(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
Securing ever growing and complex business systems v1 1
1. Securing Ever Growing and Complex
Business Systems, For Tomorrow
18th August 2016
Maganathin Marcus Veeraragaloo
2. Security Domains
Digital Security
Cyber Security
Information Security
IT Security
Physical Security
IoT Security
OT Security
Smart Grid
Security
Network Perimeter
Disappearing
3. Impact on Security Disciplines
Infrastructure
Security
Network
Security
IAM Security
Application
Security
Data and
Information
Security
SOC Security
Cloud
Security
Endpoint
Security
Mobile
Security
Threat
Intelligence
Threat and
Vulnerability
Management
Public Key
Infrastructure
Cyber
Security
Digital Security
Digital Security
DigitalSecurity
DigitalSecurity
4. Impact of South African Legislation
1. Electronic Communications
and Transactions Act 2002
2. Regulation of Interception of
Communications and
Provision of
Communication-Related
Information Act 2002
3. Protection of Personal
Information Act 4 2013
4. National Cybersecurity
Policy Framework 2012
5. Cybercrimes and
Cybersecurity Bill
6. Protection of Critical
Infrastructure Bill
7. General Intelligence Laws
Amendment Bill
8. Interception and Monitoring
Bill
9. Copyrights Act 98 of 1978
10. Intelligence Services
Oversight Act 40 of 1994
11. Promotion of Access to
Information Act 2 of 2000
12. Protection of Information
Act 84 of 1982
5. Varying Standards and Guides
1. ISO/IEC 27001:2013 - Information security management
2. ISO/IEC 27002:2013 - Information technology -- Security techniques -- Code of
practice for information security controls
3. NISTIR 7628 Guidelines for Smart Grid Cyber Security
4. IEEE 1588 Annex K describes a security mechanism for clock synchronization
5. ISO 27019:2013 - Information Security for the Energy Utility Industry
6. ISO/IEC 27018:2014 - Code of practice for protection of personally identifiable
information (PII) in public clouds acting as PII processors
7. 240-55410927 – Cyber Security Standard for Operational Technology
8. NERC CIP V 5
9. The Critical Security Controls for Effective Cyber Defence (SANS)
10. NIST Cyber Security Framework
11. NERC CIP / IEC 62443
6. Cyber Security CIACR
Confidentiality
Cyber Resilience
AvailabilityIntegrity
Cyber Resilience
Cyber Resilience is to maintain the entity´s ability
to deliver the intended outcome continuously at
all times. This means even when regular delivery
mechanisms have failed, such as during a crisis
and after a security breach. The concept also
includes the ability to restore regular delivery
mechanisms after such events as well as the
ability to continuously change or modify these
delivery mechanisms if needed in the face of new
risks.
Availability
Information systems and the
content they contain should be
available for appropriate use.
The failure of an important
system, or even a data center,
should not cause long-term
outage. Redundancy in storage,
processing, and network paths
can be used in conjunction with
business continuity and disaster
recovery (DR) procedures to
maintain appropriate availability
levels.
Confidentiality
Prevent intentional or unintentional
unauthorized or inappropriate disclosure of
information.
Integrity
Security technologies and
processes should prevent
unauthorized or inappropriate
modification of information and
processes, and ensure that
information or IT systems—such
as structured databases,
operating system software, or
websites that have many critical
and inter-related objects—
maintain internal consistency
and correctness. Where
possible, information should be
kept externally consistent with
the real-world situations it
represents.
The Network Perimeter is slowly but, surely evaporating as per the old school of lock down.
This is due to innovative services within the IoT and Cloud Services
Cyber Security has evolved into Digital Security – where Digital Security encompasses all security domains
With Digital Security being the evolution of Cyber Security – this will have impact on all Security Disciplines.
Only a few main ones have been outlined within this slide – each of these disciplines need further investigation with the impact and advent of Digital Security
A few of the South African Legislative Acts and a few Bills have been outlined – as this has direct impact within the Cyber Security space.
Even though some of these Act have not been promulgated like the PoPI – that has direct impact of Cloud Hosting and where your customer Private Data will be hosted – how safe is your customer data, employee data when hosted outside of the country? Is it safer hosting within South Africa?
Due to the IoT, Digital Sensors and the blurring of Networks – which Standards and Guides will be the optimal to be used within your industry.
With the Standards and Protocols alone for IoT we have a multiple options – REST, SOAP, IPv6, 6LowPAN, UDP, uIP, DTLS, MQTT, CoAP, AMQP
The challenges from a Security perspective is to ensure that Confidentiality, Integrity, Availability and Cyber Resilience is in place for every organisation – resilience is to ensure that every organisation can bounce back from any attack – as we only have two type of organisations in the world – 1. the ones that have been hacked 2. the ones that are currently being hacked
The best approach to address Securing Ever Growing and Complex Business Systems – is to start with the Enterprise Security Architecture. You can only start managing the dynamic innovative and growth of business is to design it correctly – where the Enterprise Architecture is aligned to the Corporate Strategies – as indicated in the crop circle it is the overview of SABSA onto the TOGAF Framework - this can be replaced by what each organisation is currently using within their EA space – question is what is done about the Enterprise Security Architecture?
Just a high level view of the SABSA Meta Model – where we will unpack the different levels of Enterprise Security Architecture – so the recommendation is that each organisation needs to focus on some framework / model to assist with Security being build in when designing for the organisation. This will assist irrespective in which security domain your organisation is focussing on.
From the Meta Model – we can see how ESA can assist the organisation to address multiple areas ensuring “Secure by Design” approach.
ESA is there to assist what is currently available and additionally assist with innovative ideas that are not in place as yet.
Secure by Design must ensure there is a paradigm shift that security is part of all initial design and not an add-on as we are dealing with real time challenges and this becomes a huge challenge vs. closing holes after the fact
As indicated the ESA can assist in defining the different level of controls at the different levels ensuring these are catered before it is released to the general public or employees
SABSA additionally is a Risk Based Enterprise Security Architecture Approach – ensuring that all risks can be identified at the architectural level vs. the development level. We know that business is moving at the speed of digital speed and the architecture needs to some how align to this approach.
So in summary the objective is to ensure “Secure by Design” is the flavour of the day – irrespective which industry you are in – in simple terms without proper architecture town planning can end up being an informal settlement or Favela's without any order