Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
The cybersecurity industry needs more people with greater diversity to fill the growing number of open positions. Intel is very active with internal corporate diversity efforts, establishing strong pipelines, and investing in diverse partners. Additionally, Intel is contributing to the formalization of cyber science degree standards to align educational programs to market demands.
The Cloud is both compelling and alluring, offering benefits that entice many organizations into rapid adoption. But caution should be taken. Leveraging cloud technologies can offer tremendous opportunities, with the caveat of potentially introducing new security problems and business risks. Presented are strategic recommendations for cloud adoption to a community of application and infrastructure developers.
Although a latecomer to the security party, HR organizations can play an important role in protecting assets and influencing good security behaviors. HR leadership can strengthen hiring practices, tighten responses for disgruntled employees, spearhead effective employee security education, advocate regulatory compliance and exemplify good privacy practices, be a good custodian of HR data, and rise to the challenges of hiring good cybersecurity professionals.
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future. The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
The cybersecurity industry needs more people with greater diversity to fill the growing number of open positions. Intel is very active with internal corporate diversity efforts, establishing strong pipelines, and investing in diverse partners. Additionally, Intel is contributing to the formalization of cyber science degree standards to align educational programs to market demands.
The Cloud is both compelling and alluring, offering benefits that entice many organizations into rapid adoption. But caution should be taken. Leveraging cloud technologies can offer tremendous opportunities, with the caveat of potentially introducing new security problems and business risks. Presented are strategic recommendations for cloud adoption to a community of application and infrastructure developers.
Although a latecomer to the security party, HR organizations can play an important role in protecting assets and influencing good security behaviors. HR leadership can strengthen hiring practices, tighten responses for disgruntled employees, spearhead effective employee security education, advocate regulatory compliance and exemplify good privacy practices, be a good custodian of HR data, and rise to the challenges of hiring good cybersecurity professionals.
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future. The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
This presentation was given at CampIT. It motivated the need for a high level of maturity of the enterprise security program, by striving for cyber resiliency.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
Considering the increased number of cyberattacks and the significant damage caused to the IT infrastructure, organizations should ensure that their efforts to secure IT operations are linked with efforts to maintain resiliency within organizations.
The webinar covers
• Cybersecurity during pandemic through statistics
• Attack trends during pandemic
• Mitigating steps to take
• Relevance of IT Disaster Recovery in the time of Cloud computing
• Achieving optimal alignment and efficiency regarding your ISMS, BCP, BIA and Risk Management efforts
• Post-pandemic cyber and privacy considerations
• BCP and pandemic scenario planning 'beyond COVID'
• How to keep your privacy policy and incident response plan actionable
• How to keep your BCP short, sharp, up-to-date and user-friendly during an actual invocation
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/0AbrywA5oic
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
This session will discuss the main cyber threats for 2019 by including security public and private sector experts. After an overview of the top cybersecurity industry predictions for the coming year, the panel will discuss effective solutions and roadmaps needed as we head into the 2020s.
Main points covered:
• What are the top cyber threats facing enterprises in 2019?
• What do the major cybersecurity vendors believe will happen in the next few years?
• What is being done to prepare for daily cyber-attacks facing enterprises?
• What projects are leading Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) implementing now?
Presenters:
Our first presenter for this session is Maria S. Thompson, State Chief Risk and Security Officer for the State of North Carolina. Maria brings to the State over 20 years of experience in Information Technology and cybersecurity. Maria’s personal honors include receiving the 2007 National Security Agency’s prestigious Rowlett Award for individual achievement in Information Assurance. Additionally, she received the 2008 Office of Secretary of Defense Certificate of Excellence for the implementation of an IA strategy for the Information Assurance Workforce. Most recently, Maria was selected as a winner of one of the 2018 Triangle Business Journal Women in Business award and State Scoop’s 50th Award State Cybersecurity Leader
The second presenter is Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.
Recorded Webinar: https://youtu.be/IHAAXQ30zBk
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data.
Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation.
The webinar covers
• Ethical Hacking
• Penetration Testing
• Differences and Similarities
• Types & Stages of Penetration Testing
• Cybersecurity
• Impact of COVID-19 on Cybersecurity
Presenters:
Carl Carpenter
Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.
In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…
Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell
Andreas Christoforides
Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.
In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.
Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.
YouTube video: https://youtu.be/cTrdBZFIFhM
Website link: https://pecb.com/
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
This session discusses the top cyber threats for 2020 world-wide, where our presenters will discuss the top security priorities in their states for cybersecurity, followed by a Q/A session at the end of the presentation.
What topics are hot for Chief Security Officers in 2020? Which cyber threats are demanding the most attention for top government cybersecurity leaders? What projects are the U.S. states of Washington and Illinois applying resources to address security priorities? Where next with privacy legislation and implementation of regulations likes the California Consumer Privacy Act (CCPA)?
The webinar covers:
• Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback
• Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020
• CISO project priorities from Washington State and the State of Illinois
• Panel discussion of privacy actions and CCPA implementation nationwide
Date: February 19, 2019
Recorded webinar: https://youtu.be/QN35YHEA_4E
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
In this presentation, Gajraj Singh, VP of Product Marketing, defines “cyberwar,” explains the implications of breaches on an organization, and shows how Tripwire addresses cybersecurity challenges.
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
Pat Pather, Chief Executive Officer at Forensic Sciences Institute, delivered a presentation on Cyber Security Unchartered: Vigilance, Innovation and Adaptability- Exploring the Depths of Cybersecurity, at Public Sector Cybersecurity Summit 2023 on the 3rd of October 2023. #PublicSec2023 #Conference #Cybersecurity #PublicSector
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
This presentation was given at CampIT. It motivated the need for a high level of maturity of the enterprise security program, by striving for cyber resiliency.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
Considering the increased number of cyberattacks and the significant damage caused to the IT infrastructure, organizations should ensure that their efforts to secure IT operations are linked with efforts to maintain resiliency within organizations.
The webinar covers
• Cybersecurity during pandemic through statistics
• Attack trends during pandemic
• Mitigating steps to take
• Relevance of IT Disaster Recovery in the time of Cloud computing
• Achieving optimal alignment and efficiency regarding your ISMS, BCP, BIA and Risk Management efforts
• Post-pandemic cyber and privacy considerations
• BCP and pandemic scenario planning 'beyond COVID'
• How to keep your privacy policy and incident response plan actionable
• How to keep your BCP short, sharp, up-to-date and user-friendly during an actual invocation
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/0AbrywA5oic
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
This session will discuss the main cyber threats for 2019 by including security public and private sector experts. After an overview of the top cybersecurity industry predictions for the coming year, the panel will discuss effective solutions and roadmaps needed as we head into the 2020s.
Main points covered:
• What are the top cyber threats facing enterprises in 2019?
• What do the major cybersecurity vendors believe will happen in the next few years?
• What is being done to prepare for daily cyber-attacks facing enterprises?
• What projects are leading Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) implementing now?
Presenters:
Our first presenter for this session is Maria S. Thompson, State Chief Risk and Security Officer for the State of North Carolina. Maria brings to the State over 20 years of experience in Information Technology and cybersecurity. Maria’s personal honors include receiving the 2007 National Security Agency’s prestigious Rowlett Award for individual achievement in Information Assurance. Additionally, she received the 2008 Office of Secretary of Defense Certificate of Excellence for the implementation of an IA strategy for the Information Assurance Workforce. Most recently, Maria was selected as a winner of one of the 2018 Triangle Business Journal Women in Business award and State Scoop’s 50th Award State Cybersecurity Leader
The second presenter is Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.
Recorded Webinar: https://youtu.be/IHAAXQ30zBk
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data.
Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation.
The webinar covers
• Ethical Hacking
• Penetration Testing
• Differences and Similarities
• Types & Stages of Penetration Testing
• Cybersecurity
• Impact of COVID-19 on Cybersecurity
Presenters:
Carl Carpenter
Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.
In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…
Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell
Andreas Christoforides
Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.
In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.
Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.
YouTube video: https://youtu.be/cTrdBZFIFhM
Website link: https://pecb.com/
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
This session discusses the top cyber threats for 2020 world-wide, where our presenters will discuss the top security priorities in their states for cybersecurity, followed by a Q/A session at the end of the presentation.
What topics are hot for Chief Security Officers in 2020? Which cyber threats are demanding the most attention for top government cybersecurity leaders? What projects are the U.S. states of Washington and Illinois applying resources to address security priorities? Where next with privacy legislation and implementation of regulations likes the California Consumer Privacy Act (CCPA)?
The webinar covers:
• Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback
• Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020
• CISO project priorities from Washington State and the State of Illinois
• Panel discussion of privacy actions and CCPA implementation nationwide
Date: February 19, 2019
Recorded webinar: https://youtu.be/QN35YHEA_4E
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
In this presentation, Gajraj Singh, VP of Product Marketing, defines “cyberwar,” explains the implications of breaches on an organization, and shows how Tripwire addresses cybersecurity challenges.
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
Pat Pather, Chief Executive Officer at Forensic Sciences Institute, delivered a presentation on Cyber Security Unchartered: Vigilance, Innovation and Adaptability- Exploring the Depths of Cybersecurity, at Public Sector Cybersecurity Summit 2023 on the 3rd of October 2023. #PublicSec2023 #Conference #Cybersecurity #PublicSector
Dive into the world of cybersecurity with our latest blog post, "Navigating the Digital Frontier: Exploring Cybersecurity and Its Lucrative Career Opportunities." 🛡️💻
In today's interconnected digital landscape, the significance of cybersecurity cannot be underestimated. Our blog takes you on a journey to understand the essence of cybersecurity - the art and science of safeguarding computer systems, networks, and data from cyber threats. Discover the pivotal role it plays in maintaining confidentiality, integrity, and availability of information in an age where technology shapes every aspect of our lives.
Are you intrigued by the idea of becoming a guardian of the digital realm? Our blog unveils the plethora of exciting career opportunities that cybersecurity offers. From cybersecurity analysts who monitor and respond to security incidents, to ethical hackers who use their skills for good, and security architects who design robust defense systems – the possibilities are as diverse as your interests.
The digital age calls for modern heroes - those who can defend against hackers, thwart data breaches, and ensure the secure transmission of information. As you read through our blog, you'll gain insights into the skills and knowledge required to thrive in this field. Explore the roles of security consultants who provide expert guidance, incident responders who act swiftly in times of crisis, and cryptographers who create secure communication methods.
Are you ready to embrace a career that not only promises personal growth but also contributes to the digital safety of our interconnected world? Join us in uncovering the dynamic world of cybersecurity and discover how you can play a crucial role in shaping a secure digital future. Read our blog now and become part of the next generation of cybersecurity experts! 🌐🔒🚀
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
Cyber Security has developed one of the biggest challenges of information technology in the present day. Cyber security consists of controlling physical access of the hardware, application, networks and protecting against harm that may come via networks. It is a mixture of processes, technologies and practices. The objective of cyber Security is to protect programs, application, networks, computers and data from attack. Moreover, various measures of cyber security is quite a very huge concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on the latest about cyber security techniques, ethics and the trends changing the face of cyber security. This paper mainly focuses on cyber Security and its fundamental elements on latest technologies. Aye Mya Sandar | Ya Min | Khin Myat Nwe Win "Fundamental Areas of Cyber Security on Latest Technology" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26550.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26550/fundamental-areas-of-cyber-security-on-latest-technology/aye-mya-sandar
This slide is a small introduction for cyber security.
What is cyber security?
Why do we need cyber security?
What are the benefits of cybersecurity?
Types of cyber security threats
How to prevent the breaches?
Some real attacks
Cybersecurity encompasses a set of practices, technologies, processes, and measures designed to protect digital systems, networks, devices, and data from cyber threats, unauthorized access, and malicious attacks.
Where data security and value of data meet in the cloud ulf mattssonUlf Mattsson
Title: Where Data Security and Data Value Meet in the Cloud
Abstract:
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
BrightTALK webinar, January 14, 2014
Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology.
Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONChristopherTHyatt
Artificial Intelligence (AI) fortifies cybersecurity by dynamically identifying and neutralizing cyber threats. With machine learning algorithms, AI analyzes patterns in real-time data, swiftly detecting anomalies and potential security breaches. This proactive approach enhances the overall defense mechanism, ensuring robust protection against evolving cyber threats in the ever-changing digital landscape.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
Improving Healthcare Risk Assessments to Maximize Security BudgetsMatthew Rosenquist
Healthcare is undergoing major changes
that are being driven by medical, consumer,
IT, and security trends. While these trends
deliver compelling benefits to healthcare
organizations, workers, and patients, they
also carry significant privacy and security
risks. Healthcare organizations are seeing an
escalation in the frequency and impact of
security compromises, driving a corresponding
increase in healthcare privacy and security
regulation at the national and local levels.
This paper looks at how healthcare organizations can better optimize and focus their
privacy and security efforts and budgets
through risk assessments designed to
identify, characterize, and address the most
serious threats and the agents behind them.
Six Scenarios How Russia May Use Nukes: Discussion of the unthinkable — The scenarios for Russia to use nuclear weapons.
Russia's war against Ukraine is raising the risks to everyone. It is not a pleasant topic, but one which we must understand for no other reason than we need to be purposeful in watching for indicators that may lead down one of these paths, so we might have the best opportunity in avoiding nuclear tyranny.
The Next Great Challenge for CISOs
I am honored to be recognized! Cybersecurity is truly a team effort at a strategic level, either we all work together or the threats will tear us down piecemeal! Every person, no matter their role, can play an important part in making digital technology trustworthy and keeping the Internet secure, private, and safe.
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsMatthew Rosenquist
The cybersecurity industry has long needed a solid foundation for academia to build consistent and effective degree programs. There has been far too much inconsistency in cybersecurity and cyber-science education. In order to prepare the next generations of cybersecurity professionals, academic standards and curriculum must be defines and implemented.
The guidelines are a leading resource of comprehensive cybersecurity curricular content for faculty members of global academic institutions seeking to develop a broad range of cybersecurity offerings at the post-secondary level.
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...Matthew Rosenquist
Cyber-attacks are an ever increasing problem that reaches out from the digital domain and into the physical world to impact the security, privacy and safety of people, businesses, and governments. The rapid growth of technology adoption and connectivity are driving new opportunities for attackers at an accelerating rate. The result is a radical shift in expectations by consumers and organizations for more comprehensive solutions, streamlined oversight, and clear accountability.
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistMatthew Rosenquist
Technology convergence across cyber and physical security is driving change. Protection will evolve to include digital security, physical safety, and personal privacy.
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...Matthew Rosenquist
As the world embraces digital services and automation of critical systems, understanding risk, attributing actions, and deciphering attack methods will be crucial to the proliferation of connected technology. Trust is key, but transparency is greatly obscured. Forensics will grow to become the verification of truth and will play an ever-increasing role in understanding responsibility and controlling the dissemination of Fear, Uncertainty, and Doubt through actuarial data. Let’s explore the new areas, challenges, and opportunities for the bright future of digital forensics
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Matthew Rosenquist
Ransomware has grown significantly in the past few years. Nobody seems immune, with many individuals and organizations falling victim. Ransomware continues to evolve and adapt while security strives to reduce the risks. This presentation takes a look at how ransomware will evolve and best practices to manage the risks. Those who have insights to the future, have a distinct advantage!
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone.
Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
APT attacks originate from people, against a specific target, for an explicit malicious purpose. Attempting to protect all assets from every type of attack is not reasonable or sustainable. Understanding the archetypes of Threat Agents is key to an effective defense. Knowing the capabilities, objectives, and most likely methods of APTs targeting your organization provides predictive insights to where prevention, detection, and response tools and processes will have maximum impact. Such analysis complements the traditional vulnerability management structures which look generically for weaknesses.
Matthew Rosenquist's Understanding APT Threat Agent Characteristics is Key to Prioritizing Risks presentation at the 2015 Global APT Defense Summit in Los Angeles. Prioritizing risks is critical for any sustainable security capability. Understanding the abilities, methods, and objectives of advanced attackers is key in identifying the most critical vulnerabilities and the proper allocation of resources to manage risks.
Matthew Rosenquist's 2015 Cybersecurity Predictions presentation to the ISACA Sacramento chapter on Feb 12th outlines the forthcoming challenges the industry is likely to face and how we can be better prepared for it. Peering into the future of cybersecurity provides valuable insights for security professionals. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Matthew Rosenquist
Intel® Cyber Security Briefing:Trends, Challenges, and Leadership Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp
In the digital world, the opportunities and risks coexist. To achieve and maintain a balanced Cyber Strategy by implementing a model of "connected security" has become a new imperative in business and society. Management can drive "cyber" leadership to create value and gain a competitive advantage in the digital world.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
7. Protecting People, Property,
and Business Assets
Limited Resources and Budgets
Seeking an Optimal Balance of
Risk and Cost
AlignedGoalsandChallenges
Security, Safety, and Privacy
10. OPERATIONAL, INDUSTRIAL,
AND VIRTUAL SYSTEMS
GOVERNANCE, TRUST,
AND OVERSIGHT SYSTEMS
DATA, INFORMATION
AND CONTROL MECHANISMS
ENDPOINTS, NETWORKS,
SERVICES, AND MACHINES
ACCES CONTROL AND
IDENTITY
SECURITY, SAFETY, AND
PRIVACY CONTROLS
The 5 most cyber-attacked
industries in 2015:
1. Healthcare
2. Manufacturing
3. Financial Services
4. Government
5. Transportation
12. Industrial
Electricity grid taken offline
National oil interest attacked
Life-safety failures at industrial
facilities
Supply chain compromises
CyberImpactingthePhysicalWorld
Transportation
Automobiles remotely controlled by
threat researchers
Airplane systems hacked by
passengers mid-flight
Undermining autonomous driving
13. Physicalsecurity
IP Camera image feeds hijacked
Biometric authentication system
fooled
Smart locks hacked
Drones as attack platforms
Privacy
Healthcare records theft
Phone conversation surveillance
Email accounts breached
Login accounts compromised
Images, video, and messages stolen
CyberImpactingthePhysicalWorld
14. ConsumerIoT
‘Smart’ home device botnets
Security and safety systems hacked
Personal and home devices
manipulated
Ransomware locking devices
Finance
SWIFT transaction manipulation
Accounting system compromises
ATM ‘Jack-potting’
Account access and siphoning
Tax and identity fraud
CyberImpactingthePhysicalWorld
15. Healthcare
Emergency care systems
Implantable device vulnerabilities
Medicine delivery systems
Remote medical care
Government
Governance/voting manipulation
Asymmetric military attacks
Malware/ransomware of agencies
Political influencing and policy
enforcement
CyberImpactingthePhysicalWorld
17. 25+Million
Applications
Connected and creating 50x
the volume of data
50-200BillionDevices
Connected to the Internet
$6trillion
Cyber-crime impact
globally by 2021
$3–$90trillion
Aggregate innovation impact of
cyber-risks
400kNew Malware/Day
575 million unique
samples of malware exist today
29countries
Have formal cyber
warfare units today
4 BillionUsersOnline
Up from 2+ billion today
50Trillion
Gigabytes
Amount of data being
created
A World of Targets with Increased Value
18. Dante'sInfernoofCybersecurityImpacts
18
Denial of Service
(Availability)
• Access of customers
• Availability of data,
systems, & services
• DDOS network attacks,
ransom-ware data
locking attacks
Data Theft
& Exposure
(Confidentiality)
• ID Theft
• Privacy
• Data Breach
• Transaction data
• Database hacks,
skimming, lost
storage, keylogging
Monitor &
Manipulate (Integrity)
• Internal-access
surveillance for
advantage
• Tamper/Manipulation
• Long-term data
gathering campaign
Security Competency
Attacker Innovation
Attacks expand over time,
increasing in severity
based upon different
technology and usages
Own & Obliterate (C/I/A)
• Administrative ownership and control
• Capability of unrecoverable obliteration
• Strategic attack, undermining of org capability
19. SecurityFutures:
19
1. Threats remain equitable to the growth and use
of technology
2. Age of massive connectivity drives opportunities
for cyber threats
3. Society expectations raise for cyber security, privacy, and safety
4. Tipping points approach: threats to life-safety, cybercrime hyper-growth,
offensive cyberwarfare
5. Pendulum swings towards more security, ultimately settles for an optimal
balance (regulatory, nation-states, technology innovators/manufacturers)
6. Emerging data, devices, and services are targeted by Threat Agents
pursuing their objectives, driven by their specific motivations
21. TheBestOrganizations
a
Seeks Optimal Risk
Risk management planning
Anticipates impacts
Balance Cost, Risk, & Usability
Adapts to shifting demands
Comprehensive Processes
Security as a continuous cycle
Continuous improvement process
Technology and Behaviors
Obstacles and Opposition
Leads into the Future
Clearly defines success
Plans for a sustainable future
Roles and accountability
Continuously adapting
21
22. An effective strategy enables
operational flexibility while
driving cost efficiency and risk
manageability
23. • The goal is to be sustainably secure
• How we operate largely defines our
capacity to handle the dynamic
nature of cyberattacks
• Adaptation to the evolving threats is
therefore a key success trait
• Establishing a comprehensive
capability process is the best way to
optimize resources for maximum
protection against loss
HowCanYouBePrepared?
Physical & Cyber
Security Capability
Process
24. ImportantConsiderations…
24
Smarter vs More
Collaboration across security
functions improving effectiveness
Better IT choices & enablement
Properly balancing the risk, cost,
and usability constraints
Expectations Drive Change
Society’s expectations shift with
pain, impact, and inconvenience
Trust will be valued, demanded
Security, privacy, and controls will
align with greater impacts
Controls Must Adapt
Innovation intersecting emerging
attacks to keep pace with attackers
Static defenses are easy to defeat
Intelligence, analysis, and actions
must feedback to improve systems
25. FutureTechnologymustbeDesignedwithSecurity
Smart Security innovation must deliver more capable solutions
to keep pace with threats
Ubiquitous Security must protect data wherever it exists or is used,
for all parties and devices across the compute landscape
Trusted Technology and security providers must be trustworthy,
in the creation and operation of their products
Strong Products and services must be hardened to resist
compromise and make security transparent to users
Open Platforms and security standards must be open to
promote collaboration and accelerate adoption
Security must be
part of the design
for future
technology. Adding
security after, is no
longer sufficient or
sustainable
25
26. • 1.5-2 million unfilled positions in 2017
• Job postings rose 91% (2010-2014)
• Leaders and engineers in highest demand
• Professional Services, Finance, Defense and
Manufacturing are leading sectors
• Finance, Healthcare, and Retail are growing
fastest
• ‘Hybrid’ jobs are increasing, contributing to
demand
CyberSeek.org – free interactive resource
sponsored by NIST, CompTIA, and NICE.
Workforcechallenges
27. OpportunitiesandRisks
27
1. Understand the exposure and risks
of connected technology
2. Staffing qualified personnel to
manage the risks
3. Follow cyber best practices
4. Lead. Before the threats gain a
significant advantage
28. Conclusions
Cyber and Physical security are converging based
upon aligned goals of security, safety, and privacy
Cyber will continue to have an ever greater impact
on the physical world
New threat vectors will emerge as advanced
technology is integrated
The rise of cyber represents risks and opportunities
Leaders with insights to the future have the best
opportunity to align resources and be prepared
29. “We manage security through
Leadership and Preparation,
otherwise we face Crisis and
Desperation”
…Areyouprepared?