SlideShare a Scribd company logo

10 Security Essentials Every CxO Should Know

IBM Security
IBM Security

View On Demand Webinar: http://event.on24.com/wcc/r/1060940/3EBB3C7D778564710E957F99AF1D7C1B How comprehensive is your security program? Organizations today are reliant on technology more than ever to achieve competitive advantage. Whether it is growing your brand, automating a supply chain or moving to cloud and mobile, technology is the lifeblood of business. This shift in reliance also brings cyber threats that must be addressed. Based on extensive experience, IBM has established 10 Essential Practices for a comprehensive security posture. Join Glen Holland, Global Practice Lead of SAP Security Services, to hear about the key imperatives can help you understand and address these threats and protect the business. In this on demand webinar, you will learn: - The 10 security essentials and best practices of today’s security leaders - How to assess your security maturity - Where your critical gaps lie and how to prioritize your actions

Technology
1 of 22
Download to read offline
© 2015 IBM Corporation Glen Holland Privacy and Security Consultant IBM Security Wendy Terrien Senior Product Manager IBM Security Services 10 Security Essentials Every CxO Should Know
2© 2015 IBM Corporation2 Today’s panelists Wendy Terrien Senior Product Manager IBM Security Email: wbterrie@us.ibm.com Glenn Holland IBM Security and Privacy Consultant IBM Security Email: glen.r.Holland@us.ibm.com
3© 2015 IBM Corporation Agenda Welcome and Intros Market Landscape Security Program Essentials: The 10 Best Practices How IBM Can Help Q+A
4© 2015 IBM Corporation Security is a board room discussion, and security leaders are more accountable than ever before Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
5© 2015 IBM Corporation What is happening in the threat landscape - the challenges of keeping up with a perpetually evolving cyber security environment. 61% data theft and cybercrime are the greatest threats to their reputation of organizations say Average data breach in the US cost $6.5million 2015 Cost of Data Breach Study: Global Analysis Ponemon Institute 2012 IBM Global Reputational Risk & IT Study 80% of enterprises have difficulty finding the security skills they need tools from vendors 85 45 IBM client example 2013 Forrester Consulting, “Surviving the Technical Security Skills Crisis” 70% 11.6M 2013 IBM CISO Survey IBM X-Force® Threat Intelligence Quarterly 1Q 2015 Mobile malware is affecting of security execs are concerned about cloud and mobile security mobile devices
6© 2015 IBM Corporation6 For the average client, IBM filters 81,342,747 security events to identify the 109 security incidents that can potentially do harm. Annual security events, attacks and incidents 2013 2014 109 Incidents 18,856 Attacks 91,765,453 Events 109 Incidents 12,017 Attacks 81,342,747 Events .91% incident- to-attack ratio .65% incident- to-attack ratio Incident Attack serious enough to warrant deeper investigation Attack Malicious activity attempting to collect, disrupt or destroy information or system resources Event Activity on a system or network detected by a security device or application *IBM 2015 Cyber Security Intelligence Index
7© 2015 IBM Corporation Understanding the essential practices is critical to creating a more effective and actionable security leadership capability An effective and actionable security leadership capability informs critical business decisions. How do I automate and integrate to provide actionable intelligence? What security capabilities do I need to help better manage risk, protect competitiveness, support new business models, and better manage compliance? What are current exposures, and what risks should the business address? What security roadmap will help my business grow and operate safely, now and in the future? How do I effectively communicate security? Am I allocating resources and governing to the right issues?
8© 2015 IBM Corporation Key imperatives can help you understand and address these threats, and protect the business 1 Understand security essentials 2 Assess security maturity 3 Determine critical gaps and prioritize actions
9© 2015 IBM Corporation 10 Manage the digital identity lifecycle 8 Manage third- party security compliance 7 Address security complexity of cloud and virtualization 3 Secure collaboration in social and mobile workplace 6 Create a security-rich and resilient network Based on extensive experience, IBM has outlined 10 essential practices for a stronger security posture 9 Assure data security and privacy 5 Manage IT hygienically 4 Develop security- rich products, by design 2 Establish intelligent security operations and rapid threat response 1 Build a risk-aware culture and management system Understand security essentials 1 2 3
10© 2015 IBM Corporation We can leverage this knowledge base with a maturity model to assess your company versus best practices Assess security maturity Capability maturity model (CMM) 1 2 3 Defined: Processes are documented, standardized and integrated into all processes for the organization. 4 5 Managed: Detailed measures of the process and its outputs are collected, quantitatively understood and controlled. Optimizing: Continuous process improvement is enabled by quantitative feedback from the processes. Reactive Proactive ManualAutomated Initial: Process is ad hoc, even chaotic. Few processes are defined, and success depends on individual effort and heroics. Repeatable: Basic project management processes are established, and process discipline is in place to repeat earlier successes. 1 2 3
11© 2015 IBM Corporation Desired states and critical gaps can then be determined and actions prioritized to address and close them Determine critical gaps and prioritize actions Inform prioritized action plans and strategic roadmaps Security posture reviews and maturity gap analyses 1 2 3
12 © 2014 IBM Corporation The 10 Essential practices
13© 2015 IBM Corporation Essential practice 1 Essential practice 2 Essential practices 1 and 2 Build a risk aware culture and management system !  Management of IT and security risk across the company !  Risk process identification and remediation !  Communication and education !  Policies, measurements and tools Establish intelligent security operations and rapid threat response !  Incident management and response !  Incident handling policy and process !  Security intelligence and forensic tooling !  Security Information Event Management (SIEM) !  Security operations roles and responsibilities
14© 2015 IBM Corporation Essential practice 3 Essential practice 4 Essential practices 3 and 4 Secure collaboration in social and mobile workplace !  BYOD1 and social media !  Business and personal data segmentation !  Secure end-user computing platforms !  Endpoint security across all workstations, laptops and smart devices !  Business, client and personal data isolation and protection Develop secure products, by design !  SDLC2 security policy and governance !  Embedded security in the design process !  Ethical hacking and penetration testing of applications !  Implement secure interfaces and COTS3 solutions
15© 2015 IBM Corporation Essential practice 5 Essential practice 6 Essential practices 5 and 6 Manage IT hygienically !  IT infrastructure components inventory !  Retiring legacy components !  Routine health checks !  Data integration compliance !  Patch management compliance !  Scanning and compliance testing functions Create a security-rich and resilient network !  Network threat protection !  Malicious network activity detection !  Filtering, logging, monitoring and advanced analytics solutions !  Network infrastructure optimization
16© 2015 IBM Corporation Essential practice 7 Essential practice 8 Essential practices 7 and 8 Address security complexity of cloud and virtualization !  Better secure cloud services !  Security controls of cloud providers !  Vulnerabilities of cloud architecture, policies and practices !  Defined cloud security objectives Manage third-party security compliance !  M&A1, joint ventures, divestitures !  3rd-party vendors’ risk policies and practices !  Education on 3rd-party compliance policies and processes !  Education on incident handling and reporting
17© 2015 IBM Corporation Essential practice 9 Essential practice 10 Essential practices 9 and 10 Assure data security and privacy !  Data classification !  Data protection and privacy strategy and technologies !  Data loss prevention !  Data management architecture !  Data security policy and governance Manage the digital identity lifecycle !  Identity and access management !  Standard, policy based control mechanisms !  Intelligent monitoring !  Separation of duties management !  Single-sign-on
18© 2015 IBM Corporation Bank enhances compliance and security posture Client requirements: The bank needed to ensure compliance with the central bank of the Netherlands and increase control and visibility of its security posture. Top priorities were to enhance intrusion prevention logging and monitoring capabilities, to verify the effectiveness of system investments, and to develop a strong partnership with a managed security services provider. Solution: To meet the bank’s solution requirements, IBM provided managed security services through which the bank was able to comply with its security policies and regulatory mandates. Outsourcing its logging and monitoring tasks provided increased control and visibility over the client’s security posture. Benefits: •  Helps achieve compliance with regulatory requirements •  Increases control and visibility over security posture •  Provides enhanced capability to solve complex or ongoing security challenges with help from IBM security experts Industry: Banking Location: The Netherlands Solutions and Services provided: Software: •  IBM Security QRadar SIEM •  IBM Security Network Intrusion Prevention System •  IBM Security Network Protection Services: •  IBM Managed Security Services We have helped clients across industries implement the Essential Practices
19© 2015 IBM Corporation IBM Can help clients design more effective IT risk and security organizations Automated IT Risk Management Services Security Strategy and Planning Services Risk & Compliance Management Services SAP Security Services Critical Infrastructure Security Services IBM Security Strategy, Risk and Compliance Services Help clients increase risk visibility, streamline compliance reporting and reduce cost of ongoing management Provide a methodical and efficient approach to a client’s security program to help reduce time, cost and resources needed to plan and deploy a comprehensive strategy Bring “big picture” approach to assessing and managing risks across variety of regulatory requirements Increase client’s security across their ERP infrastructure and data by assessing the vulnerabilities and compliance risks Enable clients who use industrial control systems (ICS) to better operate their critical infrastructure, and helps protect the infrastructure from cyber threats Cloud Security Strategy Consulting Define the client’s cloud initiatives and goals, identifies associated security and privacy risks while assessing cloud computing scenarios and outlining risk mitigation strategies
Next steps Download the Interactive Whitepaper – ABCs of Security Strategy Visit ibm.com/services/security to learn how IBM Security Services can help protect your organization Visit: YouTube HERE to watch the 10 Essential Practices Video Series -
21© 2015 IBM Corporation 133 countries where IBM delivers managed security services 20 industry analyst reports rank IBM Security as a LEADER TOP 3 enterprise security software vendor in total revenue 10K clients protected including… 24 of the top 33 banks in Japan, North America, and Australia Learn more about IBM Security Visit our web page IBM.com/Security Watch our videos IBM Security YouTube Channel View upcoming webinars & blogs SecurityIntelligence.com Follow us on Twitter @ibmsecurity
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security

Recommended

Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business
Symantec
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 

Recommended

Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business
Symantec
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
xKinAnx
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
Antonio Fontes
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
newbie2019
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
Jim Fenton
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
Haris Chughtai
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
April Mardock CISSP
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
Modernform annual report 2013
Modernform annual report 2013Modernform annual report 2013
Modernform annual report 2013
pongsak_k
 
E-Zine-Vol-2-10th-edition_1
E-Zine-Vol-2-10th-edition_1E-Zine-Vol-2-10th-edition_1
E-Zine-Vol-2-10th-edition_1Kunal Patel
 

More Related Content

What's hot

Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
xKinAnx
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
Antonio Fontes
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
newbie2019
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
Jim Fenton
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
Haris Chughtai
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
April Mardock CISSP
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 

What's hot (20)

Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 

Viewers also liked

Modernform annual report 2013
Modernform annual report 2013Modernform annual report 2013
Modernform annual report 2013
pongsak_k
 
E-Zine-Vol-2-10th-edition_1
E-Zine-Vol-2-10th-edition_1E-Zine-Vol-2-10th-edition_1
E-Zine-Vol-2-10th-edition_1Kunal Patel
 
Disney Data & Analytics Conference
Disney Data & Analytics ConferenceDisney Data & Analytics Conference
Disney Data & Analytics Conference
chad_engelgau
 
05 professional practice
05 professional practice05 professional practice
05 professional practice
Sulman Ahmed
 
คำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆ
คำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆคำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆ
คำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆkvlovelove
 
How to write a reflective essay
How to write a reflective essayHow to write a reflective essay
How to write a reflective essay
Barbara Nicolls
 

Viewers also liked (6)

Modernform annual report 2013
Modernform annual report 2013Modernform annual report 2013
Modernform annual report 2013
 
E-Zine-Vol-2-10th-edition_1
E-Zine-Vol-2-10th-edition_1E-Zine-Vol-2-10th-edition_1
E-Zine-Vol-2-10th-edition_1
 
Disney Data & Analytics Conference
Disney Data & Analytics ConferenceDisney Data & Analytics Conference
Disney Data & Analytics Conference
 
05 professional practice
05 professional practice05 professional practice
05 professional practice
 
คำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆ
คำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆคำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆ
คำถามสัมภาษณ์ที่โดนอาจารย์แก้ๆๆๆ
 
How to write a reflective essay
How to write a reflective essayHow to write a reflective essay
How to write a reflective essay
 

Similar to 10 Security Essentials Every CxO Should Know

Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
xband
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
IBM Sverige
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
Prime Infoserv
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
Metaorange
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
Metaorange
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
John Palfreyman
 
Holistic Resilience
Holistic ResilienceHolistic Resilience
Holistic Resilience
Continuity and Resilience
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
SurfWatch Labs
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
Camilo Fandiño Gómez
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
Accenture Operations
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
SurfWatch Labs
 

Similar to 10 Security Essentials Every CxO Should Know (20)

Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
Holistic Resilience
Holistic ResilienceHolistic Resilience
Holistic Resilience
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
IBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
IBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Recently uploaded

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

10 Security Essentials Every CxO Should Know

  • 1. © 2015 IBM Corporation Glen Holland Privacy and Security Consultant IBM Security Wendy Terrien Senior Product Manager IBM Security Services 10 Security Essentials Every CxO Should Know
  • 2. 2© 2015 IBM Corporation2 Today’s panelists Wendy Terrien Senior Product Manager IBM Security Email: wbterrie@us.ibm.com Glenn Holland IBM Security and Privacy Consultant IBM Security Email: glen.r.Holland@us.ibm.com
  • 3. 3© 2015 IBM Corporation Agenda Welcome and Intros Market Landscape Security Program Essentials: The 10 Best Practices How IBM Can Help Q+A
  • 4. 4© 2015 IBM Corporation Security is a board room discussion, and security leaders are more accountable than ever before Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
  • 5. 5© 2015 IBM Corporation What is happening in the threat landscape - the challenges of keeping up with a perpetually evolving cyber security environment. 61% data theft and cybercrime are the greatest threats to their reputation of organizations say Average data breach in the US cost $6.5million 2015 Cost of Data Breach Study: Global Analysis Ponemon Institute 2012 IBM Global Reputational Risk & IT Study 80% of enterprises have difficulty finding the security skills they need tools from vendors 85 45 IBM client example 2013 Forrester Consulting, “Surviving the Technical Security Skills Crisis” 70% 11.6M 2013 IBM CISO Survey IBM X-Force® Threat Intelligence Quarterly 1Q 2015 Mobile malware is affecting of security execs are concerned about cloud and mobile security mobile devices
  • 6. 6© 2015 IBM Corporation6 For the average client, IBM filters 81,342,747 security events to identify the 109 security incidents that can potentially do harm. Annual security events, attacks and incidents 2013 2014 109 Incidents 18,856 Attacks 91,765,453 Events 109 Incidents 12,017 Attacks 81,342,747 Events .91% incident- to-attack ratio .65% incident- to-attack ratio Incident Attack serious enough to warrant deeper investigation Attack Malicious activity attempting to collect, disrupt or destroy information or system resources Event Activity on a system or network detected by a security device or application *IBM 2015 Cyber Security Intelligence Index
  • 7. 7© 2015 IBM Corporation Understanding the essential practices is critical to creating a more effective and actionable security leadership capability An effective and actionable security leadership capability informs critical business decisions. How do I automate and integrate to provide actionable intelligence? What security capabilities do I need to help better manage risk, protect competitiveness, support new business models, and better manage compliance? What are current exposures, and what risks should the business address? What security roadmap will help my business grow and operate safely, now and in the future? How do I effectively communicate security? Am I allocating resources and governing to the right issues?
  • 8. 8© 2015 IBM Corporation Key imperatives can help you understand and address these threats, and protect the business 1 Understand security essentials 2 Assess security maturity 3 Determine critical gaps and prioritize actions
  • 9. 9© 2015 IBM Corporation 10 Manage the digital identity lifecycle 8 Manage third- party security compliance 7 Address security complexity of cloud and virtualization 3 Secure collaboration in social and mobile workplace 6 Create a security-rich and resilient network Based on extensive experience, IBM has outlined 10 essential practices for a stronger security posture 9 Assure data security and privacy 5 Manage IT hygienically 4 Develop security- rich products, by design 2 Establish intelligent security operations and rapid threat response 1 Build a risk-aware culture and management system Understand security essentials 1 2 3
  • 10. 10© 2015 IBM Corporation We can leverage this knowledge base with a maturity model to assess your company versus best practices Assess security maturity Capability maturity model (CMM) 1 2 3 Defined: Processes are documented, standardized and integrated into all processes for the organization. 4 5 Managed: Detailed measures of the process and its outputs are collected, quantitatively understood and controlled. Optimizing: Continuous process improvement is enabled by quantitative feedback from the processes. Reactive Proactive ManualAutomated Initial: Process is ad hoc, even chaotic. Few processes are defined, and success depends on individual effort and heroics. Repeatable: Basic project management processes are established, and process discipline is in place to repeat earlier successes. 1 2 3
  • 11. 11© 2015 IBM Corporation Desired states and critical gaps can then be determined and actions prioritized to address and close them Determine critical gaps and prioritize actions Inform prioritized action plans and strategic roadmaps Security posture reviews and maturity gap analyses 1 2 3
  • 12. 12 © 2014 IBM Corporation The 10 Essential practices
  • 13. 13© 2015 IBM Corporation Essential practice 1 Essential practice 2 Essential practices 1 and 2 Build a risk aware culture and management system !  Management of IT and security risk across the company !  Risk process identification and remediation !  Communication and education !  Policies, measurements and tools Establish intelligent security operations and rapid threat response !  Incident management and response !  Incident handling policy and process !  Security intelligence and forensic tooling !  Security Information Event Management (SIEM) !  Security operations roles and responsibilities
  • 14. 14© 2015 IBM Corporation Essential practice 3 Essential practice 4 Essential practices 3 and 4 Secure collaboration in social and mobile workplace !  BYOD1 and social media !  Business and personal data segmentation !  Secure end-user computing platforms !  Endpoint security across all workstations, laptops and smart devices !  Business, client and personal data isolation and protection Develop secure products, by design !  SDLC2 security policy and governance !  Embedded security in the design process !  Ethical hacking and penetration testing of applications !  Implement secure interfaces and COTS3 solutions
  • 15. 15© 2015 IBM Corporation Essential practice 5 Essential practice 6 Essential practices 5 and 6 Manage IT hygienically !  IT infrastructure components inventory !  Retiring legacy components !  Routine health checks !  Data integration compliance !  Patch management compliance !  Scanning and compliance testing functions Create a security-rich and resilient network !  Network threat protection !  Malicious network activity detection !  Filtering, logging, monitoring and advanced analytics solutions !  Network infrastructure optimization
  • 16. 16© 2015 IBM Corporation Essential practice 7 Essential practice 8 Essential practices 7 and 8 Address security complexity of cloud and virtualization !  Better secure cloud services !  Security controls of cloud providers !  Vulnerabilities of cloud architecture, policies and practices !  Defined cloud security objectives Manage third-party security compliance !  M&A1, joint ventures, divestitures !  3rd-party vendors’ risk policies and practices !  Education on 3rd-party compliance policies and processes !  Education on incident handling and reporting
  • 17. 17© 2015 IBM Corporation Essential practice 9 Essential practice 10 Essential practices 9 and 10 Assure data security and privacy !  Data classification !  Data protection and privacy strategy and technologies !  Data loss prevention !  Data management architecture !  Data security policy and governance Manage the digital identity lifecycle !  Identity and access management !  Standard, policy based control mechanisms !  Intelligent monitoring !  Separation of duties management !  Single-sign-on
  • 18. 18© 2015 IBM Corporation Bank enhances compliance and security posture Client requirements: The bank needed to ensure compliance with the central bank of the Netherlands and increase control and visibility of its security posture. Top priorities were to enhance intrusion prevention logging and monitoring capabilities, to verify the effectiveness of system investments, and to develop a strong partnership with a managed security services provider. Solution: To meet the bank’s solution requirements, IBM provided managed security services through which the bank was able to comply with its security policies and regulatory mandates. Outsourcing its logging and monitoring tasks provided increased control and visibility over the client’s security posture. Benefits: •  Helps achieve compliance with regulatory requirements •  Increases control and visibility over security posture •  Provides enhanced capability to solve complex or ongoing security challenges with help from IBM security experts Industry: Banking Location: The Netherlands Solutions and Services provided: Software: •  IBM Security QRadar SIEM •  IBM Security Network Intrusion Prevention System •  IBM Security Network Protection Services: •  IBM Managed Security Services We have helped clients across industries implement the Essential Practices
  • 19. 19© 2015 IBM Corporation IBM Can help clients design more effective IT risk and security organizations Automated IT Risk Management Services Security Strategy and Planning Services Risk & Compliance Management Services SAP Security Services Critical Infrastructure Security Services IBM Security Strategy, Risk and Compliance Services Help clients increase risk visibility, streamline compliance reporting and reduce cost of ongoing management Provide a methodical and efficient approach to a client’s security program to help reduce time, cost and resources needed to plan and deploy a comprehensive strategy Bring “big picture” approach to assessing and managing risks across variety of regulatory requirements Increase client’s security across their ERP infrastructure and data by assessing the vulnerabilities and compliance risks Enable clients who use industrial control systems (ICS) to better operate their critical infrastructure, and helps protect the infrastructure from cyber threats Cloud Security Strategy Consulting Define the client’s cloud initiatives and goals, identifies associated security and privacy risks while assessing cloud computing scenarios and outlining risk mitigation strategies
  • 20. Next steps Download the Interactive Whitepaper – ABCs of Security Strategy Visit ibm.com/services/security to learn how IBM Security Services can help protect your organization Visit: YouTube HERE to watch the 10 Essential Practices Video Series -
  • 21. 21© 2015 IBM Corporation 133 countries where IBM delivers managed security services 20 industry analyst reports rank IBM Security as a LEADER TOP 3 enterprise security software vendor in total revenue 10K clients protected including… 24 of the top 33 banks in Japan, North America, and Australia Learn more about IBM Security Visit our web page IBM.com/Security Watch our videos IBM Security YouTube Channel View upcoming webinars & blogs SecurityIntelligence.com Follow us on Twitter @ibmsecurity
  • 22. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security