1. Security Beyond Compliance
http://www.isaca.lk/ info@isaca.lk
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Parakum Pathirana
president@isaca.lk
MSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL
2. Disclaimer
• I’m employed in the #infosec industry, however not
authorized to speak on behalf of my employer/
clients
• Everything I say can be blamed on the voices in
your head
3. My credentials
• 10+ years in #Infosec field
• Tutor, consultant/ advisor, auditor, head of InfoSec
• Sectors: financial, leisure, manufacturing,
advertising, gov, insurance, etc.
• Crazy about #cycling, #infosec, #socialmedia
• Still learning and not an expert at anything
• lk.linkedin.com/pub/parakum-pathirana/2/a52/2a2/
4. Agenda
• The World Today !
• Bangladeshi Central Bank Hack
• Problem?
• Solution?
12. Findings from a survey done in 2008
1. Protecting reputation and brand has become a significant driver for information
security.
2. Despite economic pressures, organizations continue to invest in information
security.
3. International information security standards are gaining greater acceptance and
adoption.
4. Many organizations still struggle to achieve a strategic view of information security.
5. Privacy is now a priority, but actions are falling short.
6. People remain the weakest link for information security.
7. Growing third-party risks are not being addressed.
8. Business continuity is still bound to information technology.
9. Most organizations are unwilling to outsource key information security activities.
10. Few companies hedge information security risks with cyber insurance.
13. Problem Statement
How many have deployed Information Security
solutions purely to meet the compliance
requirements? - According to a survey carried out at
RSA Conference in 2015,
• over 61% of attendees admitted that they had
• nearly 70% of organizations don't believe they are getting the
most from their security products because they think they are
either too complicated, too time consuming or they don't
believe they have the right expertise
14. So, what needs to be done?
Improve on
• Expert Knowledge
• User behavior
• Technology