SlideShare una empresa de Scribd logo

Securing the Digital Enterprise

Cybersecurity Education and Research Centre
Cybersecurity Education and Research Centre

Abstract: Digital technologies have made customers powerful, giving them the option to choose and the means to instantaneously spread their opinions widely. They have become demanding, and they change brands without a blink if their experience with the product or service isn’t what they expect. Brand loyalty, therefore, has taken a backseat and customer experience has emerged supreme. In an IBM survey, 95% of CEOs said enhancing customer experience was top priority for them. Security forms a core foundation for enhancing customer experience! Typically security has been inward looking focusing more on technology vulnerabilities and less on securing business objectives. Securing the digital enterprise entails looking outside-in, to protect customer experience its strategic objective. Also, internally the digital enterprise needs assurance against vulnerabilities introduced by digital technologies like cloud, IoT etc. Bio: Mohan is an acknowledged expert and thought leader in information security. He was the Snr VP and Global CISO at Bharti Airtel, where he had also held charge as the company’s Chief Architect and CIO for its Bangladesh and Sri Lankan operations. Prior to his stint in Bharti, he was an advisor at a Big-4 consultancy, CEO of a security company he helped start, and the Director of the Indian Navy’s Information Technology, where he was awarded the Vishist Seva Medal by the President of India for innovative work in information security. He has also been a member of several national and international committees on security, including the National Task Force on information security, DOT Joint Working Group on Telecom Security, Indo-US Cyber Security Forum, IBM Security Board of Advisors, RSA Security for Business Innovation Council, and has been chairperson of the CII National Committee on data security among others. For his contribution to the information security practice he has also been awarded the DSCI Security Leader Award, CSO Forum Security Visionary Award, and the RSA Security Strategist Award.

Educación
1 de 64
Descargar para leer sin conexión
Securing the Digital enterprise Felix Mohan Chief Knowledge Officer 09 Sept 2014 CERC@IIIT-­‐D
Agenda : Securing the Digital enterprise Security Controls Technology & Digital Enterprise Customer Experience
LOWER OPERATING COST BETTER CUSTOMER EXPERIENCE
3D prinUng revoluUonizing supply chains Manufacturer Distributors Retailers Customers Manufacturer Distributors Retailers Customers Print part using their 3D printer Manufacturer Distributors Retailers Customers LOWER OPERATING COST BETTER CUSTOMER EXPERIENCE Print part using their 3D printer Manufacturer Distributors Retailers Customers Print part using personal 3D printer Physical part flow InformaUon flow
TransformaUon of the Digital Enterprise 1% 28% 12% 41% 22% 2005 2012 Objec,ves Value Power
Delivering great Customer Experience • Customer Experience is the manifestaUon of value • OrganizaUons don’t sell products or services. They sell experiences. Forrester • Customers buy experiences that are embedded in products. Gartner • 95% of CEOs stated that ‘Delivering great Customer Experience’ was the Top priority for realizing their strategy in the next 5 years. IBM CEO Survey • Digital technologies have made customers powerful. And they are demanding good experience! • Customers have low brand loyalty or sUckiness. • They can quickly change product or vendor if not saUsfied • Less than 25% of retail purchases in US were due to brand loyalty. EY Survey, 2013 • They can spread their bad experience in their social network affecUng company reputaUon badly
Customer Power Empowered customers can ,p the balance of power in contemporary buyer / seller rela,ons. So what are organizaUons doing about all this?
The Customer Experience Pyramid EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Loyalty & SUckiness
EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Enhancing Customer Loyalty • quanUty of personal data collected is spiraling rapidly • big data correlaUons are creaUng addiUonal privacy issues Customer’s demographic data TransacUon data Social media interacUons Online acUviUes Real-­‐ Ume Contextual data AnalyUcs Insights Customized Offerings
The Customer Experience Pyramid Privacy • EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Privacy has emerged the Number 1 concern for digital businesses overtaking security • Privacy concern both amongst regulators and customers – leading to major regulatory enactments
Proposed Regulatory Environment Seeks to mandate: 1. Data privacy impact assessments 2. Privacy by design 3. Privacy by default (i.e. Data minimizaUon at the level of applicaUon) 4. Data portability (i.e. Enabling right to withdraw consent) 5. Right to be forgolen 6. Rights against being profiled
OrganizaUons’ Privacy Bind CollecUng data for enhancing Customer Experience Impending storm in the regulatory environment OrganizaUons Need for balancing Commercial acUvity with Privacy concerns PosiUve Sum – Not Zero Sum
Balancing Privacy and Commercial Viability Full Privacy Full Economic Value PrivAd AdnosUc RePriv PrivAd : Online adverUsing system designed to be more private than exisUng system. Uses proxy to hide customer IP addresses. AdnosUc: Developed by Stanford and NYU Behavioral profiling and targeUng takes place in the user’s browser and not in the adverUsing network’s servers. Based on profile AdnosUc downloads a set of adverUsements from the ad network and serves the most appropriate one as per the profile. RePriv: Developed by Microsop Research System’s plugin located in the browser discovers user’s interests and shares them with 3rd parUes but only aper explicit permission of user.
The Customer Experience Pyramid Privacy EmoUonal Fulfillment Ease of use/engagement & • Improve product/service quality • features Capture customer senUment • Increase up selling opportuniUes • Trigger new product/service innovaUon Value & Quality Business CRM strategies seek to use the customer insights for other purposes also.
MoneUzing Customer Data By 2016, 30% of businesses will have begun directly or indirectly moneUzing their customer informaUon assets via bartering or selling them outright. Gartner, March 2014
The Customer Experience Pyramid Privacy ReputaUonal Damage/ExtorUons EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
ReputaUonal Damage 80% of the value of a business is its reputaUon. ReputaUon is a top concern of the CEO. • Social media acUvity that can severely damage an organizaUon’s reputaUon. • The harm can potenUally be carried out by: • Customers / Individuals -­‐ giving vent to their feelings • NGOs like Greenpeace -­‐ pushing for corporate social responsibility • Cyber criminals -­‐ launching cyber extorUon
ReputaUonal Damage 80% of the value of a business is its reputaUon. ReputaUon is a top concern of the CEO. • Social media acUvity that can severely damage an organizaUon’s reputaUon. • The harm can potenUally be carried out by: • Customers / Individuals -­‐ giving vent to their feelings • NGOs like Greenpeace -­‐ pushing for corporate social responsibility • Cyber criminals -­‐ launching cyber extorUon
The Customer Experience Pyramid Privacy ReputaUonal Damage/ExtorUons Omni-­‐channel Experience EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
Omni-­‐channel Experience Good customer experience demands fricUonless engagement across every channel and every screen • Federated IdenUty Management & SSO • Social IdenUUes • Centralized Opt-­‐in & Opt-­‐out • Context-­‐based AuthenUcaUon • IntegraUon with SIEM Security controls
The Customer Experience Pyramid Privacy ReputaUonal Damage/ExtorUons Omni-­‐channel Experience EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Business model security vulnerabiliUes
Business Model Security VulnerabiliUes Digital business is the creaUon of new business designs by blurring the digital and physical worlds. -­‐ Gartner • Two major Vulnerabili,es: • Impact of applica,on development “velocity” on tes,ng & security • Vulnerabili,es caused when “things” are connected
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
IdenUty & Access Management IdenUty FederaUon is becoming the heart of the Digital enterprise. Technologies: SAML 2.0; Oauth 2.0; OpenID Connect IdenUty Management Support for Social IdenUUes & Third party credenUals Context-­‐based AuthenUcaUon Emergence of Mandatory Access Control (MAC)
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
API Layer & Security APIs are the core engines of the Digital Era. The digital economy is an API-­‐driven economy. • IdenUty management • AuthenUcaUon using API Keys, Oauth 2.0, SAML 2.0 • AuthorizaUon using OAuth 2.0 • RBAC • Traffic Control • TLS • DoS miUgaUon & Rate LimiUng • Malware/Hacking • XML poisoning, JSON injecUon, SQL injecUon, quota/spike arrest • Logging & integraUon with SIEM • AnalyUcs • User acUvity intelligence Security controls
Mobile API Layer Security • IdenUty management • AuthenUcaUon using API Keys, Oauth 2.0, SAML 2.0 • AuthorizaUon using OAuth 2.0 • RBAC • Traffic Control • TLS • DoS miUgaUon & Rate LimiUng • Malware/Hacking • XML poisoning, JSON injecUon, SQL injecUon, quota/spike arrest • Logging & integraUon with SIEM • AnalyUcs • User acUvity intelligence API Security controls
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
Data Governance Emergence of the Data Plavorm IdenUty controls Access controls API controls
Data Governance Security Tools • MulUple data security tools • SIEM, Content-­‐aware DLP, Database Audit & ProtecUon (DAP), Data Access Governance (DAG), Fraud prevenUon, Data masking, EncrypUon and IAM • No exisUng tool that can protect across all data silos Data-­‐centric Audit & ProtecUon (DCAP) tool • Data-­‐centric Audit & ProtecUon (DCAP) • This is a new category of data security tool that is emerging which can work across data silos Assessment Ac,vity Monitoring Protec,on 1 . Data Security Policy 4. Privileged User Monitoring and AudiUng 7. Vulnerability and ConfiguraUon Management 2. Data Discovery and ClassificaUon 5. ApplicaUon User Monitoring and AudiUng 8. PrevenUon & Blocking of Alacks 3. Assessment of Users and Permissions 6. Event CollecUon Analysis and ReporUng 9. EncrypUon, TokenizaUon and Data Masking • The DCAP typically would have following capabiliUes across data silos:
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
Privacy Management Privacy is emerging as the “biggest” concern in the Digital Business era. “Finding the right balance between Privacy Risks & Big Data rewards may very well be the biggest policy challenge of our ,me” -­‐ Stanford Law Research • Managing Privacy starts by understanding the difference between Privacy and Security
Privacy Controls -­‐ OrganizaUonal & Technical Organiza,onal controls Technical controls (Non-­‐technical) Technical controls Privacy-­‐focused technologies: • Data masking -­‐ staUc, dynamic, redacUon • TokenizaUon • Format Preserving EncrypUon (FPE) • AnonymizaUon • Privacy Enhancing Technologies (PET) Internal controls (AdministraUve & physical processes) External controls (Contractual & legal processes) StaUc Data Masking: Masks non-­‐producUon database not in real Ume Dynamic Data Masking: Masks producUon data in real Ume Data RedacUon: Masks unstructured content such as PDF & word files • Policies • Accountability • Data access & usage • Employee training • Data segregaUon • Data retenUon & deleUon • Physical safeguards • Contractual terms to restrict how partners share & use data • SLA liabiliUes • AudiUng rights Security-­‐focused technologies: • FW, IPS • DLP, DRM, DAM • IAM • EncrypUon • SSL
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
• SMACI Concerns Data -­‐ confidenUality, ownership, remanence • Audit • Legal / Regulatory -­‐ Privacy, jurisdicUon • Business conUnuity -­‐ Dependence on provider, migraUon complexity • Unmanaged & insecure user devices • Loss / leakage of sensiUve enterprise data • Unauthorized access to enterprise applicaUons • Device support / management complexity • Unsecured / rogue marketplaces • Leakage of sensiUve enterprise data • Avenue for malware • Targeted spear-­‐phishing alacks on employees (APT ingress) • Privacy & compliance • Unauthorized access/queries • Leakage of data / intelligence • Veracity of input data
IoT VulnerabiliUes • Things cause privacy issues • Things can be easily hacked • Things can be physically stolen • Denial of service alacks / jamming alacks can be launched on Things • Man-­‐in-­‐middle alacks easy • Rogue things can be inserted
IoT Security Architecture IoT Security Protocols IoT Security Framework
EU effort to define IoT Security Mission: “To holisUcally embed effecUve and efficient security and privacy mechanisms into IoT devices and the protocols and services they uUlise”
IoT Security Protocols t Eclipse M2M Industry Working Group
t March 2013
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
Enterprise Security TransformaUon • Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response” • Enterprises are implemenUng: • Security Intelligence • Context-­‐based and adapUve security 2. Security approach is shiVing from “Technical controls “to “Behaviourial controls” • Enterprises are adopUng: • People-­‐centric security (PCS)
UJ Network IAM End Point Database Applica,on • IdenUty manager • FIM • ESSO • privileged ID management • MOTP • AD • ID intelligence • Routers • Switches • VPN • End Point ProtecUon • AV, WhitelisUng • VA Scanner • MDM Perimeter • IPS • FW • Proxy • DAM • Oracle • Data mask Content Advanced Threats • FireEye, Dambala etc • EncrypUon • DLP • DRM • URL filter • Mail GW • DAST & SAST • WAF Systems • Unix • Windows • Linux SOA • WAF • Federated IM • SOA registry security • Policy manager • Higher accuracy of vulnerability detec,on • BeZer protec,on from advanced aZacks • Quicker response People Data Applica,ons Infrastructure Security Intelligence – Technology InteracUon
Security Informa@on Events/Logs • monitoring • privileged ac,vity • user ac,vity • database ac,vity • performance • transac,on • applica,on • data/informa,on • sensor data • vulnerability info • configura,on info • change management • content-­‐related data • IAM data • web log data • router, switch data Network Flows • NW telemetry data • DPI for layer-­‐7 visibility • classifica,on of applica,ons & protocols • behaviour analysis • anomaly informa,on Contextual assessments • BeZer risk management • Priori,za,on of risks into ac,onable items Contextual Informa@on Context • Environmental • external threat info • loca,on, ,me, etc • Process • customer facing, revenue producing • Content • sensi,vity External of content, reputa,on of email • Iden,ty • strength of authen,ca,on, role, group, trnx amt limit • Applica,on • business cri,cality of app, known vulnerabili,es • System & OS • asset cri,cality, patch level, known vulnerabili,es, CMDB • End user Device • health -­‐ owner, IP address reputa,on • Compliance • Privacy, RA GW Internal Security Intelligence – InformaUon IntegraUon
1. Risk Management 2. Fraud Management 3. Regulatory Compliance 4. Advanced Threat prevenUon SIEM (aggregaUon, correlaUon, data repository, query) Events Flows Context infusion GRC plaaorm Big Data plaaorm Security Devices Network Devices Assets & Systems • IAM • End point security • Perimeter security • SOA • etc • App security • Advanced threat • Database sec • etc • Routers • Switches • Load balancers • etc Security Intelligence Layer • Servers • Devices • OS • Middleware • etc Technology interac,on Security Intelligence – Framework
Enterprise Security TransformaUon • Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response” • Enterprises are implemenUng: • Security Intelligence • Context-­‐based and adap,ve security 2. Security approach is shiVing from “Technical controls “to “Behaviourial controls” • Enterprises are adopUng: • People-­‐centric security (PCS)
Context-­‐based Security Legacy security policies are binary and staUc yes/no decisions that has been defined in advance
Enterprise Security TransformaUon • Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response” • Enterprises are implemenUng: • Security Intelligence • Context-­‐based and adapUve security 2. Security approach is shiVing from “Technical controls “to “Behaviourial controls” • Enterprises are adopUng: • People-­‐centric security (PCS)
People Centric Security (PCS) PCS represents a major departure from convenUonal security strategies, but reflects the reality that current security approaches are insufficient – Gartner 2013
Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
Security Governance
Emergence of the Digital risk Officer (DRO) By 2017, one-­‐third of large enterprises engaging in digital business will have a digital risk officer. The DRO will report to a senior execuUve role outside IT, such as the chief digital officer or the chief operaUng officer. They will manage risk at an execuUve level across digital business units, working directly with peers in legal, privacy, compliance, digital markeUng, digital sales and digital operaUons. The DRO and CISO are separate roles. Many CISOs will evolve into DROs. However, if they don’t upgrade their skills they will report to the DRO. Gartner, June 2014
Security Skills for the Digital Business Era
Conc lus ion • Today every business is a Digital Business – business that do not understand this become irrelevant • Delivering great Customer experiences is the strategic focus • VulnerabiliUes related directly to delivering customer experiences must be addressed • manage privacy & reputaUonal damage • enable secure omi-­‐channel engagement • manage the inherent vulnerabiliUes that velocity driven business designs open • miUgate the threats and vulnerabiliUes related to Internet of Things and OT • And this must be backed up by a comprehensive and layered enterprise security capability
Thank You Infosec thought leadership

Recomendados

Mobile Device Management Service: Yamana
Mobile Device Management Service: YamanaMobile Device Management Service: Yamana
Mobile Device Management Service: Yamana
Softweb Solutions
 
Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...
Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...
Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...
Nitin Gaur
 
Enterprise Mobility presentation
Enterprise Mobility presentationEnterprise Mobility presentation
Enterprise Mobility presentation
Alessandro Bottega
 
Enterprise mobility a new paradigm
Enterprise mobility a new paradigmEnterprise mobility a new paradigm
Enterprise mobility a new paradigm
Kumar Gaurav
 
Mobile roadmap & maturity model
Mobile roadmap & maturity modelMobile roadmap & maturity model
Mobile roadmap & maturity model
Patrick McLean
 
Good for Enterprise by GMS Mobility
Good for Enterprise by GMS MobilityGood for Enterprise by GMS Mobility
Good for Enterprise by GMS Mobility
Robert Kleinschmidt
 
Bluemix digital innovation_platform
Bluemix digital innovation_platformBluemix digital innovation_platform
Bluemix digital innovation_platform
Nitin Gaur
 
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media
 

Recomendados

Mobile Device Management Service: Yamana
Mobile Device Management Service: YamanaMobile Device Management Service: Yamana
Mobile Device Management Service: Yamana
Softweb Solutions
 
Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...
Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...
Enterprise Mobile Capability Maturity Model - Designing for a robust Digital ...
Nitin Gaur
 
Enterprise Mobility presentation
Enterprise Mobility presentationEnterprise Mobility presentation
Enterprise Mobility presentation
Alessandro Bottega
 
Enterprise mobility a new paradigm
Enterprise mobility a new paradigmEnterprise mobility a new paradigm
Enterprise mobility a new paradigm
Kumar Gaurav
 
Mobile roadmap & maturity model
Mobile roadmap & maturity modelMobile roadmap & maturity model
Mobile roadmap & maturity model
Patrick McLean
 
Good for Enterprise by GMS Mobility
Good for Enterprise by GMS MobilityGood for Enterprise by GMS Mobility
Good for Enterprise by GMS Mobility
Robert Kleinschmidt
 
Bluemix digital innovation_platform
Bluemix digital innovation_platformBluemix digital innovation_platform
Bluemix digital innovation_platform
Nitin Gaur
 
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media
 
MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron Presentation
Wing Venture Capital
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
MobileIron
 
Enterprise mobility management
Enterprise mobility managementEnterprise mobility management
Enterprise mobility management
Info-Tech Research Group
 
Mobile Maturity Model
Mobile Maturity ModelMobile Maturity Model
Mobile Maturity Model
START Houston
 
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureIBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
Chris Pepin
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
John Palfreyman
 
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ssTelus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Graham Chalk
 
Enterprise Mobility: Getting Trendy
Enterprise Mobility: Getting TrendyEnterprise Mobility: Getting Trendy
Enterprise Mobility: Getting Trendy
Markiyan Matsekh
 
IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities
ForgeRock
 
Pulse 2014.mobile first.security
Pulse 2014.mobile first.securityPulse 2014.mobile first.security
Pulse 2014.mobile first.security
Sreeni Pamidala
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
IBM Security
 
Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiative
Chris Pepin
 
Manage your Online Reputation with Simplify360
Manage your Online Reputation with Simplify360Manage your Online Reputation with Simplify360
Manage your Online Reputation with Simplify360
Simplify360
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Mobiloitte
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
IBM Security
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
IBM Security
 
Secure Identity: The Future is Now
Secure Identity: The Future is NowSecure Identity: The Future is Now
Secure Identity: The Future is Now
Lane Billings
 
EMM Product Sales Deck
EMM Product Sales DeckEMM Product Sales Deck
EMM Product Sales Deck
VictorOrtizMformation
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
IBM Security
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Martin Perry
 
IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...
IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...
IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...
MicheleNati
 
IT Service Management Concepts for Project Managers
IT Service Management Concepts for Project ManagersIT Service Management Concepts for Project Managers
IT Service Management Concepts for Project Managers
Carolyn M. Hennings
 

Más contenido relacionado

La actualidad más candente

Enterprise mobility management
Enterprise mobility managementEnterprise mobility management
Enterprise mobility management
Info-Tech Research Group
 
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureIBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
Chris Pepin
 
Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiative
Chris Pepin
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
IBM Security
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
IBM Security
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Martin Perry
 

La actualidad más candente (20)

MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron Presentation
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
 
Enterprise mobility management
Enterprise mobility managementEnterprise mobility management
Enterprise mobility management
 
Mobile Maturity Model
Mobile Maturity ModelMobile Maturity Model
Mobile Maturity Model
 
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureIBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
 
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ssTelus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
 
Enterprise Mobility: Getting Trendy
Enterprise Mobility: Getting TrendyEnterprise Mobility: Getting Trendy
Enterprise Mobility: Getting Trendy
 
IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities
 
Pulse 2014.mobile first.security
Pulse 2014.mobile first.securityPulse 2014.mobile first.security
Pulse 2014.mobile first.security
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
 
Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiative
 
Manage your Online Reputation with Simplify360
Manage your Online Reputation with Simplify360Manage your Online Reputation with Simplify360
Manage your Online Reputation with Simplify360
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
 
Secure Identity: The Future is Now
Secure Identity: The Future is NowSecure Identity: The Future is Now
Secure Identity: The Future is Now
 
EMM Product Sales Deck
EMM Product Sales DeckEMM Product Sales Deck
EMM Product Sales Deck
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
 

Destacado

Firmware Improvement Roadmap
Firmware Improvement RoadmapFirmware Improvement Roadmap
Firmware Improvement Roadmap
Scott Sweeting
 
Integrating Project Management with Service Management Best Practices Event B...
Integrating Project Management with Service Management Best Practices Event B...Integrating Project Management with Service Management Best Practices Event B...
Integrating Project Management with Service Management Best Practices Event B...
Google
 
Balanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula Gomes
Balanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula GomesBalanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula Gomes
Balanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula Gomes
Paula Gomes
 

Destacado (20)

IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...
IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...
IoTMeetupGuildford#6: The Internet of Things: My fridge keeps ordering milk -...
 
IT Service Management Concepts for Project Managers
IT Service Management Concepts for Project ManagersIT Service Management Concepts for Project Managers
IT Service Management Concepts for Project Managers
 
Firmware Improvement Roadmap
Firmware Improvement RoadmapFirmware Improvement Roadmap
Firmware Improvement Roadmap
 
Service-Oriented Project Management (SOPM)
Service-Oriented Project Management (SOPM)Service-Oriented Project Management (SOPM)
Service-Oriented Project Management (SOPM)
 
Roadmap For Improving Performance
Roadmap For Improving PerformanceRoadmap For Improving Performance
Roadmap For Improving Performance
 
Measuring The Service Provided By Project Management - Whitepaper
Measuring The Service Provided By Project Management - WhitepaperMeasuring The Service Provided By Project Management - Whitepaper
Measuring The Service Provided By Project Management - Whitepaper
 
Pro's and Con's of Project Management as a Service
Pro's and Con's of Project Management as a ServicePro's and Con's of Project Management as a Service
Pro's and Con's of Project Management as a Service
 
Plm as a platform for smb companies
Plm as a platform for smb companiesPlm as a platform for smb companies
Plm as a platform for smb companies
 
Professional Services Roadmap 2011 and beyond
Professional Services Roadmap 2011 and beyondProfessional Services Roadmap 2011 and beyond
Professional Services Roadmap 2011 and beyond
 
Kalypso Strategic Roadmapping Deck Mar Webinarv4
Kalypso Strategic Roadmapping Deck Mar Webinarv4Kalypso Strategic Roadmapping Deck Mar Webinarv4
Kalypso Strategic Roadmapping Deck Mar Webinarv4
 
adaQuest Professional Staffing turns Effortless
adaQuest Professional Staffing turns EffortlessadaQuest Professional Staffing turns Effortless
adaQuest Professional Staffing turns Effortless
 
Project Roadmap 2012-2016
Project Roadmap 2012-2016Project Roadmap 2012-2016
Project Roadmap 2012-2016
 
Project Management as a Service
Project Management as a ServiceProject Management as a Service
Project Management as a Service
 
Workplace Performance Improvement Breakthrough
Workplace Performance Improvement BreakthroughWorkplace Performance Improvement Breakthrough
Workplace Performance Improvement Breakthrough
 
Integrating Project Management with Service Management Best Practices Event B...
Integrating Project Management with Service Management Best Practices Event B...Integrating Project Management with Service Management Best Practices Event B...
Integrating Project Management with Service Management Best Practices Event B...
 
IT Software - Release cycle & Delivery roadmap
IT Software - Release cycle & Delivery roadmapIT Software - Release cycle & Delivery roadmap
IT Software - Release cycle & Delivery roadmap
 
Roadmap for Techno-functional Team
Roadmap for Techno-functional TeamRoadmap for Techno-functional Team
Roadmap for Techno-functional Team
 
Rapid Results PLM Implementation Methodology
Rapid Results PLM Implementation MethodologyRapid Results PLM Implementation Methodology
Rapid Results PLM Implementation Methodology
 
Process Improvement Roadmap
Process Improvement RoadmapProcess Improvement Roadmap
Process Improvement Roadmap
 
Balanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula Gomes
Balanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula GomesBalanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula Gomes
Balanced Scorecard for CMMI Implementations - Eduardo Espinheira e Paula Gomes
 

Similar a Securing the Digital Enterprise

Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Core Security
 
Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Enterprise Management Associates
 
First bankcard presentation 3.3.15
First bankcard presentation 3.3.15First bankcard presentation 3.3.15
First bankcard presentation 3.3.15
Julie McDonald
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta
 
Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak)
Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak) Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak)
Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak)
Tealium
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1
Sal Abramo
 
Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013
Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013
Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013
IBM Switzerland
 

Similar a Securing the Digital Enterprise (20)

Uid101 intro preso
Uid101 intro presoUid101 intro preso
Uid101 intro preso
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
G05.2013 gartner top security trends
G05.2013 gartner top security trendsG05.2013 gartner top security trends
G05.2013 gartner top security trends
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...
 
First bankcard presentation 3.3.15
First bankcard presentation 3.3.15First bankcard presentation 3.3.15
First bankcard presentation 3.3.15
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak)
Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak) Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak)
Gartner Digital Marketing Conference 2016: Theater Session (C. Slovak)
 
Digital Assurance: Develop a Comprehensive Testing Strategy for Digital Trans...
Digital Assurance: Develop a Comprehensive Testing Strategy for Digital Trans...Digital Assurance: Develop a Comprehensive Testing Strategy for Digital Trans...
Digital Assurance: Develop a Comprehensive Testing Strategy for Digital Trans...
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Using ML to Protect Customer Privacy by fmr Amazon Sr PM
Using ML to Protect Customer Privacy by fmr Amazon Sr PMUsing ML to Protect Customer Privacy by fmr Amazon Sr PM
Using ML to Protect Customer Privacy by fmr Amazon Sr PM
 
Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013
Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013
Erfolgreicher agieren mit Analytics_Markus Barmettler_IBM Symposium 2013
 
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
 
Get your data analytics strategy right!
Get your data analytics strategy right!Get your data analytics strategy right!
Get your data analytics strategy right!
 
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
 
Smau Milano 2015 - Cisco
Smau Milano 2015 - CiscoSmau Milano 2015 - Cisco
Smau Milano 2015 - Cisco
 

Más de Cybersecurity Education and Research Centre

Automated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social NetworksAutomated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social Networks
Cybersecurity Education and Research Centre
 
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Cybersecurity Education and Research Centre
 
Video Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical FlowVideo Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical Flow
Cybersecurity Education and Research Centre
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
Cybersecurity Education and Research Centre
 
Identification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A SurveyIdentification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A Survey
Cybersecurity Education and Research Centre
 
Clotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and IncorrectClotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and Incorrect
Cybersecurity Education and Research Centre
 
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
Cybersecurity Education and Research Centre
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Cybersecurity Education and Research Centre
 
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageEmerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Cybersecurity Education and Research Centre
 
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on TwitterBroker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
Cybersecurity Education and Research Centre
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Cybersecurity Education and Research Centre
 
Exploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasuresExploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasures
Cybersecurity Education and Research Centre
 
The future of interaction & its security challenges
The future of interaction & its security challengesThe future of interaction & its security challenges
The future of interaction & its security challenges
Cybersecurity Education and Research Centre
 

Más de Cybersecurity Education and Research Centre (17)

Automated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social NetworksAutomated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social Networks
 
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
 
Video Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical FlowVideo Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical Flow
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
 
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
Identification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A SurveyIdentification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A Survey
 
Clotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and IncorrectClotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and Incorrect
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageEmerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
 
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on TwitterBroker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Exploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasuresExploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasures
 
The future of interaction & its security challenges
The future of interaction & its security challengesThe future of interaction & its security challenges
The future of interaction & its security challenges
 

Último

Último (20)

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 

Securing the Digital Enterprise

  • 1. Securing the Digital enterprise Felix Mohan Chief Knowledge Officer 09 Sept 2014 CERC@IIIT-­‐D
  • 2. Agenda : Securing the Digital enterprise Security Controls Technology & Digital Enterprise Customer Experience
  • 3.
  • 4. LOWER OPERATING COST BETTER CUSTOMER EXPERIENCE
  • 5.
  • 6. 3D prinUng revoluUonizing supply chains Manufacturer Distributors Retailers Customers Manufacturer Distributors Retailers Customers Print part using their 3D printer Manufacturer Distributors Retailers Customers LOWER OPERATING COST BETTER CUSTOMER EXPERIENCE Print part using their 3D printer Manufacturer Distributors Retailers Customers Print part using personal 3D printer Physical part flow InformaUon flow
  • 7. TransformaUon of the Digital Enterprise 1% 28% 12% 41% 22% 2005 2012 Objec,ves Value Power
  • 8. Delivering great Customer Experience • Customer Experience is the manifestaUon of value • OrganizaUons don’t sell products or services. They sell experiences. Forrester • Customers buy experiences that are embedded in products. Gartner • 95% of CEOs stated that ‘Delivering great Customer Experience’ was the Top priority for realizing their strategy in the next 5 years. IBM CEO Survey • Digital technologies have made customers powerful. And they are demanding good experience! • Customers have low brand loyalty or sUckiness. • They can quickly change product or vendor if not saUsfied • Less than 25% of retail purchases in US were due to brand loyalty. EY Survey, 2013 • They can spread their bad experience in their social network affecUng company reputaUon badly
  • 9. Customer Power Empowered customers can ,p the balance of power in contemporary buyer / seller rela,ons. So what are organizaUons doing about all this?
  • 10. The Customer Experience Pyramid EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Loyalty & SUckiness
  • 11. EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Enhancing Customer Loyalty • quanUty of personal data collected is spiraling rapidly • big data correlaUons are creaUng addiUonal privacy issues Customer’s demographic data TransacUon data Social media interacUons Online acUviUes Real-­‐ Ume Contextual data AnalyUcs Insights Customized Offerings
  • 12. The Customer Experience Pyramid Privacy • EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Privacy has emerged the Number 1 concern for digital businesses overtaking security • Privacy concern both amongst regulators and customers – leading to major regulatory enactments
  • 13. Proposed Regulatory Environment Seeks to mandate: 1. Data privacy impact assessments 2. Privacy by design 3. Privacy by default (i.e. Data minimizaUon at the level of applicaUon) 4. Data portability (i.e. Enabling right to withdraw consent) 5. Right to be forgolen 6. Rights against being profiled
  • 14. OrganizaUons’ Privacy Bind CollecUng data for enhancing Customer Experience Impending storm in the regulatory environment OrganizaUons Need for balancing Commercial acUvity with Privacy concerns PosiUve Sum – Not Zero Sum
  • 15. Balancing Privacy and Commercial Viability Full Privacy Full Economic Value PrivAd AdnosUc RePriv PrivAd : Online adverUsing system designed to be more private than exisUng system. Uses proxy to hide customer IP addresses. AdnosUc: Developed by Stanford and NYU Behavioral profiling and targeUng takes place in the user’s browser and not in the adverUsing network’s servers. Based on profile AdnosUc downloads a set of adverUsements from the ad network and serves the most appropriate one as per the profile. RePriv: Developed by Microsop Research System’s plugin located in the browser discovers user’s interests and shares them with 3rd parUes but only aper explicit permission of user.
  • 16. The Customer Experience Pyramid Privacy EmoUonal Fulfillment Ease of use/engagement & • Improve product/service quality • features Capture customer senUment • Increase up selling opportuniUes • Trigger new product/service innovaUon Value & Quality Business CRM strategies seek to use the customer insights for other purposes also.
  • 17. MoneUzing Customer Data By 2016, 30% of businesses will have begun directly or indirectly moneUzing their customer informaUon assets via bartering or selling them outright. Gartner, March 2014
  • 18. The Customer Experience Pyramid Privacy ReputaUonal Damage/ExtorUons EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 19. ReputaUonal Damage 80% of the value of a business is its reputaUon. ReputaUon is a top concern of the CEO. • Social media acUvity that can severely damage an organizaUon’s reputaUon. • The harm can potenUally be carried out by: • Customers / Individuals -­‐ giving vent to their feelings • NGOs like Greenpeace -­‐ pushing for corporate social responsibility • Cyber criminals -­‐ launching cyber extorUon
  • 20.
  • 21. ReputaUonal Damage 80% of the value of a business is its reputaUon. ReputaUon is a top concern of the CEO. • Social media acUvity that can severely damage an organizaUon’s reputaUon. • The harm can potenUally be carried out by: • Customers / Individuals -­‐ giving vent to their feelings • NGOs like Greenpeace -­‐ pushing for corporate social responsibility • Cyber criminals -­‐ launching cyber extorUon
  • 22. The Customer Experience Pyramid Privacy ReputaUonal Damage/ExtorUons Omni-­‐channel Experience EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 23. Omni-­‐channel Experience Good customer experience demands fricUonless engagement across every channel and every screen • Federated IdenUty Management & SSO • Social IdenUUes • Centralized Opt-­‐in & Opt-­‐out • Context-­‐based AuthenUcaUon • IntegraUon with SIEM Security controls
  • 24. The Customer Experience Pyramid Privacy ReputaUonal Damage/ExtorUons Omni-­‐channel Experience EmoUonal Fulfillment Ease of use/engagement & features Value & Quality Business model security vulnerabiliUes
  • 25. Business Model Security VulnerabiliUes Digital business is the creaUon of new business designs by blurring the digital and physical worlds. -­‐ Gartner • Two major Vulnerabili,es: • Impact of applica,on development “velocity” on tes,ng & security • Vulnerabili,es caused when “things” are connected
  • 26. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 27. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 28. IdenUty & Access Management IdenUty FederaUon is becoming the heart of the Digital enterprise. Technologies: SAML 2.0; Oauth 2.0; OpenID Connect IdenUty Management Support for Social IdenUUes & Third party credenUals Context-­‐based AuthenUcaUon Emergence of Mandatory Access Control (MAC)
  • 29. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 30. API Layer & Security APIs are the core engines of the Digital Era. The digital economy is an API-­‐driven economy. • IdenUty management • AuthenUcaUon using API Keys, Oauth 2.0, SAML 2.0 • AuthorizaUon using OAuth 2.0 • RBAC • Traffic Control • TLS • DoS miUgaUon & Rate LimiUng • Malware/Hacking • XML poisoning, JSON injecUon, SQL injecUon, quota/spike arrest • Logging & integraUon with SIEM • AnalyUcs • User acUvity intelligence Security controls
  • 31. Mobile API Layer Security • IdenUty management • AuthenUcaUon using API Keys, Oauth 2.0, SAML 2.0 • AuthorizaUon using OAuth 2.0 • RBAC • Traffic Control • TLS • DoS miUgaUon & Rate LimiUng • Malware/Hacking • XML poisoning, JSON injecUon, SQL injecUon, quota/spike arrest • Logging & integraUon with SIEM • AnalyUcs • User acUvity intelligence API Security controls
  • 32. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 33. Data Governance Emergence of the Data Plavorm IdenUty controls Access controls API controls
  • 34. Data Governance Security Tools • MulUple data security tools • SIEM, Content-­‐aware DLP, Database Audit & ProtecUon (DAP), Data Access Governance (DAG), Fraud prevenUon, Data masking, EncrypUon and IAM • No exisUng tool that can protect across all data silos Data-­‐centric Audit & ProtecUon (DCAP) tool • Data-­‐centric Audit & ProtecUon (DCAP) • This is a new category of data security tool that is emerging which can work across data silos Assessment Ac,vity Monitoring Protec,on 1 . Data Security Policy 4. Privileged User Monitoring and AudiUng 7. Vulnerability and ConfiguraUon Management 2. Data Discovery and ClassificaUon 5. ApplicaUon User Monitoring and AudiUng 8. PrevenUon & Blocking of Alacks 3. Assessment of Users and Permissions 6. Event CollecUon Analysis and ReporUng 9. EncrypUon, TokenizaUon and Data Masking • The DCAP typically would have following capabiliUes across data silos:
  • 35. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 36. Privacy Management Privacy is emerging as the “biggest” concern in the Digital Business era. “Finding the right balance between Privacy Risks & Big Data rewards may very well be the biggest policy challenge of our ,me” -­‐ Stanford Law Research • Managing Privacy starts by understanding the difference between Privacy and Security
  • 37. Privacy Controls -­‐ OrganizaUonal & Technical Organiza,onal controls Technical controls (Non-­‐technical) Technical controls Privacy-­‐focused technologies: • Data masking -­‐ staUc, dynamic, redacUon • TokenizaUon • Format Preserving EncrypUon (FPE) • AnonymizaUon • Privacy Enhancing Technologies (PET) Internal controls (AdministraUve & physical processes) External controls (Contractual & legal processes) StaUc Data Masking: Masks non-­‐producUon database not in real Ume Dynamic Data Masking: Masks producUon data in real Ume Data RedacUon: Masks unstructured content such as PDF & word files • Policies • Accountability • Data access & usage • Employee training • Data segregaUon • Data retenUon & deleUon • Physical safeguards • Contractual terms to restrict how partners share & use data • SLA liabiliUes • AudiUng rights Security-­‐focused technologies: • FW, IPS • DLP, DRM, DAM • IAM • EncrypUon • SSL
  • 38. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 39. • SMACI Concerns Data -­‐ confidenUality, ownership, remanence • Audit • Legal / Regulatory -­‐ Privacy, jurisdicUon • Business conUnuity -­‐ Dependence on provider, migraUon complexity • Unmanaged & insecure user devices • Loss / leakage of sensiUve enterprise data • Unauthorized access to enterprise applicaUons • Device support / management complexity • Unsecured / rogue marketplaces • Leakage of sensiUve enterprise data • Avenue for malware • Targeted spear-­‐phishing alacks on employees (APT ingress) • Privacy & compliance • Unauthorized access/queries • Leakage of data / intelligence • Veracity of input data
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. IoT VulnerabiliUes • Things cause privacy issues • Things can be easily hacked • Things can be physically stolen • Denial of service alacks / jamming alacks can be launched on Things • Man-­‐in-­‐middle alacks easy • Rogue things can be inserted
  • 46. IoT Security Architecture IoT Security Protocols IoT Security Framework
  • 47. EU effort to define IoT Security Mission: “To holisUcally embed effecUve and efficient security and privacy mechanisms into IoT devices and the protocols and services they uUlise”
  • 48. IoT Security Protocols t Eclipse M2M Industry Working Group
  • 50. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 51. Enterprise Security TransformaUon • Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response” • Enterprises are implemenUng: • Security Intelligence • Context-­‐based and adapUve security 2. Security approach is shiVing from “Technical controls “to “Behaviourial controls” • Enterprises are adopUng: • People-­‐centric security (PCS)
  • 52. UJ Network IAM End Point Database Applica,on • IdenUty manager • FIM • ESSO • privileged ID management • MOTP • AD • ID intelligence • Routers • Switches • VPN • End Point ProtecUon • AV, WhitelisUng • VA Scanner • MDM Perimeter • IPS • FW • Proxy • DAM • Oracle • Data mask Content Advanced Threats • FireEye, Dambala etc • EncrypUon • DLP • DRM • URL filter • Mail GW • DAST & SAST • WAF Systems • Unix • Windows • Linux SOA • WAF • Federated IM • SOA registry security • Policy manager • Higher accuracy of vulnerability detec,on • BeZer protec,on from advanced aZacks • Quicker response People Data Applica,ons Infrastructure Security Intelligence – Technology InteracUon
  • 53. Security Informa@on Events/Logs • monitoring • privileged ac,vity • user ac,vity • database ac,vity • performance • transac,on • applica,on • data/informa,on • sensor data • vulnerability info • configura,on info • change management • content-­‐related data • IAM data • web log data • router, switch data Network Flows • NW telemetry data • DPI for layer-­‐7 visibility • classifica,on of applica,ons & protocols • behaviour analysis • anomaly informa,on Contextual assessments • BeZer risk management • Priori,za,on of risks into ac,onable items Contextual Informa@on Context • Environmental • external threat info • loca,on, ,me, etc • Process • customer facing, revenue producing • Content • sensi,vity External of content, reputa,on of email • Iden,ty • strength of authen,ca,on, role, group, trnx amt limit • Applica,on • business cri,cality of app, known vulnerabili,es • System & OS • asset cri,cality, patch level, known vulnerabili,es, CMDB • End user Device • health -­‐ owner, IP address reputa,on • Compliance • Privacy, RA GW Internal Security Intelligence – InformaUon IntegraUon
  • 54. 1. Risk Management 2. Fraud Management 3. Regulatory Compliance 4. Advanced Threat prevenUon SIEM (aggregaUon, correlaUon, data repository, query) Events Flows Context infusion GRC plaaorm Big Data plaaorm Security Devices Network Devices Assets & Systems • IAM • End point security • Perimeter security • SOA • etc • App security • Advanced threat • Database sec • etc • Routers • Switches • Load balancers • etc Security Intelligence Layer • Servers • Devices • OS • Middleware • etc Technology interac,on Security Intelligence – Framework
  • 55. Enterprise Security TransformaUon • Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response” • Enterprises are implemenUng: • Security Intelligence • Context-­‐based and adap,ve security 2. Security approach is shiVing from “Technical controls “to “Behaviourial controls” • Enterprises are adopUng: • People-­‐centric security (PCS)
  • 56. Context-­‐based Security Legacy security policies are binary and staUc yes/no decisions that has been defined in advance
  • 57. Enterprise Security TransformaUon • Security technologies have become obsolete & ineffecUve to stop alacks. • Today, 100% of enterprises are breached. Two major transformaUons are currently underway: 1. Security focus is shiVing from “protec,on” to “detec,on and response” • Enterprises are implemenUng: • Security Intelligence • Context-­‐based and adapUve security 2. Security approach is shiVing from “Technical controls “to “Behaviourial controls” • Enterprises are adopUng: • People-­‐centric security (PCS)
  • 58. People Centric Security (PCS) PCS represents a major departure from convenUonal security strategies, but reflects the reality that current security approaches are insufficient – Gartner 2013
  • 59. Enterprise Security Infrastructure EmoUonal Fulfillment Ease of use/engagement & features Value & Quality
  • 61. Emergence of the Digital risk Officer (DRO) By 2017, one-­‐third of large enterprises engaging in digital business will have a digital risk officer. The DRO will report to a senior execuUve role outside IT, such as the chief digital officer or the chief operaUng officer. They will manage risk at an execuUve level across digital business units, working directly with peers in legal, privacy, compliance, digital markeUng, digital sales and digital operaUons. The DRO and CISO are separate roles. Many CISOs will evolve into DROs. However, if they don’t upgrade their skills they will report to the DRO. Gartner, June 2014
  • 62. Security Skills for the Digital Business Era
  • 63. Conc lus ion • Today every business is a Digital Business – business that do not understand this become irrelevant • Delivering great Customer experiences is the strategic focus • VulnerabiliUes related directly to delivering customer experiences must be addressed • manage privacy & reputaUonal damage • enable secure omi-­‐channel engagement • manage the inherent vulnerabiliUes that velocity driven business designs open • miUgate the threats and vulnerabiliUes related to Internet of Things and OT • And this must be backed up by a comprehensive and layered enterprise security capability
  • 64. Thank You Infosec thought leadership