B. Narantuya, CEO, Softline Mongolia

1. Be Ready for What’s Next
INFORMATION SECURITY RISKS

2. Business Requires Change
From the Boardroom:
• Higher Profitability
• Higher Efficiency
• Increased Agility
• Greater Productivity
• More Competitiveness

3. IT Responds to Business Needs
Striving to Enable the Business
Virtualization
Cloud Computing
and Social Media
Mobility and
Consumerization
Increasing
Complexity
Exposure to
Malware

4. The Growing Malware Threat
17 Million increase in samples in only 9 months
2,000,000
1,000,000
3,000,000
5,000,000
4,000,000
1999 2001 2003 2005 2007 2009 2011
Signatures

5. Today’s Real Challenges
The High Cost of Inadequate Protection
91% Experienced at least 1 IT security intrusion
61% Have experienced viruses, worms,
spyware and other malware
2011 Kaspersky Lab – Survey on Global IT Security Risks
#1 Social Networking is seen as the
biggest threat to IT Security
70% State their IT staff is under-resourced

6. Whose IT risks?

7. Building IT Risk Management
DESIGN
MONITOR & REVIEW
IMPROVE
IMPLEMENT
Risk Structure
• Roles& Responsibilities
• Reporting structure
• Governance
Risk Strategy
• Risk appetite
• Risk philosophy
Risk Protocols
• Policy
• Procedures manual
• Guidance notes
• Tools
Risk Process
• Establish the context
• Risk assessment
•Identification
•Analysis
•Evaluation
•Monitor &Review

8. Security
Superior, Intelligent
Protection
Always Ahead of New
Threats
Significantly Reducing
Business Risks
Comprehensive Management
Improving Business Efficiency
and & Productivity
Enhancing IT Flexibility

9. Elegant Architecture
Fully Integrated from the Ground Up
Best of Breed
Anti-Malware
Technology
Kaspersky Security
Network
Firewall
System
Watcher
Application
Control
Device
Control
Web
Control

10. Survey of IT (Mongolia)
• Daily over 80% of all personal emails in
Mongolian internet environment is
spam.
• 369 internet pages from public and
private sector were attacked by
hackers in 2010.
• 35% of all hardware damages such as
hard drive, power supply and other
peripherals were caused by electrical
instability.
• 36% of all entities does not use any
antivirus software, 50% don not use
firewall protection.

11. Survey of IT (Mongolia)
• About 7% do not use any anti network attacking system. Vast
majority of public organizations do not have any information on
information security threats.
• 96% of all entities do not have any type of insurance on
networking hard wares, servers, computers and other
peripherals.
• 75% of all surveyed entities does not have any system to check
security holes in their information system, 40% does not have
designated server room.
• 90% of all surveyed entities does not have any licensed
software.

12. Try the Complete Kaspersky Experience
Deeper Protection
Comprehensive Manageability
World-Class Support

13. Thank You!

14. Methodology IT risk management
• CORAS - Construct a platform for Risk Analysis
of Security Critical Systems
• OCTAVE - Operationally Critical Threat, Asset
and Vulnerability Evaluation
• CRAMM - CCTA Risk Analysis and Management
Method (Central Computer and
Telecommunications Agency of UK)
• COBIT - Control Objectives for Information and
Related Technologies

15. IT Standards
• CobiT 4.1 «Control Objectives for Information
and related Technology»
• ISO/IEC 27001:2005 «Information technology -
Security techniques - Information security
management systems – Requirements»
• ISO/IEC 27001:2006 «Information Security
Management System»
• ISO/IEC 20000 - the first international standard
for IT service management

16. IT Governance
• IT Governance is a part of Corporate
governance. An effective IT governance us a
subset discipline of Corporate Governance.
• IT governance is the term used to describe how
those persons entrusted with governance of an
entity will consider IT in their supervision,
monitoring, control and direction of the entity.
How IT is applied will have an immense impact
on whether the entity will attain its vision, mission
or strategic goals.