SlideShare a Scribd company logo

Using international standards to improve Asia-Pacific cyber security

IT Governance Ltd
IT Governance Ltd

Understand the cyber threat facing APAC organisations, current legislation and how to utilise international standards to get your business cyber secure in this informative webinar, hosted by Alan Calder.

Business
1 of 33
Download to read offline
Using international standards to improve Asia-Pacific cyber security Tuesday, 24 March, 2015 Alan Calder IT Governance Ltd www.itgovernance.asia PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING AND WILL AUTOMATICALLY BE UNMUTED FOR THE START OF THE Q&A SESSION
Introduction About Alan Calder… • Acknowledged international cyber security expert • Leading author on information security and IT governance issues • Led the world’s first successful implementation of ISO 27001 (then called BS 7799) • Consultant on cyber security and IT governance strategies globally, including across the Asia-Pacific region 2 © IT Governance Ltd 2015
Agenda • The cyber threat – Breaking down recent high-profile data breaches • Current legislation – Learn about the current data protection laws in Hong Kong, Australia, Singapore and the Philippines • International standard – Discover how the cyber security standard, ISO 27001, will help get your business cyber secure 3 © IT Governance Ltd 2015
4 © IT Governance Ltd 2015 Current cyber threat
The current cyber threat 1 billion data records compromised globally in 2014 5 © IT Governance Ltd 2015 1,500 data breaches globally in 2014 $2.8 million is the average cost of a data breach in Australia 70% believe cyber attacks are among the three biggest threats facing organisations
The current cyber threat • 61% of APAC organisations expect a cyber attack to strike their organisation in 2015, but only 43% are prepared • 76% of APAC organisations have detected security incidents in the past 12 months • 63% of APAC organisations will increase their security budget over the next 12 months 6 © IT Governance Ltd 2015
The changing threat landscape • 87% of iPhone and 97% of Android top 100 apps have been hacked • 100% of companies experience virus attacks, and 97% have suffered malware attacks • 156 million phishing emails are sent every day • 15 million make it through spam filters • The average cost for each stolen record in Australia is $145 7 © IT Governance Ltd 2015
Why did they fail to avoid a breach? 8 © IT Governance Ltd 2015 Root cause of data breaches The changing threat landscape Source: Ponemon Institute – Year of the Mega Breach 2014
Case study – Philippine government • Government websites compromised multiple times by hacktivists – Nov 2013 - Philippine hacker group linked to Anonymous hacked numerous government websites, calling on the public to support a protest – Nov 2014 – Philippine branch of Anonymous hacked 11+ government websites to express dissatisfaction: “Your governments have failed you, they sit atop their thrones and abuse their power” – Feb 2015 – Website compromised by anti-ISIS hacker, posting expletive-ridden message 9 © IT Governance Ltd 2015
Case study – Philippine government • No formal statement from the government about the hacks, how they happened or what they are doing about it, but it is clear that: – Government is unprepared for a cyber attack and failing to put effective measures in place – Little or no contingency plans – Websites restored but government’s lack of security exposed – Effective way for hacktivists to voice opinions 10 © IT Governance Ltd 2015
Case study – Lizard Squad and their infamous DNS attacks Hacking group Lizard Squad appears to have attacked a number of websites: Lizard Squad attacks Malaysia Airlines website, January 2015 • Visitors to www.malaysiaairlines.com on Monday 26 January found the message “404 – Plane Not Found” • Appeared to be DNS attack, overriding settings and redirecting site visitors to a Lizard Squad-controlled page • Fully recovered within 22 hours Google Vietnam hacked by Lizard Squad, February 2015 • Google.com.vn, the search giant’s Vietnamese site, appeared to have suffered a DNS attack by Lizard Squad • Site visitors instead found a photo of a man taking a selfie with an iPhone instead of the normal search engine Lenovo attacked after Superfish controversy, February 2015 • Lizard Squad attacked Lenovo’s website with a DNS attack, redirecting users to a free CloudFlare account Last year, the hacking group claimed responsibility for attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live network, among others. 11
Case study – Lizard Squad DNS attacks What are DNS attacks? • Domain Name System (DNS) • DNS hijacking works by overriding TCP/IP settings and redirecting site visitors rather than by assuming control of the actual target site • DNS hijacking rarely affects customer information, instead causing disruption to affected sites by gaining control over their domain names Effects • Websites restored but lack of security/vulnerability exploited • Effective way for hackers to voice opinions 12 © IT Governance Ltd 2015
International case study – Sony Pictures Data breach • November 2014 • Hackers infiltrated Sony’s corporate computer network • Torrents of unreleased Sony Pictures films appeared online • Personal information about employees (families, emails, salaries, etc.) was leaked • Plaintext passwords leaked online, along with other credential data • Huge amount of marketing slide decks were leaked • Kept Sony staff from using computers for days • Sony postponed release of upcoming film The Interview 13 © IT Governance Ltd 2015
International case study – Sony Pictures Repercussions • North Korea blamed, increasing tension with the US • Ex-employees sought to combine class action lawsuits against Sony • Costs reach $100million How did the breach get so bad? • Executives ignored ransom emails, treated as spam • Failed to acknowledge breach until one week later • Generally lax approach to online security – April 2011 – Sony’s PlayStation network hacked and 76 million gamers’ accounts compromised – Inappropriate spending? $250million budget still couldn’t keep them cyber secure 14 © IT Governance Ltd 2015
Small companies are at risk too • Cyber criminals target indiscriminately • 60% of breached small organisations close down within six months • Often lack effective internal security practices • No dedicated IT security and support • Passwords, system access easily compromised • Out-of-date server hardware and software • Websites are built on common, open-source frameworks – weaknesses easily exploited 15 © IT Governance Ltd 2015
What is the board told? • 32.5% of boards do not receive any information about their cyber security posture and activities • 38% of the remainder receive reports only annually • 29% of IT teams don’t report breaches for fear of retribution 16 © IT Governance Ltd 2015 Source: IT Governance ‘Boardroom Cyber Watch Survey 2014’
Cyber security skills shortage Shortage • Global shortage of two million cyber security professionals by 2017 ISACA report • 85% believe there is a shortage • 53% consider it difficult to identify adequate cyber security skills • 50% plan to increase staff training Companies should be looking for • Industry-recognised qualifications (IBITGQ) 17 © IT Governance Ltd 2015
Current cyber security legislation 18
Australia Cyber Security Strategy 2009 • Framework to address the increasing risk of online threats to the country • Aims to have businesses operate secure and resilient information and communications technologies, thereby protecting the integrity of their own operations and the identity and privacy of their customers • Criticism – significantly out of date. Prime Minister Tony Abbott is currently pushing for cyber security review 19 © IT Governance Ltd 2015
Hong Kong Personal Data (Privacy) Ordinance (PDPO) • Govern data subjects’ personal data • Six principles for data processors to abide by – DPP4 – practicable steps shall be taken to ensure that personal data are protected against unauthorised or accidental access, processing or erasure • Max. penalty of five years’ imprisonment and up to HKD$1,000,000 • Data users are liable for any breach by third parties 20© IT Governance Ltd 2015
The Philippines Cybercrime Prevention Act of 2012 • Enacted to address numerous forms of cyber crime • Applicable to organisations outside the Philippines • Met with controversy – many saw the legislation as a heavy-handed undermining of free expression and privacy, therefore the Supreme Court put a temporary restraining order in place • Feb 2014 - Supreme Court ruled a number of provisions to be constitutional, including: – Cyber crime offences – Cyber crime against critical infrastructure – Misuse of devices 21 © IT Governance Ltd 2015
Singapore Personal Data Protection Act (PDPA) 2012 • Governs the collection, use and disclosure of personal data by organisations • Only concerns individuals’ data and not corporate data National Cyber Security Masterplan 2018 • Five-year plan aims to develop Singapore as a “trusted and robust infocomm hub by 2018” Computer Misuse and Cybersecurity Act 1993 (Amended 2013) • Provision for securing computer material against unauthorised access or modification, and requires organisations to take appropriate cyber security measures – Punishable offences could be up to ten years’ imprisonment and/or SGD$50,000 fine 22 © IT Governance Ltd 2015
Meeting cyber security legislation • A strong security posture • An effective incident response plan • A CISO appointment • Implementing industry standards* 23 © IT Governance Ltd 2015 Source: 2014 Global Report on the Cost of Cyber Crime - Ponemon and HP
International standards 24
ISO 27001 – the cyber security standard • ISO 27001 – a globally recognised standard that provides a best-practice framework for addressing the entire range of cyber risks – Encompasses people, processes and technology – Systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's information security to achieve business objectives 25 © IT Governance Ltd 2015
Key elements of implementing ISO 27001 • Determine the scope of the ISMS • Consider the context of the organisation and interested parties • Appoint a senior individual responsible for information security • Conduct a risk assessment – identify risks, threats and vulnerabilities • Appoint risk owners for each of the identified risks • Implement appropriate policies and procedures • Conduct staff training • Conduct an internal audit • Perform continual improvement of the ISMS 26 © IT Governance Ltd 2015
How will ISO 27001 benefit your business? • Increased/appropriate level of information security – Systematic approach to risks – Informed decisions on security investments: cost-effective security • Better work practices that support business goals • Good marketing opportunities • Credibility with staff, customers and partner organisations • Due diligence • Compliance with corporate governance requirements – Appropriate action to comply with law – Manage business risks – Industry best-practice security – Internationally recognised good security practice 27 © IT Governance Ltd 2015
Benefits of ISO 27001 certification • Assurance to customers, employees, investors – their data is safe • Credibility and confidence • Internationally recognised • Shows that you have considered all of the information security-associated risks • Notably fulfilling fiduciary responsibilities • Supports your adherence to multiple compliance requirements 28 © IT Governance Ltd 2015
ISO 27001 in APAC 29 © IT Governance Ltd 2015
Why some of the world’s most valuable brands pursue ISO 27001 certification 30 © IT Governance Ltd 2015 Google: “This certification validates what I already knew… that the technology, process and infrastructure offers good security and protection for the data that I store in Google Apps Amazon: “The certification confirms our longstanding commitment to the security of our services to our customers.” Microsoft: “…provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers.”
IT Governance • Helped over 150 organisations achieve ISO 27001 certification worldwide • 15+ years experience • Highly regarded within the industry • Unique offering of tools, training and consultancy, which is unavailable elsewhere 31 © IT Governance Ltd 2015
Fixed-priced, packaged solutions You deliver the project independently You resource the project, calling on specialist tools and courses to aid efficiency and accelerate implementation Standards and books Software and documentation templates Training Mentor and coach IT Governance removes all the pain, delivering a certification- ready ISMS, aligned with ISO 27001 You resource the project, use tools and courses and benefit from the expert’s know-how You own and are in control of the project, receiving hands- on guidance from us You provide input Find out more: www.itgovernance.asia/t-iso27001-solutions.aspx
33 © IT Governance Ltd 2015

Recommended

Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
Cyber Security Conference 2017
Cyber Security Conference 2017Cyber Security Conference 2017
Cyber Security Conference 2017Norfolk Chamber of Commerce
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 

Recommended

Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
Cyber Security Conference 2017
Cyber Security Conference 2017Cyber Security Conference 2017
Cyber Security Conference 2017Norfolk Chamber of Commerce
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questionsBill McCabe
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016DWP Information Architects Inc.
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 

More Related Content

What's hot

Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questionsBill McCabe
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 

What's hot (20)

Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questions
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
 

Similar to Using international standards to improve Asia-Pacific cyber security

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Matthew Rosenquist
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greeneA smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greenebmcmenemy
 
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015bmcmenemy
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealthInvest
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
Cyber Threat Trends in Taiwan
Cyber Threat Trends in TaiwanCyber Threat Trends in Taiwan
Cyber Threat Trends in TaiwanAPNIC
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
 

Similar to Using international standards to improve Asia-Pacific cyber security (20)

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greeneA smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
 
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
Cyber Threat Trends in Taiwan
Cyber Threat Trends in TaiwanCyber Threat Trends in Taiwan
Cyber Threat Trends in Taiwan
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide Deck
 

More from IT Governance Ltd

GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security cultureIT Governance Ltd
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardIT Governance Ltd
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeIT Governance Ltd
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRIT Governance Ltd
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceIT Governance Ltd
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance IT Governance Ltd
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...IT Governance Ltd
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...IT Governance Ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 

More from IT Governance Ltd (20)

GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 

Recently uploaded

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 

Recently uploaded (20)

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 

Using international standards to improve Asia-Pacific cyber security

  • 1. Using international standards to improve Asia-Pacific cyber security Tuesday, 24 March, 2015 Alan Calder IT Governance Ltd www.itgovernance.asia PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING AND WILL AUTOMATICALLY BE UNMUTED FOR THE START OF THE Q&A SESSION
  • 2. Introduction About Alan Calder… • Acknowledged international cyber security expert • Leading author on information security and IT governance issues • Led the world’s first successful implementation of ISO 27001 (then called BS 7799) • Consultant on cyber security and IT governance strategies globally, including across the Asia-Pacific region 2 © IT Governance Ltd 2015
  • 3. Agenda • The cyber threat – Breaking down recent high-profile data breaches • Current legislation – Learn about the current data protection laws in Hong Kong, Australia, Singapore and the Philippines • International standard – Discover how the cyber security standard, ISO 27001, will help get your business cyber secure 3 © IT Governance Ltd 2015
  • 4. 4 © IT Governance Ltd 2015 Current cyber threat
  • 5. The current cyber threat 1 billion data records compromised globally in 2014 5 © IT Governance Ltd 2015 1,500 data breaches globally in 2014 $2.8 million is the average cost of a data breach in Australia 70% believe cyber attacks are among the three biggest threats facing organisations
  • 6. The current cyber threat • 61% of APAC organisations expect a cyber attack to strike their organisation in 2015, but only 43% are prepared • 76% of APAC organisations have detected security incidents in the past 12 months • 63% of APAC organisations will increase their security budget over the next 12 months 6 © IT Governance Ltd 2015
  • 7. The changing threat landscape • 87% of iPhone and 97% of Android top 100 apps have been hacked • 100% of companies experience virus attacks, and 97% have suffered malware attacks • 156 million phishing emails are sent every day • 15 million make it through spam filters • The average cost for each stolen record in Australia is $145 7 © IT Governance Ltd 2015
  • 8. Why did they fail to avoid a breach? 8 © IT Governance Ltd 2015 Root cause of data breaches The changing threat landscape Source: Ponemon Institute – Year of the Mega Breach 2014
  • 9. Case study – Philippine government • Government websites compromised multiple times by hacktivists – Nov 2013 - Philippine hacker group linked to Anonymous hacked numerous government websites, calling on the public to support a protest – Nov 2014 – Philippine branch of Anonymous hacked 11+ government websites to express dissatisfaction: “Your governments have failed you, they sit atop their thrones and abuse their power” – Feb 2015 – Website compromised by anti-ISIS hacker, posting expletive-ridden message 9 © IT Governance Ltd 2015
  • 10. Case study – Philippine government • No formal statement from the government about the hacks, how they happened or what they are doing about it, but it is clear that: – Government is unprepared for a cyber attack and failing to put effective measures in place – Little or no contingency plans – Websites restored but government’s lack of security exposed – Effective way for hacktivists to voice opinions 10 © IT Governance Ltd 2015
  • 11. Case study – Lizard Squad and their infamous DNS attacks Hacking group Lizard Squad appears to have attacked a number of websites: Lizard Squad attacks Malaysia Airlines website, January 2015 • Visitors to www.malaysiaairlines.com on Monday 26 January found the message “404 – Plane Not Found” • Appeared to be DNS attack, overriding settings and redirecting site visitors to a Lizard Squad-controlled page • Fully recovered within 22 hours Google Vietnam hacked by Lizard Squad, February 2015 • Google.com.vn, the search giant’s Vietnamese site, appeared to have suffered a DNS attack by Lizard Squad • Site visitors instead found a photo of a man taking a selfie with an iPhone instead of the normal search engine Lenovo attacked after Superfish controversy, February 2015 • Lizard Squad attacked Lenovo’s website with a DNS attack, redirecting users to a free CloudFlare account Last year, the hacking group claimed responsibility for attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live network, among others. 11
  • 12. Case study – Lizard Squad DNS attacks What are DNS attacks? • Domain Name System (DNS) • DNS hijacking works by overriding TCP/IP settings and redirecting site visitors rather than by assuming control of the actual target site • DNS hijacking rarely affects customer information, instead causing disruption to affected sites by gaining control over their domain names Effects • Websites restored but lack of security/vulnerability exploited • Effective way for hackers to voice opinions 12 © IT Governance Ltd 2015
  • 13. International case study – Sony Pictures Data breach • November 2014 • Hackers infiltrated Sony’s corporate computer network • Torrents of unreleased Sony Pictures films appeared online • Personal information about employees (families, emails, salaries, etc.) was leaked • Plaintext passwords leaked online, along with other credential data • Huge amount of marketing slide decks were leaked • Kept Sony staff from using computers for days • Sony postponed release of upcoming film The Interview 13 © IT Governance Ltd 2015
  • 14. International case study – Sony Pictures Repercussions • North Korea blamed, increasing tension with the US • Ex-employees sought to combine class action lawsuits against Sony • Costs reach $100million How did the breach get so bad? • Executives ignored ransom emails, treated as spam • Failed to acknowledge breach until one week later • Generally lax approach to online security – April 2011 – Sony’s PlayStation network hacked and 76 million gamers’ accounts compromised – Inappropriate spending? $250million budget still couldn’t keep them cyber secure 14 © IT Governance Ltd 2015
  • 15. Small companies are at risk too • Cyber criminals target indiscriminately • 60% of breached small organisations close down within six months • Often lack effective internal security practices • No dedicated IT security and support • Passwords, system access easily compromised • Out-of-date server hardware and software • Websites are built on common, open-source frameworks – weaknesses easily exploited 15 © IT Governance Ltd 2015
  • 16. What is the board told? • 32.5% of boards do not receive any information about their cyber security posture and activities • 38% of the remainder receive reports only annually • 29% of IT teams don’t report breaches for fear of retribution 16 © IT Governance Ltd 2015 Source: IT Governance ‘Boardroom Cyber Watch Survey 2014’
  • 17. Cyber security skills shortage Shortage • Global shortage of two million cyber security professionals by 2017 ISACA report • 85% believe there is a shortage • 53% consider it difficult to identify adequate cyber security skills • 50% plan to increase staff training Companies should be looking for • Industry-recognised qualifications (IBITGQ) 17 © IT Governance Ltd 2015
  • 19. Australia Cyber Security Strategy 2009 • Framework to address the increasing risk of online threats to the country • Aims to have businesses operate secure and resilient information and communications technologies, thereby protecting the integrity of their own operations and the identity and privacy of their customers • Criticism – significantly out of date. Prime Minister Tony Abbott is currently pushing for cyber security review 19 © IT Governance Ltd 2015
  • 20. Hong Kong Personal Data (Privacy) Ordinance (PDPO) • Govern data subjects’ personal data • Six principles for data processors to abide by – DPP4 – practicable steps shall be taken to ensure that personal data are protected against unauthorised or accidental access, processing or erasure • Max. penalty of five years’ imprisonment and up to HKD$1,000,000 • Data users are liable for any breach by third parties 20© IT Governance Ltd 2015
  • 21. The Philippines Cybercrime Prevention Act of 2012 • Enacted to address numerous forms of cyber crime • Applicable to organisations outside the Philippines • Met with controversy – many saw the legislation as a heavy-handed undermining of free expression and privacy, therefore the Supreme Court put a temporary restraining order in place • Feb 2014 - Supreme Court ruled a number of provisions to be constitutional, including: – Cyber crime offences – Cyber crime against critical infrastructure – Misuse of devices 21 © IT Governance Ltd 2015
  • 22. Singapore Personal Data Protection Act (PDPA) 2012 • Governs the collection, use and disclosure of personal data by organisations • Only concerns individuals’ data and not corporate data National Cyber Security Masterplan 2018 • Five-year plan aims to develop Singapore as a “trusted and robust infocomm hub by 2018” Computer Misuse and Cybersecurity Act 1993 (Amended 2013) • Provision for securing computer material against unauthorised access or modification, and requires organisations to take appropriate cyber security measures – Punishable offences could be up to ten years’ imprisonment and/or SGD$50,000 fine 22 © IT Governance Ltd 2015
  • 23. Meeting cyber security legislation • A strong security posture • An effective incident response plan • A CISO appointment • Implementing industry standards* 23 © IT Governance Ltd 2015 Source: 2014 Global Report on the Cost of Cyber Crime - Ponemon and HP
  • 25. ISO 27001 – the cyber security standard • ISO 27001 – a globally recognised standard that provides a best-practice framework for addressing the entire range of cyber risks – Encompasses people, processes and technology – Systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's information security to achieve business objectives 25 © IT Governance Ltd 2015
  • 26. Key elements of implementing ISO 27001 • Determine the scope of the ISMS • Consider the context of the organisation and interested parties • Appoint a senior individual responsible for information security • Conduct a risk assessment – identify risks, threats and vulnerabilities • Appoint risk owners for each of the identified risks • Implement appropriate policies and procedures • Conduct staff training • Conduct an internal audit • Perform continual improvement of the ISMS 26 © IT Governance Ltd 2015
  • 27. How will ISO 27001 benefit your business? • Increased/appropriate level of information security – Systematic approach to risks – Informed decisions on security investments: cost-effective security • Better work practices that support business goals • Good marketing opportunities • Credibility with staff, customers and partner organisations • Due diligence • Compliance with corporate governance requirements – Appropriate action to comply with law – Manage business risks – Industry best-practice security – Internationally recognised good security practice 27 © IT Governance Ltd 2015
  • 28. Benefits of ISO 27001 certification • Assurance to customers, employees, investors – their data is safe • Credibility and confidence • Internationally recognised • Shows that you have considered all of the information security-associated risks • Notably fulfilling fiduciary responsibilities • Supports your adherence to multiple compliance requirements 28 © IT Governance Ltd 2015
  • 29. ISO 27001 in APAC 29 © IT Governance Ltd 2015
  • 30. Why some of the world’s most valuable brands pursue ISO 27001 certification 30 © IT Governance Ltd 2015 Google: “This certification validates what I already knew… that the technology, process and infrastructure offers good security and protection for the data that I store in Google Apps Amazon: “The certification confirms our longstanding commitment to the security of our services to our customers.” Microsoft: “…provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers.”
  • 31. IT Governance • Helped over 150 organisations achieve ISO 27001 certification worldwide • 15+ years experience • Highly regarded within the industry • Unique offering of tools, training and consultancy, which is unavailable elsewhere 31 © IT Governance Ltd 2015
  • 32. Fixed-priced, packaged solutions You deliver the project independently You resource the project, calling on specialist tools and courses to aid efficiency and accelerate implementation Standards and books Software and documentation templates Training Mentor and coach IT Governance removes all the pain, delivering a certification- ready ISMS, aligned with ISO 27001 You resource the project, use tools and courses and benefit from the expert’s know-how You own and are in control of the project, receiving hands- on guidance from us You provide input Find out more: www.itgovernance.asia/t-iso27001-solutions.aspx