accenture, profile picture
Uploaded byaccenture
PPT, PDF7,649 views

Intelligent Security: Defending the Digital Business

The document discusses key business challenges related to cybersecurity and proposes an approach to intelligent security. It identifies challenges such as a missing link between business goals and security capabilities, difficulties governing extensions to the enterprise like cloud and mobile, and keeping up with persistent threats. The proposed approach involves assessing security capabilities, managing complexity through enterprise integration, becoming agile, accelerating toward security intelligence through threat understanding and detection, and developing end-to-end delivery strategies. The first step is adopting a business-aligned security strategy by assessing the current security posture.

Technology
Related topics:
Cyber-Security

Embed presentation

Downloaded 141 times
Intelligent Security: Defending the Digital Business Defending the Digital Business
Executive Summary Today Key Business Challenges •Missing link between business goals and security capabilities •Compliance providing a false sense of security •Enterprises are reaping the benefits of enhancing business functionality through cloud, mobile, and social, but struggle governing the extensions to the enterprise •Increasingly sophist security talent to address current security needs A new tomorrow Approach to Intelligent Security • Assess the security program’s capability and identify leap-ahead opportunities • Manage complexity and integrate the enterprise • Become agile • Accelerate toward security intelligence • Develop end-to-end delivery and flexible sourcing strategies How to get there Security Call to Action •The first step is assessing current posture and adopting a business-aligned security strategy •Retain staff experienced with security architecture planning and design, tools and integration to drive successful outcomes •Establishing an end-to-end delivery capability, underpinned by a pre-integrated security solution set allows organizations to modularly select for their specific threat areas and adoption pace •Move to extract more value from the data they already collect and analyze Copyright © 2014 Accenture All rights reserved. 2
Key business challenges Copyright © 2014 Accenture All rights reserved. 3
Business challenges to security for today’s enterprise Despite all the effort and resources that organizations invest in traditional information security approaches, many still fall prey to the latest cyber threats, or find they are unprepared to deal with rapidly blurring enterprise boundaries Five most common issues companies will have taking a proactive security stance Keeping pace with persistent threats Governing the extended enterprise despite blurring boundaries Thinking outside the compliance (check) box Missing the link between business and security Addressing the security supply/demand imbalance Copyright © 2014 Accenture All rights reserved. 4
Missing the link between 1 business and security Protecting the business should be the first and foremost goal of any security program, but most enterprises do not make it a core competency • Untethered programs can drift and become largely ineffective • Some security executives might struggle to draw a clear line between the protection provided and its impact on the company’s customer satisfaction, loyalty and revenue • The Security team may lack a logical road map for changing the organization’s view of the security function as simply an inhibitor or cost center Business Security Copyright © 2014 Accenture All rights reserved. 5
Thinking outside of the compliance (check) box 2 Unfortunately, compliance does not ensure security. Instead, enterprises should view compliance as the minimum acceptable cyber security “bar” they need to clear… Compliance •Audit centric •Controls based •Driven largely by regulatory requirements •Sample based •Scope limited by audit domain •Evaluated on a quarterly or annual basis Security •Business centric •Controls based •Driven by business requirements •Scope is holistic-includes enterprise, 3rd parties, suppliers, partners •Evaluated on near-real time basis Copyright © 2014 Accenture All rights reserved. 6
Governing the extended enterprise despite blurring boundaries 3 While business adoption has been widespread and rapid, many security organizations struggle to establish the appropriate frameworks, policies and controls to protect the expansions and contractions now common in extended IT environments Typical Day in the Extended Enterprise Cloud Real-time provisioning of servers to support testing of a cloud CRM system Mobile Granting mobile access to new capabilities for field representatives Social network Rollout of a business social network for sales, product and marketing collaboration • What are the appropriate frameworks and policies? • Should I allow personal devices? Which devices and do I let everyone do it? • How do I enable and monitor aaS components being introduced to my environment? • How will I reach my customers with the correct messages? • What do I need to do to make sure exposed by this new enterprise? Copyright © 2014 Accenture All rights reserved. 7
4 Keeping pace with persistent threats As the threats become more persistent, they become harder to identify Most organizations focus on: • Monitoring – Difficulty in prioritizing critical events and handling uncertainty • Static controls – Standard controls don’t help once the attacker is in For which cyber-threat are you prepared? Opportunistic Acts Mob Determined actors Attacker profile: •Will move on if thwarted •Will make mistakes •Can be creative Attacker profile: •Emotional and not disciplined •Not after the crown jewels •Not well backed Attacker profile: •Failure is not an option •Need only one vulnerability •Stick with it mentality Copyright © 2014 Accenture All rights reserved. 8
5 Addressing the security supply/demand imbalance Most organizations lack sufficient security talent to address their current needs Skill Shortages •Lack of the appropriate skills to execute required tasks •Hiring premiums for cyber security resources Career Development •Skilled resources are eager to keep skills sharp and maintain exposure to new technologies Firefighting •Misalignment of security programs to strategic business objectives cause practitioners to burn-out from constant troubleshooting Copyright © 2014 Accenture All rights reserved. 9
Net result Compliance driven (or audit scope driven) security scope can cause organizations to implicitly and unknowingly accept a significant amount of cyber-security risk Implicitly accepted risk Enterprise security risk Enterprise security risk Compliance risk Compliance risk Specific regulatory risk Specific regulatory risk Perceived Risk Actual Risk Copyright © 2014 Accenture All rights reserved. 10
Approach to Intelligent Security Copyright © 2014 Accenture All rights reserved. 11
Vision for Intelligent Security As organizations shift from a compliance-centered security mindset to an active cyber security stance, security teams need to adapt to keep pace with evolving business objectives • Driven by a comprehensive security strategy that is aligned to business goals and objectives • Core business assets protected by robust enterprise security controls • Layered on top are extended enterprise safeguards focused on enabling cloud, mobile and social network adoption • Advanced analytics incorporate cyber threat intelligence to enable proactive, accelerated action • Security metrics to measure enablement of business outcomes Copyright © 2014 Accenture All rights reserved. 12
Taking the next steps to address Intelligent Security for the digital enterprise Leading companies develop effective cyber security measures to handle vulnerabilities and mount an active defense calculated to meet and deflect attacker advances Assess security capability, identify opportunities Determine where the organization currently stands and the level of resources required to support meaningful transformation Manage complexity and integrate the enterprise Evolve the security program vision: establish an end-to-end enterprise security program and integrate it with existing enterprise architecture processes to reduce complexity levels and produce outcomes valued by the business Become agile Embrace the cloud and other emerging technologies to boost IT agility and reach customers faster, capitalize on efficiency and cost benefits and do so within risk tolerances Accelerate toward security intelligence Adapt to handle new threats to the enterprise by developing threat-centered operations by developing a deep understanding of adversaries, their goals and techniques Develop end-to-end delivery and sourcing Plan a delivery and operational strategy for each of the security services they offer to make a clear-eyed assessment of internal competencies for designing, building and deploying elements of a cyber-security program Copyright © 2014 Accenture All rights reserved. 13
Assess the security program’s capability and identify leap-ahead opportunities Before leaders can adopt a business-centered cyber security stance, they need to determine where their organizations currently stand and the level of resources required to support meaningful transformation Phase 1 Threat Understanding •Standardize security operational processes •Rationalize security tools •Implement threat and vulnerability model Phase 2 Contextualize and Detect •Map assets to threats and impact, utilizing analytics techniques to detect indicators of compromise or attack •Optimize and automate both technology and IT process •Integrate security analytics and intelligence with security operations, align to business outcomes Phase 3 Active Defense and Response •Isolate and research threat actor activities •Adapt security capability to address evolving threat language •Trigger orchestrated, adaptive responses that pre-empt threats Copyright © 2014 Accenture All rights reserved. 14
Manage complexity and integrate the enterprise Establish an end-to-end enterprise security program and integrate it with existing enterprise architecture processes to reduce complexity levels and produce outcomes valued by the business • Establish a new vision of how security integrates and works with IT and the business, effectively creating a security operating model • Integrate the security operating model into the overall enterprise architecture, technology and processes Copyright © 2014 Accenture All rights reserved. 15
Become Agile Embrace the cloud and other emerging technologies to boost IT agility and reach customers faster, capitalize on efficiency and cost benefits and do so within risk tolerances Consistently apply technical controls for and from the cloud to the extended enterprise Craft contractual arrangements to address third-party service provider risk Share responsibilities with cloud, mobile and social providers to improve agility in security operations 1 2 3 Threat-centric Strategy …drive strategy based on how the business may be attacked Threat-centric Architecture …seek to understand the shifting threat landscape Threat-centric Operations …adapt to pre-empt threats targeting the business Copyright © 2014 Accenture All rights reserved. 16
Accelerate toward security intelligence Leaders adapt to handle new threats to the enterprise by developing threat-centered operations—developing a deep understanding of adversaries, their goals and techniques • Employ advanced analytics to deliver “context awareness” • Assume an active defense stance that increases the level of effort required by an attacker and delivers adaptive, intelligent responses – Leverage existing instrumentation in the enterprises with threat intelligence feeds and additional security event data sources to improve event triage and response performance – Identify business initiatives / activities of interest to Threat Actors – Incorporation of Threat Management teams in Security Monitoring & Response Advanced security analytics provide graphic tools to help teams analyze large data sets visually, supporting rapid, active defense responses Common User Names – a visualization of the top 100 users names used in a brute force attack Copyright © 2014 Accenture All rights reserved. 17
Develop end-to-end delivery and flexible sourcing strategies Effective security organizations plan a delivery and operational strategy for each of the security services they offer Considerations for Delivery and Sourcing Determine which services to keep in-house vs. outsource to external provider Assess the enterprise’s internal competencies for designing, building and deploying elements of a cyber-security program Justify sourcing decisions based on the overall risk tolerance, business case and commercial strategy based on security - business alignment Selecting partners that will help meet security-business goals Dynamic sourcing approach to address security coverage while helping leadership focus energy on active defense and proactive security capabilities and business enablement Copyright © 2014 Accenture All rights reserved. 18
Security call to action Copyright © 2014 Accenture All rights reserved. 19
Taking action In industries worldwide, security leaders seek effective ways to improve their ability to defend against cyber security threats, reduce the risk of inadvertent data disclosures, achieve and maintain regulatory compliance, and ultimately enhance the value they deliver to their business counterparts and shareholders Assess current posture and adopt a business-aligned security strategy Retain staff experienced with security architecture planning and design, tools and integration to drive successful outcomes Establish an end-to-end delivery capability, underpinned by a pre-integrated security solution set allows organizations to modularly select for their specific threat areas and adoption pace Move to extract more value from the data they already collect and analyze Focus on managing the risk environment instead of concentrating strictly on compliance at the expense of strategically securing business growth, value and innovation Create a clear and complete picture of defense strategies and synthesized security data to help security leaders make rapid, intelligent security decisions based on business goals Copyright © 2014 Accenture All rights reserved. 20
Visit www.accenture.com/IntelligentInfrastructures for more information Copyright © 2014 Accenture All rights reserved. 21

More Related Content

PPTX
The cyber security leap: From laggard to leader
byAccenture Australia
 
PDF
Executive Perspective Building an OT Security Program from the Top Down
byaccenture
 
PDF
FusionX & Accenture: One Global Security Team
byaccenture
 
PPTX
Financial Services - New Approach to Data Management in the Digital Era
byaccenture
 
PPT
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
byAccenture Technology
 
PPTX
How to Make Your Enterprise Cyber Resilient
byAccenture Operations
 
PPTX
The Cyber Security Leap: From Laggard to Leader
byaccenture
 
PDF
Cyber Security: Take a Security Leap Forward
byaccenture
 
The cyber security leap: From laggard to leader
byAccenture Australia
 
Executive Perspective Building an OT Security Program from the Top Down
byaccenture
 
FusionX & Accenture: One Global Security Team
byaccenture
 
Financial Services - New Approach to Data Management in the Digital Era
byaccenture
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
byAccenture Technology
 
How to Make Your Enterprise Cyber Resilient
byAccenture Operations
 
The Cyber Security Leap: From Laggard to Leader
byaccenture
 
Cyber Security: Take a Security Leap Forward
byaccenture
 

What's hot

PDF
Security Implications of Accenture Technology Vision 2015 - Executive Report
byAccenture Technology
 
PDF
The New World of As a Service - Infographic
byaccenture
 
PDF
CPG Companies: Evolving Your Analytics-driven Organizations
byaccenture
 
PPTX
Making the most of Guidewire to transform your insurance organization
byAccenture Insurance
 
PDF
Accenture Learning Academy
byaccenture
 
PPTX
Corrosion Management
byaccenture
 
PPTX
Mastering Operational Flexibility
byaccenture
 
PPTX
Harnessing the Power of Entrepreneurs to Open Innovation
byAccenture Operations
 
PPTX
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
byAccenture Technology
 
PDF
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
byAccenture Technology
 
PPTX
Continuous cyber attacks: Building the next-gen infrastructure
byAccenture Operations
 
PPTX
Intelligent Infrastructures: Unlocking the Digital Business
byaccenture
 
PDF
Healthcare Payers: 2018 State of Cyber Resilience
byaccenture
 
PPT
The New World of As a Service
byaccenture
 
PPT
Technology Factor: Accelerating Your Journey to As a Service
byAccenture Operations
 
PPT
Technology Factor: Accelerating Your Journey to As a Service
byaccenture
 
PDF
Navigating the Crude Cycle: 4 lines of attack for US E&P energy companies to ...
byaccenture
 
PPTX
Push to Pull: From Supply Chains to Patient-Centric Value Networks
byaccenture
 
PDF
Technology Vision 2016 – Overview
byaccenture
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
byAccenture Technology
 
The New World of As a Service - Infographic
byaccenture
 
CPG Companies: Evolving Your Analytics-driven Organizations
byaccenture
 
Making the most of Guidewire to transform your insurance organization
byAccenture Insurance
 
Accenture Learning Academy
byaccenture
 
Corrosion Management
byaccenture
 
Mastering Operational Flexibility
byaccenture
 
Harnessing the Power of Entrepreneurs to Open Innovation
byAccenture Operations
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
byAccenture Technology
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
byAccenture Technology
 
Continuous cyber attacks: Building the next-gen infrastructure
byAccenture Operations
 
Intelligent Infrastructures: Unlocking the Digital Business
byaccenture
 
Healthcare Payers: 2018 State of Cyber Resilience
byaccenture
 
The New World of As a Service
byaccenture
 
Technology Factor: Accelerating Your Journey to As a Service
byAccenture Operations
 
Technology Factor: Accelerating Your Journey to As a Service
byaccenture
 
Navigating the Crude Cycle: 4 lines of attack for US E&P energy companies to ...
byaccenture
 
Push to Pull: From Supply Chains to Patient-Centric Value Networks
byaccenture
 
Technology Vision 2016 – Overview
byaccenture
 

Viewers also liked

PPT
Abb85fb57f02f7b85c8eba91f28b7c99 (1)
byGalina Yaceiko
 
PPT
Viyya Ssms Overview 2009
byguestee358
 
PDF
Its & complex safety
bysergey-shchemenok
 
PPTX
Seminar ppt...; )
byPriya_Srivastava
 
PDF
120229 Fm Tec Intelligent Security Containers Quick Info 2012
byBindner
 
PDF
International Conference on Building Security Capacity
byAustralian Civil-Military Centre
 
Abb85fb57f02f7b85c8eba91f28b7c99 (1)
byGalina Yaceiko
 
Viyya Ssms Overview 2009
byguestee358
 
Its & complex safety
bysergey-shchemenok
 
Seminar ppt...; )
byPriya_Srivastava
 
120229 Fm Tec Intelligent Security Containers Quick Info 2012
byBindner
 
International Conference on Building Security Capacity
byAustralian Civil-Military Centre
 

Similar to Intelligent Security: Defending the Digital Business

PPTX
Securing your digital world cybersecurity for sb es
bySonny Hashmi
 
PPTX
Accenture Security Services: Defending and empowering the resilient digital b...
byAccenture Technology
 
PPTX
Accenture High Performance Security Report 2016 for Insurance
byAccenture Insurance
 
PDF
New technologies - Amer Haza'a
byFahmi Albaheth
 
PDF
Securing Solutions Amid The Journey To Digital Transformation.pdf
byCiente
 
PPTX
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
byAccenture Operations
 
PDF
State of Security McAfee Study
byHiten Sethi
 
PPTX
Enterprise under attack dealing with security threats and compliance
bySPAN Infotech (India) Pvt Ltd
 
PPTX
Securing your digital world - Cybersecurity for SBEs
bySonny Hashmi
 
PDF
Building an Intelligence-Driven Security Operations Center
byEMC
 
PDF
CS Sakerhetsdagen 2015 IBM Feb 19
byIBM Sverige
 
PDF
Healthcare Providers: 2018 State of Cyber Resilience
byaccenture
 
PPT
IT Security: Implications for the Technology Vision 2015
byaccenture
 
PPTX
High Performance Security Report - High Technology
byAccenture Security
 
PDF
Accenture Security Report 2016 Infographic for Insurance
byAccenture Insurance
 
PPTX
Accenture High Performance Security Report 2016 For Communications
byaccenture
 
PDF
2018 State of Cyber Resilience - New York
byaccenture
 
PDF
Intelligence-Driven Fraud Prevention
byEMC
 
PDF
The State of Cybersecurity and Digital Trust 2016
byAccenture Operations
 
PDF
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
byBooz Allen Hamilton
 
Securing your digital world cybersecurity for sb es
bySonny Hashmi
 
Accenture Security Services: Defending and empowering the resilient digital b...
byAccenture Technology
 
Accenture High Performance Security Report 2016 for Insurance
byAccenture Insurance
 
New technologies - Amer Haza'a
byFahmi Albaheth
 
Securing Solutions Amid The Journey To Digital Transformation.pdf
byCiente
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
byAccenture Operations
 
State of Security McAfee Study
byHiten Sethi
 
Enterprise under attack dealing with security threats and compliance
bySPAN Infotech (India) Pvt Ltd
 
Securing your digital world - Cybersecurity for SBEs
bySonny Hashmi
 
Building an Intelligence-Driven Security Operations Center
byEMC
 
CS Sakerhetsdagen 2015 IBM Feb 19
byIBM Sverige
 
Healthcare Providers: 2018 State of Cyber Resilience
byaccenture
 
IT Security: Implications for the Technology Vision 2015
byaccenture
 
High Performance Security Report - High Technology
byAccenture Security
 
Accenture Security Report 2016 Infographic for Insurance
byAccenture Insurance
 
Accenture High Performance Security Report 2016 For Communications
byaccenture
 
2018 State of Cyber Resilience - New York
byaccenture
 
Intelligence-Driven Fraud Prevention
byEMC
 
The State of Cybersecurity and Digital Trust 2016
byAccenture Operations
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
byBooz Allen Hamilton
 

More from accenture

PPTX
Reinventing Enterprise Operations
byaccenture
 
PDF
Engineering Services: con gli ingegneri per creare valore sostenibile
byaccenture
 
PDF
Nonprofit reinvention in a time of unprecedented change
byaccenture
 
PDF
Pathways to Profitability for the Communications Industry
byaccenture
 
PDF
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
PDF
The Industrialist: Trends & Innovations - July 2023
byaccenture
 
PDF
More deals, less money: the Black founder funding journey
byaccenture
 
PDF
The Industrialist: Trends & Innovations - January 2023
byaccenture
 
PDF
Climate Leadership Eleventh Hour | Accenture
byaccenture
 
PDF
Reimagining the Agenda | Accenture
byaccenture
 
PDF
The Industrialist: Trends & Innovations - January 2024
byaccenture
 
PDF
Digital Euro: Implications for the Financial System
byaccenture
 
PPTX
Free to be 100% me
byaccenture
 
PDF
The Industrialist: Trends & Innovations - June 2023
byaccenture
 
PDF
The Industrialist: Trends & Innovations - February 2023
byaccenture
 
PDF
The Industrialist: Trends & Innovations - March 2023
byaccenture
 
PDF
The Industrialist: Trends & Innovations - September 2023
byaccenture
 
PPTX
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
PPTX
Semiconductor Gender Parity Study
byaccenture
 
PDF
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
byaccenture
 
Reinventing Enterprise Operations
byaccenture
 
Engineering Services: con gli ingegneri per creare valore sostenibile
byaccenture
 
Nonprofit reinvention in a time of unprecedented change
byaccenture
 
Pathways to Profitability for the Communications Industry
byaccenture
 
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
The Industrialist: Trends & Innovations - July 2023
byaccenture
 
More deals, less money: the Black founder funding journey
byaccenture
 
The Industrialist: Trends & Innovations - January 2023
byaccenture
 
Climate Leadership Eleventh Hour | Accenture
byaccenture
 
Reimagining the Agenda | Accenture
byaccenture
 
The Industrialist: Trends & Innovations - January 2024
byaccenture
 
Digital Euro: Implications for the Financial System
byaccenture
 
Free to be 100% me
byaccenture
 
The Industrialist: Trends & Innovations - June 2023
byaccenture
 
The Industrialist: Trends & Innovations - February 2023
byaccenture
 
The Industrialist: Trends & Innovations - March 2023
byaccenture
 
The Industrialist: Trends & Innovations - September 2023
byaccenture
 
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
Semiconductor Gender Parity Study
byaccenture
 
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
byaccenture
 

Recently uploaded

PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
December Patch Tuesday
byIvanti
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
December Patch Tuesday
byIvanti
 
The year in review - MarvelClient in 2025
bypanagenda
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 

Intelligent Security: Defending the Digital Business

  • 1.
    Intelligent Security: Defendingthe Digital Business Defending the Digital Business
  • 2.
    Executive Summary Today Key Business Challenges •Missing link between business goals and security capabilities •Compliance providing a false sense of security •Enterprises are reaping the benefits of enhancing business functionality through cloud, mobile, and social, but struggle governing the extensions to the enterprise •Increasingly sophist security talent to address current security needs A new tomorrow Approach to Intelligent Security • Assess the security program’s capability and identify leap-ahead opportunities • Manage complexity and integrate the enterprise • Become agile • Accelerate toward security intelligence • Develop end-to-end delivery and flexible sourcing strategies How to get there Security Call to Action •The first step is assessing current posture and adopting a business-aligned security strategy •Retain staff experienced with security architecture planning and design, tools and integration to drive successful outcomes •Establishing an end-to-end delivery capability, underpinned by a pre-integrated security solution set allows organizations to modularly select for their specific threat areas and adoption pace •Move to extract more value from the data they already collect and analyze Copyright © 2014 Accenture All rights reserved. 2
  • 3.
    Key business challenges Copyright © 2014 Accenture All rights reserved. 3
  • 4.
    Business challenges tosecurity for today’s enterprise Despite all the effort and resources that organizations invest in traditional information security approaches, many still fall prey to the latest cyber threats, or find they are unprepared to deal with rapidly blurring enterprise boundaries Five most common issues companies will have taking a proactive security stance Keeping pace with persistent threats Governing the extended enterprise despite blurring boundaries Thinking outside the compliance (check) box Missing the link between business and security Addressing the security supply/demand imbalance Copyright © 2014 Accenture All rights reserved. 4
  • 5.
    Missing the linkbetween 1 business and security Protecting the business should be the first and foremost goal of any security program, but most enterprises do not make it a core competency • Untethered programs can drift and become largely ineffective • Some security executives might struggle to draw a clear line between the protection provided and its impact on the company’s customer satisfaction, loyalty and revenue • The Security team may lack a logical road map for changing the organization’s view of the security function as simply an inhibitor or cost center Business Security Copyright © 2014 Accenture All rights reserved. 5
  • 6.
    Thinking outside ofthe compliance (check) box 2 Unfortunately, compliance does not ensure security. Instead, enterprises should view compliance as the minimum acceptable cyber security “bar” they need to clear… Compliance •Audit centric •Controls based •Driven largely by regulatory requirements •Sample based •Scope limited by audit domain •Evaluated on a quarterly or annual basis Security •Business centric •Controls based •Driven by business requirements •Scope is holistic-includes enterprise, 3rd parties, suppliers, partners •Evaluated on near-real time basis Copyright © 2014 Accenture All rights reserved. 6
  • 7.
    Governing the extendedenterprise despite blurring boundaries 3 While business adoption has been widespread and rapid, many security organizations struggle to establish the appropriate frameworks, policies and controls to protect the expansions and contractions now common in extended IT environments Typical Day in the Extended Enterprise Cloud Real-time provisioning of servers to support testing of a cloud CRM system Mobile Granting mobile access to new capabilities for field representatives Social network Rollout of a business social network for sales, product and marketing collaboration • What are the appropriate frameworks and policies? • Should I allow personal devices? Which devices and do I let everyone do it? • How do I enable and monitor aaS components being introduced to my environment? • How will I reach my customers with the correct messages? • What do I need to do to make sure exposed by this new enterprise? Copyright © 2014 Accenture All rights reserved. 7
  • 8.
    4 Keeping pacewith persistent threats As the threats become more persistent, they become harder to identify Most organizations focus on: • Monitoring – Difficulty in prioritizing critical events and handling uncertainty • Static controls – Standard controls don’t help once the attacker is in For which cyber-threat are you prepared? Opportunistic Acts Mob Determined actors Attacker profile: •Will move on if thwarted •Will make mistakes •Can be creative Attacker profile: •Emotional and not disciplined •Not after the crown jewels •Not well backed Attacker profile: •Failure is not an option •Need only one vulnerability •Stick with it mentality Copyright © 2014 Accenture All rights reserved. 8
  • 9.
    5 Addressing thesecurity supply/demand imbalance Most organizations lack sufficient security talent to address their current needs Skill Shortages •Lack of the appropriate skills to execute required tasks •Hiring premiums for cyber security resources Career Development •Skilled resources are eager to keep skills sharp and maintain exposure to new technologies Firefighting •Misalignment of security programs to strategic business objectives cause practitioners to burn-out from constant troubleshooting Copyright © 2014 Accenture All rights reserved. 9
  • 10.
    Net result Compliancedriven (or audit scope driven) security scope can cause organizations to implicitly and unknowingly accept a significant amount of cyber-security risk Implicitly accepted risk Enterprise security risk Enterprise security risk Compliance risk Compliance risk Specific regulatory risk Specific regulatory risk Perceived Risk Actual Risk Copyright © 2014 Accenture All rights reserved. 10
  • 11.
    Approach to IntelligentSecurity Copyright © 2014 Accenture All rights reserved. 11
  • 12.
    Vision for IntelligentSecurity As organizations shift from a compliance-centered security mindset to an active cyber security stance, security teams need to adapt to keep pace with evolving business objectives • Driven by a comprehensive security strategy that is aligned to business goals and objectives • Core business assets protected by robust enterprise security controls • Layered on top are extended enterprise safeguards focused on enabling cloud, mobile and social network adoption • Advanced analytics incorporate cyber threat intelligence to enable proactive, accelerated action • Security metrics to measure enablement of business outcomes Copyright © 2014 Accenture All rights reserved. 12
  • 13.
    Taking the nextsteps to address Intelligent Security for the digital enterprise Leading companies develop effective cyber security measures to handle vulnerabilities and mount an active defense calculated to meet and deflect attacker advances Assess security capability, identify opportunities Determine where the organization currently stands and the level of resources required to support meaningful transformation Manage complexity and integrate the enterprise Evolve the security program vision: establish an end-to-end enterprise security program and integrate it with existing enterprise architecture processes to reduce complexity levels and produce outcomes valued by the business Become agile Embrace the cloud and other emerging technologies to boost IT agility and reach customers faster, capitalize on efficiency and cost benefits and do so within risk tolerances Accelerate toward security intelligence Adapt to handle new threats to the enterprise by developing threat-centered operations by developing a deep understanding of adversaries, their goals and techniques Develop end-to-end delivery and sourcing Plan a delivery and operational strategy for each of the security services they offer to make a clear-eyed assessment of internal competencies for designing, building and deploying elements of a cyber-security program Copyright © 2014 Accenture All rights reserved. 13
  • 14.
    Assess the securityprogram’s capability and identify leap-ahead opportunities Before leaders can adopt a business-centered cyber security stance, they need to determine where their organizations currently stand and the level of resources required to support meaningful transformation Phase 1 Threat Understanding •Standardize security operational processes •Rationalize security tools •Implement threat and vulnerability model Phase 2 Contextualize and Detect •Map assets to threats and impact, utilizing analytics techniques to detect indicators of compromise or attack •Optimize and automate both technology and IT process •Integrate security analytics and intelligence with security operations, align to business outcomes Phase 3 Active Defense and Response •Isolate and research threat actor activities •Adapt security capability to address evolving threat language •Trigger orchestrated, adaptive responses that pre-empt threats Copyright © 2014 Accenture All rights reserved. 14
  • 15.
    Manage complexity andintegrate the enterprise Establish an end-to-end enterprise security program and integrate it with existing enterprise architecture processes to reduce complexity levels and produce outcomes valued by the business • Establish a new vision of how security integrates and works with IT and the business, effectively creating a security operating model • Integrate the security operating model into the overall enterprise architecture, technology and processes Copyright © 2014 Accenture All rights reserved. 15
  • 16.
    Become Agile Embracethe cloud and other emerging technologies to boost IT agility and reach customers faster, capitalize on efficiency and cost benefits and do so within risk tolerances Consistently apply technical controls for and from the cloud to the extended enterprise Craft contractual arrangements to address third-party service provider risk Share responsibilities with cloud, mobile and social providers to improve agility in security operations 1 2 3 Threat-centric Strategy …drive strategy based on how the business may be attacked Threat-centric Architecture …seek to understand the shifting threat landscape Threat-centric Operations …adapt to pre-empt threats targeting the business Copyright © 2014 Accenture All rights reserved. 16
  • 17.
    Accelerate toward securityintelligence Leaders adapt to handle new threats to the enterprise by developing threat-centered operations—developing a deep understanding of adversaries, their goals and techniques • Employ advanced analytics to deliver “context awareness” • Assume an active defense stance that increases the level of effort required by an attacker and delivers adaptive, intelligent responses – Leverage existing instrumentation in the enterprises with threat intelligence feeds and additional security event data sources to improve event triage and response performance – Identify business initiatives / activities of interest to Threat Actors – Incorporation of Threat Management teams in Security Monitoring & Response Advanced security analytics provide graphic tools to help teams analyze large data sets visually, supporting rapid, active defense responses Common User Names – a visualization of the top 100 users names used in a brute force attack Copyright © 2014 Accenture All rights reserved. 17
  • 18.
    Develop end-to-end deliveryand flexible sourcing strategies Effective security organizations plan a delivery and operational strategy for each of the security services they offer Considerations for Delivery and Sourcing Determine which services to keep in-house vs. outsource to external provider Assess the enterprise’s internal competencies for designing, building and deploying elements of a cyber-security program Justify sourcing decisions based on the overall risk tolerance, business case and commercial strategy based on security - business alignment Selecting partners that will help meet security-business goals Dynamic sourcing approach to address security coverage while helping leadership focus energy on active defense and proactive security capabilities and business enablement Copyright © 2014 Accenture All rights reserved. 18
  • 19.
    Security call toaction Copyright © 2014 Accenture All rights reserved. 19
  • 20.
    Taking action Inindustries worldwide, security leaders seek effective ways to improve their ability to defend against cyber security threats, reduce the risk of inadvertent data disclosures, achieve and maintain regulatory compliance, and ultimately enhance the value they deliver to their business counterparts and shareholders Assess current posture and adopt a business-aligned security strategy Retain staff experienced with security architecture planning and design, tools and integration to drive successful outcomes Establish an end-to-end delivery capability, underpinned by a pre-integrated security solution set allows organizations to modularly select for their specific threat areas and adoption pace Move to extract more value from the data they already collect and analyze Focus on managing the risk environment instead of concentrating strictly on compliance at the expense of strategically securing business growth, value and innovation Create a clear and complete picture of defense strategies and synthesized security data to help security leaders make rapid, intelligent security decisions based on business goals Copyright © 2014 Accenture All rights reserved. 20
  • 21.
    Visit www.accenture.com/IntelligentInfrastructures formore information Copyright © 2014 Accenture All rights reserved. 21