Uploaded byjapijapi
PPTX, PDF129 views

Aalto cyber-10.4.18

This document discusses digital security and the challenges of securing systems in a changing technological landscape. It notes that terminology around information, cyber, and digital security can be confusing, and that security requirements need to be defined on a case-by-case basis. It emphasizes that security risks will continue to increase as digitalization accelerates, and that security professionals must adapt to embrace changes like cloud computing, IoT, and new technologies. The document concludes that data and trust are key currencies, that security enables digitalization when done well, and that effective security requires balancing risks with opportunities through good design principles and lifelong learning.

Embed presentation

Download to read offline
Public Digital Security Aalto University 10.4.2018 Jari Pirhonen Chief Security Officer Tieto Corporation
© Tieto Corporation Public JaPi 2018  Drivers of security  Terminology soup  No risk, no glory  User is the king, code is the law  Jack of all trades, master of none Topics
© Tieto Corporation Public JaPi 2018 Why cars have brakes?
© Tieto Corporation Public JaPi 2018 Speed is nothing without control
© Tieto Corporation Public JaPi 2018 WANT  Enable business, trust, quality, 24/7 MUST  Regulation, compliance FEAR  Risks, sanctions, emergencies, attacks Security drivers
© Tieto Corporation Public JaPi 2018 ICT security refers to technical countermeasures to protect data, IT-systems and networks. Focus on technical solutions, technical skills and security products. Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Focus on protecting organization’s people, information, processes, services and brand. Cybersecurity concentrates on critical infrastructure, interconnectivity and citizens. Focus on assuring the security of whole networked society. Digital security emphasize security implications because of digitalization, automatisation, connectivity and IoT. Focus on security’s adaptation on change and new technology. Terminology- my view Sense of security Resilience Trustworthiness Provability Understandability Safety Privacy Auditability Denialibility Traceability Confidentiality Integrity Availability
© Tieto Corporation Public JaPi 2018 The Standard of Good Practice for Information Security 2018 Categories 1. Security Governance 2. Information Risk Assessment 3. Security Management 4. People Management 5. Information Management 6. Physical Asset Management 7. System Development 8. Business Application Management 9. System Access 10. System Management 11. Networks and Communications 12. Supply Chain Management 13. Technical Security Management 14. Threat and Incident Management 15. Local Environment Management 16. Business Continuity 17. Security Monitoring and Improvement 17 Categories  34 Areas  131 Topics  Controls
© Tieto Corporation Public JaPi 2018 • Digitalization means change in people behavior, business models and market dynamics as enabled by technology • Requirements: Speed, experimentation, data, understanding users, ICT, right skills and security. • Cloud, mobile, Internet of Things (IoT), Industrical Control Systems (ICS), Robotic Process Automation, Artifical Intelligence, Application Programming Interface (API), Blockchain, Drones,…  Security professionals must adapt on agility, insecurity, risk tolerance, openness, user oriented approach and continuous change. Embrace the change!
© Tieto Corporation Public JaPi 2018 Security risks will increase for a while…
© Tieto Corporation Public JaPi 2018 Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 2005 2007 2009 2011 2013 2015 2017 2015 2016 2017
© Tieto Corporation Public JaPi 2018 Source: Motherboard
© Tieto Corporation Public JaPi 2018 Source: The Verge
© Tieto Corporation Public JaPi 2018 Physical protection Security cameras Trusted employees Access control Activity monitoring Security zones Incident management Alarm systems A bank
© Tieto Corporation Public JaPi 2018 Physical protection Security cameras Trusted employees Access control Activity monitoring Security zones Incident management Encryption DDoS-protection Firewalls, IDS/IPS Log management, audit trail Hardened systems, patching Secure applications Strong authentication Secure datacenter facilities Incident management Backups Secure architecture Alarm systems Highly-available systems System and change management An online bank
© Tieto Corporation Public JaPi 2018 Code is Law • Money  bits • Wallet  code • Payment  protocol • Transaction  data transfer • Bank account  database • Bank  application • Customer service  algorithm • Bank clerk robot Software security is a must!
© Tieto Corporation Public JaPi 2018 Design secure services Infrastructure controls Service controls Individual controls Process controls User / Customer Start here Know your assets, good architecture, State-of-the-art security technology Update, verify, assure. Test from attackers perspective. Monitor and response. Set your baseline. Add an extra layer of controls to your customer to choose from. Compensate extra controls usage – that will motivate to have better security. Find the weak spots of business processes – that’s what fraudsters will do. Think holistically, and do not forget side channels. Treat your “users” as customers. Step into service as you would use it. Think what would enhance confidence. Source: PWC
© Tieto Corporation Public JaPi 2018 Digital security expert? Source: http://www.cyberdegrees.org/ Manage Design Implement Evaluate
© Tieto Corporation Public JaPi 2018  Data and trust are the currencies of digital world. Security is an enabler of digitalization. Don’t be a naysayer.  Don’t let terminology to confuse you. Define security requirements for each case.  Security is risk management. Balance risks with opportunities.  Security must be built in to the applications. Design applications considering human behavior and flaws.  Security requires lifelong learning. Theory and principles last, technology changes. Takeaways

More Related Content

PDF
Total Digital Security Introduction 4.2
byBrad Deflin
 
PPTX
Maloney slides
byOnkar Sule
 
PPTX
Cybersecurity in the Era of IoT
byAmy Daly
 
PPT
Compliance Awareness
byDinesh O Bareja
 
PPTX
IT compliance
byPhan Vuong
 
PPTX
netwealth and Sense Of Security webinar: What you need to know about cyber se...
bynetwealthInvest
 
PDF
Information Security Management Education Program - Concept Document
byDinesh O Bareja
 
PDF
CyberSecurity_for_the_IoT
byAbdullahi Arabo Jr (MEng, MBCS, PhD)
 
Total Digital Security Introduction 4.2
byBrad Deflin
 
Maloney slides
byOnkar Sule
 
Cybersecurity in the Era of IoT
byAmy Daly
 
Compliance Awareness
byDinesh O Bareja
 
IT compliance
byPhan Vuong
 
netwealth and Sense Of Security webinar: What you need to know about cyber se...
bynetwealthInvest
 
Information Security Management Education Program - Concept Document
byDinesh O Bareja
 
CyberSecurity_for_the_IoT
byAbdullahi Arabo Jr (MEng, MBCS, PhD)
 

What's hot

PPTX
Leveraging Identity to Manage Change and Complexity
byNetIQ
 
PDF
Looking into the future of security
bySouthern Cross Group Services
 
PDF
2014 the future evolution of cybersecurity
byMatthew Rosenquist
 
PPT
Security solutions for a smarter planet
byVincent Kwon
 
PDF
Information Security It's All About Compliance
byDinesh O Bareja
 
PDF
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
byNicolas Beyer
 
PDF
Mobile security blunders and what you can do about them
byBen Rothke
 
PPTX
Internet & iot security
byUsman Anjum
 
PDF
The Future of Cyber Security - Matthew Rosenquist
byMatthew Rosenquist
 
PDF
SMi Group's Oil & Gas Cyber Security conference & exhibition
byDale Butler
 
PDF
Security Awareness
byDinesh O Bareja
 
PPT
Maloney Slides
byecommerce
 
PDF
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
byEryk Budi Pratama
 
PDF
3 ways to secure your law firm’s information and reputation
byNikec Solutions
 
PPTX
How to protect energy distribution for millions of people against cyber attac...
byTI Safe
 
Leveraging Identity to Manage Change and Complexity
byNetIQ
 
Looking into the future of security
bySouthern Cross Group Services
 
2014 the future evolution of cybersecurity
byMatthew Rosenquist
 
Security solutions for a smarter planet
byVincent Kwon
 
Information Security It's All About Compliance
byDinesh O Bareja
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
byNicolas Beyer
 
Mobile security blunders and what you can do about them
byBen Rothke
 
Internet & iot security
byUsman Anjum
 
The Future of Cyber Security - Matthew Rosenquist
byMatthew Rosenquist
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
byDale Butler
 
Security Awareness
byDinesh O Bareja
 
Maloney Slides
byecommerce
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
byEryk Budi Pratama
 
3 ways to secure your law firm’s information and reputation
byNikec Solutions
 
How to protect energy distribution for millions of people against cyber attac...
byTI Safe
 

Similar to Aalto cyber-10.4.18

PDF
Reality of cybersecurity 11.4.2017
byjapijapi
 
PDF
Isse 2011 Securing Electronic Business Processes Highlights Of The Informatio...
bysvmpbrvp093
 
PPTX
Cyber Tekes Safety and Security programme 2013
byTurvallisuus2013
 
PPTX
Security and control in mis
byGurjit
 
PPT
Information Technology Security Basics
byMohan Jadhav
 
PDF
(eBook PDF) Information Security: Principles and Practices 2nd Edition
byrrnohojhxx852
 
PDF
Cybersecurity and continuous intelligence
byNISIInstituut
 
PPT
Dr K Subramanian
byeletseditorial
 
PDF
Data+Security+Masterclass Presentation.pdf
byckurt9676
 
PPTX
A practical data privacy and security approach to ffiec, gdpr and ccpa
byUlf Mattsson
 
PPTX
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
PPTX
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
PDF
Cyber security general perspective a
bymarukanda
 
PPTX
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
byRishi Singh
 
PDF
Introduction to Cybersecurity
byKrutarth Vasavada
 
DOCX
Unit-4 cyber security new tools and methods
byshivangisharma636228
 
PPTX
crisc_wk_5.pptx
bydotco
 
PDF
Cyber Security and Data Privacy - presentation
bynoorebrahim2002
 
PDF
Cyber security notes or Mca/bca about security
byrahulsinghvi13
 
Reality of cybersecurity 11.4.2017
byjapijapi
 
Isse 2011 Securing Electronic Business Processes Highlights Of The Informatio...
bysvmpbrvp093
 
Cyber Tekes Safety and Security programme 2013
byTurvallisuus2013
 
Security and control in mis
byGurjit
 
Information Technology Security Basics
byMohan Jadhav
 
(eBook PDF) Information Security: Principles and Practices 2nd Edition
byrrnohojhxx852
 
Cybersecurity and continuous intelligence
byNISIInstituut
 
Dr K Subramanian
byeletseditorial
 
Data+Security+Masterclass Presentation.pdf
byckurt9676
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
byUlf Mattsson
 
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
Cyber security general perspective a
bymarukanda
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
byRishi Singh
 
Introduction to Cybersecurity
byKrutarth Vasavada
 
Unit-4 cyber security new tools and methods
byshivangisharma636228
 
crisc_wk_5.pptx
bydotco
 
Cyber Security and Data Privacy - presentation
bynoorebrahim2002
 
Cyber security notes or Mca/bca about security
byrahulsinghvi13
 

More from japijapi

PDF
Map of security related EU legislations.
byjapijapi
 
PDF
Palveluntarjoajan tietoturvakyvykkyyden varmistaminen-22.10.24.pdf
byjapijapi
 
PDF
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
byjapijapi
 
PDF
Tietoturvakatsaus 2022
byjapijapi
 
PDF
Management Events kybervoimavara 16.2.22.pdf
byjapijapi
 
PDF
EK kyberosaaminen 26.1.22
byjapijapi
 
PDF
Kyberosaaja 17.5.21
byjapijapi
 
PDF
Cybersecurity skills-gap 2021
byjapijapi
 
PDF
TTRY etatyon tietoturva_28.5.20
byjapijapi
 
PDF
Aalto PRO turvallisuus 2.0
byjapijapi
 
PDF
Cybersecurity skills gap 2020
byjapijapi
 
PDF
Digiturva sovellusturva-11.2.19
byjapijapi
 
PDF
Tieturi-internet-ohjelmointi-1998
byjapijapi
 
PDF
Digiturva17 sovellusturva-16.10.17
byjapijapi
 
PDF
Digitaalinen turvallisuus muuttuvassa ympäristössä
byjapijapi
 
PPTX
Samlink-sd-drinks-10.2.15
byjapijapi
 
PPTX
Kokemuksia tietoturvallisuuden johtamisesta
byjapijapi
 
PPT
Turvallisuus- ja yritysjohdon yhteistyö
byjapijapi
 
PPT
Talentum palvelujen-tietoturva-12.6.13
byjapijapi
 
PPT
Finanssialan tietoturvakatsaus 8.5.13
byjapijapi
 
Map of security related EU legislations.
byjapijapi
 
Palveluntarjoajan tietoturvakyvykkyyden varmistaminen-22.10.24.pdf
byjapijapi
 
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
byjapijapi
 
Tietoturvakatsaus 2022
byjapijapi
 
Management Events kybervoimavara 16.2.22.pdf
byjapijapi
 
EK kyberosaaminen 26.1.22
byjapijapi
 
Kyberosaaja 17.5.21
byjapijapi
 
Cybersecurity skills-gap 2021
byjapijapi
 
TTRY etatyon tietoturva_28.5.20
byjapijapi
 
Aalto PRO turvallisuus 2.0
byjapijapi
 
Cybersecurity skills gap 2020
byjapijapi
 
Digiturva sovellusturva-11.2.19
byjapijapi
 
Tieturi-internet-ohjelmointi-1998
byjapijapi
 
Digiturva17 sovellusturva-16.10.17
byjapijapi
 
Digitaalinen turvallisuus muuttuvassa ympäristössä
byjapijapi
 
Samlink-sd-drinks-10.2.15
byjapijapi
 
Kokemuksia tietoturvallisuuden johtamisesta
byjapijapi
 
Turvallisuus- ja yritysjohdon yhteistyö
byjapijapi
 
Talentum palvelujen-tietoturva-12.6.13
byjapijapi
 
Finanssialan tietoturvakatsaus 8.5.13
byjapijapi
 

Recently uploaded

PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
API-First Architecture in Financial Systems
bycyy111112
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 

Aalto cyber-10.4.18

  • 1.
    Public Digital Security Aalto University 10.4.2018 JariPirhonen Chief Security Officer Tieto Corporation
  • 2.
    © Tieto Corporation Public JaPi2018  Drivers of security  Terminology soup  No risk, no glory  User is the king, code is the law  Jack of all trades, master of none Topics
  • 3.
    © Tieto Corporation Public JaPi2018 Why cars have brakes?
  • 4.
    © Tieto Corporation Public JaPi2018 Speed is nothing without control
  • 5.
    © Tieto Corporation Public JaPi2018 WANT  Enable business, trust, quality, 24/7 MUST  Regulation, compliance FEAR  Risks, sanctions, emergencies, attacks Security drivers
  • 6.
    © Tieto Corporation Public JaPi2018 ICT security refers to technical countermeasures to protect data, IT-systems and networks. Focus on technical solutions, technical skills and security products. Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Focus on protecting organization’s people, information, processes, services and brand. Cybersecurity concentrates on critical infrastructure, interconnectivity and citizens. Focus on assuring the security of whole networked society. Digital security emphasize security implications because of digitalization, automatisation, connectivity and IoT. Focus on security’s adaptation on change and new technology. Terminology- my view Sense of security Resilience Trustworthiness Provability Understandability Safety Privacy Auditability Denialibility Traceability Confidentiality Integrity Availability
  • 7.
    © Tieto Corporation Public JaPi2018 The Standard of Good Practice for Information Security 2018 Categories 1. Security Governance 2. Information Risk Assessment 3. Security Management 4. People Management 5. Information Management 6. Physical Asset Management 7. System Development 8. Business Application Management 9. System Access 10. System Management 11. Networks and Communications 12. Supply Chain Management 13. Technical Security Management 14. Threat and Incident Management 15. Local Environment Management 16. Business Continuity 17. Security Monitoring and Improvement 17 Categories  34 Areas  131 Topics  Controls
  • 8.
    © Tieto Corporation Public JaPi2018 • Digitalization means change in people behavior, business models and market dynamics as enabled by technology • Requirements: Speed, experimentation, data, understanding users, ICT, right skills and security. • Cloud, mobile, Internet of Things (IoT), Industrical Control Systems (ICS), Robotic Process Automation, Artifical Intelligence, Application Programming Interface (API), Blockchain, Drones,…  Security professionals must adapt on agility, insecurity, risk tolerance, openness, user oriented approach and continuous change. Embrace the change!
  • 9.
    © Tieto Corporation Public JaPi2018 Security risks will increase for a while…
  • 10.
    © Tieto Corporation Public JaPi2018 Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 2005 2007 2009 2011 2013 2015 2017 2015 2016 2017
  • 11.
    © Tieto Corporation Public JaPi2018 Source: Motherboard
  • 12.
    © Tieto Corporation Public JaPi2018 Source: The Verge
  • 13.
    © Tieto Corporation Public JaPi2018 Physical protection Security cameras Trusted employees Access control Activity monitoring Security zones Incident management Alarm systems A bank
  • 14.
    © Tieto Corporation Public JaPi2018 Physical protection Security cameras Trusted employees Access control Activity monitoring Security zones Incident management Encryption DDoS-protection Firewalls, IDS/IPS Log management, audit trail Hardened systems, patching Secure applications Strong authentication Secure datacenter facilities Incident management Backups Secure architecture Alarm systems Highly-available systems System and change management An online bank
  • 15.
    © Tieto Corporation Public JaPi2018 Code is Law • Money  bits • Wallet  code • Payment  protocol • Transaction  data transfer • Bank account  database • Bank  application • Customer service  algorithm • Bank clerk robot Software security is a must!
  • 16.
    © Tieto Corporation Public JaPi2018 Design secure services Infrastructure controls Service controls Individual controls Process controls User / Customer Start here Know your assets, good architecture, State-of-the-art security technology Update, verify, assure. Test from attackers perspective. Monitor and response. Set your baseline. Add an extra layer of controls to your customer to choose from. Compensate extra controls usage – that will motivate to have better security. Find the weak spots of business processes – that’s what fraudsters will do. Think holistically, and do not forget side channels. Treat your “users” as customers. Step into service as you would use it. Think what would enhance confidence. Source: PWC
  • 17.
    © Tieto Corporation Public JaPi2018 Digital security expert? Source: http://www.cyberdegrees.org/ Manage Design Implement Evaluate
  • 18.
    © Tieto Corporation Public JaPi2018  Data and trust are the currencies of digital world. Security is an enabler of digitalization. Don’t be a naysayer.  Don’t let terminology to confuse you. Define security requirements for each case.  Security is risk management. Balance risks with opportunities.  Security must be built in to the applications. Design applications considering human behavior and flaws.  Security requires lifelong learning. Theory and principles last, technology changes. Takeaways

Editor's Notes

  • #12 Knight Capital Group 440M$ in 45 min
  • #13 Knight Capital Group 440M$ in 45 min