SlideShare a Scribd company logo

Sensible defence

Download as PPT, PDF
Koen Maris
Koen Maris

The document discusses sensible defense strategies for cybersecurity. It outlines how to ensure the CIA triad of confidentiality, integrity and availability through prevention, detection and response techniques. It also discusses risk management best practices such as identifying threats, assessing impact and frequency, and conducting quantitative and qualitative risk analyses. Finally, it advocates for a balanced, common sense approach to security that considers economic incentives, legal compliance, user awareness, technology tradeoffs and security as an ongoing process of managing tradeoffs.

TechnologyBusiness
1 of 16
Conostix S.A. koen@conostix.com Sensible defence
Conostix S.A. koen@conostix.com • CIA and prevention/dectection/response • Risk management and its pitfalls • Economic incentives • Liability/regulation/compliance • Due care and due dilligence • Technology • Awareness • Conclusion Introduction
Conostix S.A. koen@conostix.com • To ensure the CIA triad we use: • Detection • Prevention • Response How security works
Conostix S.A. koen@conostix.com • Identification Identify the actual threat • Impact factor The possible consequences of an attack • Frequency The probable frequency of the occurrence of a threat • Probability The extent of how confident we are a threat will happen Today’s risk management Identification of a threat
Conostix S.A. koen@conostix.com • Identification of the current risks • The cost/benefit justification of the countermeasures • Influences the decision making process on hardware, etc • Focus on security resources where they are needed most Today’s risk management Risk analysis goals
Conostix S.A. koen@conostix.com • Threat • Asset • Vulnerability • Safeguard • Asset value (AV) • Exposure factor (EF), value in percentage • Single loss expectancy (SLE), dollar figure (EFxAV) • Annualized rate of occurrence • Annualized loss expectancy (ALE= SLExARO) Today’s risk management Risk analysis – key terms
Conostix S.A. koen@conostix.com • Aims to assign tangible values • Relies on qualitative data • Process • Estimate potential losses to the assets • Analyze potential threats to the assets • Define impact and frequency levels • Define the ALE Today’s risk management Risk analysis – Quantitative
Conostix S.A. koen@conostix.com • Scenario oriented approach • Rank threats on a scale to evaluate their risks, costs and outcome • In contrast to quantitative analysis a purely qualitative analysis is always possible • High guess rating Today’s risk management Risk analysis – Qualitative
Conostix S.A. koen@conostix.com • Misunderstanding between risk and certainty • A risk is the anticipated frequency of losses • Certainties are occurring with high frequency • Reliance on probability, impact and frequency • The unknown, controls the probability, frequency and the impact of a future incident. Today’s risk management Pitfalls
Conostix S.A. koen@conostix.com • Benefits vs costs • Economic pressure Sensible defence Economic incentives
Conostix S.A. koen@conostix.com • Laws push standards • Liability creates awareness • Regulatory bodies motivate Sensible defence Liability, regulation, compliance
Conostix S.A. koen@conostix.com • Due care is using reasonable care to protect the interests of an organization • Due diligence is practicing the activities to maintain the due care efforts. • Common sense security framework Sensible defence Due care and due diligence
Conostix S.A. koen@conostix.com • Functionality vs security • User friendly does not mean insecure • Ease-of-Use + Common Sense = Security • Privacy vs security • Sacrifice privacy for security? • Should security protect privacy or ignore it to enhance security? Sensible defence Technology
Conostix S.A. koen@conostix.com • Human intelligence most important • Reduce risk without technology • Limit damage in case of an incident • Give users insight in values of company assets and the usage of information systems Sensible defence Awareness
Conostix S.A. koen@conostix.com • Sensible defence is balanced security • Balance cost vs economic gain • Balance liberty vs privacy • Balance functionality vs security • Liability, legislation and regulation Sensible defence security is a trade-off
Conostix S.A. koen@conostix.com Q & A Thanks to: My colleagues Donn Parker Bruce Schneier Rebecca Herolds Sensible defence Questions?

Recommended

Michigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management pptMichigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management ppt
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
Donald Tabone
 
Risk managment
Risk managmentRisk managment
Risk managment
sapna moodautia
 
Risk avoidance
Risk avoidanceRisk avoidance
Risk avoidance
sapna moodautia
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
 
Risk evaluation
Risk evaluationRisk evaluation
Risk evaluation
sapna moodautia
 
DEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTERDEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTERChristopher Nanchengwa
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber Response
Gareth Niblett
 

Recommended

Michigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management pptMichigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management ppt
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
Donald Tabone
 
Risk managment
Risk managmentRisk managment
Risk managment
sapna moodautia
 
Risk avoidance
Risk avoidanceRisk avoidance
Risk avoidance
sapna moodautia
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
 
Risk evaluation
Risk evaluationRisk evaluation
Risk evaluation
sapna moodautia
 
DEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTERDEVELOPING AN ICT RISK REGISTER
DEVELOPING AN ICT RISK REGISTERChristopher Nanchengwa
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber Response
Gareth Niblett
 
Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaAtlantic Training, LLC.
 
Introduction to Risk Management Fundamentals
Introduction to Risk Management FundamentalsIntroduction to Risk Management Fundamentals
Introduction to Risk Management Fundamentals
Toño Herrera
 
Risk identification
Risk identificationRisk identification
Risk identification
sapna moodautia
 
Risk Management
Risk ManagementRisk Management
Risk Management
M.T.H Group
 
Benefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsBenefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsDr Ghaiath Hussein
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs
Richard Smiraldi
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
Srinivasan Vanamali
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Communicating cybersecurity
Communicating cybersecurityCommunicating cybersecurity
Communicating cybersecurity
Jisc
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Phil Huggins FBCS CITP
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
Phil Huggins FBCS CITP
 
Risk-benefit analysis
Risk-benefit analysisRisk-benefit analysis
Risk-benefit analysis
SKS
 
What cybersecurity risk management entails
What cybersecurity risk management entailsWhat cybersecurity risk management entails
What cybersecurity risk management entails
Cyberhunter Cyber Security
 
Risk benefit analysis
Risk benefit analysisRisk benefit analysis
Risk benefit analysisMonica Vasile
 
Unified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of AntwerpUnified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of Antwerp
FPC Risk
 
Risk Management Plan Example
Risk Management Plan ExampleRisk Management Plan Example
Risk Management Plan Example
THE HANG SENG UNIVERSITY OF HONG KONG
 
Port of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency managementPort of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency management
FPC Risk
 
Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?
FPC Risk
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
Michael Lines
 
Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security Risk
Phil Huggins FBCS CITP
 
Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
Positive Power Sp. z o.o
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
Koen Maris
 

More Related Content

What's hot

Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaAtlantic Training, LLC.
 
Introduction to Risk Management Fundamentals
Introduction to Risk Management FundamentalsIntroduction to Risk Management Fundamentals
Introduction to Risk Management Fundamentals
Toño Herrera
 
Risk identification
Risk identificationRisk identification
Risk identification
sapna moodautia
 
Risk Management
Risk ManagementRisk Management
Risk Management
M.T.H Group
 
Benefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsBenefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsDr Ghaiath Hussein
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs
Richard Smiraldi
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
Srinivasan Vanamali
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Communicating cybersecurity
Communicating cybersecurityCommunicating cybersecurity
Communicating cybersecurity
Jisc
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Phil Huggins FBCS CITP
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
Phil Huggins FBCS CITP
 
Risk-benefit analysis
Risk-benefit analysisRisk-benefit analysis
Risk-benefit analysis
SKS
 
What cybersecurity risk management entails
What cybersecurity risk management entailsWhat cybersecurity risk management entails
What cybersecurity risk management entails
Cyberhunter Cyber Security
 
Risk benefit analysis
Risk benefit analysisRisk benefit analysis
Risk benefit analysisMonica Vasile
 
Unified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of AntwerpUnified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of Antwerp
FPC Risk
 
Risk Management Plan Example
Risk Management Plan ExampleRisk Management Plan Example
Risk Management Plan Example
THE HANG SENG UNIVERSITY OF HONG KONG
 
Port of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency managementPort of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency management
FPC Risk
 
Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?
FPC Risk
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
Michael Lines
 
Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security Risk
Phil Huggins FBCS CITP
 

What's hot (20)

Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of Alexandria
 
Introduction to Risk Management Fundamentals
Introduction to Risk Management FundamentalsIntroduction to Risk Management Fundamentals
Introduction to Risk Management Fundamentals
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Benefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human ParticpantsBenefits & Risks in Research Involving Human Particpants
Benefits & Risks in Research Involving Human Particpants
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Communicating cybersecurity
Communicating cybersecurityCommunicating cybersecurity
Communicating cybersecurity
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
 
Risk-benefit analysis
Risk-benefit analysisRisk-benefit analysis
Risk-benefit analysis
 
What cybersecurity risk management entails
What cybersecurity risk management entailsWhat cybersecurity risk management entails
What cybersecurity risk management entails
 
Risk benefit analysis
Risk benefit analysisRisk benefit analysis
Risk benefit analysis
 
Unified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of AntwerpUnified Emergency Management in the port of Antwerp
Unified Emergency Management in the port of Antwerp
 
Risk Management Plan Example
Risk Management Plan ExampleRisk Management Plan Example
Risk Management Plan Example
 
Port of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency managementPort of antwerp case study: collaborative crisis and emergency management
Port of antwerp case study: collaborative crisis and emergency management
 
Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?Is my organisation ready for the unexpected?
Is my organisation ready for the unexpected?
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security Risk
 

Viewers also liked

Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
Positive Power Sp. z o.o
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
Koen Maris
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Justeat India
 
Company Presentation
Company PresentationCompany Presentation
Company Presentation
Positive Power Sp. z o.o
 
โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
Positive Power Sp. z o.o
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếpsteppe91
 
Advertising Presentation
Advertising PresentationAdvertising Presentation
Advertising Presentation
ramsharma9696
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
shreem industries
 
Gray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 pptGray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 pptGray Stone Advisors
 

Viewers also liked (20)

Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
 
RWD: przyszłością m.commerce?
RWD: przyszłością m.commerce?RWD: przyszłością m.commerce?
RWD: przyszłością m.commerce?
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
 
Css
CssCss
Css
 
Lks pengukuran
Lks pengukuranLks pengukuran
Lks pengukuran
 
Company Presentation
Company PresentationCompany Presentation
Company Presentation
 
โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4
 
About schroeder
About schroederAbout schroeder
About schroeder
 
ปก
ปกปก
ปก
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếp
 
Advertising Presentation
Advertising PresentationAdvertising Presentation
Advertising Presentation
 
The human factor
The human factorThe human factor
The human factor
 
The human factor
The human factorThe human factor
The human factor
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
 
Gray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 pptGray Stone Advisors NBAA Leadership 2012 ppt
Gray Stone Advisors NBAA Leadership 2012 ppt
 
Rafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesuRafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesu
 
Rafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWDRafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWD
 
บทที่ 5
บทที่ 5บทที่ 5
บทที่ 5
 

Similar to Sensible defence

Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
MarcoTechnologies
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That Matter
Ed Bellis
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
TruShield Security Solutions
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
Chinatu Uzuegbu
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
Kabul Education University
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyKomal Zahra
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?
Jisc
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptx
AshuPatel64
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdf
AshuPatel64
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
Manish Kumar
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
A. V. Rajabahadur
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)
Alex Yates
 
Seccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Seccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyySeccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Seccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
chaudhryzunair4
 

Similar to Sensible defence (20)

Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That Matter
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptx
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdf
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)
 
Seccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Seccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyySeccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Seccurity_Risk_Management.pptyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
 

Recently uploaded

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 

Recently uploaded (20)

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 

Sensible defence

  • 2. Conostix S.A. koen@conostix.com • CIA and prevention/dectection/response • Risk management and its pitfalls • Economic incentives • Liability/regulation/compliance • Due care and due dilligence • Technology • Awareness • Conclusion Introduction
  • 3. Conostix S.A. koen@conostix.com • To ensure the CIA triad we use: • Detection • Prevention • Response How security works
  • 4. Conostix S.A. koen@conostix.com • Identification Identify the actual threat • Impact factor The possible consequences of an attack • Frequency The probable frequency of the occurrence of a threat • Probability The extent of how confident we are a threat will happen Today’s risk management Identification of a threat
  • 5. Conostix S.A. koen@conostix.com • Identification of the current risks • The cost/benefit justification of the countermeasures • Influences the decision making process on hardware, etc • Focus on security resources where they are needed most Today’s risk management Risk analysis goals
  • 6. Conostix S.A. koen@conostix.com • Threat • Asset • Vulnerability • Safeguard • Asset value (AV) • Exposure factor (EF), value in percentage • Single loss expectancy (SLE), dollar figure (EFxAV) • Annualized rate of occurrence • Annualized loss expectancy (ALE= SLExARO) Today’s risk management Risk analysis – key terms
  • 7. Conostix S.A. koen@conostix.com • Aims to assign tangible values • Relies on qualitative data • Process • Estimate potential losses to the assets • Analyze potential threats to the assets • Define impact and frequency levels • Define the ALE Today’s risk management Risk analysis – Quantitative
  • 8. Conostix S.A. koen@conostix.com • Scenario oriented approach • Rank threats on a scale to evaluate their risks, costs and outcome • In contrast to quantitative analysis a purely qualitative analysis is always possible • High guess rating Today’s risk management Risk analysis – Qualitative
  • 9. Conostix S.A. koen@conostix.com • Misunderstanding between risk and certainty • A risk is the anticipated frequency of losses • Certainties are occurring with high frequency • Reliance on probability, impact and frequency • The unknown, controls the probability, frequency and the impact of a future incident. Today’s risk management Pitfalls
  • 10. Conostix S.A. koen@conostix.com • Benefits vs costs • Economic pressure Sensible defence Economic incentives
  • 11. Conostix S.A. koen@conostix.com • Laws push standards • Liability creates awareness • Regulatory bodies motivate Sensible defence Liability, regulation, compliance
  • 12. Conostix S.A. koen@conostix.com • Due care is using reasonable care to protect the interests of an organization • Due diligence is practicing the activities to maintain the due care efforts. • Common sense security framework Sensible defence Due care and due diligence
  • 13. Conostix S.A. koen@conostix.com • Functionality vs security • User friendly does not mean insecure • Ease-of-Use + Common Sense = Security • Privacy vs security • Sacrifice privacy for security? • Should security protect privacy or ignore it to enhance security? Sensible defence Technology
  • 14. Conostix S.A. koen@conostix.com • Human intelligence most important • Reduce risk without technology • Limit damage in case of an incident • Give users insight in values of company assets and the usage of information systems Sensible defence Awareness
  • 15. Conostix S.A. koen@conostix.com • Sensible defence is balanced security • Balance cost vs economic gain • Balance liberty vs privacy • Balance functionality vs security • Liability, legislation and regulation Sensible defence security is a trade-off
  • 16. Conostix S.A. koen@conostix.com Q & A Thanks to: My colleagues Donn Parker Bruce Schneier Rebecca Herolds Sensible defence Questions?