Valuendo cyberwar and security (jan 2012) handout


Published on

A small presentation on cyberwar and how to approach it in a managed way

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Valuendo cyberwar and security (jan 2012) handout

  1. 1. How vulnerable are you to cyber attack?
  2. 2. Cybersecurity threats• Cyber-criminals• Malware• Phishers• Spammers• Negligent staff• Hackers• Unethical employees misusing/misconfiguring security functions• Unauthorized access, modification, disclosure of information• Nations attacking critical information infrastructures• Technical advances that can render encryption algorithms obsolete
  3. 3. Lessons learned so far Cyberattacks are DIFFICULT to execute.
  4. 4. Lessons learned so far Governments do have the resources/skills to conduct cyberattacks.
  5. 5. Cyberwarfare is"the fifth domain ofwarfare“
  6. 6. “Cyberspace is a new domain in warfare which hasbecome just as critical to military operations asland, sea, air and space.”
  7. 7. “Actions to penetrate computers or networks for thepurposes of causing damage or disruption.”
  8. 8. Information warfare is“using & managing IT inthe pursuit of acompetitive advantageover an opponent“
  9. 9. Lessons learned so far Cyberattacks are a real, clear and present danger to organisations & government agencies.
  10. 10. “It’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries.I have never heard that the grid itself has been hacked.” Howardt Schmidt, Cyber-Security Coordinator of the US
  11. 11. Lessons learned so far Targeted organizations are unprepared.
  12. 12. Lessons learned so far Security professionals are at risk.
  13. 13. Risk always exists! (whether or not it isdetected / recognisedby the organisation).
  14. 14. Impact of an attack on the business
  15. 15. Cyberattack mitigating strategiesCorporate governance : ERM = COSO Support from Board of Directors & Executive Management
  16. 16. Cyberattack mitigating strategies Managing risks appropriately
  17. 17. Cyberattack mitigating strategies Policies & Standards
  18. 18. Cyberattack mitigating strategies Project Management
  19. 19. Cyberattack mitigating strategies Supply Chain Management
  20. 20. Cyberattack mitigating strategies EDUCATION!
  21. 21. Cyberattack mitigating strategiesProviding proper funding
  22. 22. Cyberattack mitigating strategiesProviding proper resources
  23. 23. Cyberattack mitigating strategies Measuring performance
  24. 24. Cyberattack mitigating strategies Review / Audit
  25. 25. Cyberattack mitigating strategies Incident/Crisis Management
  26. 26. Governance Objectives Business Objectives PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness PO4 Define the IT processes, organisation and • Efficiency relationships • Confidentiality • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risksME1 Monitor & evaluate IT performance PO10 Manage projectsME2 Monitor & evaluate internal control IT RESOURCESME3 Ensure compliance with external • Applicationsrequirements • InformationME4 Provide IT governance • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE &DS1 Define & manage service levels IMPLEMENTDS2 Manage third-party servicesDS3 Manage performance & capacityDS4 Ensure continuous serviceDS5 Ensure systems security AI1 Identify automated solutionsDS6 Identify & allocate costs DELIVER & AI2 Acquire & maintain application softwareDS7 Educate & train users AI3 Acquire & maintain IT infrastructureDS8 Manage service desk and incidents SUPPORT AI4 Enable operation and useDS9 Manage the configuration AI5 Procure IT resourcesDS10 Manage problems AI6 Manage changesDS11 Manage dataDS12 Manage the physical environment AI7 Install & accredit solutions and changesDS13 Manage operations
  27. 27. Information Security Management
  28. 28. “I don’t care how many millions of dollars youspend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
  29. 29. Contact information Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2 Director Knowledge Board ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA