SlideShare una empresa de Scribd logo

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013

Rafal Los
Rafal Los

The Chief Financial Officer (CFO) plays a critical role in Enterprise Security - but rarely gets a direct glimpse at some of the challenges, and no-frills realities of the challenge of defending an enterprise. This talk provides 5 key take-aways for CFOs.

TecnologíaEmpresariales
1 de 107
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Enterprise Security and the CFO Five things you need to know Rafal Los, Principal – Strategic Security Services HP ES June 5th, 2013
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 Enterprise Security is a boardroom topic.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 “Enterprise Security” in transition
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 From a ‘blunt tech instrument’..
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 ..to a strategic business asset.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 CFOs aren’t the enemy
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 I know a little about this-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 From SMB to Fortune 50
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 CFOs should understand security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 CFOs should support security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 But…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 Security poses a challenge
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 of breaches are reported by a 3rd party94%
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 average time to detect breach 416days 2012 January February March April May June July August September October November December 2013 January February March April
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 71% Since 2010, time to resolve an attack has grown
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Arming the CFO for reality
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 First-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 A breach event is imminent
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 <uncomfortable silence>
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 This is an uncomfortable reality
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 Many have tried to be ‘secure’
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 All eventually fail.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 $64,000.00 question: Why?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 Every new ‘thing’ …
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 ..can pose a threat
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 ..can contain a vulnerability
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 This isn’t a solvable problem…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 ..detection is not perfect
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29 ..compromises must be made
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30 ..risk can never be eliminated.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31 Humans will always be a weakness
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32 You can not demand ‘secure’.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33 Second-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34 Prevention is producing diminishing returns
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35 75% budget on network security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36 84% breaches at application level
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37 This should tell us something
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38 WhathappensWHENyou’re breached
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39 Re-assess security budget
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40 What to focus on now?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41 Detection of malice, or attack
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42 Find the attacker within, earlier
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43 Understand the attack, sooner
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44 Response to an incident
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45 More than just technology!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46 Legal, PR, marketing – response
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47 “What do you do then?” Hint: Panic is not an option.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48 Processes need to be built
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.49 People need to be trained
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.50 Mock scenarios must be run
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.51 Yes, technology is needed
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.52 Efficiency of response is critical
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.53 Detected, Responded, now..
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.54 Service recovery/restoration
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.55 Restore business processes
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.56 Bring back critical systems
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.57 BUT – they have to be ‘fixed’ first
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.58 ( Lots of costs hidden here )
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.59 Spend $ here before it happens
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.60 Spend $$$ here after the fact
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.61 The bottom line:
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.62 Spend more on preparedness
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.63 Third-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.64 Technology alone isn’t a solution aka “boxes don’t stop attackers”
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.65 Don’t forget the people!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.66 The general cycle of products-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.67 1. Architect a solution
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.68 2. Purchase the solution
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.69 3. Install the solution
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.70 4. Done?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.71 This is where the real work starts
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.72 Have you integrated?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.73 Have you operationalized?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.74 How do you respond to red lights?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.75 Fourth-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.76 Bigger budget may mean less effective security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.77 How is that possible?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.78 More stuff = better security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.79 Right?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.80 Not if you don’t operationalize
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.81 Simple example-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.82 An analyst has finite capability
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.83 If 1 analyst can do 1 task effectively
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.84 They can do 2 tasks less effectively
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.85 ..and 5 tasks poorly.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.86 Gets worse from there down.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.87 But this is what enterprises ask!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.88 Howisyourenterprisemost effective?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.89 Technology should enable
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.90 Technology should adapt to people
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.91 NOT people adapting to technology
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.92 Fifth-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.93 You, Hackers motivated similarly
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.94 Hackers want it.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.95 You try to spend it wisely.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.96 This gives us insight!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.97 So how do you win?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.98 Increase the attacker’s costs
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.99 Play their game, on your terms.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.100 As the CFO you have a responsibility
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.101 Empower your security organization
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.102 Provide strategic financial guidance
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.103 Not just $pending capital.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.104 Talk to me for more information…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.105 HP can help you fight smarter.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.106 . Rafal Los Principal, Strategic Security Services HP Enterprise Security Services Member “HP Cloud Advisors” http://h18004.www1.hp.com/products/solutions/cloud_advisors/index.html Cloud Security Alliance OWASP (Open Web Application Security Project) 10+ year Information Security industry veteran Security generalist to Business Security Leader Blogger, speaker Email: Rafal@HP.com Phone: +1 (404) 606-6056 Skype: Wh1t3Rabbit
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you

Recomendados

Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Marco Casassa Mont
 

Recomendados

Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Marco Casassa Mont
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo PivotalOpenSourceHub
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
How Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysHow Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysSpark Summit
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France Splunk
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...www.securitysystems.best
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real WorldBrooks Garrett
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
Presentación en inglés
Presentación en inglésPresentación en inglés
Presentación en inglésrockerhmk
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationRafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterpriseRafal Los
 
"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to Practice"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to PracticeNidal Bitar
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
 
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Enterprise Italia
 
Mobile thinking
Mobile thinkingMobile thinking
Mobile thinkingYael Keren
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security programCloudBees
 
20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era Digital20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era DigitalAMETIC
 
Software Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsSoftware Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsIT-oLogy
 

Más contenido relacionado

La actualidad más candente

Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo PivotalOpenSourceHub
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
How Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysHow Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysSpark Summit
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France Splunk
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...www.securitysystems.best
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real WorldBrooks Garrett
 

La actualidad más candente (10)

Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
How Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysHow Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent Saulys
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real World
 

Destacado

Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
Presentación en inglés
Presentación en inglésPresentación en inglés
Presentación en inglésrockerhmk
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationRafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterpriseRafal Los
 
"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to Practice"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to PracticeNidal Bitar
 

Destacado (6)

Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
Presentación en inglés
Presentación en inglésPresentación en inglés
Presentación en inglés
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to Practice"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to Practice
 

Similar a 5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013

Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
 
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Enterprise Italia
 
Mobile thinking
Mobile thinkingMobile thinking
Mobile thinkingYael Keren
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security programCloudBees
 
20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era Digital20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era DigitalAMETIC
 
Software Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsSoftware Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsIT-oLogy
 
Humanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case StudyHumanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case StudyGlassdoor
 
HP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid CloudHP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid CloudMelissa Luongo
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)Copaco Nederland
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleENSIBS
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation finalShirlie23
 
Linked in for the channel
Linked in for the channelLinked in for the channel
Linked in for the channelcoxjon
 
Vmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no buildsVmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no buildsRussell Acton
 
Professional incident response
Professional incident responseProfessional incident response
Professional incident responseBrooks Garrett
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynoteMassTLC
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 

Similar a 5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013 (20)

Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
 
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
 
Mobile thinking
Mobile thinkingMobile thinking
Mobile thinking
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security program
 
20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era Digital20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era Digital
 
Software Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsSoftware Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce Jenkins
 
איך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימר
איך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימראיך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימר
איך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימר
 
Humanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case StudyHumanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case Study
 
HP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid CloudHP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid Cloud
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation final
 
Services Innovations for Cities
Services Innovations for CitiesServices Innovations for Cities
Services Innovations for Cities
 
Linked in for the channel
Linked in for the channelLinked in for the channel
Linked in for the channel
 
Vmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no buildsVmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no builds
 
Professional incident response
Professional incident responseProfessional incident response
Professional incident response
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
 
Les 7 péchés agiles
Les 7 péchés agilesLes 7 péchés agiles
Les 7 péchés agiles
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 

Más de Rafal Los

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security MetricsRafal Los
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Rafal Los
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsRafal Los
 
SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!Rafal Los
 
A Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 TalkA Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 TalkRafal Los
 
Creating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web ApplicationsCreating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web ApplicationsRafal Los
 
Total Browser Pwnag3 V1.0 Public
Total Browser Pwnag3 V1.0 PublicTotal Browser Pwnag3 V1.0 Public
Total Browser Pwnag3 V1.0 PublicRafal Los
 

Más de Rafal Los (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
 
SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!
 
A Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 TalkA Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 Talk
 
Creating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web ApplicationsCreating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web Applications
 
Total Browser Pwnag3 V1.0 Public
Total Browser Pwnag3 V1.0 PublicTotal Browser Pwnag3 V1.0 Public
Total Browser Pwnag3 V1.0 Public
 

Último

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Último (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013

  • 1. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Enterprise Security and the CFO Five things you need to know Rafal Los, Principal – Strategic Security Services HP ES June 5th, 2013
  • 2. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 Enterprise Security is a boardroom topic.
  • 3. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 “Enterprise Security” in transition
  • 4. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 From a ‘blunt tech instrument’..
  • 5. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 ..to a strategic business asset.
  • 6. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 CFOs aren’t the enemy
  • 7. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 I know a little about this-
  • 8. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 From SMB to Fortune 50
  • 9. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 CFOs should understand security
  • 10. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 CFOs should support security
  • 11. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 But…
  • 12. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 Security poses a challenge
  • 13. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 of breaches are reported by a 3rd party94%
  • 14. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 average time to detect breach 416days 2012 January February March April May June July August September October November December 2013 January February March April
  • 15. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 71% Since 2010, time to resolve an attack has grown
  • 16. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Arming the CFO for reality
  • 17. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 First-
  • 18. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 A breach event is imminent
  • 19. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 <uncomfortable silence>
  • 20. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 This is an uncomfortable reality
  • 21. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 Many have tried to be ‘secure’
  • 22. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 All eventually fail.
  • 23. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 $64,000.00 question: Why?
  • 24. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 Every new ‘thing’ …
  • 25. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 ..can pose a threat
  • 26. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 ..can contain a vulnerability
  • 27. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 This isn’t a solvable problem…
  • 28. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 ..detection is not perfect
  • 29. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29 ..compromises must be made
  • 30. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30 ..risk can never be eliminated.
  • 31. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31 Humans will always be a weakness
  • 32. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32 You can not demand ‘secure’.
  • 33. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33 Second-
  • 34. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34 Prevention is producing diminishing returns
  • 35. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35 75% budget on network security
  • 36. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36 84% breaches at application level
  • 37. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37 This should tell us something
  • 38. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38 WhathappensWHENyou’re breached
  • 39. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39 Re-assess security budget
  • 40. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40 What to focus on now?
  • 41. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41 Detection of malice, or attack
  • 42. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42 Find the attacker within, earlier
  • 43. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43 Understand the attack, sooner
  • 44. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44 Response to an incident
  • 45. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45 More than just technology!
  • 46. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46 Legal, PR, marketing – response
  • 47. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47 “What do you do then?” Hint: Panic is not an option.
  • 48. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48 Processes need to be built
  • 49. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.49 People need to be trained
  • 50. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.50 Mock scenarios must be run
  • 51. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.51 Yes, technology is needed
  • 52. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.52 Efficiency of response is critical
  • 53. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.53 Detected, Responded, now..
  • 54. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.54 Service recovery/restoration
  • 55. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.55 Restore business processes
  • 56. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.56 Bring back critical systems
  • 57. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.57 BUT – they have to be ‘fixed’ first
  • 58. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.58 ( Lots of costs hidden here )
  • 59. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.59 Spend $ here before it happens
  • 60. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.60 Spend $$$ here after the fact
  • 61. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.61 The bottom line:
  • 62. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.62 Spend more on preparedness
  • 63. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.63 Third-
  • 64. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.64 Technology alone isn’t a solution aka “boxes don’t stop attackers”
  • 65. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.65 Don’t forget the people!
  • 66. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.66 The general cycle of products-
  • 67. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.67 1. Architect a solution
  • 68. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.68 2. Purchase the solution
  • 69. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.69 3. Install the solution
  • 70. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.70 4. Done?
  • 71. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.71 This is where the real work starts
  • 72. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.72 Have you integrated?
  • 73. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.73 Have you operationalized?
  • 74. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.74 How do you respond to red lights?
  • 75. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.75 Fourth-
  • 76. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.76 Bigger budget may mean less effective security
  • 77. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.77 How is that possible?
  • 78. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.78 More stuff = better security
  • 79. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.79 Right?
  • 80. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.80 Not if you don’t operationalize
  • 81. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.81 Simple example-
  • 82. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.82 An analyst has finite capability
  • 83. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.83 If 1 analyst can do 1 task effectively
  • 84. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.84 They can do 2 tasks less effectively
  • 85. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.85 ..and 5 tasks poorly.
  • 86. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.86 Gets worse from there down.
  • 87. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.87 But this is what enterprises ask!
  • 88. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.88 Howisyourenterprisemost effective?
  • 89. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.89 Technology should enable
  • 90. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.90 Technology should adapt to people
  • 91. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.91 NOT people adapting to technology
  • 92. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.92 Fifth-
  • 93. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.93 You, Hackers motivated similarly
  • 94. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.94 Hackers want it.
  • 95. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.95 You try to spend it wisely.
  • 96. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.96 This gives us insight!
  • 97. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.97 So how do you win?
  • 98. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.98 Increase the attacker’s costs
  • 99. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.99 Play their game, on your terms.
  • 100. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.100 As the CFO you have a responsibility
  • 101. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.101 Empower your security organization
  • 102. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.102 Provide strategic financial guidance
  • 103. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.103 Not just $pending capital.
  • 104. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.104 Talk to me for more information…
  • 105. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.105 HP can help you fight smarter.
  • 106. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.106 . Rafal Los Principal, Strategic Security Services HP Enterprise Security Services Member “HP Cloud Advisors” http://h18004.www1.hp.com/products/solutions/cloud_advisors/index.html Cloud Security Alliance OWASP (Open Web Application Security Project) 10+ year Information Security industry veteran Security generalist to Business Security Leader Blogger, speaker Email: Rafal@HP.com Phone: +1 (404) 606-6056 Skype: Wh1t3Rabbit
  • 107. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you