CYBER SECURITY:Cyber Security & FSI: Lock-Down on the Final Frontier?May 23rd 2013 @ Hong KongAlbert Hui GREM, GCFA, GCFE,...
EXTERNAL CHALLENGESIncreasedSophisticationof AdversariesRegulatoryand AuditComplianceRisks of NewTechnologiesCopyright © 2...
INTERNAL CHALLENGESDisparate RiskFunctionsRisk AppetiteMisalignmentInsufficientResources andCompetingPrioritiesCopyright ©...
INCREASED SOPHISTICATION OFADVERSARIESProblem• Financially-driven attacks• Hacker supply chainSolution• Full-scoped CSIRTC...
REGULATORY AND AUDITCOMPLIANCEProblem• Too many standards• Duplicated efforts (overlappingrequirements)Solution• Unified c...
RISKS OF NEW TECHNOLOGIESProblem• Unknown unknown risks• Increased exposuresSolution• Forward-looking security research• C...
DISPARATE RISK FUNCTIONSProblem• Lack of unified risk oversight• Duplicated activitiesSolution• Cross-functional committee...
RISK APPETITE MISALIGNMENTProblem• Ever changing risk environment• Inadequate supportingjustificationsSolution• Security i...
INSUFFICIENT RESOURCESAND COMPETING PRIORITIESProblem• Lack of funding• Lack of talents and technologies• Competing priori...
QUICK WIN1. CSIRT2. Cross-functional committees for risk functions3. Security metricsCopyright © 2013 Security Ronin
Upcoming SlideShare
Loading in …5
×

Cyber Security: Challenges and Solutions for the Corporate

584 views

Published on

5000-foot view on corporate strategy for cyber security (10-minute panel talk).

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Cyber Security: Challenges and Solutions for the Corporate

  1. 1. CYBER SECURITY:Cyber Security & FSI: Lock-Down on the Final Frontier?May 23rd 2013 @ Hong KongAlbert Hui GREM, GCFA, GCFE, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISAPrincipal ConsultantCHALLENGES AND SOLUTIONS FOR THE CORPORATE
  2. 2. EXTERNAL CHALLENGESIncreasedSophisticationof AdversariesRegulatoryand AuditComplianceRisks of NewTechnologiesCopyright © 2013 Security Ronin
  3. 3. INTERNAL CHALLENGESDisparate RiskFunctionsRisk AppetiteMisalignmentInsufficientResources andCompetingPrioritiesCopyright © 2013 Security Ronin
  4. 4. INCREASED SOPHISTICATION OFADVERSARIESProblem• Financially-driven attacks• Hacker supply chainSolution• Full-scoped CSIRTCMU SEI CSIRT HandbookCopyright © 2013 Security Ronin
  5. 5. REGULATORY AND AUDITCOMPLIANCEProblem• Too many standards• Duplicated efforts (overlappingrequirements)Solution• Unified compliance framework• Centralized risk registerCopyright © 2013 Security Ronin
  6. 6. RISKS OF NEW TECHNOLOGIESProblem• Unknown unknown risks• Increased exposuresSolution• Forward-looking security research• Compensatory controlsCopyright © 2013 Security Ronin
  7. 7. DISPARATE RISK FUNCTIONSProblem• Lack of unified risk oversight• Duplicated activitiesSolution• Cross-functional committees• Centralized risk registerTechRiskITSecurityLegalandComplianceInternalAuditInternalControlFraudInvestigationCopyright © 2013 Security Ronin
  8. 8. RISK APPETITE MISALIGNMENTProblem• Ever changing risk environment• Inadequate supportingjustificationsSolution• Security intelligence• Security metricsCopyright © 2013 Security Ronin
  9. 9. INSUFFICIENT RESOURCESAND COMPETING PRIORITIESProblem• Lack of funding• Lack of talents and technologies• Competing prioritiesSolution• Holistic risk assessment• Security metrics• Judicious outsourcingCopyright © 2013 Security Ronin
  10. 10. QUICK WIN1. CSIRT2. Cross-functional committees for risk functions3. Security metricsCopyright © 2013 Security Ronin

×