Your SlideShare is downloading. ×
  • Like
  • Save
Verify Your Cyber Threat Strategy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Verify Your Cyber Threat Strategy

  • 3,183 views
Published

Does your company have a documented cyber-threat strategy? Here are five key questions to help you assess your stategy, along with links to more information about developing cyber threat risks …

Does your company have a documented cyber-threat strategy? Here are five key questions to help you assess your stategy, along with links to more information about developing cyber threat risks assessments and response plans.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
3,183
On SlideShare
0
From Embeds
0
Number of Embeds
21

Actions

Shares
Downloads
0
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Can InformationSecurity Prevail?
  • 2. NOT WITHOUT ACyber-Security Strategy!
  • 3. Does your company have a cyber-threat strategy?In a recent survey… only 53% of respondents have a documented security strategy, and only 47% indicated that their current strategy adequately addresses the risks. - Ernst & Youngs Global Information Security Survey Does your company have a documented strategy with a realistic and comprehensive cyber-security plan?
  • 4. Thinking you have a plan whenyou do not, is dangerous If system administrators and management believe they have a cyber-security strategy, they are less likely to actively allocate and focus resources. It becomes easy to be complacent and ignore risks, hoping the status quo is sufficient and then be surprised when it is not. The next five key questions can help you assess your company’s strategy.
  • 5. 1. Does your strategy identify threat agents who will beattacking your organization over the next 3 to 5 years? A defense posture can only be evaluated in relation to threats. Without knowing the attackers, defenders remain in the dark and are forced to protect from risks both real and imagined. The first step to any realistic strategy is to know who the opposition is, both today and in the future, thereby understanding their capabilities, objectives, and likely methods. McAfees 2012 Threat Predictions report is a great document to start your analysis.
  • 6. 2. Does your strategy articulate how you willlikely be attacked by those threat agents? Understanding your IT environment, where it is less secure, and how specific threat agents will attack over time, is imperative to a strategy. Does the strategy talk about generic worms viruses, and system patching? Or does it take into account likely exploits paths….the ones which align to the common methods of pervasive threat agents?For more on Intel IT’s cyber-security strategy,read our Threat Agent Risk Assessment paper.
  • 7. 3. What impacts and losses are estimated from these attacks, given the expected defenses? Strategy is about planning. Planning security is about finding the right balance between spending for controls, versus the residual losses of an attack that are acceptable. Without knowing the likely losses, even at a generic level, it is impossible to plan forward.You can learn more about Intel IT’s new enterprise security strategy, in our Rethinking Information Security paper.
  • 8. 4. How do your security budget and efforts align to acceptable levels of loss? Impervious security, where no losses occur, either do not exist or are far too costly to employ. Some losses are inevitable and knowing the range that is acceptable to management and/or shareholders is essential. If your company is outside the range, it should trigger plans to increase or contract your security spending.Intel’s model for measuring the value of security investments paper includes prioritization against a variety of threats.
  • 9. 5. Who is responsible for the care and maintenance of your company’s security strategy? Given the rapid and unpredictable nature of security threats, vulnerabilities, and impacts, a strategy must be continually assessed and adapt accordingly. Without clear ownership, most strategies quickly become stale and worthless. Without a person entrusted and empowered to actively plan and manage the cyber-threat security strategy, your answers to questions 1 thru 4 become irrelevant. Malcolm Harkins, Intel’s Chief Information SecurityOfficer, talks about balancing business growth versus risk in this "Can Information Security Survive?" webcast.
  • 10. Don’t become discouraged if your company does not have a robust cyber-security strategy… it is the norm, not the exception. Collectively, we are still at the beginning of this endeavor and have much to learn. Rushing to claim maturity is not the prudent path. Be realistic and recognize where you company is and where it needs to be.
  • 11. Intel IT is passionate about driving businessvalue through innovation and sharing IT best practices with our industry peers. Learn more about Intel IT’s information security initiatives at: Intel.com/IT
  • 12. Legal NoticesThis presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS ORIMPLIED, IN THIS SUMMARY.Intel, Intel logo, are trademarks of Intel Corporation in the U.S. and other countries.* Other names and brands may be claimed as the property of othersCopyright © 2012 Intel Corporation. All rights reserved. Copyright © 2012, Intel Corporation. All rights reserved.