SlideShare a Scribd company logo

Security-Invest Where it Matters Most

Download as PPTX, PDF
InnoTech
InnoTech

Presented at InnoTech Austin 2013. All rights reserved.

TechnologyBusiness
1 of 22
Security – Invest Where it Matters Most WWT SECURITY PRACTICE Mario Balakgie Copyright © 2013 World Wide Technology, Inc. All rights reserved. Principal Security Consultant 16 October 2013
It takes twenty years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently – Warren Buffett
of a Hyper-Connected World THREATS • • • • • Unsecured peer-to-peer access Mobile Threats - malware and SMS fraud Advanced Persistent Threats (APTs) Non-malicious breaches Denial of Service (DoS) EVOLUTION OF CONNECTIVITY • • • • • Local and wide area networks Various flavors of Wi-Fi Intelligent devices Internet of things Cloud technologies
Measuring Up to the Challenge: The Path from Tactics to Strategy. History of Threat Evolution … and Threat Defense Viruses and worms Malware and phishing attacks Cyber attack missions utilizing Advanced Persistent Threats (APT) have redefined the rules of engagement 1990 2000 NOW
Tactical Approach Creates Unbalanced Response Posture UNNECESSARY WEAKNESSES IN KEY AREAS OF VULNERABILITY • Key Assumption: Complete protection against all threats and vulnerabilities is beyond the tactical capabilities of most enterprise IT security programs. …Trying to do so generates a tactics-based response stance…
Strategic Approach Creates Targeted Response Posture STRENGTH IN AREAS OF CONCERN AND VULNERABILITY • The future of IT security requires an approach that assumes those who want to get in will get in. …With this in mind, your organization must embrace principles that guide a strategy – where do you invest?
Cyber Security – A Strategic Imperative • Businesses Depend on Technology • Highly complex • A Boardroom level concern • Innovation • A constant factor with major effects • Challenges security management • Cyber Threats • • • • It is the State-of-Affairs Necessitates C-Suite decision-making and risk management Requires new thinking for protection Speed of action and ability to adapt is critical
DIFFERENT ORGANIZATIONS • DIFFERENT VULNERABILITIES
Cyber Readiness • • • Threat defense maturity model and gap analysis Alignment with business priorities Remediation recommendations as part of a risk-based security model
BENEFIT: Your Defense Represents on Ongoing Alignment with Your Vulnerabilities
How does an organization approach the security challenge and meet the never ending demand? Determine Your Readiness Commit to a Plan Invest for Impact
Determining Security Capability • “Capability” determination is the degree to which; • Institutionalized – a process has been ingrained in the way work is defined, executed, and managed • Repeatable – a commitment and consistency to performing the security process • Expectation – you know what to expect in terms of organizational reaction and ability with high level of confidence • Value of knowing and managing readiness level is to answer important questions on; • Can we effectively manage our security posture? • How do we maintain levels of protection and ultimately our success? • Are we adaptive to changing risk environments?
Cyber Security Maturity Model Systematically Build and Improve Enterprise Cyber Security Capabilities Optimizing Quantitative Quantitative / Qualitative Intuitive Ad Hoc/ Chaotic Dependent on heroics; institutional capabilities lacking, not of the organization Initial Level 1 Process established and repeating; reliance on people is reduced Repeatable Level 2 Policies, processes and standards defined and formalized across the organization Defined Level 3 Risks measured and managed quantitatively and aggregated on an enterprise-wide basis Managed Level 4 Organization focused on continuous improvement of security risk management Optimized Level 5
Example: Security Domains Domains can be selected based the organizational needs, business drivers, or identified as challenges Cyber Security Policy 2. Organization of Cyber Security 3. Governance, Risk, and Compliance 4. Asset and Information Management 5. Operations Security 6. Access Control 7. Mobile Technology 8. Breach Response 9. Business Continuity 10. Others as needed 1.
Example: Summary of Organization Score Security Domains Maturity Rating 1 Cyber Security Policy Organization of Cyber Security Governance, Risk, and Compliance Asset and Information… Operations Security Access Control Mobile Technology Breach Response Business Continuity Overall Current Level 2 3 2 Goal Level 4 5 4.4
Example: Operations Security 1 Documented Procedures 3rd Party Management System Plan & Acceptance Malicious Code Protection Backup Process Network Security Media Handling Monitoring Overall • • • Key Observations Network security function is fragmented between operations Monitoring is mostly manual System development not separated 2 3 4 5 Current Level Goal Level 2 5 Actions to Reach Maturity Level 5 1) Restructure monitoring roles and responsibilities 2) Identify security technology to automate log and audits reviews
Example: Access Control 1 Access Need Controls User Access Mgt User Responsibilities Network Access Operating System Access Application Access Overall • • Key Observations Access procedures do not address urgent scenarios of termination Privilege access wide and prevalent and lacks management 2 3 4 5 Current Level Goal Level 2.3 4.3 Actions to Reach Maturity Level 4 1) Review policy and implement strong well defined procedures 2) Control privilege access and establish decision authority
Example: Roadmap for Readiness Improvements Re-Evaluate Cyber Readiness and Maturity Implement Medium Priority Capabilities Security Capability Monitor and Evaluate Assess Compliance and Certify Formalize Plan for Readiness Improvements Implement High Priority Capabilities 3 Months Review Security Architecture 6 Months 12+ Months
Summary Make investments that matter the most! • • • Cyber Security is a Must for all businesses – it’s a question of readiness Program effectiveness for enterprise-wide requires a process with structure and formal decision-making Understand where you are today and where you want to go
Questions? Thank you
Security-Invest Where it Matters Most

Recommended

Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MISAaDi Malik
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 

Recommended

Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MISAaDi Malik
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkService Desk Institute
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
ISTR XV
ISTR XVISTR XV
ISTR XVSymantec
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2Kabul Education University
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 

More Related Content

What's hot

Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash
 

What's hot (20)

Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig Clark
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
ISTR XV
ISTR XVISTR XV
ISTR XV
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurity
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring Security
 

Similar to Security-Invest Where it Matters Most

Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security ManagementMITSDEDistance
 
Securing Solutions Amid The Journey To Digital Transformation.pdf
Securing Solutions Amid The Journey To Digital Transformation.pdfSecuring Solutions Amid The Journey To Digital Transformation.pdf
Securing Solutions Amid The Journey To Digital Transformation.pdfCiente
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assetscyberprosocial
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Servicestsaiblake
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
The 2019 Security Strategy
The 2019 Security StrategyThe 2019 Security Strategy
The 2019 Security StrategyCloudflare
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 

Similar to Security-Invest Where it Matters Most (20)

Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security Management
 
Securing Solutions Amid The Journey To Digital Transformation.pdf
Securing Solutions Amid The Journey To Digital Transformation.pdfSecuring Solutions Amid The Journey To Digital Transformation.pdf
Securing Solutions Amid The Journey To Digital Transformation.pdf
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
 
The 2019 Security Strategy
The 2019 Security StrategyThe 2019 Security Strategy
The 2019 Security Strategy
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 

More from InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

More from InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Security-Invest Where it Matters Most

  • 1. Security – Invest Where it Matters Most WWT SECURITY PRACTICE Mario Balakgie Copyright © 2013 World Wide Technology, Inc. All rights reserved. Principal Security Consultant 16 October 2013
  • 2. It takes twenty years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently – Warren Buffett
  • 3. of a Hyper-Connected World THREATS • • • • • Unsecured peer-to-peer access Mobile Threats - malware and SMS fraud Advanced Persistent Threats (APTs) Non-malicious breaches Denial of Service (DoS) EVOLUTION OF CONNECTIVITY • • • • • Local and wide area networks Various flavors of Wi-Fi Intelligent devices Internet of things Cloud technologies
  • 4. Measuring Up to the Challenge: The Path from Tactics to Strategy. History of Threat Evolution … and Threat Defense Viruses and worms Malware and phishing attacks Cyber attack missions utilizing Advanced Persistent Threats (APT) have redefined the rules of engagement 1990 2000 NOW
  • 5. Tactical Approach Creates Unbalanced Response Posture UNNECESSARY WEAKNESSES IN KEY AREAS OF VULNERABILITY • Key Assumption: Complete protection against all threats and vulnerabilities is beyond the tactical capabilities of most enterprise IT security programs. …Trying to do so generates a tactics-based response stance…
  • 6. Strategic Approach Creates Targeted Response Posture STRENGTH IN AREAS OF CONCERN AND VULNERABILITY • The future of IT security requires an approach that assumes those who want to get in will get in. …With this in mind, your organization must embrace principles that guide a strategy – where do you invest?
  • 7. Cyber Security – A Strategic Imperative • Businesses Depend on Technology • Highly complex • A Boardroom level concern • Innovation • A constant factor with major effects • Challenges security management • Cyber Threats • • • • It is the State-of-Affairs Necessitates C-Suite decision-making and risk management Requires new thinking for protection Speed of action and ability to adapt is critical
  • 8. DIFFERENT ORGANIZATIONS • DIFFERENT VULNERABILITIES
  • 9.
  • 10. Cyber Readiness • • • Threat defense maturity model and gap analysis Alignment with business priorities Remediation recommendations as part of a risk-based security model
  • 11. BENEFIT: Your Defense Represents on Ongoing Alignment with Your Vulnerabilities
  • 12. How does an organization approach the security challenge and meet the never ending demand? Determine Your Readiness Commit to a Plan Invest for Impact
  • 13. Determining Security Capability • “Capability” determination is the degree to which; • Institutionalized – a process has been ingrained in the way work is defined, executed, and managed • Repeatable – a commitment and consistency to performing the security process • Expectation – you know what to expect in terms of organizational reaction and ability with high level of confidence • Value of knowing and managing readiness level is to answer important questions on; • Can we effectively manage our security posture? • How do we maintain levels of protection and ultimately our success? • Are we adaptive to changing risk environments?
  • 14. Cyber Security Maturity Model Systematically Build and Improve Enterprise Cyber Security Capabilities Optimizing Quantitative Quantitative / Qualitative Intuitive Ad Hoc/ Chaotic Dependent on heroics; institutional capabilities lacking, not of the organization Initial Level 1 Process established and repeating; reliance on people is reduced Repeatable Level 2 Policies, processes and standards defined and formalized across the organization Defined Level 3 Risks measured and managed quantitatively and aggregated on an enterprise-wide basis Managed Level 4 Organization focused on continuous improvement of security risk management Optimized Level 5
  • 15. Example: Security Domains Domains can be selected based the organizational needs, business drivers, or identified as challenges Cyber Security Policy 2. Organization of Cyber Security 3. Governance, Risk, and Compliance 4. Asset and Information Management 5. Operations Security 6. Access Control 7. Mobile Technology 8. Breach Response 9. Business Continuity 10. Others as needed 1.
  • 16. Example: Summary of Organization Score Security Domains Maturity Rating 1 Cyber Security Policy Organization of Cyber Security Governance, Risk, and Compliance Asset and Information… Operations Security Access Control Mobile Technology Breach Response Business Continuity Overall Current Level 2 3 2 Goal Level 4 5 4.4
  • 17. Example: Operations Security 1 Documented Procedures 3rd Party Management System Plan & Acceptance Malicious Code Protection Backup Process Network Security Media Handling Monitoring Overall • • • Key Observations Network security function is fragmented between operations Monitoring is mostly manual System development not separated 2 3 4 5 Current Level Goal Level 2 5 Actions to Reach Maturity Level 5 1) Restructure monitoring roles and responsibilities 2) Identify security technology to automate log and audits reviews
  • 18. Example: Access Control 1 Access Need Controls User Access Mgt User Responsibilities Network Access Operating System Access Application Access Overall • • Key Observations Access procedures do not address urgent scenarios of termination Privilege access wide and prevalent and lacks management 2 3 4 5 Current Level Goal Level 2.3 4.3 Actions to Reach Maturity Level 4 1) Review policy and implement strong well defined procedures 2) Control privilege access and establish decision authority
  • 19. Example: Roadmap for Readiness Improvements Re-Evaluate Cyber Readiness and Maturity Implement Medium Priority Capabilities Security Capability Monitor and Evaluate Assess Compliance and Certify Formalize Plan for Readiness Improvements Implement High Priority Capabilities 3 Months Review Security Architecture 6 Months 12+ Months
  • 20. Summary Make investments that matter the most! • • • Cyber Security is a Must for all businesses – it’s a question of readiness Program effectiveness for enterprise-wide requires a process with structure and formal decision-making Understand where you are today and where you want to go

Editor's Notes

  1. Tim: You can freestyle regarding how organizations responded to these threats
  2. Tim: Trying to figure out who would want to attack a particular organization and why. Developing a strategic stance begins with the answers to those questions.Until you have a sound understanding of why you’ll never be able to defend yourself effectively against targeted attacks. Targeted attacks are different from accidental hacks. A threat actor diligently seeks out a target to exploit for personal or financial gain as opposed to a hacker getting lucky at airport where he/she infects a random user with malware by spoofing a WiFi service.Are they interested in you because you have access to another organization that is a high value target or are you the high value target. What are they really interested in? Money, Intellectual Property, Trade secrets, access to other higher value targets, politically information, crippling a countries defenses in cyber warfare