SlideShare una empresa de Scribd logo

Gartner presentation risq dec 2016 jie zhang

C
ColloqueRISQ

Gartner Presentation_RISQ_Dec 2016 Jie Zhang

Tecnología
1 de 31
Descargar para leer sin conexión
CONFIDENTIAL AND PROPRIETARY This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Top Security Trends and Take-Aways Jie Zhang
1 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security for the Next Generation of Threat  A pervasive digital presence is expanding into business, industry and society  Once networked, this digital presence substantively alters risk for digital businesses  Digital security is the next evolution in cybersecurity to protect this pervasive digital presence
2 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Macro Trends You Face in the Age of the Pervasive Digital Presence  Risk and Resilience Seek Balance  Security Disciplines Converge  Secure Digital Supply Chain Needs Grow  Security Skills Options Expand  Adaptive Security Architecture Embraced  Data Security Governance Arrives  Digital Business Drives Digital Security
3 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Risk and Resilience Seek Balance
4 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Moves to an Embedded State in the Organization  Governance  Compliance  Control  Protection  Reliability  Speed  Assurance  Transparency RISK RESILIENCE Privacy Safety Value Cost
5 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Principles for Trust and Resilience Business Outcomes Risk-Based Data Flow Facilitator Detect and Respond Principle of Trust and Resilience People-Centric
6 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Risk and Resilience Balance  Revisit the security organizational structure to ensure it reflects current mission  Revise the methods used to calculate IT risk to incorporate new variables and factors  Refine the security communication and education process to emphasize agility
7 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Disciplines Converge
8 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Digital Security for the Pervasive Digital Presence Defense Offense Reactive Proactive IoT Security Information Security IT Security OT Security Physical Security You Are Here Digital Security
9 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. "Digital Safety" Becomes a New Force and Responsibility The CIAS Model of Digital Security Integrity Data People Environments Confidentiality Availability Safety Graphics: Can Stock Photo
10 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Security Convergence  Establish security governance and planning relationships with physical and industrial counterparts  Improve cross-discipline procurement methods for security requirements  Modify security architecture to include additional layers where required  Investigate changes in security management and operations that may be required to accommodate convergence
11 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Secure Digital Supply Chain
12 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Integrated Digital Security for the Supply Chain(s) SUPPLY CHAIN DIGITAL SUPPLY CHAIN DIGITAL SECURITY FOR THE SUPPLY CHAIN(S) IoT Security Information Security IT Security OT Security Physical Security Digital Security
13 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. SIEM Software Asset Management Expanding (and Confusing) SaaS Control Add-On Markets Today's enterprise suffers from coordination frustration. Encouraging evolution of multicloud, multifunction management consoles. Activity Threat Control Archive and Recovery Cloud Access Security Broker EMM Confidentiality IDaaS SaaS Aggregation Tool Mobile Device Management Before and During Login After Login Service Monitoring Malware Control
14 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Securing the Cloud (Supply Chain)  Develop an enterprise public cloud strategy.  Implement and enforce policies on usage responsibility and cloud risk acceptance.  Follow a cloud life cycle governance approach.  Develop expertise in the security and control each cloud model used.  Implement technologies to fight cloud diffusion complexity. Conduct Risk Assessment (decision establishes requirements for technical and process controls) Medium Exposure Potential Impact of Security Failure BusinessContribution (ValueofService) Low High Always Allowed Low High DoNotAllowDoNotAllow
15 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Skills Options Expand
16 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Assess the Most Critical Skills Impacts of Digital Security Already, Traditional Security Strategies Are Shifting To: Contextual Security Monitoring and Response Ubiquitous Identity Management Data Classes, Data Governance Security Awareness, Privacy & Behavior 01011 Embedded Security Network Segmentation, Engineering Physical Security Automation
17 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Key Take-Aways to Accelerate Skills Generation and Convergence  Build a long-term security workforce plan.  Make coaching and skills development first task.  Embed security skills within the lines-of-business.  Change security specialists to "versatilists."  Mix traditional and agile recruitment techniques.  Evaluate current skills gaps.
18 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Adaptive Security Architecture Is Embraced
19 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Software-Defined Everything, Including Security "Data Plane" "Control Plane" APIAPI API API APIAPI API Southboun d APIs Northboun d APIs Layers of Abstraction API Platform APIs Applications
20 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Respond Detect Detect incidents Prevent attacks Confirm and prioritize risk Contain incidents Isolate systems Predict Prevent Harden systems Compliance Policy Monitor posture Adjust posture Implement posture Adjust posture Continuous Visibility and Verification Users Systems System activity Payload Network Investigate incidents/ retrospective analysis Remediate Anticipate threats/ attacks Risk-prioritized exposure assessment Design/Model policy change Baseline systems and security posture Develop an Adaptive Security Architecture
21 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Threat Intelligence Platforms Allow You to Visualize, Correlate and Gain Context Emerging Threats Shadowserver ZeuS Tracker Abuse.ch Open-Source MRTI Feeds Norse IID Cyveillance Malcovery Commercial Feeds GeoIP Malware Lookup Domain Tools Enrichment Services News RSS Feeds Websites OSINT Sources Threat Intelligence Platform Analytics Threat Intelligence Processing Visualization Reporting Forensics Threat Intelligence Sharing Incident Response SOC Analyst Fraud Threat Analyst Management Malware Analyst Help Desk People Process Circle of Trust Sharing Workflow/ Escalation Communication Fraud Technology Secure Web Gateway NGFW IPS/IDS Logs
22 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Adaptive Security Architecture  Shift security mindset from "incident response" to "continuous response"  Spend less on prevention; invest in detection, response and predictive capabilities  Favor context-aware network, endpoint and application security protection platforms  Develop a security operations center  Architect for comprehensive, continuous monitoring at all layers of the IT stack.
23 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Data Security Governance Arrives
24 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Develop a Data-Centric Audit and Protection Approach Activity Monitoring Assessment of Users and Permissions User Monitoring and Auditing Data Security Policy Data Classification and Discovery Policy Data Security Controls Protection Analysis and Reporting Blocking, Encryption, Tokenization and Data Masking
25 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Data Security Governance  Prioritize organization-wide data security governance and policy.  Identify and implement risk-appropriate data security controls by data type where possible.  Implement a DCAP strategy that includes disciplined and formal product selection.  Incorporate big data plans and unique requirements into security strategy.
26 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Digital Business Drives Digital Security
27 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Securing a Pervasive Digital Presence (the Internet of Things) Gateways Things Agents Analytics Applications Data Cloud Mobile MES, ERP Partners IoT Platform Middleware Core Business Processes IoT Edge Processing CommunicationsIntegration Integration Communications  Security requirements: – Policy creation and management – Monitoring, detection and response – Access control and management – Data protection – Network segmentation  Key challenges: – Scale – Diversity (age and type) – Function – Regulation – Privacy – Standardization Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize segmentation and access initially.
28 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Enterprise Consumer  Business Disruption  Espionage and Fraud  Financial Waste Cyber Risks and Consequences in an IoT Solution IoT Platform  Platform Hacking  Data Snooping and Tampering  Sabotaging Automation and Devices Edge  Device Impersonation  Device Hacking  Device Counterfeiting  Snooping, Tampering, Disruption, Damage Dev. Prod.
29 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. IAM Trends of 2015-2016 That Include an Identity of Things IAM Program Management and Governance (Digital) Business and Operational Needs (Digital) Risk Management and Compliance Things People Apps and Data Relationships Interactions
30 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Digital Security  Balance Risk and Resilience  Make the Security Discipline Decision  Enhance Digital Security Supply Chains  Retool Security Skills  Embrace Adaptive Security Architecture  Selective Improve Security Infrastructure  Embrace Data Security Governance

Recomendados

Google peter logli & jake shea
Google peter logli & jake sheaGoogle peter logli & jake shea
Google peter logli & jake sheaColloqueRISQ
 
Microsoft john weigelt 2016
Microsoft john weigelt 2016Microsoft john weigelt 2016
Microsoft john weigelt 2016ColloqueRISQ
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrZYMR, INC.
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security InfographicIdeba
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security PresentationIdeba
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security EbookIdeba
 

Recomendados

Google peter logli & jake shea
Google peter logli & jake sheaGoogle peter logli & jake shea
Google peter logli & jake sheaColloqueRISQ
 
Microsoft john weigelt 2016
Microsoft john weigelt 2016Microsoft john weigelt 2016
Microsoft john weigelt 2016ColloqueRISQ
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrZYMR, INC.
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security InfographicIdeba
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security PresentationIdeba
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security EbookIdeba
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityCentrify Corporation
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Close the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote WorkforceClose the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote Workforcejlieberman07
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber SecurityVivianMarcello3
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesDave Reeves
 
Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Jisc
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security PresentationIdeba
 
Cloud Computing & Cybersecurity
Cloud Computing & CybersecurityCloud Computing & Cybersecurity
Cloud Computing & CybersecurityDavid Sweigert
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYETDAofficialRegist
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Advantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionAdvantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionCyber Infrastructure INC
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderCSI Solutions
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachOmar Khawaja
 
Global Cybersecurity Consulting Firm
Global Cybersecurity Consulting FirmGlobal Cybersecurity Consulting Firm
Global Cybersecurity Consulting Firmwilsonconsulting1
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesHugo Rodrigues
 

Más contenido relacionado

La actualidad más candente

Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityCentrify Corporation
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Close the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote WorkforceClose the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote Workforcejlieberman07
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesDave Reeves
 
Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Jisc
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security PresentationIdeba
 
Cloud Computing & Cybersecurity
Cloud Computing & CybersecurityCloud Computing & Cybersecurity
Cloud Computing & CybersecurityDavid Sweigert
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYETDAofficialRegist
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Advantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionAdvantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionCyber Infrastructure INC
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderCSI Solutions
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachOmar Khawaja
 
Global Cybersecurity Consulting Firm
Global Cybersecurity Consulting FirmGlobal Cybersecurity Consulting Firm
Global Cybersecurity Consulting Firmwilsonconsulting1
 

La actualidad más candente (20)

Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
 
Close the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote WorkforceClose the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote Workforce
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical Services
 
Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security Presentation
 
Cloud Computing & Cybersecurity
Cloud Computing & CybersecurityCloud Computing & Cybersecurity
Cloud Computing & Cybersecurity
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITY
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Advantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security SolutionAdvantages Of Using Cyber Security Solution
Advantages Of Using Cyber Security Solution
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services Provider
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Global Cybersecurity Consulting Firm
Global Cybersecurity Consulting FirmGlobal Cybersecurity Consulting Firm
Global Cybersecurity Consulting Firm
 

Similar a Gartner presentation risq dec 2016 jie zhang

New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesHugo Rodrigues
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...Accenture Technology
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectJermund Ottermo
 
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and GovernanceSAP Analytics
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Expert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptxExpert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptxkathyzink87
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRockwell Automation
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfForgeahead Solutions
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016SteveAtHPE
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 

Similar a Gartner presentation risq dec 2016 jie zhang (20)

New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in Retrospect
 
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
 
Cisco Award Write Up
Cisco Award Write UpCisco Award Write Up
Cisco Award Write Up
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
Expert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptxExpert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptx
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 

Más de ColloqueRISQ

Blockchain Technologies : Landscape and Future Directions
Blockchain Technologies : Landscape and Future DirectionsBlockchain Technologies : Landscape and Future Directions
Blockchain Technologies : Landscape and Future DirectionsColloqueRISQ
 
Béluga : un super-ordinateur pour la science de demain
Béluga : un super-ordinateur pour la science de demainBéluga : un super-ordinateur pour la science de demain
Béluga : un super-ordinateur pour la science de demainColloqueRISQ
 
Why SD-WAN as it Moves to Mainstream Adoption?
Why SD-WAN as it Moves to Mainstream Adoption?Why SD-WAN as it Moves to Mainstream Adoption?
Why SD-WAN as it Moves to Mainstream Adoption?ColloqueRISQ
 
La révolution 5G et le projet ENCQOR
La révolution 5G et le projet ENCQORLa révolution 5G et le projet ENCQOR
La révolution 5G et le projet ENCQORColloqueRISQ
 
Travailler TOUS ensemble lors d’une cybercrise!
Travailler TOUS ensemble lors d’une cybercrise!Travailler TOUS ensemble lors d’une cybercrise!
Travailler TOUS ensemble lors d’une cybercrise!ColloqueRISQ
 
Audit 101 - Un guide de survie
Audit 101 - Un guide de survieAudit 101 - Un guide de survie
Audit 101 - Un guide de survieColloqueRISQ
 
Votre meilleure protection est un internet canadien
Votre meilleure protection est un internet canadienVotre meilleure protection est un internet canadien
Votre meilleure protection est un internet canadienColloqueRISQ
 
Office 365 : Sécuritaire?
Office 365 : Sécuritaire?Office 365 : Sécuritaire?
Office 365 : Sécuritaire?ColloqueRISQ
 
What Nature Can Tell Us About IoT Security at Scale
What Nature Can Tell Us About IoT Security at ScaleWhat Nature Can Tell Us About IoT Security at Scale
What Nature Can Tell Us About IoT Security at ScaleColloqueRISQ
 
The Power of the NREN
The Power of the NRENThe Power of the NREN
The Power of the NRENColloqueRISQ
 
L’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data centerL’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data centerColloqueRISQ
 
Plus de darkweb, moins de problèmes pour les pirates informatiques?
Plus de darkweb, moins de problèmes pour les pirates informatiques?Plus de darkweb, moins de problèmes pour les pirates informatiques?
Plus de darkweb, moins de problèmes pour les pirates informatiques?ColloqueRISQ
 
L'humain dans la cybersécurité - Problèmes et réflexions
L'humain dans la cybersécurité - Problèmes et réflexionsL'humain dans la cybersécurité - Problèmes et réflexions
L'humain dans la cybersécurité - Problèmes et réflexionsColloqueRISQ
 
L'internet des objets et la cybersécurité
L'internet des objets et la cybersécuritéL'internet des objets et la cybersécurité
L'internet des objets et la cybersécuritéColloqueRISQ
 
Au-delà du réseau - une défense simple en profondeur
Au-delà du réseau - une défense simple en profondeurAu-delà du réseau - une défense simple en profondeur
Au-delà du réseau - une défense simple en profondeurColloqueRISQ
 
Threat Landscape for Education
Threat Landscape for EducationThreat Landscape for Education
Threat Landscape for EducationColloqueRISQ
 
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSXComment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSXColloqueRISQ
 
Sécuriser votre environnement de l'Internet des objets (IoT)
Sécuriser votre environnement de l'Internet des objets (IoT)Sécuriser votre environnement de l'Internet des objets (IoT)
Sécuriser votre environnement de l'Internet des objets (IoT)ColloqueRISQ
 
The 2018 Threat Landscape
The 2018 Threat LandscapeThe 2018 Threat Landscape
The 2018 Threat LandscapeColloqueRISQ
 
Cybersecurity Through Collaboration
Cybersecurity Through CollaborationCybersecurity Through Collaboration
Cybersecurity Through CollaborationColloqueRISQ
 

Más de ColloqueRISQ (20)

Blockchain Technologies : Landscape and Future Directions
Blockchain Technologies : Landscape and Future DirectionsBlockchain Technologies : Landscape and Future Directions
Blockchain Technologies : Landscape and Future Directions
 
Béluga : un super-ordinateur pour la science de demain
Béluga : un super-ordinateur pour la science de demainBéluga : un super-ordinateur pour la science de demain
Béluga : un super-ordinateur pour la science de demain
 
Why SD-WAN as it Moves to Mainstream Adoption?
Why SD-WAN as it Moves to Mainstream Adoption?Why SD-WAN as it Moves to Mainstream Adoption?
Why SD-WAN as it Moves to Mainstream Adoption?
 
La révolution 5G et le projet ENCQOR
La révolution 5G et le projet ENCQORLa révolution 5G et le projet ENCQOR
La révolution 5G et le projet ENCQOR
 
Travailler TOUS ensemble lors d’une cybercrise!
Travailler TOUS ensemble lors d’une cybercrise!Travailler TOUS ensemble lors d’une cybercrise!
Travailler TOUS ensemble lors d’une cybercrise!
 
Audit 101 - Un guide de survie
Audit 101 - Un guide de survieAudit 101 - Un guide de survie
Audit 101 - Un guide de survie
 
Votre meilleure protection est un internet canadien
Votre meilleure protection est un internet canadienVotre meilleure protection est un internet canadien
Votre meilleure protection est un internet canadien
 
Office 365 : Sécuritaire?
Office 365 : Sécuritaire?Office 365 : Sécuritaire?
Office 365 : Sécuritaire?
 
What Nature Can Tell Us About IoT Security at Scale
What Nature Can Tell Us About IoT Security at ScaleWhat Nature Can Tell Us About IoT Security at Scale
What Nature Can Tell Us About IoT Security at Scale
 
The Power of the NREN
The Power of the NRENThe Power of the NREN
The Power of the NREN
 
L’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data centerL’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data center
 
Plus de darkweb, moins de problèmes pour les pirates informatiques?
Plus de darkweb, moins de problèmes pour les pirates informatiques?Plus de darkweb, moins de problèmes pour les pirates informatiques?
Plus de darkweb, moins de problèmes pour les pirates informatiques?
 
L'humain dans la cybersécurité - Problèmes et réflexions
L'humain dans la cybersécurité - Problèmes et réflexionsL'humain dans la cybersécurité - Problèmes et réflexions
L'humain dans la cybersécurité - Problèmes et réflexions
 
L'internet des objets et la cybersécurité
L'internet des objets et la cybersécuritéL'internet des objets et la cybersécurité
L'internet des objets et la cybersécurité
 
Au-delà du réseau - une défense simple en profondeur
Au-delà du réseau - une défense simple en profondeurAu-delà du réseau - une défense simple en profondeur
Au-delà du réseau - une défense simple en profondeur
 
Threat Landscape for Education
Threat Landscape for EducationThreat Landscape for Education
Threat Landscape for Education
 
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSXComment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSX
 
Sécuriser votre environnement de l'Internet des objets (IoT)
Sécuriser votre environnement de l'Internet des objets (IoT)Sécuriser votre environnement de l'Internet des objets (IoT)
Sécuriser votre environnement de l'Internet des objets (IoT)
 
The 2018 Threat Landscape
The 2018 Threat LandscapeThe 2018 Threat Landscape
The 2018 Threat Landscape
 
Cybersecurity Through Collaboration
Cybersecurity Through CollaborationCybersecurity Through Collaboration
Cybersecurity Through Collaboration
 

Último

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Último (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Gartner presentation risq dec 2016 jie zhang

  • 1. CONFIDENTIAL AND PROPRIETARY This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Top Security Trends and Take-Aways Jie Zhang
  • 2. 1 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security for the Next Generation of Threat  A pervasive digital presence is expanding into business, industry and society  Once networked, this digital presence substantively alters risk for digital businesses  Digital security is the next evolution in cybersecurity to protect this pervasive digital presence
  • 3. 2 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Macro Trends You Face in the Age of the Pervasive Digital Presence  Risk and Resilience Seek Balance  Security Disciplines Converge  Secure Digital Supply Chain Needs Grow  Security Skills Options Expand  Adaptive Security Architecture Embraced  Data Security Governance Arrives  Digital Business Drives Digital Security
  • 4. 3 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Risk and Resilience Seek Balance
  • 5. 4 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Moves to an Embedded State in the Organization  Governance  Compliance  Control  Protection  Reliability  Speed  Assurance  Transparency RISK RESILIENCE Privacy Safety Value Cost
  • 6. 5 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Principles for Trust and Resilience Business Outcomes Risk-Based Data Flow Facilitator Detect and Respond Principle of Trust and Resilience People-Centric
  • 7. 6 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Risk and Resilience Balance  Revisit the security organizational structure to ensure it reflects current mission  Revise the methods used to calculate IT risk to incorporate new variables and factors  Refine the security communication and education process to emphasize agility
  • 8. 7 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Disciplines Converge
  • 9. 8 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Digital Security for the Pervasive Digital Presence Defense Offense Reactive Proactive IoT Security Information Security IT Security OT Security Physical Security You Are Here Digital Security
  • 10. 9 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. "Digital Safety" Becomes a New Force and Responsibility The CIAS Model of Digital Security Integrity Data People Environments Confidentiality Availability Safety Graphics: Can Stock Photo
  • 11. 10 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Security Convergence  Establish security governance and planning relationships with physical and industrial counterparts  Improve cross-discipline procurement methods for security requirements  Modify security architecture to include additional layers where required  Investigate changes in security management and operations that may be required to accommodate convergence
  • 12. 11 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Secure Digital Supply Chain
  • 13. 12 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Integrated Digital Security for the Supply Chain(s) SUPPLY CHAIN DIGITAL SUPPLY CHAIN DIGITAL SECURITY FOR THE SUPPLY CHAIN(S) IoT Security Information Security IT Security OT Security Physical Security Digital Security
  • 14. 13 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. SIEM Software Asset Management Expanding (and Confusing) SaaS Control Add-On Markets Today's enterprise suffers from coordination frustration. Encouraging evolution of multicloud, multifunction management consoles. Activity Threat Control Archive and Recovery Cloud Access Security Broker EMM Confidentiality IDaaS SaaS Aggregation Tool Mobile Device Management Before and During Login After Login Service Monitoring Malware Control
  • 15. 14 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Securing the Cloud (Supply Chain)  Develop an enterprise public cloud strategy.  Implement and enforce policies on usage responsibility and cloud risk acceptance.  Follow a cloud life cycle governance approach.  Develop expertise in the security and control each cloud model used.  Implement technologies to fight cloud diffusion complexity. Conduct Risk Assessment (decision establishes requirements for technical and process controls) Medium Exposure Potential Impact of Security Failure BusinessContribution (ValueofService) Low High Always Allowed Low High DoNotAllowDoNotAllow
  • 16. 15 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Skills Options Expand
  • 17. 16 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Assess the Most Critical Skills Impacts of Digital Security Already, Traditional Security Strategies Are Shifting To: Contextual Security Monitoring and Response Ubiquitous Identity Management Data Classes, Data Governance Security Awareness, Privacy & Behavior 01011 Embedded Security Network Segmentation, Engineering Physical Security Automation
  • 18. 17 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Key Take-Aways to Accelerate Skills Generation and Convergence  Build a long-term security workforce plan.  Make coaching and skills development first task.  Embed security skills within the lines-of-business.  Change security specialists to "versatilists."  Mix traditional and agile recruitment techniques.  Evaluate current skills gaps.
  • 19. 18 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Adaptive Security Architecture Is Embraced
  • 20. 19 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Software-Defined Everything, Including Security "Data Plane" "Control Plane" APIAPI API API APIAPI API Southboun d APIs Northboun d APIs Layers of Abstraction API Platform APIs Applications
  • 21. 20 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Respond Detect Detect incidents Prevent attacks Confirm and prioritize risk Contain incidents Isolate systems Predict Prevent Harden systems Compliance Policy Monitor posture Adjust posture Implement posture Adjust posture Continuous Visibility and Verification Users Systems System activity Payload Network Investigate incidents/ retrospective analysis Remediate Anticipate threats/ attacks Risk-prioritized exposure assessment Design/Model policy change Baseline systems and security posture Develop an Adaptive Security Architecture
  • 22. 21 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Threat Intelligence Platforms Allow You to Visualize, Correlate and Gain Context Emerging Threats Shadowserver ZeuS Tracker Abuse.ch Open-Source MRTI Feeds Norse IID Cyveillance Malcovery Commercial Feeds GeoIP Malware Lookup Domain Tools Enrichment Services News RSS Feeds Websites OSINT Sources Threat Intelligence Platform Analytics Threat Intelligence Processing Visualization Reporting Forensics Threat Intelligence Sharing Incident Response SOC Analyst Fraud Threat Analyst Management Malware Analyst Help Desk People Process Circle of Trust Sharing Workflow/ Escalation Communication Fraud Technology Secure Web Gateway NGFW IPS/IDS Logs
  • 23. 22 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Adaptive Security Architecture  Shift security mindset from "incident response" to "continuous response"  Spend less on prevention; invest in detection, response and predictive capabilities  Favor context-aware network, endpoint and application security protection platforms  Develop a security operations center  Architect for comprehensive, continuous monitoring at all layers of the IT stack.
  • 24. 23 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Data Security Governance Arrives
  • 25. 24 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Develop a Data-Centric Audit and Protection Approach Activity Monitoring Assessment of Users and Permissions User Monitoring and Auditing Data Security Policy Data Classification and Discovery Policy Data Security Controls Protection Analysis and Reporting Blocking, Encryption, Tokenization and Data Masking
  • 26. 25 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Data Security Governance  Prioritize organization-wide data security governance and policy.  Identify and implement risk-appropriate data security controls by data type where possible.  Implement a DCAP strategy that includes disciplined and formal product selection.  Incorporate big data plans and unique requirements into security strategy.
  • 27. 26 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Digital Business Drives Digital Security
  • 28. 27 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Securing a Pervasive Digital Presence (the Internet of Things) Gateways Things Agents Analytics Applications Data Cloud Mobile MES, ERP Partners IoT Platform Middleware Core Business Processes IoT Edge Processing CommunicationsIntegration Integration Communications  Security requirements: – Policy creation and management – Monitoring, detection and response – Access control and management – Data protection – Network segmentation  Key challenges: – Scale – Diversity (age and type) – Function – Regulation – Privacy – Standardization Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize segmentation and access initially.
  • 29. 28 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Enterprise Consumer  Business Disruption  Espionage and Fraud  Financial Waste Cyber Risks and Consequences in an IoT Solution IoT Platform  Platform Hacking  Data Snooping and Tampering  Sabotaging Automation and Devices Edge  Device Impersonation  Device Hacking  Device Counterfeiting  Snooping, Tampering, Disruption, Damage Dev. Prod.
  • 30. 29 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. IAM Trends of 2015-2016 That Include an Identity of Things IAM Program Management and Governance (Digital) Business and Operational Needs (Digital) Risk Management and Compliance Things People Apps and Data Relationships Interactions
  • 31. 30 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Digital Security  Balance Risk and Resilience  Make the Security Discipline Decision  Enhance Digital Security Supply Chains  Retool Security Skills  Embrace Adaptive Security Architecture  Selective Improve Security Infrastructure  Embrace Data Security Governance