More Related Content Similar to Valuendo cyberwar and security (okt 2011) handout (20) Valuendo cyberwar and security (okt 2011) handout2. Cybersecurity threats
• Cyber-criminals
• Malware
• Phishers
• Spammers
• Negligent staff
• Hackers
• Unethical employees misusing/misconfiguring security
functions
• Unauthorized access, modification, disclosure of
information
• Nations attacking critical information infrastructures
• Technical advances that can render encryption algorithms
obsolete
5. Lessons learned so far
Governments
do have
the resources/skills
to conduct
cyberattacks.
8. “Cyberspace is a new domain in warfare which
has become just as critical to military operations
as land, sea, air and space.”
11. Lessons learned so far
Cyberattacks are
a real, clear and
present danger
to organisations
& government
agencies.
12. “It’s possible that hackers have gotten
into administrative computer systems of
utility companies, but says those aren’t
linked to the equipment controlling the
grid, at least not in developed countries.
I have never heard that the grid itself has
been hacked..”
Howardt Schmidt,
Cyber-Security Coordinator of the US
30. PO1 Define a strategic IT plan
PO2 Define the information architecture
Information Criteria PO3 Determine technological direction
• Effectiveness
• Efficiency
PO4 Define the IT processes, organisation and
• Confidentiality relationships
• Integrity PO5 Manage the IT investment
• Availability PO6 Communicate mgt aims & direction
• Compliance PO7 Manage IT human resources
• Reliability PO8 Manage quality
PO9 Assess and manage IT risks
ME1 Monitor & evaluate IT performance PO10 Manage projects
ME2 Monitor & evaluate internal control IT RESOURCES
ME3 Ensure compliance with external requirements • Applications
ME4 Provide IT governance • Information
• Infrastructure
• People
PLAN &
ORGANISE
MONITOR &
EVALUATE
ACQUIRE &
DS1 Define & manage service levels IMPLEMENT
DS2 Manage third-party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure systems security
DS6 Identify & allocate costs
DS7 Educate & train users
DELIVER &
SUPPORT
AI1 Identify automated solutions
DS8 Manage service desk and incidents
AI2 Acquire & maintain application software
DS9 Manage the configuration
AI3 Acquire & maintain IT infrastructure
DS10 Manage problems
AI4 Enable operation and use
DS11 Manage data
AI5 Procure IT resources
DS12 Manage the physical environment
AI6 Manage changes
DS13 Manage operations
AI7 Install & accredit solutions and changes
31. PO1 Define a strategic IT plan
PO2 Define the information architecture
Information Criteria PO3 Determine technological direction
• Effectiveness
• Efficiency
PO4 Define the IT processes, organisation and
• Confidentiality relationships
• Integrity PO5 Manage the IT investment
• Availability PO6 Communicate mgt aims & direction
• Compliance PO7 Manage IT human resources
• Reliability PO8 Manage quality
PO9 Assess and manage IT risks
ME1 Monitor & evaluate IT performance PO10 Manage projects
ME2 Monitor & evaluate internal control IT RESOURCES
ME3 Ensure compliance with external requirements • Applications
ME4 Provide IT governance • Information
• Infrastructure
• People
PLAN &
ORGANISE
MONITOR &
EVALUATE
ACQUIRE &
DS1 Define & manage service levels IMPLEMENT
DS2 Manage third-party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure systems security
DS6 Identify & allocate costs DELIVER &
DS7 Educate & train users
DS8 Manage service desk and incidents SUPPORT AI1 Identify automated solutions
AI2 Acquire & maintain application software
DS9 Manage the configuration AI3 Acquire & maintain IT infrastructure
DS10 Manage problems AI4 Enable operation and use
DS11 Manage data
AI5 Procure IT resources
DS12 Manage the physical environment
DS13 Manage operations
AI6 Manage changes
AI7 Install & accredit solutions and changes
36. “I don’t care how many millions of
dollars you spend on security
technology. If you don’t have people
trained properly, I’m going to get in if I
want to get in.”
Susie Thunder, Cyberpunk
39. Contact information
Marc Vael
CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2
Director Knowledge Board
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows
IL 60008 USA
http://www.isaca.org/security
marc@vael.net
http://www.linkedin.com/in/marcvael
http://twitter.com/marcvael