SlideShare una empresa de Scribd logo

Bt tower v1.1

Descargar como ODP, PDF
Prof John Walker FRSA Purveyor Dark Intelligence
Prof John Walker FRSA Purveyor Dark Intelligence

This document discusses the differences between risk appetite and resilience in cybersecurity. It argues that calculating cyber risk is more difficult than financial risk because cyber threats are less quantifiable and have potential for greater uncontrolled exposure. It provides several examples of companies that experienced security breaches and vulnerabilities. The document advocates for taking a more operational approach to security rather than just compliance, and rethinking security strategies and behaviors to better protect organizations.

Tecnología
1 de 14
Risk appetite vs. resilience   Professor John Walker MFSoc CRISC CISM ITPC CITP FBCS FRSA Director of CSIRT & Cyber Forensics INTEGRAL SECURITY XSSURANCE Ltd 24 Lime Street | London | EC3M 7HS Mobile: +44 (0) 7881 625140 Office: +44 (0) 2032 894449 © INTEGRAL SECURITY XSSURANCE Ltd
Just thinking! Circa - 2008 Circa - 1984 © INTEGRAL SECURITY XSSURANCE Ltd
Über-Secret Handbook Basic Rule: Blend in with the crowd, disperse into the stream. Keep a low profile. Don't try to be special. Remember, when in Rome, do as Romans do. Don't try to be a smart ass. Feds are many, Anonymous is Legion, but you are only one. Heroes only exist in comic books keep that in mind! There are no old heroes; there are only young hero's, and dead hero's! Anonymous – The Über-Secret Handbook Version 2.0 - Date 20.02.11 © INTEGRAL SECURITY XSSURANCE Ltd
We are secure – echo, echo We here it all of the time – companies claiming they are secure – but if that is the case, how can we account for example, consider what is to come in this presentation - and: • The PCI-DSS Compliant deployment which was insecure, and hosting vulnerabilities and exposures [which were not in scope of the assessment – ‘As advised by the attending QSA’] – it was not thus important that the environment was insecure – the weighting was based on the fact that ‘it had ticked-the-box’. © INTEGRAL SECURITY XSSURANCE Ltd
examples Company 1: Compromised by Modem Installation! Company 2: Hosting a Paedophile Global Share on their Internal Network! Company 3: Leaking their entire Membership Database! Company 4: Hosting a complexly insecure SMABA Share! Company 5: Connected to .mz Domains, with Remote Access Enabled! Company 6: Compromised by Microsoft Office 2010 installation! © INTEGRAL SECURITY XSSURANCE Ltd
Misplaced appetite With a business financial deal, considering the Risk Appetite, the assessment may be something like: a+b=d <> R=x [x-Ra=y] y-e =m However, with Cyber Risks, they are not as quantifiable of Financial Risk, and thus the calculations can be flawed, and thus hold higher potential for uncontrolled escalations of exposure – and they continually occur! © INTEGRAL SECURITY XSSURANCE Ltd
the route to insecurity This point cannot be emphasized enough - the real hackers exploit the subliminal, & grey spaces all of the time (the areas of the unknown) using Advanced Google Command Line Strings) to discover rich targets. An example is the ‘filetype’ operator, which opens up an interesting playground for the true hacker. Consider the query: (filetype:pdf | filetype:xls)-inurl:pdf or link:www.who.com © INTEGRAL SECURITY XSSURANCE Ltd
More Examples . . . Obama-Care – Web Site impact on Reputation! Cyber Monday – Lack of Investment . . What does the indicate?
The imposition of metadata One BIG misunderstood element of insecurity, is that of MetaData – many businesses still do not understand the implications of Data Leakage! An example of 22 leaks. And see: http://www.thedatachain.com/articles/2011/9/understanding_the_correlation_between_data_leakage_ © INTEGRAL SECURITY XSSURANCE Ltd
Reporting – a mix of ethics The missing element can be that of Reporting [or NOT] as may be the case – where companies make their own internal judgment call as to the important, and exposure of the incident – take the company who had their own way of dealing with this – Discuss: The full account is published in: http://www.itgovernance.co.uk/shop/p-1338-the-true-cost-of-information-security-breaches-and-cyber-c © INTEGRAL SECURITY XSSURANCE Ltd
The feeding of cyber crime What needs to be appreciated is, where there is variance with obligations, and standards, there will be exposure – and it is here where, by inference, business actually works hand-in-hand, to feed the world of Cyber Crime – Where there is Corporate Negligence, there will also be the poetical for insecurity, and exposure! © INTEGRAL SECURITY XSSURANCE Ltd
ultimatum Ultimately, security needs to change approaches to influence behaviour, and drive change in the organization. Why? When a group of accomplished German Hackers were asked, ‘how they got so smart to be able to compromise, and infiltrate corporate environment’ they responded: ‘We aren't that smart, it’s the business who are leaving silly exposures in place, and not ‘doing’ security properly!’ © INTEGRAL SECURITY XSSURANCE Ltd
To conclude • Possibly there is need to instil more ethics in those organisations who have failed to meet their obligations. • • Maybe it’s a case of Less ‘Tick Box’ Compliance, and More Operational Security. • Above all, has the time arrived which dictates that we need to rethink what security is, how it can be best accomplished, and how we can serve our public better, without the need for such government, or EU enforcement? • However, it really is about understanding, and appreciating what Cyber Risk really is 2014 >>, and the associated ramifications of what uninformed exposure could mean to the business Could it be that we have reached the time where the levels of Insecurity and Security Braches are implying we need to get Back-to-Basics. Donald Rumsfeld - There are known unknowns; that is to say, there are things that we now know we don't know. . . . . . © INTEGRAL SECURITY XSSURANCE Ltd
Thank you for Watching INTEGRAL SECURITY XSSURANCE Ltd 24 Lime Street | London | EC3M 7HS Mobile: +44 (0) 7881 625140 Office: +44 (0) 2032 894449 © INTEGRAL SECURITY XSSURANCE Ltd

Recomendados

IBM Security - Successful digital transformation
IBM Security - Successful digital transformationIBM Security - Successful digital transformation
IBM Security - Successful digital transformationSebastien JARDIN
 
Managing Personal Finances
Managing Personal FinancesManaging Personal Finances
Managing Personal FinancesInvest Safely, LLC
 
Why Your Home Is A Bad Investment
Why Your Home Is A Bad InvestmentWhy Your Home Is A Bad Investment
Why Your Home Is A Bad InvestmentInvest Safely, LLC
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber CafeAmy Lenzo
 
Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012
Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012 Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012
Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012 eldercomlaw
 
Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Andrew Smart
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Lipstick on a pig
Lipstick on a pigLipstick on a pig
Lipstick on a pigProf John Walker FRSA Purveyor Dark Intelligence
 

Recomendados

IBM Security - Successful digital transformation
IBM Security - Successful digital transformationIBM Security - Successful digital transformation
IBM Security - Successful digital transformationSebastien JARDIN
 
Managing Personal Finances
Managing Personal FinancesManaging Personal Finances
Managing Personal FinancesInvest Safely, LLC
 
Why Your Home Is A Bad Investment
Why Your Home Is A Bad InvestmentWhy Your Home Is A Bad Investment
Why Your Home Is A Bad InvestmentInvest Safely, LLC
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber CafeAmy Lenzo
 
Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012
Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012 Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012
Cloudy with a Chance of Privacy Compliance - Reboot Ottawa 2012 eldercomlaw
 
Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Andrew Smart
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Lipstick on a pig
Lipstick on a pigLipstick on a pig
Lipstick on a pigProf John Walker FRSA Purveyor Dark Intelligence
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_finalSarah Jarvis
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
deloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskdeloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskDominika Rusek
 
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlandsdeloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-NetherlandsDominika Rusek
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Ludmila Morozova-Buss
 
Security economics
Security economicsSecurity economics
Security economicsYansi Keim
 
L123
L123L123
L123Btyy121
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
Little book of cyber scams
Little book of cyber scamsLittle book of cyber scams
Little book of cyber scamsEddie Hirst MSc MSyl
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowDharmendra Rama
 
Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?Browne Jacobson LLP
 
Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Xtandit_Marketing
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Advanced Evasion Techniques for Dummies
Advanced Evasion Techniques for DummiesAdvanced Evasion Techniques for Dummies
Advanced Evasion Techniques for DummiesLiberteks
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
Bo e v1.0
Bo e v1.0Bo e v1.0
Bo e v1.0Prof John Walker FRSA Purveyor Dark Intelligence
 
Forensics Expo, London 2015
Forensics Expo, London 2015Forensics Expo, London 2015
Forensics Expo, London 2015Prof John Walker FRSA Purveyor Dark Intelligence
 

Más contenido relacionado

Similar a Bt tower v1.1

Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
deloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskdeloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskDominika Rusek
 
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlandsdeloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-NetherlandsDominika Rusek
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Ludmila Morozova-Buss
 
Security economics
Security economicsSecurity economics
Security economicsYansi Keim
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowDharmendra Rama
 
Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?Browne Jacobson LLP
 
Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Xtandit_Marketing
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Advanced Evasion Techniques for Dummies
Advanced Evasion Techniques for DummiesAdvanced Evasion Techniques for Dummies
Advanced Evasion Techniques for DummiesLiberteks
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 

Similar a Bt tower v1.1 (20)

Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
deloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskdeloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-risk
 
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlandsdeloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!
 
Security economics
Security economicsSecurity economics
Security economics
 
L123
L123L123
L123
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber Security
 
Little book of cyber scams
Little book of cyber scamsLittle book of cyber scams
Little book of cyber scams
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdow
 
Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?
 
Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Advanced Evasion Techniques for Dummies
Advanced Evasion Techniques for DummiesAdvanced Evasion Techniques for Dummies
Advanced Evasion Techniques for Dummies
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
 

Más de Prof John Walker FRSA Purveyor Dark Intelligence

Más de Prof John Walker FRSA Purveyor Dark Intelligence (12)

Bo e v1.0
Bo e v1.0Bo e v1.0
Bo e v1.0
 
Forensics Expo, London 2015
Forensics Expo, London 2015Forensics Expo, London 2015
Forensics Expo, London 2015
 
White hat march15 v2.2
White hat march15 v2.2White hat march15 v2.2
White hat march15 v2.2
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2
 
DarkWeb
DarkWebDarkWeb
DarkWeb
 
Wax Switch
Wax SwitchWax Switch
Wax Switch
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber Threats
 
APT Event - New York
APT Event - New YorkAPT Event - New York
APT Event - New York
 
Take Down
Take DownTake Down
Take Down
 
Info sec 12 v1 2
Info sec 12 v1 2Info sec 12 v1 2
Info sec 12 v1 2
 
Info leakage 200510
Info leakage 200510Info leakage 200510
Info leakage 200510
 
Ctf110213 public
Ctf110213 publicCtf110213 public
Ctf110213 public
 

Último

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Último (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Bt tower v1.1

  • 1. Risk appetite vs. resilience   Professor John Walker MFSoc CRISC CISM ITPC CITP FBCS FRSA Director of CSIRT & Cyber Forensics INTEGRAL SECURITY XSSURANCE Ltd 24 Lime Street | London | EC3M 7HS Mobile: +44 (0) 7881 625140 Office: +44 (0) 2032 894449 © INTEGRAL SECURITY XSSURANCE Ltd
  • 2. Just thinking! Circa - 2008 Circa - 1984 © INTEGRAL SECURITY XSSURANCE Ltd
  • 3. Über-Secret Handbook Basic Rule: Blend in with the crowd, disperse into the stream. Keep a low profile. Don't try to be special. Remember, when in Rome, do as Romans do. Don't try to be a smart ass. Feds are many, Anonymous is Legion, but you are only one. Heroes only exist in comic books keep that in mind! There are no old heroes; there are only young hero's, and dead hero's! Anonymous – The Über-Secret Handbook Version 2.0 - Date 20.02.11 © INTEGRAL SECURITY XSSURANCE Ltd
  • 4. We are secure – echo, echo We here it all of the time – companies claiming they are secure – but if that is the case, how can we account for example, consider what is to come in this presentation - and: • The PCI-DSS Compliant deployment which was insecure, and hosting vulnerabilities and exposures [which were not in scope of the assessment – ‘As advised by the attending QSA’] – it was not thus important that the environment was insecure – the weighting was based on the fact that ‘it had ticked-the-box’. © INTEGRAL SECURITY XSSURANCE Ltd
  • 5. examples Company 1: Compromised by Modem Installation! Company 2: Hosting a Paedophile Global Share on their Internal Network! Company 3: Leaking their entire Membership Database! Company 4: Hosting a complexly insecure SMABA Share! Company 5: Connected to .mz Domains, with Remote Access Enabled! Company 6: Compromised by Microsoft Office 2010 installation! © INTEGRAL SECURITY XSSURANCE Ltd
  • 6. Misplaced appetite With a business financial deal, considering the Risk Appetite, the assessment may be something like: a+b=d <> R=x [x-Ra=y] y-e =m However, with Cyber Risks, they are not as quantifiable of Financial Risk, and thus the calculations can be flawed, and thus hold higher potential for uncontrolled escalations of exposure – and they continually occur! © INTEGRAL SECURITY XSSURANCE Ltd
  • 7. the route to insecurity This point cannot be emphasized enough - the real hackers exploit the subliminal, & grey spaces all of the time (the areas of the unknown) using Advanced Google Command Line Strings) to discover rich targets. An example is the ‘filetype’ operator, which opens up an interesting playground for the true hacker. Consider the query: (filetype:pdf | filetype:xls)-inurl:pdf or link:www.who.com © INTEGRAL SECURITY XSSURANCE Ltd
  • 8. More Examples . . . Obama-Care – Web Site impact on Reputation! Cyber Monday – Lack of Investment . . What does the indicate?
  • 9. The imposition of metadata One BIG misunderstood element of insecurity, is that of MetaData – many businesses still do not understand the implications of Data Leakage! An example of 22 leaks. And see: http://www.thedatachain.com/articles/2011/9/understanding_the_correlation_between_data_leakage_ © INTEGRAL SECURITY XSSURANCE Ltd
  • 10. Reporting – a mix of ethics The missing element can be that of Reporting [or NOT] as may be the case – where companies make their own internal judgment call as to the important, and exposure of the incident – take the company who had their own way of dealing with this – Discuss: The full account is published in: http://www.itgovernance.co.uk/shop/p-1338-the-true-cost-of-information-security-breaches-and-cyber-c © INTEGRAL SECURITY XSSURANCE Ltd
  • 11. The feeding of cyber crime What needs to be appreciated is, where there is variance with obligations, and standards, there will be exposure – and it is here where, by inference, business actually works hand-in-hand, to feed the world of Cyber Crime – Where there is Corporate Negligence, there will also be the poetical for insecurity, and exposure! © INTEGRAL SECURITY XSSURANCE Ltd
  • 12. ultimatum Ultimately, security needs to change approaches to influence behaviour, and drive change in the organization. Why? When a group of accomplished German Hackers were asked, ‘how they got so smart to be able to compromise, and infiltrate corporate environment’ they responded: ‘We aren't that smart, it’s the business who are leaving silly exposures in place, and not ‘doing’ security properly!’ © INTEGRAL SECURITY XSSURANCE Ltd
  • 13. To conclude • Possibly there is need to instil more ethics in those organisations who have failed to meet their obligations. • • Maybe it’s a case of Less ‘Tick Box’ Compliance, and More Operational Security. • Above all, has the time arrived which dictates that we need to rethink what security is, how it can be best accomplished, and how we can serve our public better, without the need for such government, or EU enforcement? • However, it really is about understanding, and appreciating what Cyber Risk really is 2014 >>, and the associated ramifications of what uninformed exposure could mean to the business Could it be that we have reached the time where the levels of Insecurity and Security Braches are implying we need to get Back-to-Basics. Donald Rumsfeld - There are known unknowns; that is to say, there are things that we now know we don't know. . . . . . © INTEGRAL SECURITY XSSURANCE Ltd
  • 14. Thank you for Watching INTEGRAL SECURITY XSSURANCE Ltd 24 Lime Street | London | EC3M 7HS Mobile: +44 (0) 7881 625140 Office: +44 (0) 2032 894449 © INTEGRAL SECURITY XSSURANCE Ltd