• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security trends for Russian CISO in 2012-2013
 

Security trends for Russian CISO in 2012-2013

on

  • 10,266 views

 

Statistics

Views

Total Views
10,266
Views on SlideShare
1,502
Embed Views
8,764

Actions

Likes
4
Downloads
0
Comments
1

22 Embeds 8,764

http://lukatsky.blogspot.com 7451
http://lukatsky.blogspot.ru 688
http://www.securitylab.ru 335
http://feeds.feedburner.com 90
http://911-center.blogspot.com 72
http://www.lukatsky.blogspot.com 25
http://sitebuilder.atservers.net 22
http://www.lukatsky.blogspot.ru 15
http://lukatsky.blogspot.co.uk 14
http://912.by 11
http://lukatsky.blogspot.de 10
http://subscribe.ru 9
http://lukatsky.blogspot.no 4
http://lukatsky.blogspot.se 3
http://dlp-expert.ru 3
http://hghltd.yandex.net 3
http://lukatsky.blogspot.nl 2
http://lukatsky.blogspot.fr 2
http://lukatsky.blogspot.cz 2
http://lukatsky.blogspot.co.nz 1
http://translate.googleusercontent.com 1
http://www.blogger.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • very cool
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Criminals are using their business acumen ("Cybercrime MBA") to maximize innovation and profits across a portfolio of criminal techniques and business modelsWe lack the framework to analyze criminal businesses at a macro levelThe CROI Matrix plots techniques and business models that make up the cybercrime product life cycle according to their growth and revenue potentialModeled on the Boston Consulting Group Growth-Share Matrix-- highlight how things are moving – phishing 1.0 (inoculation) into Zeus and money mules (due to better payment security), IM > Social networking, web exploits – major, developing technique, cash cows = less change…clockwise movementif they made into it rising star status…- DDoS got a lot of ink. Not part of the investment, a side benefit,
  • Criminals are using their business acumen ("Cybercrime MBA") to maximize innovation and profits across a portfolio of criminal techniques and business modelsWe lack the framework to analyze criminal businesses at a macro levelThe CROI Matrix plots techniques and business models that make up the cybercrime product life cycle according to their growth and revenue potentialModeled on the Boston Consulting Group Growth-Share Matrix-- highlight how things are moving – phishing 1.0 (inoculation) into Zeus and money mules (due to better payment security), IM > Social networking, web exploits – major, developing technique, cash cows = less change…clockwise movementif they made into it rising star status…- DDoS got a lot of ink. Not part of the investment, a side benefit,
  • Criminals are using their business acumen ("Cybercrime MBA") to maximize innovation and profits across a portfolio of criminal techniques and business modelsWe lack the framework to analyze criminal businesses at a macro levelThe CROI Matrix plots techniques and business models that make up the cybercrime product life cycle according to their growth and revenue potentialModeled on the Boston Consulting Group Growth-Share Matrix-- highlight how things are moving – phishing 1.0 (inoculation) into Zeus and money mules (due to better payment security), IM > Social networking, web exploits – major, developing technique, cash cows = less change…clockwise movementif they made into it rising star status…- DDoS got a lot of ink. Not part of the investment, a side benefit,
  • And the primary collaborative tools in this same era have been primarily text or document-centric, with tools like email, IM and portals or workspaces as the primary tools. And these tools are best suited for 1 to 1 or 1 to few interactions.Transition: But increasingly, we see businesses adopting a much broader tool set – one that encompasses many people in the collaborative process, and incorporates video and voice capabilities.And these tools are changing the way we work within and between companies, partners, suppliers – even customers. Blogs, wikis and forums to allow for large numbers of people to submit and gain expertise in a text or document centric wayAnd increasingly, especially as budgets for travel are reduced, a new focus on video and voice as part of the collaborative solution.Solutions such as telepresence which enable that lifelike video experience for one to few or few-to-few interactions. A better experience, in fact, if the meeting would not have happened at all due to travel constraints.And broad-based video experiences through solutions such as video on demand or webinars. Increasingly used by business leaders and executives to help align their organizations and teams around strategic initiatives or key business objectives. Because video conveys the emphasis, and emotion, that documents and text just can’t.Transition: So what can collaboration do to improve the bottom line? Let’s look at some key business processes and see how collaboration is making an impact today.
  • And the primary collaborative tools in this same era have been primarily text or document-centric, with tools like email, IM and portals or workspaces as the primary tools. And these tools are best suited for 1 to 1 or 1 to few interactions.Transition: But increasingly, we see businesses adopting a much broader tool set – one that encompasses many people in the collaborative process, and incorporates video and voice capabilities.And these tools are changing the way we work within and between companies, partners, suppliers – even customers. Blogs, wikis and forums to allow for large numbers of people to submit and gain expertise in a text or document centric wayAnd increasingly, especially as budgets for travel are reduced, a new focus on video and voice as part of the collaborative solution.Solutions such as telepresence which enable that lifelike video experience for one to few or few-to-few interactions. A better experience, in fact, if the meeting would not have happened at all due to travel constraints.And broad-based video experiences through solutions such as video on demand or webinars. Increasingly used by business leaders and executives to help align their organizations and teams around strategic initiatives or key business objectives. Because video conveys the emphasis, and emotion, that documents and text just can’t.Transition: So what can collaboration do to improve the bottom line? Let’s look at some key business processes and see how collaboration is making an impact today.
  • And the primary collaborative tools in this same era have been primarily text or document-centric, with tools like email, IM and portals or workspaces as the primary tools. And these tools are best suited for 1 to 1 or 1 to few interactions.Transition: But increasingly, we see businesses adopting a much broader tool set – one that encompasses many people in the collaborative process, and incorporates video and voice capabilities.And these tools are changing the way we work within and between companies, partners, suppliers – even customers. Blogs, wikis and forums to allow for large numbers of people to submit and gain expertise in a text or document centric wayAnd increasingly, especially as budgets for travel are reduced, a new focus on video and voice as part of the collaborative solution.Solutions such as telepresence which enable that lifelike video experience for one to few or few-to-few interactions. A better experience, in fact, if the meeting would not have happened at all due to travel constraints.And broad-based video experiences through solutions such as video on demand or webinars. Increasingly used by business leaders and executives to help align their organizations and teams around strategic initiatives or key business objectives. Because video conveys the emphasis, and emotion, that documents and text just can’t.Transition: So what can collaboration do to improve the bottom line? Let’s look at some key business processes and see how collaboration is making an impact today.
  • And the primary collaborative tools in this same era have been primarily text or document-centric, with tools like email, IM and portals or workspaces as the primary tools. And these tools are best suited for 1 to 1 or 1 to few interactions.Transition: But increasingly, we see businesses adopting a much broader tool set – one that encompasses many people in the collaborative process, and incorporates video and voice capabilities.And these tools are changing the way we work within and between companies, partners, suppliers – even customers. Blogs, wikis and forums to allow for large numbers of people to submit and gain expertise in a text or document centric wayAnd increasingly, especially as budgets for travel are reduced, a new focus on video and voice as part of the collaborative solution.Solutions such as telepresence which enable that lifelike video experience for one to few or few-to-few interactions. A better experience, in fact, if the meeting would not have happened at all due to travel constraints.And broad-based video experiences through solutions such as video on demand or webinars. Increasingly used by business leaders and executives to help align their organizations and teams around strategic initiatives or key business objectives. Because video conveys the emphasis, and emotion, that documents and text just can’t.Transition: So what can collaboration do to improve the bottom line? Let’s look at some key business processes and see how collaboration is making an impact today.

Security trends for Russian CISO in 2012-2013 Security trends for Russian CISO in 2012-2013 Presentation Transcript

  • На что обратитьвнимание CISO в 2012-2013-м годах? Прогнозыи тенденцииАлексей Лукацкий, бизнес-консультант по безопасности© Cisco, 2010. Все права защищены. 1/22
  • Взгляд политика Взгляд менеджера Взгляд юриста Взгляд технолога© Cisco, 2010. Все права защищены. 2/22
  • © Cisco, 2010. Все права защищены. 3
  • © Cisco, 2010. Все права защищены. 4/22
  • Кибер- Кибер- Хактивисты Писатели Старая Фрикеры Самураи Script Warez террористы воины malware школа kiddies D00dz Сложность + + + + + Эго + + + + Шпионаж + + Идеология + + + + + Шалость + + + Деньги + + + + + Месть + + + + Источник: Furnell, S. M • Anonymous, Lulzsec и «Арабские весны» • «Лунный лабиринт», «Титановый дождь», «Аврора», GhostNet, «Сад», Stuxnet, Duqu, выдворение Huawei из многих ИТ-проектов© Cisco, 2010. Все права защищены. 5/22
  • • Интерес злоумышленников к критическим инфраструктурам и требования регуляторов требует нового взгляда на защиту АСУ ТП• Stuxnet, Duqu – это только начало• Требуются специализированные подходы и средства защиты АСУ ТП© Cisco, 2010. Все права защищены. 6/22
  • • Выборы Президента, Олимпийские игры в Лондоне и Сочи, календарь майя, апокалиптические предсказания в качестве приманки у хакеров• Геолокационные данные будут в прицеле хакеров• Рост угроз против малого бизнеса как против простой мишени• Рост угроз для социальных сетей и облаков (+виртуализация)• Android – угроза №1• Рост атак на MacOS Как и на любые технологии, набирающие популярность и захватывающие нишу более 12% рынка• Злоумышленники обратят внимание на IPv6, процессоры ARM, а также на внедрение закладок на аппаратном уровне© Cisco, 2010. Все права защищены. 7/22
  • © Cisco, 2010. Все права защищены. 8
  • Технологии Облака коллективной Инфраструктура работы Корпоративные Виртуализация Web 2.0 приложения Мобильные Передача речи и технологии данных Администрирование Бизнес-аналитика ИТ Источник: Gartner© Cisco, 2010. Все права защищены. 9/22
  • © Cisco, 2010. Все права защищены. 10
  • Аутсорсинг ИБ ИБ контрагентов Повышение осведомленности… Управление доступом (IAM) Связь с целями бизнеса Снижение затрат и рост… Безопасность приложений 2011 Управление рисками 2010 Непрерывность бизнеса Соответствие Threat management Защита данных 0 20 40 60 80 100 Источник: Forrester. Аудитория – компании Европы и США с численностью свыше 1000 человек© Cisco, 2010. Все права защищены. 11/22
  • Антифрод Физическая безопасность ИБ контрагентов Соответствие и ПДн Непрерывность бизнеса Безопасность приложений 2011 2010 Управление рисками и… 2009 Управление доступом (IAM) Защита инфраструктуры (ПК и… Защита данных Управление уязвимостями и… 0 20 40 60 80 100 Источник: Forrester. Аудитория – компании Европы и США с численностью свыше 1000 человек© Cisco, 2010. Все права защищены. 12/22
  • 25 20 15 10 5 2010 0 2011 Источник: Forrester. Аудитория – компании Европы и США с численностью свыше 1000 человек© Cisco, 2010. Все права защищены. 13/22
  • Аутсорсинг, SaaS, MSS Консультанты и интеграторы Персонал 2011->2012 Поддержка существующих технологий и продуктов 2010->2011 Новые продукты и технологии Обновление существующих технологий и продуктов ИБ 0 10 20 30 40 50 60 Источник: Forrester. Аудитория – компании Европы и США с численностью свыше 1000 человек© Cisco, 2010. Все права защищены. 14/22
  • © Cisco, 2010. Все права защищены. 15
  • Газпром- ФСТЭК РЖД серт ФСО ФСБ PCI ЦБ ИБ Council Минком- СВР связь Рос- РКН МО стандарт© Cisco, 2010. Все права защищены. 16/22
  • • Новый ФЗ «О персональных данных» • Финансовая отрасль PCI DSS 2.0 СТО БР ИББС-1.0 v4 Письма КЦ АРБ • ФЗ «О национальной платежной системе» • ФЗ «Об электронной подписи» • ФЗ «О госуслугах» и СМЭВ • ФЗ по безопасности ТЭК • НПА по УЭК • Новый ФЗ о лицензировании • Защита детей от информации© Cisco, 2010. Все права защищены. 17/22
  • • Персональные данные Новые Постановления Правительства Новые документы ФСТЭК и ФСБ Пакет рекомендаций РКН • Финансовая отрасль СТО БР ИББС-1.0 v5 • Требования по ИБ для национальной платежной системы ПП уже есть и документы Банка России • Требования по УЦ и ЭП Частично уже есть • Новые постановления о лицензировании По ФСТЭК уже есть, по ФСБ будет • Социальные сети и контроль Интернет • Изменения в КоАП и УК РФ© Cisco, 2010. Все права защищены. 18/22
  • © Cisco, 2010. Все права защищены. 19
  • Закручивание Останется Либерализация гаек все, как есть • Вероятность - • Вероятность - • Вероятность - 20% (на 45% (на 30% (на данный данный данный момент) момент) момент) • Вероятность • Вероятность через 2 года - через 2 года - 25% и 10% 20% и 65% Экспертная оценка специалистов Cisco© Cisco, 2010. Все права защищены. 20/22
  • • Рассматривать ИБ без привязки к российским реалиям нельзя • Угрозы у нас будут те же, что и во всем мире Технологические тенденции запаздывают года на 2-3 • Регуляторы не откажутся от регулирования отрасли ИБ и только усилят свое влияние • Потребители вынуждены будут увеличивать бюджеты на ИБ или будут более активно принимать риски несоблюдения законодательства Безопасность все больше будет становиться бумажной, а не реальной • Не все западные игроки рынка ИБ выживут в условиях изменившихся правил игры Или будут нарушать законодательство© Cisco, 2010. Все права защищены. 21/22
  • Praemonitus praemunitus!Спасибоза внимание! security-request@cisco.com