Your SlideShare is downloading. ×
Valuendo cyberwar and security (jan 2012) handout
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Valuendo cyberwar and security (jan 2012) handout

383
views

Published on

A small presentation on cyberwar and how to approach it in a managed way

A small presentation on cyberwar and how to approach it in a managed way

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
383
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How vulnerable are you to cyber attack?
  • 2. Cybersecurity threats• Cyber-criminals• Malware• Phishers• Spammers• Negligent staff• Hackers• Unethical employees misusing/misconfiguring security functions• Unauthorized access, modification, disclosure of information• Nations attacking critical information infrastructures• Technical advances that can render encryption algorithms obsolete
  • 3. Lessons learned so far Cyberattacks are DIFFICULT to execute.
  • 4. Lessons learned so far Governments do have the resources/skills to conduct cyberattacks.
  • 5. Cyberwarfare is"the fifth domain ofwarfare“
  • 6. “Cyberspace is a new domain in warfare which hasbecome just as critical to military operations asland, sea, air and space.”
  • 7. “Actions to penetrate computers or networks for thepurposes of causing damage or disruption.”
  • 8. Information warfare is“using & managing IT inthe pursuit of acompetitive advantageover an opponent“
  • 9. Lessons learned so far Cyberattacks are a real, clear and present danger to organisations & government agencies.
  • 10. “It’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries.I have never heard that the grid itself has been hacked.” Howardt Schmidt, Cyber-Security Coordinator of the US
  • 11. Lessons learned so far Targeted organizations are unprepared.
  • 12. Lessons learned so far Security professionals are at risk.
  • 13. Risk always exists! (whether or not it isdetected / recognisedby the organisation).
  • 14. Impact of an attack on the business
  • 15. Cyberattack mitigating strategiesCorporate governance : ERM = COSO Support from Board of Directors & Executive Management
  • 16. Cyberattack mitigating strategies Managing risks appropriately
  • 17. Cyberattack mitigating strategies Policies & Standards
  • 18. Cyberattack mitigating strategies Project Management
  • 19. Cyberattack mitigating strategies Supply Chain Management
  • 20. Cyberattack mitigating strategies EDUCATION!
  • 21. Cyberattack mitigating strategiesProviding proper funding
  • 22. Cyberattack mitigating strategiesProviding proper resources
  • 23. Cyberattack mitigating strategies Measuring performance
  • 24. Cyberattack mitigating strategies Review / Audit
  • 25. Cyberattack mitigating strategies Incident/Crisis Management
  • 26. Governance Objectives Business Objectives PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness PO4 Define the IT processes, organisation and • Efficiency relationships • Confidentiality • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risksME1 Monitor & evaluate IT performance PO10 Manage projectsME2 Monitor & evaluate internal control IT RESOURCESME3 Ensure compliance with external • Applicationsrequirements • InformationME4 Provide IT governance • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE &DS1 Define & manage service levels IMPLEMENTDS2 Manage third-party servicesDS3 Manage performance & capacityDS4 Ensure continuous serviceDS5 Ensure systems security AI1 Identify automated solutionsDS6 Identify & allocate costs DELIVER & AI2 Acquire & maintain application softwareDS7 Educate & train users AI3 Acquire & maintain IT infrastructureDS8 Manage service desk and incidents SUPPORT AI4 Enable operation and useDS9 Manage the configuration AI5 Procure IT resourcesDS10 Manage problems AI6 Manage changesDS11 Manage dataDS12 Manage the physical environment AI7 Install & accredit solutions and changesDS13 Manage operations
  • 27. Information Security Management
  • 28. “I don’t care how many millions of dollars youspend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
  • 29. Contact information Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2 Director Knowledge Board ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/security marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael