Your SlideShare is downloading. ×
Information Security Challenges forIrish OrganisationsBridging the GapJared Carstensen SSCP, CISSP, CRISC, CCSKSecurity & ...
ContextThe Irish Challenge vs InternationalRegardless of historical activities, or the financial crisis – Irish organisati...
Looking Back – Last 5 YearsWhat have we learnt?     Attacks have increased     Breaches have increased     Coverage and Ba...
Reality BitesThe Horse has Bolted    Mobile Workforce increasing    Staff Churn and Movement    iPhones / iPads / Smart de...
First Things FirstWhat About the Traditional Stuff?Based on the Deloitte Irish Information Security and Cybercrime Survey ...
The New Kids on the BlockWhat Should we be Worrying About?• Cloud Technologies & Cloud Security• Cyber Security Attacks• i...
How to Address Historical & Upcoming Threats    An ineffective security programme is the same as an    unsuccessful one! B...
Bridging The GapKeys To Success•   Know Your Security Weaknesses, Challenges and Strengths•   Engagement with the Board•  ...
THANK YOUJared Carstensen SSCP, CISSP, CRISC, CCSKSecurity & Forensicsjcarstensen@deloitte.ie086 322 8004Deloitte refers t...
Upcoming SlideShare
Loading in...5
×

Bridging the Gap - Information Security Challenges - Jared Carstensen - Irish Banking Federation Conference - June 2012

674

Published on

Recent presentation from the Irish Banking Federation (IBF) Financial Crime Conference in Dublin.

The presentation looks at the currenty information security challenges being faced by Irish and international businesses, and provides steps to reducing the gap between adequate and effective security practices.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
674
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Bridging the Gap - Information Security Challenges - Jared Carstensen - Irish Banking Federation Conference - June 2012"

  1. 1. Information Security Challenges forIrish OrganisationsBridging the GapJared Carstensen SSCP, CISSP, CRISC, CCSKSecurity & ForensicsDeloittejcarstensen@deloitte.ie
  2. 2. ContextThe Irish Challenge vs InternationalRegardless of historical activities, or the financial crisis – Irish organisations findthemselves in competition with international opposition and local challengers to stay inbusiness and keep their customers.Add to that the challenge of Compliance, Regulatory, Industry, Markets, Access to Finance,Lack of Skilled personnel etc. The challenge becomes more complex.Over the past year, we have seen an unprecedented level of Data Breaches, Hacks, andhigh profile security related incidents including Sony, RSA, Epsilon, TripAdvisor, UnitedNations etc.Now introduce the People, Processes and Technologies. “If you recorded all human communication from the dawn of time to 2003, it would take up about five billion gigabytes of storage space. Now we’re creating that much data every two days.” ~Eric Schmidt [Google]2 Information Security Challenges for Irish organisations © 2012 Deloitte & Touche
  3. 3. Looking Back – Last 5 YearsWhat have we learnt? Attacks have increased Breaches have increased Coverage and Bad Press have increased Security Staff Head Counts have mostly increased Technology has become more widely used Information Processing & Storage have increased Business expectations have increased Funding available has decreased (typically) Ability to move with innovation and technology changes Ability to make swift business decisions is limited3 Information Security Challenges for Irish organisations © 2012 Deloitte & Touche
  4. 4. Reality BitesThe Horse has Bolted Mobile Workforce increasing Staff Churn and Movement iPhones / iPads / Smart devices Security Outsourcing and “as a service” Technical Security Challenges Types and volumes of data to protect Lack of alignment with business strategy Employee Actions and activities Holistic Coverage of Threats Employee / consumer empowered choices4 Information Security Challenges for Irish organisations © 2012 Deloitte & Touche
  5. 5. First Things FirstWhat About the Traditional Stuff?Based on the Deloitte Irish Information Security and Cybercrime Survey 2012(due for release 3rd July 2012), it turns out the challenges we have been facing forthe past number of years are not being dealt with appropriately. 46% of organisations had obtained signed acceptance from users for all relevant policies and standards 44% of respondents felt that Board members had an “average” understanding of Information Security Risks 68% of respondents had stated that no action was taken following the investigation of internal or external incidents 36% of respondents said that their information security efforts were well aligned with the organisations overall risk assessment or risk management programme 50% of respondents stated employees and their activities presented the biggest challenge for information security5 Information Security Challenges for Irish organisations © 2012 Deloitte & Touche
  6. 6. The New Kids on the BlockWhat Should we be Worrying About?• Cloud Technologies & Cloud Security• Cyber Security Attacks• iPhones / iPads / Smart devices Security• Advanced Persistent Threats (Targeted)6 Information Security Challenges for Irish organisations © 2012 Deloitte & Touche
  7. 7. How to Address Historical & Upcoming Threats An ineffective security programme is the same as an unsuccessful one! Both ultimately lead to shortcomings and losses for the organisation.• Alignment and Standardisation• Understanding and Application of Context• Interpreting Technical Issues in Risk Based Business Terms• Back to Basics – Fix What is Broken First• Review and Address Contentious Areas• Trust Nobody Who Has Gone Before You• Identify Synergies and Quick Wins “Risk can be your friend if used correctly!”7 Information Security Challenges for Irish organisations © 2012 Deloitte & Touche
  8. 8. Bridging The GapKeys To Success• Know Your Security Weaknesses, Challenges and Strengths• Engagement with the Board• Find a Champion / Sponsor / Advocate• Manage & Engage with Key Providers & Third Parties• Aligning with Risk and Related Functions• Regular and On-going Assessment of Security Effectiveness• Measurable and Reportable Results• Challenge the Unknown “If it cannot be measured, it cannot be managed”8 Information Security Challenges for Irish organisations © 2012 Deloitte & Touche
  9. 9. THANK YOUJared Carstensen SSCP, CISSP, CRISC, CCSKSecurity & Forensicsjcarstensen@deloitte.ie086 322 8004Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of memberfirms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ie/about for a detailed description of the legalstructure of Deloitte Touche Tohmatsu Limited and its member firms.Deloitte’s 1,200 people in Dublin, Cork and Limerick provide audit, tax, consulting, and corporate finance to public and private clientsspanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-classcapabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges.Deloitte’s approximately 182,000 professionals are committed to becoming the standard of excellence.This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services Limited, DeloitteGlobal Services Holdings Limited, the Deloitte Touche Tohmatsu Verein, any of their member firms, or any of the foregoing’s affiliates(collectively the “Deloitte Network”) are, by means of this publication, rendering accounting, business, financial, investment, legal, tax, orother professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as abasis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that mayaffect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall beresponsible for any loss whatsoever sustained by any person who relies on this publication.© 2012 Deloitte & Touche. All rights reserved

×