality, integrity and availability of information. But how do you really go about it within your business?
  • 5. 5 Establishing IT Governance IT Governance..1/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf • IT is aligned with the business • IT enables the business and maximizes benefits • IT resources are used responsibly • IT risks are managed appropriately [COBIT (4.1) Framework]
  • 6. 6 Establishing IT Governance IT Governance..2/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
  • 7. 7 Establishing IT Governance IT Governance..3/3 • Periodic assessments of IT processes for their quality and compliance • Performance management • Monitoring internal controls • Regulatory compliance • Provide IT governance • Is IT’s performance measured to detect problems before it is too late? • Are internal controls effective and efficient? • Are adequate confidentiality, integrity and availability controls in place for information Security? Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
  • 9. 9 The targets? Who are the targets? * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business •30% of its members were victims of fraud as a result of virus infections •50% hit by malware •8% victims of hacking •5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that •53% of the British public is worried about the damage of cyber attacks •40% feel more vulnerable to cyber attacks now than a year ago •38% feel that their personal data exchanged with organisations they do business with may already have been compromised Increased attack sophistication Inappropriate business response UNCERTAINITY =
  • 10. 10 Meanwhile in a non-descript building Should we be concerned? … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Source: Hello, Unit 61398, The Economist Meanwhile.. … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks…
  • 11. 11 Threat horizon for 2015 Threat horizon • Reputation is a new target for cyber-attacks, from insider activists who leak information, and hacktivist collectives who vote on who they dislike this week. • Criminals value your information, they’re highly motivated to obtain it, or to use what leaks out of your organization. • The changing pace of technology doesn’t help; bring your own cloud (BYOC) and bring your own device (BYOD) also bring their own risks. Source: Information Security Forum
  • 13. 13 A Strategy Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Technical Controls Risk Assessments Information Security Requirements Policies ManagementCommitment Awareness Periodic reviews Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Awareness Technical Controls Periodic reviews Policies Awareness Technical Controls PoliciesRisk Assessments • Identify critical information assets • Obtain management buy-in • Take a 3 pronged approach • Conduct periodic reviews Approach 2
  • 14. 14 Approach 3 Adopting a framework “What does good cyber risk management look like?” By definition a framework is an agreed structured approach to dealing with a particular subject. • There is no such thing as a one-size-fits-all framework • Use / implement the appropriate framework for your organisation’s requirements • i.e. access your requirements and design the appropriate framework for your needs • Such that your organisation is not trying to ‘fit’ to a particular benchmark or rule book Implement what is appropriate to your business objectives, risk appetite and facilitates reporting to any third party against international generic cyber risk frameworks. Source: Paul C Dwyer, Cyber Risk Expert
  • 15. 15 Approach 3 Adopting a framework Source: Paul C Dwyer, Cyber Risk Expert
  • 16. 16 Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk •With appropriate due diligence, management accept the potential risk and continue operatingRisk Assumption •Management approve the implementation of controls to lower risk to an acceptable levelRisk Alleviation •Eliminate the process that could cause the risks Risk Avoidance •Management limit the risk exposure by putting controls to limit the impact of a threatRisk Limitation •A process to manage risk by developing an architecture that prioritises, implements and maintains controlsRisk Planning •Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policyRisk Transference Juggling the risks Dealing with the risks
  • 17. 18 “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies Cyber Resilience 3. Detection 1. Organizational Readiness 2. Situational awareness 4. Cyber defence 5. Mitigation and containment 6. Recovery Six Point action plan Becoming resilient
  • 18. 19 Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences #1 Organisational Readiness Becoming resilient
  • 19. 20 Specialist knowledge Keep abreast of the latest advanced threats Hacking for fame & glory Cybercrime moved into monetisation Criminal gangs Protest hacktivism Anonymous & Lulzsec target corporate infrastructures Corporate espionage Disruption Know your information assets Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group #2 Situational Intelligence Becoming resilient
  • 20. 21 Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction #3 - Detection Becoming resilient
  • 21. 22 Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target #4 – Cyber Defence Becoming resilient
  • 22. 23 The aim is to limit the damage to your services and reputation Limit the impact / shutdown the source Being prepared is the key Contingency planning – define and review your plans Ensure adequate testing of business continuity plans Prepared PR statements Continuity of Operations Plan Disaster Recovery Plan IT / Network Contingency Plans Crisis Communication Plan Cyber Incident Plan Occupant Emergency Plan #5 – Mitigation and containment Becoming resilient
  • 23. 24 You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it #6 - Recovery Becoming resilient
  • 24. 25 Cyber Resiliency Business Continuity IT Service Continuity Management functions BEING PROACTIVE IS THE NAME OF THE GAME Awareness Knowledge Controls Detection Mitigation Recovery • Good IT governance by following a framework gives structure and business alignment • Apply some form of strategy to the way you deal with information security • Cyber threats are on the increase, so prevention and detection are always better than cure • Becoming cyber resilient gives you the benefit of knowing how to tackle IT risks • Take a pragmatic approach to investing in your defences Conclusions Take back conclusions
  • 25. Thank you! Donald Tabone  dtabone@gmail.com
  • 26. Nineteen Twenty Three, Valletta Road, Marsa MRS 3000, Malta. T. (+356) 2144 5566 E. info@ptl.com.mt | www.ptl.com.mt IT & SECURITY EXPERTS