The presentation I use to introduce the post-grad module on information security and governance I teach at Edinburgh Napier University. If you want to find out more, google for 'INF11109' on the napier.ac.uk site.
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.
This white paper provides guidance for how to adopt an Intelligence-Driven Security strategy that delivers three essential capabilities: visibility, analysis, and action.
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program.
This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress
The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.
This white paper provides guidance for how to adopt an Intelligence-Driven Security strategy that delivers three essential capabilities: visibility, analysis, and action.
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program.
This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress
The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
IT Executive Guide to Security IntelligencethinkASG
Transitioning from log management and SIEM to comprehensive security intelligence.
This white paper discusses the increasing need for organizations to maintain comprehensive and cost-effective information security, and describes the integrated set of solutions provided by the IBM QRadar Security Intelligence Platform designed to help achieve total security intelligence.
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
In this age of big data, AI, and machine learning, organizations collect vast amounts of data about their customers, processes, preferences, usage patterns, etc. Organizations intend to use the data and generate a sustained competitive advantage for their products/offerings.
With all the data they are collecting and storing, they also accumulate huge risks associated with storing and protecting the data. Balancing monetizing data with the risk puts a lot of the roles like CDO, CPO, CISO, CIO in a quagmire.
Privacy / Security leadership needs to influence the organization in adopting a privacy/security-first culture by establishing a robust privacy/security program. Most organizations need to be able to achieve that within a limited budget.
Ideally, at the end of the rollout of a privacy program, a company can tell:
Where every bit of sensitive data resides,
Who has access to which sensitive data,
All security controls to protect sensitive data, and
The retention times for every piece of sensitive data.
In this webinar, we will cover how to build a dynamic and automated privacy/security program that manages the data lifecycle from collection to deletion. This talk will also give a sneak peek into technologies that will influence the privacy, security, governance capabilities of the future and reshape the way organizations address challenges with current and emerging technologies.
What you’ll take away:
Basic concepts around understanding the risk around the personal information your organization is collecting
Building a method of mitigating the risk discussed above
how to incorporate an enterprise-wide ‘security-first’ culture
A practical approach to implementing a data privacy/security program from scratch.
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
When implementing an information security management system (based on ISO/IEC 27001) you need to conduct a risk analysis (based on ISO/IEC 27005) and implement information security controls (based on ISO/IEC 27002). In order to better understand the IT governance framework of the organization, you can refer to service management systems (based on ISO/IEC 20000). Moreover, you have to properly consider security incident management (based on ISO/IEC 27035) and you must ensure that the organization has business continuity and recovery capabilities (based on ISO 22301).
Recorded Webinar: https://youtu.be/aY_envTRGRY
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
When we talk about cyber security, we recognize that it is part of a holistic approach to security and critical infrastructure protection. Tools and technology are not enough to ensure that mission critical systems provide capabilities needed for the military, continuity of government and commercial enterprises to continue operations in the face of emerging threats. Recognizing the unique nature of our location on the Hawaiian Islands in the middle of the Pacific, we also understand the importance of collaboration and alignment of critical infrastructure protection among the military, state government, commercial and public stakeholders. A comprehensive approach needs to include innovative capabilities, a thorough analysis of operational dependencies, and the organizational collaboration required to protect critical capabilities. In this session, we will discuss our innovate approach to developing a holistic cyber security approach for critical infrastructure and share a case study to help you think differently about your own approaches for security.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
SBIC Enterprise Information Security Strategic TechnologiesEMC
This report from the Security for Business Innovation Council describes next generation technologies that support an Information-Driven Security strategy.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
NESCO Town Hall Workforce Development PresentationEnergySec
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
This is a presentation I gave for the UQ Business School (in conjunction with Stan Gallo of KPMG) at the Urbane Restaurant to a group of Queensland CEO/C-Suite people. These dinners are part of UQ's engagement with the business community - a relationship we value. This engagement ensures we don't get all locked up in our ivory tower.
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
When GDPR becomes law in a few months, it will be the most wide-ranging and stringent data protection initiative in history. To prepare for this sea change, most organizations have streamlined and detailed their information security policies; however, many are unaware that immature application security programs arguably pose the biggest threat of a data breach. This oft-forgotten piece of data protection puts organizations at risk of GDPR fines.
Attend this joint webinar with Security Innovation and Smarttech247 to learn practical tips on incorporating application security best practices into an InfoSec program to achieve GDPR compliance.
Topics include:
* Summary of GDPR key concepts
* Security of data processing in software and the CIA triad
* The people and process problem of GDPR: Governance
* Using Data Protection by Design for secure design and business logic
* Assessments to verify the security of processing
Presenters:
Roman Garber, Security Innovation
Edward Skraba, Smarttech247
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
IT Executive Guide to Security IntelligencethinkASG
Transitioning from log management and SIEM to comprehensive security intelligence.
This white paper discusses the increasing need for organizations to maintain comprehensive and cost-effective information security, and describes the integrated set of solutions provided by the IBM QRadar Security Intelligence Platform designed to help achieve total security intelligence.
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
In this age of big data, AI, and machine learning, organizations collect vast amounts of data about their customers, processes, preferences, usage patterns, etc. Organizations intend to use the data and generate a sustained competitive advantage for their products/offerings.
With all the data they are collecting and storing, they also accumulate huge risks associated with storing and protecting the data. Balancing monetizing data with the risk puts a lot of the roles like CDO, CPO, CISO, CIO in a quagmire.
Privacy / Security leadership needs to influence the organization in adopting a privacy/security-first culture by establishing a robust privacy/security program. Most organizations need to be able to achieve that within a limited budget.
Ideally, at the end of the rollout of a privacy program, a company can tell:
Where every bit of sensitive data resides,
Who has access to which sensitive data,
All security controls to protect sensitive data, and
The retention times for every piece of sensitive data.
In this webinar, we will cover how to build a dynamic and automated privacy/security program that manages the data lifecycle from collection to deletion. This talk will also give a sneak peek into technologies that will influence the privacy, security, governance capabilities of the future and reshape the way organizations address challenges with current and emerging technologies.
What you’ll take away:
Basic concepts around understanding the risk around the personal information your organization is collecting
Building a method of mitigating the risk discussed above
how to incorporate an enterprise-wide ‘security-first’ culture
A practical approach to implementing a data privacy/security program from scratch.
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
When implementing an information security management system (based on ISO/IEC 27001) you need to conduct a risk analysis (based on ISO/IEC 27005) and implement information security controls (based on ISO/IEC 27002). In order to better understand the IT governance framework of the organization, you can refer to service management systems (based on ISO/IEC 20000). Moreover, you have to properly consider security incident management (based on ISO/IEC 27035) and you must ensure that the organization has business continuity and recovery capabilities (based on ISO 22301).
Recorded Webinar: https://youtu.be/aY_envTRGRY
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
When we talk about cyber security, we recognize that it is part of a holistic approach to security and critical infrastructure protection. Tools and technology are not enough to ensure that mission critical systems provide capabilities needed for the military, continuity of government and commercial enterprises to continue operations in the face of emerging threats. Recognizing the unique nature of our location on the Hawaiian Islands in the middle of the Pacific, we also understand the importance of collaboration and alignment of critical infrastructure protection among the military, state government, commercial and public stakeholders. A comprehensive approach needs to include innovative capabilities, a thorough analysis of operational dependencies, and the organizational collaboration required to protect critical capabilities. In this session, we will discuss our innovate approach to developing a holistic cyber security approach for critical infrastructure and share a case study to help you think differently about your own approaches for security.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
SBIC Enterprise Information Security Strategic TechnologiesEMC
This report from the Security for Business Innovation Council describes next generation technologies that support an Information-Driven Security strategy.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
NESCO Town Hall Workforce Development PresentationEnergySec
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
This is a presentation I gave for the UQ Business School (in conjunction with Stan Gallo of KPMG) at the Urbane Restaurant to a group of Queensland CEO/C-Suite people. These dinners are part of UQ's engagement with the business community - a relationship we value. This engagement ensures we don't get all locked up in our ivory tower.
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
When GDPR becomes law in a few months, it will be the most wide-ranging and stringent data protection initiative in history. To prepare for this sea change, most organizations have streamlined and detailed their information security policies; however, many are unaware that immature application security programs arguably pose the biggest threat of a data breach. This oft-forgotten piece of data protection puts organizations at risk of GDPR fines.
Attend this joint webinar with Security Innovation and Smarttech247 to learn practical tips on incorporating application security best practices into an InfoSec program to achieve GDPR compliance.
Topics include:
* Summary of GDPR key concepts
* Security of data processing in software and the CIA triad
* The people and process problem of GDPR: Governance
* Using Data Protection by Design for secure design and business logic
* Assessments to verify the security of processing
Presenters:
Roman Garber, Security Innovation
Edward Skraba, Smarttech247
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Are you confident in your company's cyber security posture? Read the latest S-RM report for guidance on mapping a path to cyber confidence: https://www.s-rminform.com/cyber-confidence/?utm_campaign=Cyber_Confidence&utm_source=slideshare&utm_medium=social
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
As more organizations shift away from on-premise architectures toward the cloud or hybrid hosting models, critical cybersecurity concerns emerge. Organizations, especially health systems, should carefully examine the shared responsibility model in partnership with their cloud vendor.
Kevin Scharnhorst, Health Catalyst Chief Information Security Officer, shares perspectives on how your organization’s security program, through adherence to standards-based policy and procedures, can align with your cloud vendor on reduced organizational risk.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Introduction and a Look at Security TrendsPriyanka Aash
The security industry has significantly changed over the last 25 years, as reflected in the content at RSA Conference. This introductory session will look at some of the major shifts, the economics that are driving the shifts, and the trends that are shaping current and future directions.
(Source: RSA USA 2016-San Francisco)
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats.
While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks.
- The sheer volume of information available
- The highly sensitive nature of the information
- Large amounts of unstructured data
In this webinar, our speakers illustrated the state of art, including the technical and legal framework, to protect your most relevant information from cyberattacks. You will learn:
- How to define a roadmap that optimizes the impact of cyber security expenditure
- How to adopt a general risk management approach to identify Cyber security risks
- What are the most relevant technologies available today to protect your data
This is a presentation of a poster at ISIC2020 which considers the relationship between the established concept of "information intermediaries" and a new concept of "digital proxy", which is initially defined here to be “individuals who assist others manage their online information presence”. This is done in the context of information behaviour and everyday life information practices. It is comprised of the findings from two studies (informal support for managing digital identity provided by information professionals; proxied management of social media presences for people with dementia) which have helped to identify different issues relevant to the concept of proxies in online environments.
Co-authors: Dr Gemma Webster, Dr Frances Ryan
This paper, presented at the ISIC2020 conference addresses the relationship between information literacy, social context and work-like environments, by reporting on the information practices of hyperlocal democratic representatives (Sottish commuity councillors), and their acquisition and application of information literacy skills.
CO-authored with Prof Hazel Hall and Dr Bruce Ryan
Information literacy amongst Scottish community councillors - adn the use of activity theory in underpinning the analysis.
Slides from presentation by Cruickshank Hall & Ryan at i3 at RGU 2017.
Slides for an overview lecture explaining how risk management and controls are the route to explaining why information security matters to business. Plus a bonus discussion of why incident handling is no longer optional.
My presentation at IFIP EGOV/EPART 2015 - quick look at whether the community of practice model can help understand online behaviour by community councillors in Scotland
A brief presentation that talks a little about the implications of our 2012 survey of internet use by Community Councils in Scotland - and exploring options for further research approaches
These slides summarise how we take a PFR approach when teaching our 4th year KM module at Edinburgh Napier University. The students are encouraged to use PFR in their learning, but we also use it as an approach to improving the course content over time. The slides include examples of PFR-like cycles from different subject areas, and a link to youtube video of a peer-reviewed rap on the subject.
Brief overview of the findings and practical issues encountered by a formative evaluation of codesign in the Smart Cities project.
There is an associated guideline document available through the smartcities account
A brief overview of the challenges that a democratic instrument like the European Citizens Initiative face - in terms of multiple languages, clarity of process - and security over the system
This short document summarises the main findings from the internal formative evaluation of the practice of co-design within the Smart Cities project. It forms as starting point for a workshop held on 27 April 2011, and contains examples of the different approaches to co-design that have been taken by the project partners.
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
2. • Scope and context
• What do we mean by security
• Topics we will cover
Overview
• The aim is to let you see the scope
• And to get you familiar with the concepts and issues
2SAC
9. IS in context: Application Environment
• Growing business dependence on IS/IT
• Development of general purpose rather than dedicated
applications
– Build using common toolsets.
– Less variety in structure & design
• Large scale integration of data sets
• Computer to computer transactions
• Autonomous trading systems
9SAC
10. IS in context: Computing Environment
• Growth in the power and availability of technology
• Rapid spread of data communications networks
• Development of powerful databases and search engines
• High degree of component commonality
10SAC
11. IS in context: Socio-economic-legal
• Increasing computer fraud
• Concerns about privacy
• Greater public knowledge of computing
• Rising globalisation of trade
• Introduction of specific laws to control the use of IT
• Public policy v personal preference?
11SAC
12. The scope of this course:
(Business) Computer and Information Systems
The scope of this course:
(Business) Computer and Information Systems
• That is: we’re taking the viewpoint of an organisation and its
management
– Could be government, public sector or NGO
• Issues around consumers or individual citizen rights are not central
to what we cover
• …nor is the role of ‘national security’ in setting the computer
environment
…though these are interesting and important in their own right
12SAC
15. What is security?
“ If we make security trade-offs based on the feeling of security rather than the reality,
we choose security that makes us feel more secure over security that actually
makes us more secure. And that’s what governments, companies, family members,
and everyone else provide. Of course, there are two ways to make people feel more
secure.
1. The first is to make people actually more secure, and hope they notice.
2. The second is to make people feel more secure without making them actually
more secure, and hope they don’t notice.
The key here is whether we notice. The feeling and reality of security tend to
converge when we take notice, and diverge when we don’t. People notice when 1)
there are enough positive and negative examples to draw a conclusion, and 2) there
isn’t too much emotion clouding the issue.
The feeling and the reality of security Schneier 2008
“ If we make security trade-offs based on the feeling of security rather than the reality,
we choose security that makes us feel more secure over security that actually
makes us more secure. And that’s what governments, companies, family members,
and everyone else provide. Of course, there are two ways to make people feel more
secure.
1. The first is to make people actually more secure, and hope they notice.
2. The second is to make people feel more secure without making them actually
more secure, and hope they don’t notice.
The key here is whether we notice. The feeling and reality of security tend to
converge when we take notice, and diverge when we don’t. People notice when 1)
there are enough positive and negative examples to draw a conclusion, and 2) there
isn’t too much emotion clouding the issue.
The feeling and the reality of security Schneier 2008
15SAC
17. Security
• Complex passwords are
secure
• Encryption protects assets
Access
• Complex passwords prevent
access
• Encryption slows things down
17SAC
The security balance
• Technology is not enough
• Controls often conflict with usability and business objectives
Risk
18. The security balance 2
18SAC
Effectiveness
Level of technical security
Too complex
to work
Optimum balance
Too risky
19. What is security?
Information security as…
• Security as an engineering discipline
• Subject to systems thinkingScienceScience
• When things get complicated, it gets to much to plan
• The security manager is left to judge the best way(s)
forward
ArtArt
• People interact with systems: users need to do things
• Behavioural aspects of organisations and change
management
Social
science
Social
science
19SAC
20. What is security?
Example of making a business secure
Schneier’s three steps
to improved security:
1. Enforce liabilities
2. Allow liabilities to be
transferred
3. Outsource security
“Network security is a business
problem, and the only way to fix it
is to concentrate on the business
issues…
I have a three-step program
towards improving computer and
network security. None of the
steps has anything to do with the
technology; they all have to do
with businesses, economics, and
people.”
Liability & Security
in Schneier (2008)
“Network security is a business
problem, and the only way to fix it
is to concentrate on the business
issues…
I have a three-step program
towards improving computer and
network security. None of the
steps has anything to do with the
technology; they all have to do
with businesses, economics, and
people.”
Liability & Security
in Schneier (2008)
20SAC
21. Security in business: Concept map
Business
model
Raval & Fichadia 2007, Ch 1
Control &
Security
Manage-
ment
Structure
Process
Inform-
ation
Is comprised of
Warrant actions for
by
21SAC
23. Information Security Attributes
• Protecting privacyConfidentiality
• Protection from accidental or deliberate
(malicious) modificationIntegrity
• …for legitimate users
• Prevention of DoS attacks etcAvailability
• who are you – supports non-deniabilityAuthentication
• what can you do?Authorization
• Effective auditing and logging is the key to
non-repudiationAuditing
23SAC
24. Business requirements in COBIT
• Relevant and pertinent
• Timely, correct, consistentEffectiveness
• Productive and economicalEfficiency
• No unauthorised disclosureConfidentiality
• Protection from accidental or malicious modification
• Accurate, complete, validIntegrity
• …for legitimate users
• Prevention of DoS attacks etcAvailability
• Appropriate information to support management
decisionsReliability
24SAC
COBIT 4.1
25. Secure Computing
• A computing regime under which
information may be stored and
processed:
– To defined standards of confidentiality, integrity
and availability.
– To an assessable level of assurance
Security is not a commodity
Security is a state of being!
Security is not a commodity
Security is a state of being!
26SAC
28. Governance frameworks
• From the state: Legal
– Privacy Laws
– Property legislation – computers, IPR etc
• Sources of law
– National
– European
– USA
• Standards
– Security Criteria
– Published Standards
29SAC
29. Ethics
• Computing poses a new environment for
ethical consideration
• Who decides the ethical aspects?
– Computer Professionals
– Leaders of Commerce & Industry
– Computer Users
– Citizens
• What happens when different values collide?
30SAC
30. Governance: Privacy
• Holding of data relating to people
• Aggregation of personal data
– Data matching
– Marketing of data
– Universal Identifiers
• Enforcement of fair practice
• Need for a legal context
– Local
– Global
• Interacts with individuals’ expression of their identity online
32SAC
31. Governance: Fraud & Abuse
• Corrupting information
• Damage and disruption
• Threats to the person
• Theft of property and services
• Financial crime
33SAC
32. Managing threats and vulnerabilities
ThreatThreat
Potential
event that can
adversely
affect an
asset
Potential
event that can
adversely
affect an
asset
AttackAttack
A successful
attack
exploits
vulnerabilities
in your
system
A successful
attack
exploits
vulnerabilities
in your
system
RiskRisk
Likelihood
and impact of
that threat
occurring
Likelihood
and impact of
that threat
occurring
35SAC
35. System design principles
• Authorisation
– Rule driven controls
• Least Privilege
– Need to Know principle
• Separation of duty
– No individuals in complete control
• Redundancy
– To allow graceful degradation
38SAC
37. Controls
• Control activities are:
– actions, supported by policies and procedures that,
• when carried out properly and in a timely manner,
–manage or reduce risks.
40SAC
38. Controls
Prevent Controls
• Preventive controls attempt to
deter or prevent undesirable
events from occurring.
• They are proactive controls
that help to prevent a loss.
• Examples of preventive
controls are separation of
duties, proper authorization,
adequate documentation, and
physical control over assets.
Detect Controls
• Detective controls, on the other
hand, attempt to detect
undesirable acts.
• They provide evidence that a
loss has occurred but do not
prevent a loss from occurring.
• Examples of detective controls
are reviews, analyses,
variance analyses,
reconciliations, physical
inventories, and audits.
41SAC
39. Controls
• Both types of controls are essential to an effective internal control
system.
• From a quality standpoint, preventive controls are essential because
they are proactive and emphasize quality.
• However, detective controls play a critical role providing evidence that
the preventive controls are functioning and preventing losses
42SAC