Marc Vael, profile picture
Uploaded byMarc Vael
401 views

Valuendo cyberwar and security (jan 2012) handout

This document discusses cybersecurity threats and lessons learned regarding cyber attacks. It outlines various types of cyber threats including criminals, malware, and state-sponsored attacks. It notes that cyber attacks are difficult to execute but governments have the resources to conduct attacks. The document emphasizes that cyber attacks are a real danger and targets are often unprepared. It provides strategies for mitigating cyber attacks, including governance, policies, education, resources, and incident management. Overall, the document stresses that while technology is important, training people is also critical for cybersecurity.

Embed presentation

Downloaded 22 times
How vulnerable are you to cyber attack?
Cybersecurity threats • Cyber-criminals • Malware • Phishers • Spammers • Negligent staff • Hackers • Unethical employees misusing/misconfiguring security functions • Unauthorized access, modification, disclosure of information • Nations attacking critical information infrastructures • Technical advances that can render encryption algorithms obsolete
Lessons learned so far Cyberattacks are DIFFICULT to execute.
Lessons learned so far Governments do have the resources/skills to conduct cyberattacks.
Cyberwarfare is "the fifth domain of warfare“
“Cyberspace is a new domain in warfare which has become just as critical to military operations as land, sea, air and space.”
“Actions to penetrate computers or networks for the purposes of causing damage or disruption.”
Information warfare is “using & managing IT in the pursuit of a competitive advantage over an opponent“
Lessons learned so far Cyberattacks are a real, clear and present danger to organisations & government agencies.
“It’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries. I have never heard that the grid itself has been hacked.” Howardt Schmidt, Cyber-Security Coordinator of the US
Lessons learned so far Targeted organizations are unprepared.
Lessons learned so far Security professionals are at risk.
Risk always exists! (whether or not it is detected / recognised by the organisation).
Impact of an attack on the business
Cyberattack mitigating strategies Corporate governance : ERM = COSO Support from Board of Directors & Executive Management
Cyberattack mitigating strategies Managing risks appropriately
Cyberattack mitigating strategies Policies & Standards
Cyberattack mitigating strategies Project Management
Cyberattack mitigating strategies Supply Chain Management
Cyberattack mitigating strategies EDUCATION!
Cyberattack mitigating strategies Providing proper funding
Cyberattack mitigating strategies Providing proper resources
Cyberattack mitigating strategies Measuring performance
Cyberattack mitigating strategies Review / Audit
Cyberattack mitigating strategies Incident/Crisis Management
Governance Objectives Business Objectives PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness PO4 Define the IT processes, organisation and • Efficiency relationships • Confidentiality • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risks ME1 Monitor & evaluate IT performance PO10 Manage projects ME2 Monitor & evaluate internal control IT RESOURCES ME3 Ensure compliance with external • Applications requirements • Information ME4 Provide IT governance • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE & DS1 Define & manage service levels IMPLEMENT DS2 Manage third-party services DS3 Manage performance & capacity DS4 Ensure continuous service DS5 Ensure systems security AI1 Identify automated solutions DS6 Identify & allocate costs DELIVER & AI2 Acquire & maintain application software DS7 Educate & train users AI3 Acquire & maintain IT infrastructure DS8 Manage service desk and incidents SUPPORT AI4 Enable operation and use DS9 Manage the configuration AI5 Procure IT resources DS10 Manage problems AI6 Manage changes DS11 Manage data DS12 Manage the physical environment AI7 Install & accredit solutions and changes DS13 Manage operations
Information Security Management
“I don’t care how many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
Contact information Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2 Director Knowledge Board ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/security marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael

More Related Content

PDF
Information Security It's All About Compliance
byDinesh O Bareja
 
PDF
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
byWork-Bench
 
PDF
Information Security Management Education Program - Concept Document
byDinesh O Bareja
 
PPTX
Attacking the cloud with social engineering
byPeter Wood
 
PPTX
Cloud Security: A Business-Centric Approach in 12 Steps
byOmar Khawaja
 
PPTX
IT compliance
byPhan Vuong
 
PDF
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
byBen Rothke
 
PDF
Incident Response Requires Superhumans
byDinesh O Bareja
 
Information Security It's All About Compliance
byDinesh O Bareja
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
byWork-Bench
 
Information Security Management Education Program - Concept Document
byDinesh O Bareja
 
Attacking the cloud with social engineering
byPeter Wood
 
Cloud Security: A Business-Centric Approach in 12 Steps
byOmar Khawaja
 
IT compliance
byPhan Vuong
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
byBen Rothke
 
Incident Response Requires Superhumans
byDinesh O Bareja
 

What's hot

PDF
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
byIGN MANTRA
 
PDF
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017
byIGN MANTRA
 
PPTX
Smarter Security - A Practical Guide to Doing More with Less
byOmar Khawaja
 
PPTX
General Version 8 Jul 09
bytverbeck
 
PPT
Information Security Management. Security solutions copy
byyuliana_mar
 
PDF
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
byShiva Bissessar
 
PPTX
CSO Magazine Confab 2013 Atlanta - Cyber Security
byPhil Agcaoili
 
PDF
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
byDinesh O Bareja
 
PPTX
DocomUSA Cyber Security
bydocomusa
 
PPSX
CertainSafe MicroTokenization Technology Detailed Overview
bySteven Russo
 
PDF
Steganography - Muheeb Ghallab
byFahmi Albaheth
 
PDF
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
byIBM Security
 
PDF
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
byDinesh O Bareja
 
PPTX
Vulnerability Intelligence - Standing Still in a world full of change
byEoin Keary
 
PDF
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
byKyle Lai
 
PDF
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
byIGN MANTRA
 
PDF
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
byAPNIC
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
byIGN MANTRA
 
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017
byIGN MANTRA
 
Smarter Security - A Practical Guide to Doing More with Less
byOmar Khawaja
 
General Version 8 Jul 09
bytverbeck
 
Information Security Management. Security solutions copy
byyuliana_mar
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
byShiva Bissessar
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
byPhil Agcaoili
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
byDinesh O Bareja
 
DocomUSA Cyber Security
bydocomusa
 
CertainSafe MicroTokenization Technology Detailed Overview
bySteven Russo
 
Steganography - Muheeb Ghallab
byFahmi Albaheth
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
byIBM Security
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
byDinesh O Bareja
 
Vulnerability Intelligence - Standing Still in a world full of change
byEoin Keary
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
byKyle Lai
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
byIGN MANTRA
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
byAPNIC
 

Viewers also liked

PPT
Network-Based Intrusion Detection System
byjohnb0118
 
PPTX
Industrial Training - Network Intrusion Detection System Using Snort
byDisha Bedi
 
ODP
Hit by a Cyberattack: lesson learned
byB.A.
 
PPT
Phishing
byoitaoming
 
PPT
I P S P O O F I N G
byavinashkanchan
 
PPTX
Phishing ppt
bySanjay Kumar
 
PPTX
Spoofing Techniques
byRaza_Abidi
 
PDF
Cybercrime And Computer Misuse Cases
byAshesh R
 
PPT
Phishing
byAlka Falwaria
 
PPT
Psychrometrics
byWAVELINK MARITIME INSTITUTE PTE LTD
 
PPTX
Firewall presentation
byyogendrasinghchahar
 
PPT
Wireshark Basics
byYoram Orzach
 
PPT
FireWall
byrubal_9
 
PPTX
PSYCHROMETRY
byPrabhav Joshi
 
PDF
Phishing exposed
bytamfin
 
PPTX
Cyber law
byArnab Roy Chowdhury
 
PPTX
Firewall presentation
byAmandeep Kaur
 
PPT
Introduction to Cyber Law
byn|u - The Open Security Community
 
PPTX
Cybercrime.ppt
byAeman Khan
 
Network-Based Intrusion Detection System
byjohnb0118
 
Industrial Training - Network Intrusion Detection System Using Snort
byDisha Bedi
 
Hit by a Cyberattack: lesson learned
byB.A.
 
Phishing
byoitaoming
 
I P S P O O F I N G
byavinashkanchan
 
Phishing ppt
bySanjay Kumar
 
Spoofing Techniques
byRaza_Abidi
 
Cybercrime And Computer Misuse Cases
byAshesh R
 
Phishing
byAlka Falwaria
 
Psychrometrics
byWAVELINK MARITIME INSTITUTE PTE LTD
 
Firewall presentation
byyogendrasinghchahar
 
Wireshark Basics
byYoram Orzach
 
FireWall
byrubal_9
 
PSYCHROMETRY
byPrabhav Joshi
 
Phishing exposed
bytamfin
 
Cyber law
byArnab Roy Chowdhury
 
Firewall presentation
byAmandeep Kaur
 
Introduction to Cyber Law
byn|u - The Open Security Community
 
Cybercrime.ppt
byAeman Khan
 

Similar to Valuendo cyberwar and security (jan 2012) handout

PDF
Valuendo cyberwar and security (okt 2011) handout
byMarc Vael
 
PDF
E-Mail Compliance Frameworks in the Real World
byChris Byrne
 
PPTX
Tatakelola Teknologi Informasi
byCahyo Darujati
 
PPTX
SUIT Showdown 2010
bypranalilad
 
PDF
Cobit as IT Management Best Practice Framework
byjg20001234
 
PPTX
Net@Work Client Presentation with Security
byRay Glass
 
PDF
Presentation Infra And Cobit
bycleenknecht
 
PDF
IT consultancy presentation
byHK IT solutions... unlimited...
 
PDF
Cobit 4.1 Highlights
bygeoffharmer
 
PPTX
Indranil Guha - It transformation challenges & choices...
byGlobal Business Events
 
PDF
Security Awareness Training
byDaniel P Wallace
 
PDF
Day 3 p3 - xs and ec
byLilian Schaffer
 
PDF
Day 3 p3 - xs and ec
byLilian Schaffer
 
PPTX
Tech trends
byEd Smith
 
PDF
Information Governance
byVicky Makhija
 
PDF
SYMCAnnual
byfinance40
 
PPT
Joburg cobit assurance
byAldee2013
 
PDF
IT governance by Erik Guldentops
byCONFENIS 2012
 
PPTX
Lesson 1- Introduction to System Administration 2.pptx
byallisonrwamba
 
PPTX
Frameworks For Predictability
bytlknecht
 
Valuendo cyberwar and security (okt 2011) handout
byMarc Vael
 
E-Mail Compliance Frameworks in the Real World
byChris Byrne
 
Tatakelola Teknologi Informasi
byCahyo Darujati
 
SUIT Showdown 2010
bypranalilad
 
Cobit as IT Management Best Practice Framework
byjg20001234
 
Net@Work Client Presentation with Security
byRay Glass
 
Presentation Infra And Cobit
bycleenknecht
 
IT consultancy presentation
byHK IT solutions... unlimited...
 
Cobit 4.1 Highlights
bygeoffharmer
 
Indranil Guha - It transformation challenges & choices...
byGlobal Business Events
 
Security Awareness Training
byDaniel P Wallace
 
Day 3 p3 - xs and ec
byLilian Schaffer
 
Day 3 p3 - xs and ec
byLilian Schaffer
 
Tech trends
byEd Smith
 
Information Governance
byVicky Makhija
 
SYMCAnnual
byfinance40
 
Joburg cobit assurance
byAldee2013
 
IT governance by Erik Guldentops
byCONFENIS 2012
 
Lesson 1- Introduction to System Administration 2.pptx
byallisonrwamba
 
Frameworks For Predictability
bytlknecht
 

More from Marc Vael

PDF
How secure are chat and webconf tools
byMarc Vael
 
PDF
my experience as ciso
byMarc Vael
 
PDF
Advantages of privacy by design in IoE
byMarc Vael
 
PDF
Cybersecurity governance existing frameworks (nov 2015)
byMarc Vael
 
PDF
Cybersecurity nexus vision
byMarc Vael
 
PDF
ISACA Reporting relevant IT risks to stakeholders
byMarc Vael
 
PDF
Cloud security lessons learned and audit
byMarc Vael
 
PDF
Value-added it auditing
byMarc Vael
 
PDF
ISACA Internet of Things open forum presentation
byMarc Vael
 
PDF
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
byMarc Vael
 
PDF
The value of big data analytics
byMarc Vael
 
PDF
Social media risks and controls
byMarc Vael
 
PDF
The view of auditor on cybercrime
byMarc Vael
 
PDF
ISACA Mobile Payments Forum presentation
byMarc Vael
 
PDF
Belgian Data Protection Commission's new audit programme
byMarc Vael
 
PDF
ISACA Cloud Computing Risks
byMarc Vael
 
PDF
Information security awareness (sept 2012) bis handout
byMarc Vael
 
PPTX
ISACA smart security for smart devices
byMarc Vael
 
PPTX
Securing big data (july 2012)
byMarc Vael
 
PDF
How to handle multilayered IT security today
byMarc Vael
 
How secure are chat and webconf tools
byMarc Vael
 
my experience as ciso
byMarc Vael
 
Advantages of privacy by design in IoE
byMarc Vael
 
Cybersecurity governance existing frameworks (nov 2015)
byMarc Vael
 
Cybersecurity nexus vision
byMarc Vael
 
ISACA Reporting relevant IT risks to stakeholders
byMarc Vael
 
Cloud security lessons learned and audit
byMarc Vael
 
Value-added it auditing
byMarc Vael
 
ISACA Internet of Things open forum presentation
byMarc Vael
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
byMarc Vael
 
The value of big data analytics
byMarc Vael
 
Social media risks and controls
byMarc Vael
 
The view of auditor on cybercrime
byMarc Vael
 
ISACA Mobile Payments Forum presentation
byMarc Vael
 
Belgian Data Protection Commission's new audit programme
byMarc Vael
 
ISACA Cloud Computing Risks
byMarc Vael
 
Information security awareness (sept 2012) bis handout
byMarc Vael
 
ISACA smart security for smart devices
byMarc Vael
 
Securing big data (july 2012)
byMarc Vael
 
How to handle multilayered IT security today
byMarc Vael
 

Recently uploaded

PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
December Patch Tuesday
byIvanti
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 

Valuendo cyberwar and security (jan 2012) handout

  • 1.
    How vulnerable areyou to cyber attack?
  • 2.
    Cybersecurity threats • Cyber-criminals •Malware • Phishers • Spammers • Negligent staff • Hackers • Unethical employees misusing/misconfiguring security functions • Unauthorized access, modification, disclosure of information • Nations attacking critical information infrastructures • Technical advances that can render encryption algorithms obsolete
  • 3.
    Lessons learned sofar Cyberattacks are DIFFICULT to execute.
  • 4.
    Lessons learned sofar Governments do have the resources/skills to conduct cyberattacks.
  • 5.
    Cyberwarfare is "the fifthdomain of warfare“
  • 6.
    “Cyberspace is anew domain in warfare which has become just as critical to military operations as land, sea, air and space.”
  • 7.
    “Actions to penetratecomputers or networks for the purposes of causing damage or disruption.”
  • 8.
    Information warfare is “using& managing IT in the pursuit of a competitive advantage over an opponent“
  • 9.
    Lessons learned sofar Cyberattacks are a real, clear and present danger to organisations & government agencies.
  • 10.
    “It’s possible thathackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries. I have never heard that the grid itself has been hacked.” Howardt Schmidt, Cyber-Security Coordinator of the US
  • 11.
    Lessons learned sofar Targeted organizations are unprepared.
  • 12.
    Lessons learned sofar Security professionals are at risk.
  • 13.
    Risk always exists! (whether or not it is detected / recognised by the organisation).
  • 14.
    Impact of anattack on the business
  • 15.
    Cyberattack mitigating strategies Corporategovernance : ERM = COSO Support from Board of Directors & Executive Management
  • 16.
    Cyberattack mitigating strategies Managing risks appropriately
  • 17.
  • 18.
  • 19.
    Cyberattack mitigating strategies Supply Chain Management
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
    Cyberattack mitigating strategies Incident/Crisis Management
  • 26.
    Governance Objectives Business Objectives PO1 Define a strategic IT plan PO2 Define the information architecture Information Criteria PO3 Determine technological direction • Effectiveness PO4 Define the IT processes, organisation and • Efficiency relationships • Confidentiality • Integrity PO5 Manage the IT investment • Availability PO6 Communicate mgt aims & direction • Compliance PO7 Manage IT human resources • Reliability PO8 Manage quality PO9 Assess and manage IT risks ME1 Monitor & evaluate IT performance PO10 Manage projects ME2 Monitor & evaluate internal control IT RESOURCES ME3 Ensure compliance with external • Applications requirements • Information ME4 Provide IT governance • Infrastructure • People PLAN & ORGANISE MONITOR & EVALUATE ACQUIRE & DS1 Define & manage service levels IMPLEMENT DS2 Manage third-party services DS3 Manage performance & capacity DS4 Ensure continuous service DS5 Ensure systems security AI1 Identify automated solutions DS6 Identify & allocate costs DELIVER & AI2 Acquire & maintain application software DS7 Educate & train users AI3 Acquire & maintain IT infrastructure DS8 Manage service desk and incidents SUPPORT AI4 Enable operation and use DS9 Manage the configuration AI5 Procure IT resources DS10 Manage problems AI6 Manage changes DS11 Manage data DS12 Manage the physical environment AI7 Install & accredit solutions and changes DS13 Manage operations
  • 28.
  • 29.
    “I don’t carehow many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
  • 31.
    Contact information Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2 Director Knowledge Board ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/security marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael