• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
"Cyber" security - all good, no need to worry?
 

"Cyber" security - all good, no need to worry?

on

  • 1,961 views

 

Statistics

Views

Total Views
1,961
Views on SlideShare
1,961
Embed Views
0

Actions

Likes
0
Downloads
12
Comments
2

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

12 of 2 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    "Cyber" security - all good, no need to worry? "Cyber" security - all good, no need to worry? Presentation Transcript

    • "Cyber" security - all good, no need to worry? Ian Amit Director of Services, IOActive
    • ¡Hola
    • Source: datalossdb.org
    • Incidents by Business Type - All Time Biz Gov Med Source: datalossdb.org Edu
    • Incidents by Business Type - All Time 52% Biz Gov Med Source: datalossdb.org Edu
    • Incidents by Business Type - All Time 52% 18% Biz Gov Med Source: datalossdb.org Edu
    • Incidents by Business Type - All Time 16% 52% 18% Biz Gov Med Source: datalossdb.org Edu
    • Incidents by Business Type - All Time 14% 16% 52% 18% Biz Gov Med Source: datalossdb.org Edu
    • Source: datalossdb.org
    • Incidents by Vector - All Time Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
    • Incidents by Vector - All Time 57% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
    • Incidents by Vector - All Time 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
    • Incidents by Vector - All Time 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
    • Incidents by Vector - All Time 7% 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
    • Incidents by Vector - All Time 7% 6% 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
    • DataLossDB.org Incidents Over Time 1800 1621 1350 1091 1048 900 829 775 728 695 644 450 157 43 0 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
    • Problem ✓
    • Problem ✓ Solution?
    • What would CISO do?
    • What would CISO do?
    • WTF?
    • RISK MANAGEMENT
    • We need to get back to BASICS
    • insert crowd pic here
    • Prioritize ! Based on risk, impact, potential cost, and cost of remediation
    • Summary 1. Stop throwing money on products 2. Identify assets, processes, technology, threats. 3. Assess your current posture. Identify gaps. 4. Address gaps based on priority and relevance. Consider cost (of impact, of fixing). 5. Test effectiveness. 6. Back to 2.
    • REMEMBER! • You are not fighting off pentesters. 
 You are fighting off actual adversaries. • You are not fighting off auditors. 
 You keep your organization working. • You are not fighting off regulators. 
 You are trying to keep yourself out of jail.
    • Thank You! ¡gracias Ian Amit Director of Services, IOActive ian.amit@ioactive.com Twitter: @iiamit