Infosec 2014: Meeting Regulation and Compliance Challenges in the Banking and Finance Sector: Presented by Skybox Partner BT Global Services

•

1 like•782 views

In the banking and finance sector the onus is on the financial organization to maintain compliance with regulations while supporting the dynamic landscape of the business. Often this means incorporating new assets or joining business units, but divesting assets can prove to be a greater challenge. In his presentation Mitchell highlights how Skybox enabled network visibility that was necessary to determine asset ownership while divesting part of the organization. With Skybox, BT was able to identify key assets that could have been lost during the separation, which otherwise would not have been discovered until after the separation was complete. Additionally Mitchell will talk about reputational risk, and how maintaining your reputation as secure institution can be an important consideration when allocating funding for security. BT Global Services delivers a combination of communications and IT services to more than 10,000 organizations and governments worldwide. With decades of experience working at the forefront of network security, BT helps their customers understand and prioritize the risks faced in their organizations, and provides solutions to defend against the ever-changing threat environment.

Technology Economy & Finance

Situational Awareness is Key
Risk Management
for Financial Services

2
• BT Risk Hourglass
• BT Cyber Risk Hierarchy
• Business Case Challenges
• Justifying Risk Mitigation Expenditure
• Case Study
– The Merger
– Project Methodology
– Results
Risk Management for Financial Services
Putting Things into Perspective

3
Risk Hourglass – Case Study
Detection
Prevention
Emergency Response
Incident Management
Material Event(s)
Non-Material Event(s)
Consequential Event(s)
Crisis Management
Disaster Recovery
Financial Compensation
Insurance Coverage
POS equipment infected with RAM
scraper and exfiltration malware
Data leak and malware trace signatures
detected by FireEye and Symantec AV
Critical alerts and sirens were alledged to
have been heard in India and Brazil
SOCs.
SOC teams were reported to have alerted
CERT who in turn alerted IT
management.
SOCs ordered to turn off alerts/sirens and
carry on by Top Management due to
Christmas Shopping backlog
Target alerted by Federal Authorities. By
then 40 million credit/debit card details
downloaded.
Estimated $420 million in customer
compensations, $100 million in cyber
insurance claims and 90 court orders.
2weeks!
Time Money
People/Process

4
Cyber Risk Hierarchy
Operational ‘Cyber Risks’
Overload Sabotage
Infrastructure or Processes
Destroyed or Control Taken Over
Web Pages Defaced,
Abused or Infected
Systems Overwhelmed in a Denial
of Service (DDoS) Attack
Personal Data Stolen
and Exploited
Industrial Espionage
Commercially Sensitive and Valuable
Information Intercepted or Uploaded
Data Theft
Service InterruptionVandalismTheft of Information
Data Exposed,
Publicised or Corrupted
Confidentiality AvailabilityIntegrity

5BT in commercial confidence
Business Case Challenges
An example of a common scenario we find in business today

6
6
Business Case Challenges
But the reality is very different….

9
Project Methodology
Network Perimeter Discovery Vulnerability Assessment
Rogue Device Detection Risk Exposure Analysis

10BT Assure
Results: Visibility
1
 Assessed 250,000
endpoint devices
 Extracted
configurations of 550
firewalls and 20,000
routers
 Network perimeter
map of LTSB and
HBOS networks
 Detailed all ingress/
egress points

More from Skybox Security

Learn what nearly 1000 IT security professionals have to say about vulnerability management. Based on the findings of a Skybox global survey, see what works and what doesn't in vulnerability assessment, prioritization, and remediation, and how you can improve your program today. Learn the benefits of creating a formal policy that fits your organization, how to assess risk within the context of your organization, and how to create a mature program with continuous security to neutralize risk every day.

What's Wrong with Vulnerability Management & How Can We Fix It

Skybox Security

Secure Data GI - Delivering Contextual Intelligence

Skybox Security

Systematically combine network data and intelligence sources to create a working model of the attack surface. Perform attack simulation to easily identify weak points in your defenses. Target vulnerability concentrations with streamlined actions and fix risky firewall rules and changes with automated risk assessment. With comprehensive network data at your fingertips, SOC analysts and incident response teams can achieve same-day response to cyber attacks. Take your enterprise network security to the next level. Prevent, analyze, and respond to cyber attacks in real time.

A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...

Skybox Security

Risk Analytics: One Intelligent View

Skybox Security

Presented at Black Hat 2014. Heartbleed. Target. Adobe … businesses are under siege by cybercriminals looking for financial gain and political actors looking for trade secrets. It’s a wildly uneven match where a motivated attacker can find exploitable attack vectors in minutes and maintain unabated access for months, while the security team continues to rely on time-honored methodology to fix vulnerabilities in order of severity. But severity-based vulnerability management misses the mark completely, as it overlooks the fact that risk exposure is the real concern. This workshop will focus on identifying critical vulnerabilities so they can be fixed as quickly as possible to ensure a reduction in risk and the shrinking the attack surface over time. In this deep dive session on vulnerability analysis and prioritization, we’ll cover: - Calculating risk exposure: Risk = Impact * Likelihood * Time - The data you need to be collecting about assets and vulnerabilities - Prioritizing vulnerabilities using simple 2 factor relationships - Asset-to-vulnerability correlation to augment the accuracy and freshness of active scan data - Techniques to drive down the risk exposure time

Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...

Skybox Security

Presented in booth at Infosec 2014. Skybox helps these organizations change the game against cyber attack. Attackers have a clear advantage. They have new tools at their disposal – targeted malware, plus plenty of security gaps to choose from. Skybox Security is like a brain for security management We provide visibility, intelligence and control to help you manage firewalls and changes, minimize vulnerabilities, and deal with threats --- on one common platform With Skybox, you can visualize your network, prioritize risks in minutes, find attack vectors, and save time through security automation.

Infosec 2014: Who Is Skybox Security?

Skybox Security

Infosec 2014: Tech Talk - Firewall Change Management

Skybox Security

Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery

Skybox Security

“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited. This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program. - Understand why the existing approaches, processes and technologies for IT security get less effective over time - Know what metrics and analytics are missing from your current strategy - Recognise how risk analytics can be used to automate and secure your network devices - Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

Skybox Security

“Instead of six to ten days to analyze the impact of proposed firewall changes, with Skybox it takes six to ten minutes.” - Jaswant Golan, Technical Security Officer, Hertfordshire County Council If you struggle to understand the downstream risk impact of firewall changes, this is one presentation you don’t want to miss! On Thursday 1 May, Hertfordshire County Council will present a case study on reducing risk, increasing network visibility and optimizing security management processes. In addition to firewall change management and network visibility, Mansfield and Golan will share how risk analytics have changed the way they think about network security and vulnerabilities. No longer tied to manual analysis, the security team can focus on the big picture – reducing risk.

Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes

Skybox Security

Featuring Dave Robinson, Senior IT Security Manager, Capita. Robinson discusses how Capita used Skybox to enable complete network visibility, even finding devices that have never shown up with other security tools or searches. Robinson details how Capita uses Skybox for firewall optimization and clean up, policy compliance and firewall change management. Lastly Robinson discusses how Capita is rolling out the Skybox risk analytics platform to reduce risk. Capita Customer Management is the UK's largest customer management outsourcer, managing customers for clients for more than 40 years. Capita Customer Management partners with leading public and private organizations worldwide including O2, Google, British Gas, BMW, and William Hill.

Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...

Skybox Security

Featuring Marty Legg, Cloud Services Director SecureData Security technology continues to change with expanding perimeters, massive data, and siloed solutions causing an all-out asymmetric battle! In the middle of it all, large organizations must ensure the highest security while up against ever changing technology, complex regulations, and the need for more specialists and more skills training across the board. Today’s security landscape causes a strategic security conundrum. Security spend continues to rise … $9.6B in 2006; $22B in 2012; and by 2017 it’s estimated to hit more than $30B. And yet … 621 breaches were reported in the last 12 months, up 23 percent over the past 3 years. So why are we not winning the battle?

Infosec 2014: Intelligence as a Service: The Future of Frontline Security

Skybox Security

RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network

Skybox Security

Skybox has a complete portfolio solving many common problems in enterprise cyber security. Right now we’ll focus on Network Security Management, where the story is often about policy compliance. We offer several types of policy engines that can be used to show compliance with internal policies or external regulations. Before an organization attacks their compliance issues, sometimes they need to address the messiness of firewalls whose rules sets have grown organically over the years. Our Optimization and Cleanup tools help with that situation. Lastly, once a company has their network in compliance, it’s certainly beneficial to keep it there, and that’s where change management becomes so important. I’ll demonstrate how integrating your change management workflow with Skybox’s analysis engine can produce clear ROI and risk reduction.

RSA 2014: Firewall Change Management: Automate, Secure & Comply

Skybox Security

Skybox is a Risk Analytics brain for security management We provide visibility, intelligence and control to help you manage firewalls and changes, minimize vulnerabilities, and deal with threats --- on one common platform With Skybox, you can visualize your network, prioritize risks in minutes, find attack vectors, and save time through security automation. We help you Take Action Fast! How do we do this? Let’s show you how…

RSA 2014: Skybox Security Risk Analytics Overview

Skybox Security

Gidi Cohen, Founder & CEO, Skybox Security Changing technology and business trends pose new challenges to network security management, including firewall change management processes, management of security configurations in a BYOD-world, regulatory compliance, validation of firewall migrations, and troubleshooting access problems to complex networks. Through case studies, survey data, and real-world practices, this session will grant insight into automating and optimizing network security management. Learn to streamline and automate firewall analysis to improve productivity Discover how to automate network device configuration to minimize error Gain insight into how secure change management can ensure stringent security compliance

Best Practices for Network Security Management

Skybox Security

Traditional vulnerability management is dependent on active scanners for vulnerability discovery, which can cause significant disruption to enterprise networks. In a large network with thousands of hosts, scans generate tens or hundreds of thousands of vulnerabilities, presenting security analysts with an impossible prioritization task and elongating the vulnerability window of exposure by many weeks. Skybox next-generation vulnerability management uses scanless vulnerability detection to continuously monitor the attack surface and critical vectors, feeding vulnerability data into automated risk-based prioritization and remediation. This allows security teams to remediate critical vulnerabilities immediately, sealing off vulnerabilities that could lead to intrusion or data breach at least 50 times faster compared to traditional vulnerability management processes.

Infographic: Are You Keeping Pace with Security Risks?

Skybox Security

To effectively reduce the risks of cyber attacks, comply with continuous monitoring requirements, and provide visibility to executives, organizations need to manage their vulnerabilities and associated risks continuously. This is required in order to match or exceed the daily rate of attacks. Why bother to assess your risks every 90 days when new threats are unleashed every day? See how you can: • Transform vulnerability discovery from a ‘round robin’ schedule to continuous monitoring for vulnerabilities • Prioritize vulnerabilities based on exploitability and potential business impact • Focus remediation efforts and track progress to show a measurable reduction of risk • Make vulnerability management an essential part of daily change management processes These slides will include case studies, survey data, and best practices – ideal for IT security practitioners who are considering, or already implementing, next-generation vulnerability management to effectively and measurably mitigate risk.

Is Your Vulnerability Management Program Keeping Pace With Risks?

Skybox Security

Speaker: Gidi Chen, CEO & Founder Skybox Security Infosec Europe 2013 In order to effectively reduce the risks of cyber-attacks, comply with continuous monitoring requirements, and provide visibility to executives, organizations need to manage their vulnerabilities and associated risks on an on-going basis. This is required in order to match or exceed the daily rate of attacks. Why bother to assess your risks every 90 days, if you are attacked daily, given your frequently changed infrastructure? The session will tackle next-generation vulnerability management strategies and best practices to: ensure that vulnerability data is current and accurate; prioritize based on risk to the business; develop a remediation strategy that works and make vulnerability management an essential part of daily change management processes. • Understand how to link vulnerability discovery, risk-based prioritization, and remediation activities to effectively mitigate risks • Have real-world examples of organizations that implemented vulnerability management best practices to effectively and measurably reduce risk • Be armed with pragmatic steps to implement next-generation vulnerability management to eliminate risks and prevent cyber attacks

Best Practice Next-Generation Vulnerability Management to Identify Threats, ...

Skybox Security

It’s a new era for IT security teams. Tasked with ensuring the success of business-changing IT initiatives from mobile and BYOD to virtualization and cloud services, CISOs are finding that existing security controls and processes create complexity instead of reducing risks. At the same time, highly publicized breaches and new forms of attacks have raised awareness of the business impact of cyber threats to the board level. It’s time for a hard look at your current security program. Can you demonstrate an effective security strategy that will protect your company’s vital services, systems and data? Gidi Cohen challenges you to reinvent your security approach. More than offering just a few ideas, Cohen will examine why some popular security controls are no longer effective at minimizing risks, and explore proven next-generation techniques to increase your ability to see, measure, and gain control over business risks. Presented by Gidi Cohen, CEO and Founder - Skybox Security at the CISO Summit in San Francisco, CA.

Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...

Skybox Security

More from Skybox Security (20)

What's Wrong with Vulnerability Management & How Can We Fix It

Secure Data GI - Delivering Contextual Intelligence

A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...

Risk Analytics: One Intelligent View

Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...

Infosec 2014: Who Is Skybox Security?

Infosec 2014: Tech Talk - Firewall Change Management

Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes

Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...

Infosec 2014: Intelligence as a Service: The Future of Frontline Security

RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network

RSA 2014: Firewall Change Management: Automate, Secure & Comply

RSA 2014: Skybox Security Risk Analytics Overview

Best Practices for Network Security Management

Infographic: Are You Keeping Pace with Security Risks?

Is Your Vulnerability Management Program Keeping Pace With Risks?

Best Practice Next-Generation Vulnerability Management to Identify Threats, ...

Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...

Recently uploaded

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Jennifer Lim

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

Already know how to write a basic SOQL query? Great! But what about an *aggregate* SOQL query? You know, the kind that uses aggregate functions like COUNT & MAX along with GROUP BY and HAVING clauses? No? Well, get ready to learn how to slice & dice your org’s data right inside your own dev console. From finding duplicate records to prototyping summary & matrix reports, learn the ins and outs of aggregate queries during this fast-paced but admin-friendly session on advanced SOQL concepts.

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

CzechDreamin

Unlock the mysteries of successful Salesforce interviews in this insightful session hosted by Hugo Rosario (Salesforce Customer), a seasoned hiring manager that leads the Salesforce Department of multinational company with over 100 interviews under their belt. Step into the manager's chair and gain exclusive behind-the-scenes insights into what makes a Salesforce consultant stand out during the interview process. From deciphering the unspoken cues to mastering key strategies, we'll explore the intricacies of the interview process and provide practical tips for consultants looking to not only pass interviews but also thrive in their roles. Whether you're a seasoned professional or just starting your Salesforce journey, this session is your backstage pass to the secrets that hiring managers wish you knew.

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

CzechDreamin

IESVE for Early Stage Design and Planning

IES VE

Knowledge engineering: from people to machines and back

Elena Simperl

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

AI presentation and introduction - Retrieval Augmented Generation RAG 101

vincent683379

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Agentic RAG What it is its types applications and implementation.pdf

ChristopherTHyatt

This presentation focuses on the challenges and strategies of connecting problem definitions within product development. Key Points Covered: - Kayak's mission since its inception in 2004 to simplify travel by enabling easy comparisons of flights through technological solutions. - Discussion of the complexities within the travel industry, including the high expectations for personalized user experiences and the various stakeholder influences. - Emphasis on the necessity of maintaining agility and innovation within a mature company through continuous reassessment of processes. - An explanation of the importance of disciplined problem definition to prevent project failures and team inefficiencies. - Introduction of strategies for effective communication across teams to ensure alignment and comprehension at all levels of project development. - Exploration of various problem-solving methodologies, including how to handle conflicts within team settings regarding problem definitions and project directions.

Connecting the Dots in Product Design at KAYAK

UXDXConf

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

This talk offers actionable insights at an executive level for enhancing productivity and refining your portfolio management approach to propel your organization to greater heights. Key Points Covered: 1. Experience Transformation: - The core challenge remains consistent across organizations: converting budget into user-centric designs. - Strategies for deploying design resources effectively in both startups and large enterprises. 2. Strategic Frameworks: - Introduction to the "Ziggurat of Impact" model, detailing layers from basic system interactions to comprehensive customer experiences. - Practical insights on creating frameworks that scale with organizational complexity. 3. Organizational Impact: - Real-world examples of navigating design in large settings, focusing on the synthesis of consumer products and customer experiences. - Emphasis on the importance of designing systems that directly influence customer interactions. 4. Design Execution: - Detailed walkthrough of organizational layers affecting design execution, from touchpoints and customer activities to shared capabilities. - How to ensure design influences both the micro and macro aspects of customer interactions. 5. Measurement and Adaptation: - Techniques for measuring the impact of design decisions and adapting strategies based on data-driven insights. - The critical role of continuous improvement and feedback in refining customer experiences.

Structuring Teams and Portfolios for Success

UXDXConf

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

We're living the AI revolution and Salesforce is adapting and bring new value to their customers. Einstein products are evolving rapidly and navigating their limitations, language support, and use cases can be challenging. Let's make review of what Einstein product are available currently, what are the capabilities and what can be used for in CEE region and how Rossie.ai can help to learn Salesforce speak Czech. We will explore the Einstein roadmap and I will make a short live demo (based on your vote) of some Einstein feature.

AI revolution and Salesforce, Jiří Karpíšek

CzechDreamin

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

Speed Wins: From Kafka to APIs in Minutes

confluent

Recently uploaded (20)

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

IESVE for Early Stage Design and Planning

Knowledge engineering: from people to machines and back

Powerful Start- the Key to Project Success, Barbara Laskowska

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

AI presentation and introduction - Retrieval Augmented Generation RAG 101

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

Optimizing NoSQL Performance Through Observability

Agentic RAG What it is its types applications and implementation.pdf

Connecting the Dots in Product Design at KAYAK

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Structuring Teams and Portfolios for Success

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

AI revolution and Salesforce, Jiří Karpíšek

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

UiPath Test Automation using UiPath Test Suite series, part 2

Speed Wins: From Kafka to APIs in Minutes

Infosec 2014: Meeting Regulation and Compliance Challenges in the Banking and Finance Sector: Presented by Skybox Partner BT Global Services

1. Situational Awareness is Key Risk Management for Financial Services

2. 2 • BT Risk Hourglass • BT Cyber Risk Hierarchy • Business Case Challenges • Justifying Risk Mitigation Expenditure • Case Study – The Merger – Project Methodology – Results Risk Management for Financial Services Putting Things into Perspective

3. 3 Risk Hourglass – Case Study Detection Prevention Emergency Response Incident Management Material Event(s) Non-Material Event(s) Consequential Event(s) Crisis Management Disaster Recovery Financial Compensation Insurance Coverage POS equipment infected with RAM scraper and exfiltration malware Data leak and malware trace signatures detected by FireEye and Symantec AV Critical alerts and sirens were alledged to have been heard in India and Brazil SOCs. SOC teams were reported to have alerted CERT who in turn alerted IT management. SOCs ordered to turn off alerts/sirens and carry on by Top Management due to Christmas Shopping backlog Target alerted by Federal Authorities. By then 40 million credit/debit card details downloaded. Estimated $420 million in customer compensations, $100 million in cyber insurance claims and 90 court orders. 2weeks! Time Money People/Process

4. 4 Cyber Risk Hierarchy Operational ‘Cyber Risks’ Overload Sabotage Infrastructure or Processes Destroyed or Control Taken Over Web Pages Defaced, Abused or Infected Systems Overwhelmed in a Denial of Service (DDoS) Attack Personal Data Stolen and Exploited Industrial Espionage Commercially Sensitive and Valuable Information Intercepted or Uploaded Data Theft Service InterruptionVandalismTheft of Information Data Exposed, Publicised or Corrupted Confidentiality AvailabilityIntegrity

5. 5BT in commercial confidence Business Case Challenges An example of a common scenario we find in business today

6. 6 6 Business Case Challenges But the reality is very different….

7. 7 Justifying Risk Mitigation Expenditure : Business Case • Risk mitigation may have to compete for funds with plans for growth and greater efficiency • Executive scorecards rarely include risk reduction, but may include growth, cost reduction and defence of market share • Risk mitigation aims to cut potential losses and unbudgeted expenditure • Support for cost reduction is only realistic for high frequency risks • Fears, Uncertainty and Doubts (FUDs) play a major role • Regulatory compliance is a common theme • Avoiding reputation and brand damage is intangible justification • Avoidance of regret is an underlying principle • Satisfying audit requirements is valid with risk-based auditing • Clear definition of risk appetite makes justification much easier

8. 8 A Case Study - The Merger

9. 9 Project Methodology Network Perimeter Discovery Vulnerability Assessment Rogue Device Detection Risk Exposure Analysis

10. 10BT Assure Results: Visibility 1  Assessed 250,000 endpoint devices  Extracted configurations of 550 firewalls and 20,000 routers  Network perimeter map of LTSB and HBOS networks  Detailed all ingress/ egress points

11. 11 bt.com/globalservices

Infosec 2014: Meeting Regulation and Compliance Challenges in the Banking and Finance Sector: Presented by Skybox Partner BT Global Services

Recommended

Recommended

More Related Content

More from Skybox Security

More from Skybox Security (20)

Recently uploaded

Recently uploaded (20)

Infosec 2014: Meeting Regulation and Compliance Challenges in the Banking and Finance Sector: Presented by Skybox Partner BT Global Services