2. Cyber Resilience – Strengthening
Cybersecurity Posture & Preparedness
Philip Victor
Head of Market Development (APAC), (ISC)2
pvictor@isc2.org
3.
4. The Threat Landscape in SE Asia
• Enterprises in Asia spent about $230 billion in
2014 to deal with issues caused by malware
deliberately loaded onto pirated software,
according to IDC and the National
University of Singapore.
– Of $230 billion: $59 billion to deal with security
issues
– $170 billion for data breaches
5. C-suite Attitude towards Security
A survey released in Nov 2014 by Vanson Bourne, sponsored by BT Global, reveals
that the wrong attitude about security, starting at the top and trickling downwards, is
putting organizations at serious risks.
Uptake of BYOD (Bring Your Own Device) and COPE (Corporately Owned
Personally-Enabled) devices at workplace
6. Strengthening Cyber Resilience
• Understand the security
architecture
• Access the environment
• Risk assessment
• Understand the business
• Monitor the environment
• Qualified, certified security
personnel
7. Understand Security Architecture
• Use of appropriate
technologies to
provide/protect
architecture
• Protect your
network
• Content inspection
15. DoD 8140
DoD 8140 model which is based on the U.S. National Institute of Standard and Technology
(NIST) National Initiative for Cybersecurity Education (NICE) standard
17. Federal Information Security Management Act
CAP Domains:
• Risk Management Framework (RMF)
• Categorization of Information Systems
• Selection of Security Controls
• Security Control Implementation
• Security Control Assessment
• Information System Authorization
• Monitoring of Security Controls
20. NICF Framework in Singapore
• The National Infocomm Competency Framework
(NICF) developed by Infocomm Development
Authority of Singapore (iDA) and Singapore
Workforce Development Agency (WDA)
• The NICF Overview Map is a snapshot of the
Infocomm sector
• Serves as a reference for career progression and
corresponding training pathways leading to NICF
qualifications.
• Similar to DoD 8140 model
22. Infocomm Security
• Involves in
protecting
hardware,
software,
network and
services of an
organization
against
unauthorized
access,
modification,
destruction, or
disclosure
24. Information security
professionals must be
highly adaptable in
learning and applying
new skills, technologies,
and procedures.
Critical Times Demand Critical Skills