La Gestión del Riesgo en Nuevos Entornos
Upcoming SlideShare
Loading in...5
×
 

La Gestión del Riesgo en Nuevos Entornos

on

  • 491 views

Presentación realizada por Karen Gaines, Sales executive HP Enterprise Securtity Services, en el Evento de Ciberseguridad 2014 organizado por IDC

Presentación realizada por Karen Gaines, Sales executive HP Enterprise Securtity Services, en el Evento de Ciberseguridad 2014 organizado por IDC

Statistics

Views

Total Views
491
Views on SlideShare
489
Embed Views
2

Actions

Likes
0
Downloads
11
Comments
0

1 Embed 2

https://twitter.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    La Gestión del Riesgo en Nuevos Entornos La Gestión del Riesgo en Nuevos Entornos Presentation Transcript

    • La Gestión del Riesgo en Nuevos Entornos Karen Gaines HP Security Services © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • Crecimiento Online 3 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • Crecimiento Online 2010 32.7% online 2,270,000,000 4 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • Crecimiento Online 2020 60% online 4,800,000,000 5 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • Personas conectadas Smart Cities 50 billones Dispositivos Hogares Automatizados 6 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • Personas Connected conectadas Efecto Individuals 50 billones Internet Dispositivos Hogares Automatizados 7 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Smart Cities
    • Creamos muchísimos datos… 8 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • HP Cyber timeline Stuxnet, was designed to seek out certain industrial control systems made by Siemens. Stuxnet took advantage of four zero-day vulnerabilities and appeared to be targeted at a uranium enrichment program in Iran. Heartland, was designed to seek out certain industrial control systems made by Siemens. Stuxnet took advantage of four zero-day vulnerabilities and appeared to be targeted at a uranium enrichment program in Iran. The Russian firm Kaspersky discovered a worldwide cyberattack dubbed “Red October,” that had been operating since at least 2007. Hackers gathered information through vulnerabilities in Microsoft’s Word and Excel programmes Shamoon - The virus has been noted as unique for having differing behaviour from other malware cyber espionage attacks. Shamoon is capable of spreading to other computers on the network, through exploitation of shared hard drives hackers had penetrated the PlayStation network, stealing or misusing the personal information of at least 77 million users. Sony estimated that fallout from the hack cost at least $170 million. Tamper serious vulnerability in the Hotmail service which allowed hackers to access 13 million hotmail accounts. In the same period the services Yahoo and AOL were affected by the Tamper Data hack. Tamper Data Syrian Electronic Army continues to take down, hack and redirect Wall Street Journal Websites and internet facing traffic. June 2012 .CN Aug 2013 The most significant breach of U.S. computer security occurred, apparently when someone working with the Pentagon's Central Command inserted an infected flash drive into a military laptop computer at a base in the Middle East. Shamoon Aug 2012 WSJ - SEA StuxNet Red October Apple Dec 2010 Aug 2011 Cyber Altruism UK Revenue & Customs Heartland 2006 2010 NASA Shuttle Plans AOL 2010 2003 2004 Loss/Stolen Data 9 Dec 2006 2005 Sony PSN Kernel.org Dec 2010 Aug 2011 2009 TJ Maxx 2006 Individuals and groups driven by their social DigiNotar Buckshot Yankee conscience, hacktivism, whistleblowing Video Conferencing 2013 Yahoo Mar 2009 Rise of CyberCrime 2008 2009 2013 Living Social GhostNet 2007 Facebook Aug 2012 Nov 2008 May 2007 Evernote 2013 Sept 2011 Estonia Dark Facebook founder Mark Zuckerberg had his profile hacked into by an IT worker in Palestine. Aug 2013 2010 2013 2010 Advanced Persistent Threat © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2011 2012 2013 2014 Professional Hacktivism
    • HP Cyber timeline Cyber Cartels Tamper Data Continued development of sophisticated cybercriminals, convergence of traditional- and cybercrime June 2012 .CN Aug 2013 Shamoon Aug 2012 Aug 2013 2010 Red October Apple Dec 2010 Aug 2011 Heartland Cyber Militia WSJ - SEA StuxNet Sony PSN Kernel.org Dec 2010 Aug 2011 009 Active use of cyberspace as a sub-nationstate battle ground, terrorism… Evernote 2013 Video Conferencing Cyber Altruism Facebook 2013 Aug 2012 Individuals and groups driven by their social conscience, hacktivism, whistleblowing Living Social DigiNotar Sept 2011 2013 Yahoo ostNet 2013 2009 2009 2010 2011 2012 Advanced Persistent Threat 10 2013 2014 Professional Hacktivism © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • 243 2013 Enero…………. Octubre días ..de media para detectar que datos han sido comprometidos ..de las incidencias ocurren en las aplicaciones Desde 2010, el tiempo en resolver un ataque ha aumentado… de las incidencias son reportados por terceros 11 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • 12 © Copyright 2013 Hewlett-Packard Company, L.P. Company, L.P. The information contained herein is subject © Copyright 2013 Hewlett-Packard DevelopmentDevelopment The information contained herein is subject to change without notice.to change without notice.
    • Desafíos Principales para un CISO Riesgo Comité Marca Digital Madurez Confianza Reputación Activos Cumplimiento & Regulación Las actividades más complejas para un CISO gestionar*: Organization’s leaders Specific users 21% My own team 17% Regulators Vendors/consultants Outside hackers Other 13 14% 5% 1% 7% © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. *Source: IDG Research Nuevo Estilo de TI 34% Motivación de los Ataques
    • Una Seguridad Íntegra Enfoque de HP para completar la seguridad de la información Asesorar: Riesgos inherentes a la cadena de suministro, contratos actuales y rendimiento de los proveedores Transformar: Describir la estrategia y el marco integrales o toma de control Gestionar: Implementar y reportar el marco de gobierno del cumplimiento de seguridad del proveedor Moverse desde una gestión del riesgo y seguridad de la información reactiva a una proactiva 14 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Inteligencia de Seguridad Procesable
    • Los Objetivos de HP Security Bloquear el Adversario Gestionar el Riesgo Aumentar Alcance • Bloquear los adversarios internos y externos • Responder rápidamente a incidencias • Reducir coste y complejidad • Interrumpir la amenaza en tiempo real • Mejorar la postura del riesgo • Acceso a +5000 profesionales de seguridad • Inteligencia de la seguridad integral • Conocimientos de estándares locales y globales • Asesoramiento a Gestión Integral 15 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • Los Objetivos de HP Security Bloquear el Adversario Tecnología de Interrumpir la amenaza en tiempo real Seguridad Inteligencia de la seguridad integral Gestionar el Riesgo Servicios Mejorar la postura del riesgo Gestionados Conocimientos de estándares locales y globales de Seguridad Aumentar Alcance Consultoría de Acceso a +5000 profesionales de seguridad Seguridad Asesoramiento a Gestión Integral • Bloquear los adversarios internos y externos • Responder rápidamente a incidencias • Reducir coste y complejidad • • • • 16 • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. •
    • Soluciones Respaldados por una Investigación Global • • 1650+ Investigadores • 2000+ Clientes compartiendo datos • Líder en Investigación de Seguridad • Ecosystem Partner SANS, CERT, NIST, OSVDB, software & fabricantes de reputación Encontramos más vulnerabilidades que el resto del Mercado combinado • Colaboración con equipo líderes en el mercados: DV Labs, ArcSight, Fortify, HPLabs, Application Security Center • Colecta datos de red y seguridad globales HP Global Research ESS FSRG 17 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • HP detecta y protege contra 4 veces más vulnerabilidades críticas que el resto del mercado combinado, Facilitando a nuestros clientes beneficiarse de la experiencia de un proveedor global. 18 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • 19 5,000 Profesionales de la Seguridad 8 Centros de Operaciones de Seguridad #1 Investigación de la Seguridad © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • HP Cloud Protection. Arquitectura de Referencia. Security Solution Mapping Access Devices Malware Protection Network Security IT Management Framework SaaS PaaS Application Security IaaS Application Security Client Security App Security Data Protection Cloud Platform Malware Protection Network Security Server Security Client Security Storage Security Account Management Access Control Management Authentication Identity Provisioning Federation Auditing Key Management Change Management Patch Management Configuration Management Capacity Management Availability Management Incident Management Virtualization Management Vulnerability Management Data Protection Virtualization Security 20 Security Info & Event Management Compliance Management © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
    • HP Cloud Protection. Arquitectura de Referencia. Security Solution Mapping IT Management • Ozone Framework Access Devices SaaS Application Security Malware Protection Network Security PaaS Account Management Access Control Management Authentication Identity Provisioning Federation Auditing Key Management IaaS Application Security Client Security App Security Data Protection Strategy Consulting Support Cloud Platform Malware Protection Network Security Server Security Client Security Strategy Consulting Support Storage Security Change Management Patch Management Configuration Management Capacity Management Availability Management Incident Management • Control Compliance Suite Virtualization Management Vulnerability Management Data Protection Virtualization Security 21 Security Info & Event Management Compliance Management • Endpoint Protection • Endpoint Protection • Critical Systems Protection • Data Loss Prevention • Web Gateway • Data Loss Prevention © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to • Control notice. change without Compliance Suite
    • ¡Gracias! © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.