SlideShare a Scribd company logo

Sensible defence

Download as PPT, PDF
Koen Maris
Koen Maris

The pains of risk management

TechnologyBusiness
1 of 16
Conostix S.A. koen@conostix.com Sensible defence
Conostix S.A. koen@conostix.com • CIA and prevention/dectection/response • Risk management and its pitfalls • Economic incentives • Liability/regulation/compliance • Due care and due dilligence • Technology • Awareness • Conclusion Introduction
Conostix S.A. koen@conostix.com • To ensure the CIA triad we use: • Detection • Prevention • Response How security works
Conostix S.A. koen@conostix.com • Identification Identify the actual threat • Impact factor The possible consequences of an attack • Frequency The probable frequency of the occurrence of a threat • Probability The extent of how confident we are a threat will happen Today’s risk management Identification of a threat
Conostix S.A. koen@conostix.com • Identification of the current risks • The cost/benefit justification of the countermeasures • Influences the decision making process on hardware, etc • Focus on security resources where they are needed most Today’s risk management Risk analysis goals
Conostix S.A. koen@conostix.com • Threat • Asset • Vulnerability • Safeguard • Asset value (AV) • Exposure factor (EF), value in percentage • Single loss expectancy (SLE), dollar figure (EFxAV) • Annualized rate of occurrence • Annualized loss expectancy (ALE= SLExARO) Today’s risk management Risk analysis – key terms
Conostix S.A. koen@conostix.com • Aims to assign tangible values • Relies on qualitative data • Process • Estimate potential losses to the assets • Analyze potential threats to the assets • Define impact and frequency levels • Define the ALE Today’s risk management Risk analysis – Quantitative
Conostix S.A. koen@conostix.com • Scenario oriented approach • Rank threats on a scale to evaluate their risks, costs and outcome • In contrast to quantitative analysis a purely qualitative analysis is always possible • High guess rating Today’s risk management Risk analysis – Qualitative
Conostix S.A. koen@conostix.com • Misunderstanding between risk and certainty • A risk is the anticipated frequency of losses • Certainties are occurring with high frequency • Reliance on probability, impact and frequency • The unknown, controls the probability, frequency and the impact of a future incident. Today’s risk management Pitfalls
Conostix S.A. koen@conostix.com • Benefits vs costs • Economic pressure Sensible defence Economic incentives
Conostix S.A. koen@conostix.com • Laws push standards • Liability creates awareness • Regulatory bodies motivate Sensible defence Liability, regulation, compliance
Conostix S.A. koen@conostix.com • Due care is using reasonable care to protect the interests of an organization • Due diligence is practicing the activities to maintain the due care efforts. • Common sense security framework Sensible defence Due care and due diligence
Conostix S.A. koen@conostix.com • Functionality vs security • User friendly does not mean insecure • Ease-of-Use + Common Sense = Security • Privacy vs security • Sacrifice privacy for security? • Should security protect privacy or ignore it to enhance security? Sensible defence Technology
Conostix S.A. koen@conostix.com • Human intelligence most important • Reduce risk without technology • Limit damage in case of an incident • Give users insight in values of company assets and the usage of information systems Sensible defence Awareness
Conostix S.A. koen@conostix.com • Sensible defence is balanced security • Balance cost vs economic gain • Balance liberty vs privacy • Balance functionality vs security • Liability, legislation and regulation Sensible defence security is a trade-off
Conostix S.A. koen@conostix.com Q & A Thanks to: My colleagues Donn Parker Bruce Schneier Rebecca Herolds Sensible defence Questions?

Recommended

Michigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management pptMichigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management ppt
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
Donald Tabone
 
Risk managment
Risk managmentRisk managment
Risk managment
sapna moodautia
 
Risk avoidance
Risk avoidanceRisk avoidance
Risk avoidance
sapna moodautia
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
 
Risk evaluation
Risk evaluationRisk evaluation
Risk evaluation
sapna moodautia
 
DEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTERDEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTER
Christopher Nanchengwa
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber Response
Gareth Niblett
 

Recommended

Michigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management pptMichigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management ppt
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
Donald Tabone
 
Risk managment
Risk managmentRisk managment
Risk managment
sapna moodautia
 
Risk avoidance
Risk avoidanceRisk avoidance
Risk avoidance
sapna moodautia
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
 
Risk evaluation
Risk evaluationRisk evaluation
Risk evaluation
sapna moodautia
 
DEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTERDEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTER
Christopher Nanchengwa
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber Response
Gareth Niblett
 
Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of Alexandria
Atlantic Training, LLC.
 
Introduction to Risk Management Fundamentals
Introduction to Risk Management FundamentalsIntroduction to Risk Management Fundamentals
Introduction to Risk Management Fundamentals
Toño Herrera
 
Risk identification
Risk identificationRisk identification
Risk identification
sapna moodautia
 
Risk Management
Risk ManagementRisk Management
Risk Management
M.T.H Group
 
Benefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsBenefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human Particpants
Dr Ghaiath Hussein
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs
Richard Smiraldi
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
Srinivasan Vanamali
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
Communicating cybersecurity
Communicating cybersecurityCommunicating cybersecurity
Communicating cybersecurity
Jisc
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Phil Huggins FBCS CITP
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
Phil Huggins FBCS CITP
 
Risk-benefit analysis
Risk-benefit analysisRisk-benefit analysis
Risk-benefit analysis
SKS
 
What cybersecurity risk management entails
What cybersecurity risk management entailsWhat cybersecurity risk management entails
What cybersecurity risk management entails
Cyberhunter Cyber Security
 
Risk benefit analysis
Risk benefit analysisRisk benefit analysis
Risk benefit analysis
Monica Vasile
 
Unified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of AntwerpUnified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of Antwerp
FPC Risk
 
Risk Management Plan Example
Risk Management Plan ExampleRisk Management Plan Example
Risk Management Plan Example
THE HANG SENG UNIVERSITY OF HONG KONG
 
Port of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency managementPort of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency management
FPC Risk
 
Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?
FPC Risk
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
Michael Lines
 
Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security Risk
Phil Huggins FBCS CITP
 
Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
Positive Power Sp. z o.o
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
Koen Maris
 

More Related Content

What's hot

Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of Alexandria
Atlantic Training, LLC.
 
Benefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsBenefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human Particpants
Dr Ghaiath Hussein
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
Risk benefit analysis
Risk benefit analysisRisk benefit analysis
Risk benefit analysis
Monica Vasile
 

What's hot (20)

Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of Alexandria
 
Introduction to Risk Management Fundamentals
Introduction to Risk Management FundamentalsIntroduction to Risk Management Fundamentals
Introduction to Risk Management Fundamentals
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Benefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsBenefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human Particpants
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Communicating cybersecurity
Communicating cybersecurityCommunicating cybersecurity
Communicating cybersecurity
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
 
Risk-benefit analysis
Risk-benefit analysisRisk-benefit analysis
Risk-benefit analysis
 
What cybersecurity risk management entails
What cybersecurity risk management entailsWhat cybersecurity risk management entails
What cybersecurity risk management entails
 
Risk benefit analysis
Risk benefit analysisRisk benefit analysis
Risk benefit analysis
 
Unified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of AntwerpUnified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of Antwerp
 
Risk Management Plan Example
Risk Management Plan ExampleRisk Management Plan Example
Risk Management Plan Example
 
Port of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency managementPort of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency management
 
Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security Risk
 

Viewers also liked

โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4
somjaibio003
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếp
steppe91
 
Gray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 pptGray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors
 

Viewers also liked (20)

Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
 
RWD: przyszłością m.commerce?
RWD: przyszłością m.commerce?RWD: przyszłością m.commerce?
RWD: przyszłością m.commerce?
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
 
Css
CssCss
Css
 
Lks pengukuran
Lks pengukuranLks pengukuran
Lks pengukuran
 
Company Presentation
Company PresentationCompany Presentation
Company Presentation
 
โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4
 
About schroeder
About schroederAbout schroeder
About schroeder
 
ปก
ปกปก
ปก
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếp
 
Advertising Presentation
Advertising PresentationAdvertising Presentation
Advertising Presentation
 
The human factor
The human factorThe human factor
The human factor
 
The human factor
The human factorThe human factor
The human factor
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
 
Gray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 pptGray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 ppt
 
Rafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesuRafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesu
 
Rafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWDRafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWD
 
บทที่ 5
บทที่ 5บทที่ 5
บทที่ 5
 

Similar to Sensible defence

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
TruShield Security Solutions
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
Komal Zahra
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?
Jisc
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
A. V. Rajabahadur
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)
Alex Yates
 

Similar to Sensible defence (20)

Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That Matter
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptx
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdf
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Sensible defence

  • 2. Conostix S.A. koen@conostix.com • CIA and prevention/dectection/response • Risk management and its pitfalls • Economic incentives • Liability/regulation/compliance • Due care and due dilligence • Technology • Awareness • Conclusion Introduction
  • 3. Conostix S.A. koen@conostix.com • To ensure the CIA triad we use: • Detection • Prevention • Response How security works
  • 4. Conostix S.A. koen@conostix.com • Identification Identify the actual threat • Impact factor The possible consequences of an attack • Frequency The probable frequency of the occurrence of a threat • Probability The extent of how confident we are a threat will happen Today’s risk management Identification of a threat
  • 5. Conostix S.A. koen@conostix.com • Identification of the current risks • The cost/benefit justification of the countermeasures • Influences the decision making process on hardware, etc • Focus on security resources where they are needed most Today’s risk management Risk analysis goals
  • 6. Conostix S.A. koen@conostix.com • Threat • Asset • Vulnerability • Safeguard • Asset value (AV) • Exposure factor (EF), value in percentage • Single loss expectancy (SLE), dollar figure (EFxAV) • Annualized rate of occurrence • Annualized loss expectancy (ALE= SLExARO) Today’s risk management Risk analysis – key terms
  • 7. Conostix S.A. koen@conostix.com • Aims to assign tangible values • Relies on qualitative data • Process • Estimate potential losses to the assets • Analyze potential threats to the assets • Define impact and frequency levels • Define the ALE Today’s risk management Risk analysis – Quantitative
  • 8. Conostix S.A. koen@conostix.com • Scenario oriented approach • Rank threats on a scale to evaluate their risks, costs and outcome • In contrast to quantitative analysis a purely qualitative analysis is always possible • High guess rating Today’s risk management Risk analysis – Qualitative
  • 9. Conostix S.A. koen@conostix.com • Misunderstanding between risk and certainty • A risk is the anticipated frequency of losses • Certainties are occurring with high frequency • Reliance on probability, impact and frequency • The unknown, controls the probability, frequency and the impact of a future incident. Today’s risk management Pitfalls
  • 10. Conostix S.A. koen@conostix.com • Benefits vs costs • Economic pressure Sensible defence Economic incentives
  • 11. Conostix S.A. koen@conostix.com • Laws push standards • Liability creates awareness • Regulatory bodies motivate Sensible defence Liability, regulation, compliance
  • 12. Conostix S.A. koen@conostix.com • Due care is using reasonable care to protect the interests of an organization • Due diligence is practicing the activities to maintain the due care efforts. • Common sense security framework Sensible defence Due care and due diligence
  • 13. Conostix S.A. koen@conostix.com • Functionality vs security • User friendly does not mean insecure • Ease-of-Use + Common Sense = Security • Privacy vs security • Sacrifice privacy for security? • Should security protect privacy or ignore it to enhance security? Sensible defence Technology
  • 14. Conostix S.A. koen@conostix.com • Human intelligence most important • Reduce risk without technology • Limit damage in case of an incident • Give users insight in values of company assets and the usage of information systems Sensible defence Awareness
  • 15. Conostix S.A. koen@conostix.com • Sensible defence is balanced security • Balance cost vs economic gain • Balance liberty vs privacy • Balance functionality vs security • Liability, legislation and regulation Sensible defence security is a trade-off
  • 16. Conostix S.A. koen@conostix.com Q & A Thanks to: My colleagues Donn Parker Bruce Schneier Rebecca Herolds Sensible defence Questions?