Parakum Pathirana, profile picture
Uploaded byParakum Pathirana
247 views

Security beyond compliance

The document discusses security beyond compliance. It summarizes a presentation about moving past a compliance-focused approach to security. The presentation addresses how the majority of organizations deploy security solutions only to meet compliance requirements. Additionally, most organizations do not feel they are getting full value from their security products due to complexity, time consumption, or lack of expertise. The presentation argues that to improve security, organizations need to focus on increasing expert knowledge, improving user behavior, and advancing their security technology rather than just seeking compliance. It promotes taking a more holistic approach to security beyond just compliance.

Embed presentation

Downloaded 13 times
Security Beyond Compliance http://www.isaca.lk/ info@isaca.lk This work is licensed under a Creative Commons Attribution 3.0 Unported License. Parakum Pathirana president@isaca.lk MSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL
Disclaimer • I’m employed in the #infosec industry, however not authorized to speak on behalf of my employer/ clients • Everything I say can be blamed on the voices in your head
My credentials • 10+ years in #Infosec field • Tutor, consultant/ advisor, auditor, head of InfoSec • Sectors: financial, leisure, manufacturing, advertising, gov, insurance, etc. • Crazy about #cycling, #infosec, #socialmedia • Still learning and not an expert at anything • lk.linkedin.com/pub/parakum-pathirana/2/a52/2a2/
Agenda • The World Today ! • Bangladeshi Central Bank Hack • Problem? • Solution? 
The Compliance myth?
The World Today
The World Today
The World Today
The World Today
Recent high profile breaches
Bangladeshi Central Bank Hack 1. Malware/ spear-phishing 2. Partner Networks 3. Infrastructure
Findings from a survey done in 2008 1. Protecting reputation and brand has become a significant driver for information security. 2. Despite economic pressures, organizations continue to invest in information security. 3. International information security standards are gaining greater acceptance and adoption. 4. Many organizations still struggle to achieve a strategic view of information security. 5. Privacy is now a priority, but actions are falling short. 6. People remain the weakest link for information security. 7. Growing third-party risks are not being addressed. 8. Business continuity is still bound to information technology. 9. Most organizations are unwilling to outsource key information security activities. 10. Few companies hedge information security risks with cyber insurance.
Problem Statement How many have deployed Information Security solutions purely to meet the compliance requirements? - According to a survey carried out at RSA Conference in 2015, • over 61% of attendees admitted that they had • nearly 70% of organizations don't believe they are getting the most from their security products because they think they are either too complicated, too time consuming or they don't believe they have the right expertise
So, what needs to be done? Improve on • Expert Knowledge • User behavior • Technology
“No Compliance for Compliance sake”
Thank you

More Related Content

PDF
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
bySymantec
 
PDF
Symantec Webinar | National Cyber Security Awareness Month - Own IT
bySymantec
 
PDF
NUS-ISS Learning Day 2019- AI and Cybersecurity – Solution or Threat?
byNUS-ISS
 
PPTX
Laserfiche regulatory + technology convergence webinar
byLaserfiche
 
PDF
iboss Security Facts & Figures (Infographic)
byPurdicom
 
PPTX
Any of these folks work with you?
byKevin O'Connor
 
PPTX
Keith Fricke - CISO for an Hour
bycentralohioissa
 
PPTX
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
bycentralohioissa
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
bySymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
bySymantec
 
NUS-ISS Learning Day 2019- AI and Cybersecurity – Solution or Threat?
byNUS-ISS
 
Laserfiche regulatory + technology convergence webinar
byLaserfiche
 
iboss Security Facts & Figures (Infographic)
byPurdicom
 
Any of these folks work with you?
byKevin O'Connor
 
Keith Fricke - CISO for an Hour
bycentralohioissa
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
bycentralohioissa
 

What's hot

PPTX
A6 pragmatic journey into cyber security
byJorge Sebastiao
 
PPT
Strategies for cyber resilience - Everyone has a Role
byKevin Duffey
 
PPTX
Cyber Heroes of tomorrow's world
byKevin Duffey
 
PDF
Yaksas CSC - Vulnerability Assessment & Penetration Testing
byUday Mittal
 
PPT
CEOs leading Recovery from Cyber Attack
byKevin Duffey
 
PDF
Social Media Can Not Be Ignored
byrichard_turner
 
PPTX
Be Angry - why CEOs should join the coalition against cyber crime
byKevin Duffey
 
PPTX
A Smarter, More Secure Internet of Things
byNetIQ
 
PDF
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115
byA Krista Kivisild
 
PDF
IoT vendor questions
byAndrew Tierney
 
PDF
Close the Security Gaps of a Remote Workforce
byjlieberman07
 
PDF
Digital Transformation and Security for the Modern Business Part 1 – Finance
byXenith Document Systems Ltd
 
PDF
Protecting Innovation Through Next Generation Enterprise File Sharing
byIntralinks
 
PPTX
Cyber Recovery - Legal Toolkit
byKevin Duffey
 
PPTX
Accenture High Performance Security Report 2016 For Communications
byaccenture
 
PDF
The July 2017 Cybersecurity Risk Landscape
byCraig McGill
 
PPTX
Ethical Hacking
byAstha Benevolent
 
PDF
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
byNetIQ
 
PDF
Cloud Identity
byNetIQ
 
A6 pragmatic journey into cyber security
byJorge Sebastiao
 
Strategies for cyber resilience - Everyone has a Role
byKevin Duffey
 
Cyber Heroes of tomorrow's world
byKevin Duffey
 
Yaksas CSC - Vulnerability Assessment & Penetration Testing
byUday Mittal
 
CEOs leading Recovery from Cyber Attack
byKevin Duffey
 
Social Media Can Not Be Ignored
byrichard_turner
 
Be Angry - why CEOs should join the coalition against cyber crime
byKevin Duffey
 
A Smarter, More Secure Internet of Things
byNetIQ
 
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115
byA Krista Kivisild
 
IoT vendor questions
byAndrew Tierney
 
Close the Security Gaps of a Remote Workforce
byjlieberman07
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
byXenith Document Systems Ltd
 
Protecting Innovation Through Next Generation Enterprise File Sharing
byIntralinks
 
Cyber Recovery - Legal Toolkit
byKevin Duffey
 
Accenture High Performance Security Report 2016 For Communications
byaccenture
 
The July 2017 Cybersecurity Risk Landscape
byCraig McGill
 
Ethical Hacking
byAstha Benevolent
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
byNetIQ
 
Cloud Identity
byNetIQ
 

Viewers also liked

PDF
Social media & the Financial Sector
byParakum Pathirana
 
PDF
Relatório do conselho da comunidade
bySEDS/MG
 
PPTX
Definisi Kualitas dalam Manajemen
bydaffadaffa
 
PDF
IoT Adoption
byParakum Pathirana
 
PPTX
Gestión y infraestructura de un proyecto seo internacional #seopro 2015
byAlberto Romero Sánchez
 
PPT
Miben nyújt többet a Cisco ASA + FirePOWER Services?
byS&T Consulting Hungary
 
PDF
Információbiztonság: Hálózati hozzáférés szabályozás /Bring Your Own Device/
byS&T Consulting Hungary
 
PPT
Kelompok six sigma
byinapurba
 
PDF
Servicios Thinking People
byThinking People
 
PDF
Нейроморфный чип
bymotivnt
 
PDF
Weight Loss Tips & Articles
byFatBurnerPlus
 
DOCX
Projeto de lei nº
bySEDS/MG
 
PDF
Determination of Thickness of Overburden in Basement Area Using Schlumberger ...
byiosrjce
 
DOCX
Química
byLuis Parmenio Cano Gómez
 
PDF
Adalmiro
byLuis Parmenio Cano Gómez
 
DOCX
Palabras e inquisición y otros relatos
byLuis Parmenio Cano Gómez
 
Social media & the Financial Sector
byParakum Pathirana
 
Relatório do conselho da comunidade
bySEDS/MG
 
Definisi Kualitas dalam Manajemen
bydaffadaffa
 
IoT Adoption
byParakum Pathirana
 
Gestión y infraestructura de un proyecto seo internacional #seopro 2015
byAlberto Romero Sánchez
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
byS&T Consulting Hungary
 
Információbiztonság: Hálózati hozzáférés szabályozás /Bring Your Own Device/
byS&T Consulting Hungary
 
Kelompok six sigma
byinapurba
 
Servicios Thinking People
byThinking People
 
Нейроморфный чип
bymotivnt
 
Weight Loss Tips & Articles
byFatBurnerPlus
 
Projeto de lei nº
bySEDS/MG
 
Determination of Thickness of Overburden in Basement Area Using Schlumberger ...
byiosrjce
 
Química
byLuis Parmenio Cano Gómez
 
Adalmiro
byLuis Parmenio Cano Gómez
 
Palabras e inquisición y otros relatos
byLuis Parmenio Cano Gómez
 

Similar to Security beyond compliance

PDF
Information Security It's All About Compliance
byDinesh O Bareja
 
PDF
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
byNeil Curran MSc CISSP CRISC CGEIT CISM CISA
 
PPTX
Build and Information Security Strategy
byInfo-Tech Research Group
 
PDF
Privacy, Compliance & Ethics- What Businesses Need to Know.pdf
byCybernetic Global Intelligence
 
PDF
Security and ethical challenges
byProf. Dr. K. Adisesha
 
PPTX
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
PPTX
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
PPTX
Build an Information Security Strategy
byAndrew Byers
 
PDF
Its not ITs problem
byShiva Bissessar
 
PDF
Emerging Trends in Information Privacy and Security
byJessica Santamaria
 
PDF
Enterprise Information Systems Security: A Case Study in the Banking Sector
byCONFENIS 2012
 
PDF
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
PDF
Sask 3.0 Summit Pci dss presentation Bashir Fancy
bySaskSummit
 
PDF
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
byMartin M
 
PPT
Cyber Security 2016 Cade Zvavanjanja1
byCade Zvavanjanja
 
PDF
Streamline Compliance and Increase ROI White Paper
byNetIQ
 
PPTX
2013 Data Protection Maturity Trends: How Do You Compare?
byLumension
 
PPTX
Information security trends and concerns
byJohn Napier
 
PDF
Mzumla_Dome_2015
byMohammed Zumla
 
PDF
Emerging Trends in Information Privacy and Security
byJessica Santamaria
 
Information Security It's All About Compliance
byDinesh O Bareja
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
byNeil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Build and Information Security Strategy
byInfo-Tech Research Group
 
Privacy, Compliance & Ethics- What Businesses Need to Know.pdf
byCybernetic Global Intelligence
 
Security and ethical challenges
byProf. Dr. K. Adisesha
 
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
Build an Information Security Strategy
byAndrew Byers
 
Its not ITs problem
byShiva Bissessar
 
Emerging Trends in Information Privacy and Security
byJessica Santamaria
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
byCONFENIS 2012
 
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
bySaskSummit
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
byMartin M
 
Cyber Security 2016 Cade Zvavanjanja1
byCade Zvavanjanja
 
Streamline Compliance and Increase ROI White Paper
byNetIQ
 
2013 Data Protection Maturity Trends: How Do You Compare?
byLumension
 
Information security trends and concerns
byJohn Napier
 
Mzumla_Dome_2015
byMohammed Zumla
 
Emerging Trends in Information Privacy and Security
byJessica Santamaria
 

More from Parakum Pathirana

PPT
Social media and Security risks
byParakum Pathirana
 
PDF
Social Media Governance
byParakum Pathirana
 
PDF
Software Standards
byParakum Pathirana
 
PPT
Why your digital reputation matters?
byParakum Pathirana
 
PDF
Disruptive Technologies
byParakum Pathirana
 
PDF
Social Media Adoption among the Banking Sector in Sri Lanka: Paper presented ...
byParakum Pathirana
 
PPT
Cyber Threat Landscape - A Local Perspective
byParakum Pathirana
 
PDF
Unplug Yourself
byParakum Pathirana
 
PPT
digital tattoo
byParakum Pathirana
 
Social media and Security risks
byParakum Pathirana
 
Social Media Governance
byParakum Pathirana
 
Software Standards
byParakum Pathirana
 
Why your digital reputation matters?
byParakum Pathirana
 
Disruptive Technologies
byParakum Pathirana
 
Social Media Adoption among the Banking Sector in Sri Lanka: Paper presented ...
byParakum Pathirana
 
Cyber Threat Landscape - A Local Perspective
byParakum Pathirana
 
Unplug Yourself
byParakum Pathirana
 
digital tattoo
byParakum Pathirana
 

Recently uploaded

PDF
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
PPTX
Social_Media_Good_or_Bad_B2Plus_Lesson.pptx
byJuliaRutkowska4
 
PDF
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
PPTX
Creating content that converts into leads.
bySEONutri
 
PDF
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
PDF
automobili.pdf panini album slicice ......
byStefanFilipovic9
 
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
Social_Media_Good_or_Bad_B2Plus_Lesson.pptx
byJuliaRutkowska4
 
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
Creating content that converts into leads.
bySEONutri
 
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
automobili.pdf panini album slicice ......
byStefanFilipovic9
 

Security beyond compliance

  • 1.
    Security Beyond Compliance http://www.isaca.lk/info@isaca.lk This work is licensed under a Creative Commons Attribution 3.0 Unported License. Parakum Pathirana president@isaca.lk MSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL
  • 2.
    Disclaimer • I’m employedin the #infosec industry, however not authorized to speak on behalf of my employer/ clients • Everything I say can be blamed on the voices in your head
  • 3.
    My credentials • 10+years in #Infosec field • Tutor, consultant/ advisor, auditor, head of InfoSec • Sectors: financial, leisure, manufacturing, advertising, gov, insurance, etc. • Crazy about #cycling, #infosec, #socialmedia • Still learning and not an expert at anything • lk.linkedin.com/pub/parakum-pathirana/2/a52/2a2/
  • 4.
    Agenda • The WorldToday ! • Bangladeshi Central Bank Hack • Problem? • Solution? 
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
    Bangladeshi Central BankHack 1. Malware/ spear-phishing 2. Partner Networks 3. Infrastructure
  • 12.
    Findings from asurvey done in 2008 1. Protecting reputation and brand has become a significant driver for information security. 2. Despite economic pressures, organizations continue to invest in information security. 3. International information security standards are gaining greater acceptance and adoption. 4. Many organizations still struggle to achieve a strategic view of information security. 5. Privacy is now a priority, but actions are falling short. 6. People remain the weakest link for information security. 7. Growing third-party risks are not being addressed. 8. Business continuity is still bound to information technology. 9. Most organizations are unwilling to outsource key information security activities. 10. Few companies hedge information security risks with cyber insurance.
  • 13.
    Problem Statement How manyhave deployed Information Security solutions purely to meet the compliance requirements? - According to a survey carried out at RSA Conference in 2015, • over 61% of attendees admitted that they had • nearly 70% of organizations don't believe they are getting the most from their security products because they think they are either too complicated, too time consuming or they don't believe they have the right expertise
  • 14.
    So, what needsto be done? Improve on • Expert Knowledge • User behavior • Technology
  • 15.
    “No Compliance forCompliance sake”
  • 16.