SlideShare uma empresa Scribd logo

NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

Managing Cyber Security Across the Enterprise

Tecnologia
1 de 12
Baixar para ler offline
@NTXISSA #NTXISSACSC3 Managing Cyber Security Across the Enterprise Asif Effendi September 3, 2015 austinssi
@NTXISSA #NTXISSACSC3 Slide 2 Managing Cyber Security Across the Enterprise Oil and Gas Threat Landscape Challenges in Securing Control Systems Cyber Security Strategies Conclusion Managing Cyber Security Across the Enterprise Highlights:
@NTXISSA #NTXISSACSC3 Slide 3 Managing Cyber Security Across the Enterprise Threat Landscape
@NTXISSA #NTXISSACSC3 Slide 4 Managing Cyber Security Across the Enterprise Threat Landscape 76% 5% 19% 0% 10% 20% 30% 40% 50% 60% 70% 80% Yes No Unsure Increase in Sophistication of Attacks Against Infrastructure (2015 Report of Organization of American States) Yes No Unsure Increase in sophistication of cyber attacks
@NTXISSA #NTXISSACSC3 Largest sector of cyber incidents is Energy industry Slide 5 Managing Cyber Security Across the Enterprise Energy, 53% Government, 2% Info Tech, 4% Nuclear, 3% Postal & Shipping, 1% Transportation, 5% Water, 4% Commercial Facilities, 2% Communications, 5% Critical Manufacturing, 17% Distribution of Cyber Incidents (ICS-CERT) Threat Landscape
@NTXISSA #NTXISSACSC3 Difference in security attribute between ICS and Enterprise systems Slide 6 Managing Cyber Security Across the Enterprise Challenges in Securing Systems Courtesy: Kaspersky Lab
@NTXISSA #NTXISSACSC3 Differences/similarities in security controls considerations between ICS and Enterprise systems Slide 7 Managing Cyber Security Across the Enterprise Challenges in Securing Systems Life Span 15 – 20 years 3 – 5 years COTS Related Vulnerabilities Yes Yes Third Party Access to Systems Frequent Limited Security Considerations in Implementation Limited Yes Wireless Access to Systems Significant Limited
@NTXISSA #NTXISSACSC3 Defense in Depth in securing ICS Slide 8 Managing Cyber Security Across the Enterprise Cyber Security Strategies
@NTXISSA #NTXISSACSC3 Risk Based Approach and Management to Securing ICS Slide 9 Managing Cyber Security Across the Enterprise Cyber Security Strategies
@NTXISSA #NTXISSACSC3 Network Segmentation Slide 10 Managing Cyber Security Across the Enterprise Cyber Security Strategies (Reference: Defense in Depth Strategies, Idaho National Laboratory, Department of Homeland Security Based on ISA 62443)
@NTXISSA #NTXISSACSC3 Summary Slide 11 Managing Cyber Security Across the Enterprise Rapid integration of “Commercial Off the Shelf (COTS) in ICS environment comes with vulnerabilities and risks Industrial control systems are not easy to secure Hacker knowledge base is growing rapidly, resulting in more sophisticated attacks Risk has to be managed although it can not be eliminated. Risk based “Defense in Depth” mitigates cyber risks at multiple layers in an organization Conclusion
@NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3 Slide 12 Thank you The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association)

Recomendados

What are the top 5 marketing strategies of cyber security business?
What are the top 5 marketing strategies of cyber security business?What are the top 5 marketing strategies of cyber security business?
What are the top 5 marketing strategies of cyber security business?
ExpertsConsult
 
Powering B2B Sales with Digital
Powering B2B Sales with DigitalPowering B2B Sales with Digital
Powering B2B Sales with Digital
McKinsey on Marketing & Sales
 
Briefing the board lessons learned from cisos and directors
Briefing the board lessons learned from cisos and directorsBriefing the board lessons learned from cisos and directors
Briefing the board lessons learned from cisos and directors
Priyanka Aash
 
Semiconductor Gender Parity Study
Semiconductor Gender Parity StudySemiconductor Gender Parity Study
Semiconductor Gender Parity Study
accenture
 
Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?
Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?
Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?
Adrian Jones
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India
EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India
EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India
EY
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
 

Recomendados

What are the top 5 marketing strategies of cyber security business?
What are the top 5 marketing strategies of cyber security business?What are the top 5 marketing strategies of cyber security business?
What are the top 5 marketing strategies of cyber security business?
ExpertsConsult
 
Powering B2B Sales with Digital
Powering B2B Sales with DigitalPowering B2B Sales with Digital
Powering B2B Sales with Digital
McKinsey on Marketing & Sales
 
Briefing the board lessons learned from cisos and directors
Briefing the board lessons learned from cisos and directorsBriefing the board lessons learned from cisos and directors
Briefing the board lessons learned from cisos and directors
Priyanka Aash
 
Semiconductor Gender Parity Study
Semiconductor Gender Parity StudySemiconductor Gender Parity Study
Semiconductor Gender Parity Study
accenture
 
Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?
Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?
Adrian Jones presentation at InsureTech Connect 2021: What's Next for InsurTech?
Adrian Jones
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India
EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India
EY India Attractiveness Survey 2015 – Top Reasons to Invest to Invest in India
EY
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
 
Deutsche Bank - Top 10 themes for 2023
Deutsche Bank - Top 10 themes for 2023Deutsche Bank - Top 10 themes for 2023
Deutsche Bank - Top 10 themes for 2023
Investoida
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
InsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can WinInsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can Win
Adrian Jones
 
20200610 Covid 19 - Global Auto Consumer Insights_Wave 2
20200610 Covid 19 - Global Auto Consumer Insights_Wave 220200610 Covid 19 - Global Auto Consumer Insights_Wave 2
20200610 Covid 19 - Global Auto Consumer Insights_Wave 2
Martin Hattrup
 
CII BCG big picture summit report 2021
CII BCG big picture summit report 2021CII BCG big picture summit report 2021
CII BCG big picture summit report 2021
Social Samosa
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
Safwan Talab
 
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Ana Lucia Amaral
 
2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf
ErickaDiaz24
 
UBS Green Funding Framework.pdf
UBS Green Funding Framework.pdfUBS Green Funding Framework.pdf
UBS Green Funding Framework.pdf
ssuser91c953
 
Sydney Subscribed 2016: Keynote
Sydney Subscribed 2016: KeynoteSydney Subscribed 2016: Keynote
Sydney Subscribed 2016: Keynote
Zuora, Inc.
 
Growth Game Changer
Growth Game ChangerGrowth Game Changer
Growth Game Changer
accenture
 
Matthueu Lamiaux-Enfermedades transmitidas por vectores
Matthueu Lamiaux-Enfermedades transmitidas por vectoresMatthueu Lamiaux-Enfermedades transmitidas por vectores
Matthueu Lamiaux-Enfermedades transmitidas por vectores
Fundación Ramón Areces
 
1Q23 Presentation (1).pdf
1Q23 Presentation (1).pdf1Q23 Presentation (1).pdf
1Q23 Presentation (1).pdf
JayWadhwani5
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Future-proofing SMEs TA vFF.pdf
Future-proofing SMEs TA vFF.pdfFuture-proofing SMEs TA vFF.pdf
Future-proofing SMEs TA vFF.pdf
enterpriseresearchcentre
 
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital MarketsHold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
accenture
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet
vimal kumar arora
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial services
White & Case
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Priyankush salouria
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Bob Rhubart
 
Information Governance
Information GovernanceInformation Governance
Information Governance
Vicky Makhija
 

Mais conteúdo relacionado

Mais procurados

InsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can WinInsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can Win
Adrian Jones
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
Safwan Talab
 
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Ana Lucia Amaral
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

Mais procurados (20)

Deutsche Bank - Top 10 themes for 2023
Deutsche Bank - Top 10 themes for 2023Deutsche Bank - Top 10 themes for 2023
Deutsche Bank - Top 10 themes for 2023
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
InsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can WinInsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can Win
 
20200610 Covid 19 - Global Auto Consumer Insights_Wave 2
20200610 Covid 19 - Global Auto Consumer Insights_Wave 220200610 Covid 19 - Global Auto Consumer Insights_Wave 2
20200610 Covid 19 - Global Auto Consumer Insights_Wave 2
 
CII BCG big picture summit report 2021
CII BCG big picture summit report 2021CII BCG big picture summit report 2021
CII BCG big picture summit report 2021
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
 
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
Brazil Digital Report - 1st Edition By McKinsey & Company and Brazil at Silic...
 
2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf
 
UBS Green Funding Framework.pdf
UBS Green Funding Framework.pdfUBS Green Funding Framework.pdf
UBS Green Funding Framework.pdf
 
Sydney Subscribed 2016: Keynote
Sydney Subscribed 2016: KeynoteSydney Subscribed 2016: Keynote
Sydney Subscribed 2016: Keynote
 
Growth Game Changer
Growth Game ChangerGrowth Game Changer
Growth Game Changer
 
Matthueu Lamiaux-Enfermedades transmitidas por vectores
Matthueu Lamiaux-Enfermedades transmitidas por vectoresMatthueu Lamiaux-Enfermedades transmitidas por vectores
Matthueu Lamiaux-Enfermedades transmitidas por vectores
 
1Q23 Presentation (1).pdf
1Q23 Presentation (1).pdf1Q23 Presentation (1).pdf
1Q23 Presentation (1).pdf
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Future-proofing SMEs TA vFF.pdf
Future-proofing SMEs TA vFF.pdfFuture-proofing SMEs TA vFF.pdf
Future-proofing SMEs TA vFF.pdf
 
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital MarketsHold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial services
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

Destaque

1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
madunix
 
2012 FEPA Presentation: Larry Hjalmarson
2012 FEPA Presentation: Larry Hjalmarson2012 FEPA Presentation: Larry Hjalmarson
2012 FEPA Presentation: Larry Hjalmarson
FloridaPipeTalk
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 

Destaque (19)

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
2012 FEPA Presentation: Larry Hjalmarson
2012 FEPA Presentation: Larry Hjalmarson2012 FEPA Presentation: Larry Hjalmarson
2012 FEPA Presentation: Larry Hjalmarson
 
Generalized attribute centric access control
Generalized attribute centric access controlGeneralized attribute centric access control
Generalized attribute centric access control
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafel
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 
Abac and the evolution of access control
Abac and the evolution of access controlAbac and the evolution of access control
Abac and the evolution of access control
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the Network
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIRO
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
 
APIs: The New Security Layer
APIs: The New Security LayerAPIs: The New Security Layer
APIs: The New Security Layer
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
The CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT ExecutiveThe CIO Viewpoint : How to Partner with the Top IT Executive
The CIO Viewpoint : How to Partner with the Top IT Executive
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 

Semelhante a NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi

ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015
G. Jane Louise Cook
 
11272019 SafeAssign Originality Reporthttpsucumberlan.docx
11272019 SafeAssign Originality Reporthttpsucumberlan.docx11272019 SafeAssign Originality Reporthttpsucumberlan.docx
11272019 SafeAssign Originality Reporthttpsucumberlan.docx
aulasnilda
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich
TopCyberNewsMAGAZINE
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS
 
Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructures
Mohammed Saqib
 

Semelhante a NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi (20)

Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015
 
Project Topics on Network Security
Project Topics on Network SecurityProject Topics on Network Security
Project Topics on Network Security
 
FICCI-talk
FICCI-talkFICCI-talk
FICCI-talk
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
11272019 SafeAssign Originality Reporthttpsucumberlan.docx
11272019 SafeAssign Originality Reporthttpsucumberlan.docx11272019 SafeAssign Originality Reporthttpsucumberlan.docx
11272019 SafeAssign Originality Reporthttpsucumberlan.docx
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
 
Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructures
 
Industrial Control Cybersecurity USA Cyber Senate conference
Industrial Control Cybersecurity USA Cyber Senate conference Industrial Control Cybersecurity USA Cyber Senate conference
Industrial Control Cybersecurity USA Cyber Senate conference
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Securing the ‘Wild Wild West’: USM for Universities
Securing the ‘Wild Wild West’: USM for UniversitiesSecuring the ‘Wild Wild West’: USM for Universities
Securing the ‘Wild Wild West’: USM for Universities
 
New Threat Trends in CII(Critical Information Infrastructure)
New Threat Trends in CII(Critical Information Infrastructure)New Threat Trends in CII(Critical Information Infrastructure)
New Threat Trends in CII(Critical Information Infrastructure)
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
 
Why Cisco-for-Security
Why Cisco-for-SecurityWhy Cisco-for-Security
Why Cisco-for-Security
 

Mais de North Texas Chapter of the ISSA

Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
North Texas Chapter of the ISSA
 

Mais de North Texas Chapter of the ISSA (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi

  • 1. @NTXISSA #NTXISSACSC3 Managing Cyber Security Across the Enterprise Asif Effendi September 3, 2015 austinssi
  • 2. @NTXISSA #NTXISSACSC3 Slide 2 Managing Cyber Security Across the Enterprise Oil and Gas Threat Landscape Challenges in Securing Control Systems Cyber Security Strategies Conclusion Managing Cyber Security Across the Enterprise Highlights:
  • 3. @NTXISSA #NTXISSACSC3 Slide 3 Managing Cyber Security Across the Enterprise Threat Landscape
  • 4. @NTXISSA #NTXISSACSC3 Slide 4 Managing Cyber Security Across the Enterprise Threat Landscape 76% 5% 19% 0% 10% 20% 30% 40% 50% 60% 70% 80% Yes No Unsure Increase in Sophistication of Attacks Against Infrastructure (2015 Report of Organization of American States) Yes No Unsure Increase in sophistication of cyber attacks
  • 5. @NTXISSA #NTXISSACSC3 Largest sector of cyber incidents is Energy industry Slide 5 Managing Cyber Security Across the Enterprise Energy, 53% Government, 2% Info Tech, 4% Nuclear, 3% Postal & Shipping, 1% Transportation, 5% Water, 4% Commercial Facilities, 2% Communications, 5% Critical Manufacturing, 17% Distribution of Cyber Incidents (ICS-CERT) Threat Landscape
  • 6. @NTXISSA #NTXISSACSC3 Difference in security attribute between ICS and Enterprise systems Slide 6 Managing Cyber Security Across the Enterprise Challenges in Securing Systems Courtesy: Kaspersky Lab
  • 7. @NTXISSA #NTXISSACSC3 Differences/similarities in security controls considerations between ICS and Enterprise systems Slide 7 Managing Cyber Security Across the Enterprise Challenges in Securing Systems Life Span 15 – 20 years 3 – 5 years COTS Related Vulnerabilities Yes Yes Third Party Access to Systems Frequent Limited Security Considerations in Implementation Limited Yes Wireless Access to Systems Significant Limited
  • 8. @NTXISSA #NTXISSACSC3 Defense in Depth in securing ICS Slide 8 Managing Cyber Security Across the Enterprise Cyber Security Strategies
  • 9. @NTXISSA #NTXISSACSC3 Risk Based Approach and Management to Securing ICS Slide 9 Managing Cyber Security Across the Enterprise Cyber Security Strategies
  • 10. @NTXISSA #NTXISSACSC3 Network Segmentation Slide 10 Managing Cyber Security Across the Enterprise Cyber Security Strategies (Reference: Defense in Depth Strategies, Idaho National Laboratory, Department of Homeland Security Based on ISA 62443)
  • 11. @NTXISSA #NTXISSACSC3 Summary Slide 11 Managing Cyber Security Across the Enterprise Rapid integration of “Commercial Off the Shelf (COTS) in ICS environment comes with vulnerabilities and risks Industrial control systems are not easy to secure Hacker knowledge base is growing rapidly, resulting in more sophisticated attacks Risk has to be managed although it can not be eliminated. Risk based “Defense in Depth” mitigates cyber risks at multiple layers in an organization Conclusion
  • 12. @NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3 Slide 12 Thank you The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association)