SlideShare a Scribd company logo

Cyber Security: Challenges and Solutions for the Corporate

Albert Hui
Albert Hui

The document discusses challenges and solutions for corporate cyber security. It identifies increased sophistication of adversaries, regulatory compliance risks, and risks of new technologies as external challenges. Internal challenges include disparate risk functions, misaligned risk appetites, and insufficient resources. Solutions proposed are establishing a full-scoped computer security incident response team, implementing a unified compliance framework, conducting forward-looking security research, forming cross-functional risk committees, and developing security metrics. Quick wins identified are establishing a CSIRT, cross-functional risk committees, and implementing security metrics.

TechnologyBusiness
1 of 10
CYBER SECURITY: Cyber Security & FSI: Lock-Down on the Final Frontier? May 23rd 2013 @ Hong Kong Albert Hui GREM, GCFA, GCFE, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA Principal Consultant CHALLENGES AND SOLUTIONS FOR THE CORPORATE
EXTERNAL CHALLENGES Increased Sophistication of Adversaries Regulatory and Audit Compliance Risks of New Technologies Copyright © 2013 Security Ronin
INTERNAL CHALLENGES Disparate Risk Functions Risk Appetite Misalignment Insufficient Resources and Competing Priorities Copyright © 2013 Security Ronin
INCREASED SOPHISTICATION OF ADVERSARIES Problem • Financially-driven attacks • Hacker supply chain Solution • Full-scoped CSIRT CMU SEI CSIRT Handbook Copyright © 2013 Security Ronin
REGULATORY AND AUDIT COMPLIANCE Problem • Too many standards • Duplicated efforts (overlapping requirements) Solution • Unified compliance framework • Centralized risk register Copyright © 2013 Security Ronin
RISKS OF NEW TECHNOLOGIES Problem • Unknown unknown risks • Increased exposures Solution • Forward-looking security research • Compensatory controls Copyright © 2013 Security Ronin
DISPARATE RISK FUNCTIONS Problem • Lack of unified risk oversight • Duplicated activities Solution • Cross-functional committees • Centralized risk register TechRisk ITSecurity Legaland Compliance Internal Audit Internal Control Fraud Investigation Copyright © 2013 Security Ronin
RISK APPETITE MISALIGNMENT Problem • Ever changing risk environment • Inadequate supporting justifications Solution • Security intelligence • Security metrics Copyright © 2013 Security Ronin
INSUFFICIENT RESOURCES AND COMPETING PRIORITIES Problem • Lack of funding • Lack of talents and technologies • Competing priorities Solution • Holistic risk assessment • Security metrics • Judicious outsourcing Copyright © 2013 Security Ronin
QUICK WIN 1. CSIRT 2. Cross-functional committees for risk functions 3. Security metrics Copyright © 2013 Security Ronin

Recommended

Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Data security
Data securityData security
Data security
Tapan Khilar
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Computer forensic
Computer forensicComputer forensic
Computer forensicbhavithd
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
unnilala11
 

Recommended

Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Data security
Data securityData security
Data security
Tapan Khilar
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Computer forensic
Computer forensicComputer forensic
Computer forensicbhavithd
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
unnilala11
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
Assignment 1(web)
Assignment 1(web)Assignment 1(web)
Assignment 1(web)Jay Patel
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
Elimity
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
Amazon Web Services
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
Pace IT at Edmonds Community College
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
AdityaWibisono14
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
OECLIB Odisha Electronics Control Library
 
Windows Hacking
Windows HackingWindows Hacking
Windows HackingMayur Sutariya
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ Guide
Smithjulia33
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Prashant Gupta
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
Ammar WK
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
Neha Raju k
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
newbie2019
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
 
Hexis Rules of Engagement Webinar
Hexis Rules of Engagement WebinarHexis Rules of Engagement Webinar
Hexis Rules of Engagement Webinar
Hexis Cyber Solutions
 

More Related Content

What's hot

DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
Assignment 1(web)
Assignment 1(web)Assignment 1(web)
Assignment 1(web)Jay Patel
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
Elimity
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
Amazon Web Services
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
Pace IT at Edmonds Community College
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
AdityaWibisono14
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
OECLIB Odisha Electronics Control Library
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ Guide
Smithjulia33
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Prashant Gupta
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
Ammar WK
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
Neha Raju k
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
newbie2019
 

What's hot (20)

DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Assignment 1(web)
Assignment 1(web)Assignment 1(web)
Assignment 1(web)
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 
Cia security model
Cia security modelCia security model
Cia security model
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Windows Hacking
Windows HackingWindows Hacking
Windows Hacking
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
 
CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ Guide
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 

Similar to Cyber Security: Challenges and Solutions for the Corporate

Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
 
Hexis Rules of Engagement Webinar
Hexis Rules of Engagement WebinarHexis Rules of Engagement Webinar
Hexis Rules of Engagement Webinar
Hexis Cyber Solutions
 
FireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityFireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent Security
Armor
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
The 2019 Security Strategy
The 2019 Security StrategyThe 2019 Security Strategy
The 2019 Security Strategy
Cloudflare
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
CloudLock
 
Inteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformaceInteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformace
MarketingArrowECS_CZ
 
Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Chaim Yudkowsky
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
ControlCase
 
Outpost24 webinar - Cybersecurity readiness in the post Covid-19 world
Outpost24 webinar - Cybersecurity readiness in the post Covid-19 worldOutpost24 webinar - Cybersecurity readiness in the post Covid-19 world
Outpost24 webinar - Cybersecurity readiness in the post Covid-19 world
Outpost24
 
Frontline solutions For Security Practitioners 1008
Frontline solutions For Security Practitioners 1008Frontline solutions For Security Practitioners 1008
Frontline solutions For Security Practitioners 1008
Rick Wanner
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Phil Huggins FBCS CITP
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still Exists
OnBoard Security, Inc. - a Qualcomm Company
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
Peter Wood
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon
 

Similar to Cyber Security: Challenges and Solutions for the Corporate (20)

Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
 
Hexis Rules of Engagement Webinar
Hexis Rules of Engagement WebinarHexis Rules of Engagement Webinar
Hexis Rules of Engagement Webinar
 
FireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityFireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent Security
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
The 2019 Security Strategy
The 2019 Security StrategyThe 2019 Security Strategy
The 2019 Security Strategy
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Inteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformaceInteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformace
 
Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Security what it means to your business - circa 1999
Security what it means to your business - circa 1999
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Outpost24 webinar - Cybersecurity readiness in the post Covid-19 world
Outpost24 webinar - Cybersecurity readiness in the post Covid-19 worldOutpost24 webinar - Cybersecurity readiness in the post Covid-19 world
Outpost24 webinar - Cybersecurity readiness in the post Covid-19 world
 
Frontline solutions For Security Practitioners 1008
Frontline solutions For Security Practitioners 1008Frontline solutions For Security Practitioners 1008
Frontline solutions For Security Practitioners 1008
 
16231
1623116231
16231
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still Exists
 
CARMWhitepaper
CARMWhitepaperCARMWhitepaper
CARMWhitepaper
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
 

More from Albert Hui

Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
Albert Hui
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
Albert Hui
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
Albert Hui
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationAlbert Hui
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersAlbert Hui
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
Albert Hui
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber eraAlbert Hui
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
Albert Hui
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemAlbert Hui
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 

More from Albert Hui (14)

Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident Investigation
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber era
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime Ecosystem
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 

Cyber Security: Challenges and Solutions for the Corporate

  • 1. CYBER SECURITY: Cyber Security & FSI: Lock-Down on the Final Frontier? May 23rd 2013 @ Hong Kong Albert Hui GREM, GCFA, GCFE, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA Principal Consultant CHALLENGES AND SOLUTIONS FOR THE CORPORATE
  • 2. EXTERNAL CHALLENGES Increased Sophistication of Adversaries Regulatory and Audit Compliance Risks of New Technologies Copyright © 2013 Security Ronin
  • 3. INTERNAL CHALLENGES Disparate Risk Functions Risk Appetite Misalignment Insufficient Resources and Competing Priorities Copyright © 2013 Security Ronin
  • 4. INCREASED SOPHISTICATION OF ADVERSARIES Problem • Financially-driven attacks • Hacker supply chain Solution • Full-scoped CSIRT CMU SEI CSIRT Handbook Copyright © 2013 Security Ronin
  • 5. REGULATORY AND AUDIT COMPLIANCE Problem • Too many standards • Duplicated efforts (overlapping requirements) Solution • Unified compliance framework • Centralized risk register Copyright © 2013 Security Ronin
  • 6. RISKS OF NEW TECHNOLOGIES Problem • Unknown unknown risks • Increased exposures Solution • Forward-looking security research • Compensatory controls Copyright © 2013 Security Ronin
  • 7. DISPARATE RISK FUNCTIONS Problem • Lack of unified risk oversight • Duplicated activities Solution • Cross-functional committees • Centralized risk register TechRisk ITSecurity Legaland Compliance Internal Audit Internal Control Fraud Investigation Copyright © 2013 Security Ronin
  • 8. RISK APPETITE MISALIGNMENT Problem • Ever changing risk environment • Inadequate supporting justifications Solution • Security intelligence • Security metrics Copyright © 2013 Security Ronin
  • 9. INSUFFICIENT RESOURCES AND COMPETING PRIORITIES Problem • Lack of funding • Lack of talents and technologies • Competing priorities Solution • Holistic risk assessment • Security metrics • Judicious outsourcing Copyright © 2013 Security Ronin
  • 10. QUICK WIN 1. CSIRT 2. Cross-functional committees for risk functions 3. Security metrics Copyright © 2013 Security Ronin