Enviar búsqueda
Cargar
Risk Assessments
•
3 recomendaciones
•
3,800 vistas
J
JoAnna Cheshire
Seguir
Presented at InnoTech Austin 2016. All rights reserved.
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 49
Descargar ahora
Descargar para leer sin conexión
Recomendados
NIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
Security risk management
Security risk management
G Prachi
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
Vulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Recomendados
NIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
Security risk management
Security risk management
G Prachi
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
Vulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
tschraider
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
Denise Tawwab
Build an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
Roadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
CISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
IT Security management and risk assessment
IT Security management and risk assessment
CAS
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
Information security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
Vulnerability Assesment
Vulnerability Assesment
Dedi Dwianto
Elements of security risk assessment and risk management
Elements of security risk assessment and risk management
healthpoint
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
ISO 27001
ISO 27001
n|u - The Open Security Community
Risk assessment and management
Risk assessment and management
TaekHyeun Kim
Risk Analysis
Risk Analysis
Nishodh Saxena Ph. D.
Más contenido relacionado
La actualidad más candente
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
tschraider
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
Denise Tawwab
Build an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
Roadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
CISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
IT Security management and risk assessment
IT Security management and risk assessment
CAS
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
Information security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
Vulnerability Assesment
Vulnerability Assesment
Dedi Dwianto
Elements of security risk assessment and risk management
Elements of security risk assessment and risk management
healthpoint
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
ISO 27001
ISO 27001
n|u - The Open Security Community
La actualidad más candente
(20)
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
Build an Information Security Strategy
Build an Information Security Strategy
Roadmap to security operations excellence
Roadmap to security operations excellence
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
CISSP 8 Domains.pdf
CISSP 8 Domains.pdf
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
IT Security management and risk assessment
IT Security management and risk assessment
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Information security management system (isms) overview
Information security management system (isms) overview
Security operations center 5 security controls
Security operations center 5 security controls
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
Vulnerability Assesment
Vulnerability Assesment
Elements of security risk assessment and risk management
Elements of security risk assessment and risk management
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
ISO 27001
ISO 27001
Destacado
Risk assessment and management
Risk assessment and management
TaekHyeun Kim
Risk Analysis
Risk Analysis
Nishodh Saxena Ph. D.
Risk assessment presentation
Risk assessment presentation
mmagario
Risk assessment
Risk assessment
doogstone
Powerpoint Risk Assessment
Powerpoint Risk Assessment
Steve Bishop
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability Insurance
SecureAuth
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Trish McGinity, CCSK
Biosafety Risk Assessments
Biosafety Risk Assessments
Amna Jalil
Information risk management
Information risk management
Akash Saraswat
VMware Product Applicability Guide for NERC CIP v5 Final Version 1.0
VMware Product Applicability Guide for NERC CIP v5 Final Version 1.0
Anthony Dukes
OpenStack at Cisco, June 2015
OpenStack at Cisco, June 2015
Lora O'Haver
Biohazard
Biohazard
bunu lama
Data quality overview
Data quality overview
Alex Meadows
RAC Troubleshooting and Diagnosability Sangam2016
RAC Troubleshooting and Diagnosability Sangam2016
Sandesh Rao
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
Risk Analysis Consultants, s.r.o.
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Georg Knon
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
Risk Analysis Consultants, s.r.o.
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
dma1965
Risk Assessment Presentation
Risk Assessment Presentation
Protect Gainesville's Citizens
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
Destacado
(20)
Risk assessment and management
Risk assessment and management
Risk Analysis
Risk Analysis
Risk assessment presentation
Risk assessment presentation
Risk assessment
Risk assessment
Powerpoint Risk Assessment
Powerpoint Risk Assessment
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability Insurance
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Biosafety Risk Assessments
Biosafety Risk Assessments
Information risk management
Information risk management
VMware Product Applicability Guide for NERC CIP v5 Final Version 1.0
VMware Product Applicability Guide for NERC CIP v5 Final Version 1.0
OpenStack at Cisco, June 2015
OpenStack at Cisco, June 2015
Biohazard
Biohazard
Data quality overview
Data quality overview
RAC Troubleshooting and Diagnosability Sangam2016
RAC Troubleshooting and Diagnosability Sangam2016
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
Risk Assessment Presentation
Risk Assessment Presentation
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
Similar a Risk Assessments
Risky Business
Risky Business
Michael Scheidell
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
Sarah Clarke
Deliver the ‘Right’ Customer Experience without Compromising Data Security
Deliver the ‘Right’ Customer Experience without Compromising Data Security
SPLICE Software
Secure Iowa Oct 2016
Secure Iowa Oct 2016
Larry Slobodzian
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
Kroll
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Shawn Tuma
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptx
infosec train
Session15
Session15
Vincent Nestler
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
Edgevalue
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
Puneet Kukreja
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
Wayne Anderson
The Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
SucessfulInsiderThreat
SucessfulInsiderThreat
HammerNJ
Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3
Patrick Florer
Threat Based Risk Assessment
Threat Based Risk Assessment
Michael Lines
How to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
SafeNet
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Steve Phelps
Similar a Risk Assessments
(20)
Risky Business
Risky Business
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
Deliver the ‘Right’ Customer Experience without Compromising Data Security
Deliver the ‘Right’ Customer Experience without Compromising Data Security
Secure Iowa Oct 2016
Secure Iowa Oct 2016
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptx
Session15
Session15
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
The Legal Case for Cybersecurity
The Legal Case for Cybersecurity
SucessfulInsiderThreat
SucessfulInsiderThreat
Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3
Threat Based Risk Assessment
Threat Based Risk Assessment
How to assess and manage cyber risk
How to assess and manage cyber risk
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Más de JoAnna Cheshire
The Future of Work
The Future of Work
JoAnna Cheshire
Catching the Next Train
Catching the Next Train
JoAnna Cheshire
The SharePoint Migration Playbook
The SharePoint Migration Playbook
JoAnna Cheshire
Introduction to SharePoint Framework
Introduction to SharePoint Framework
JoAnna Cheshire
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
JoAnna Cheshire
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
JoAnna Cheshire
Modernizing Data Management
Modernizing Data Management
JoAnna Cheshire
Microsoft and Enterprise Search
Microsoft and Enterprise Search
JoAnna Cheshire
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
JoAnna Cheshire
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
Accelerate your business with flow
Accelerate your business with flow
JoAnna Cheshire
Building applications for your business using power apps and flow
Building applications for your business using power apps and flow
JoAnna Cheshire
The Decomposition Dilemma
The Decomposition Dilemma
JoAnna Cheshire
Not "If" but "When"
Not "If" but "When"
JoAnna Cheshire
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
JoAnna Cheshire
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
JoAnna Cheshire
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
JoAnna Cheshire
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
JoAnna Cheshire
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
JoAnna Cheshire
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
Más de JoAnna Cheshire
(20)
The Future of Work
The Future of Work
Catching the Next Train
Catching the Next Train
The SharePoint Migration Playbook
The SharePoint Migration Playbook
Introduction to SharePoint Framework
Introduction to SharePoint Framework
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
Modernizing Data Management
Modernizing Data Management
Microsoft and Enterprise Search
Microsoft and Enterprise Search
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
Accelerate your business with flow
Accelerate your business with flow
Building applications for your business using power apps and flow
Building applications for your business using power apps and flow
The Decomposition Dilemma
The Decomposition Dilemma
Not "If" but "When"
Not "If" but "When"
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
Último
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Último
(20)
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Risk Assessments
1.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. Risk Assessments Office of the CISO
2.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 2 :/whoami/ – 20+ years in IT and Information Security – Former CSO, CISO, Privacy Director – Bachelor's in Computer Science – MBA – Adjunct Professor at University of Dallas – Certifications: • Cybersecurity • SANS GSEC
3.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 3 Who is Optiv? Security Consulting • Strategy • Risk • Architecture and Planning • Incidence Assurance and Response • Compliance • Applications Security • Attack, Vulnerability and Penetration Testing • Security Awareness and Training Security Operations • Monitoring • Malware Detection • Malware Analysis • Technology Support • Staffing Security Technology • Education • Assessment and Validation • Selection • Sourcing • Implementation • Integration Every security problem Every level of engagement Project • Products • Services Problem • Architectures • Integrated solutions and bundles • Services Program • Functions, department • Business advice • Services Every security aspect • Strategy • Management and Planning • Defenses and Controls • Monitoring and Operations Every security service Client centric approach Centered on each client’s unique needs and priorities Client data and intellectual property Insider threats Mobility Compliance and regulations Security awareness Cloud infrastructure services Evolving technology landscape Third-party riskAdvanced threat Internet of Things (IoT) Threat intelligence Distributed denial of service
4.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 4 Agenda Third Party / Cloud Considerations IOT ConsiderationsRisk Assessments
5.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 5 The focus has changed from protecting the IT infrastructure to managing the information risk to the organization Securing the Organization CISO Secure the internal organization Understand and manage the risk of third parties Understand and manage regulatory risks Communicate information risk in business terms Business Acumen Regulatory Compliance Management Third-Party Risk Management Information Security CIRO Evolution of the CISO
6.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 6 Risk Management Enterprise Risk Management IT Risk Management Risk Assessments
7.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 7 Risk Definitions • Assets – Anything of value • Specifically the costs associated with what we’re trying to protect • Threat (Agents) – Anything that can exploit a vulnerability • Must compromise an asset (have an impact) • Vulnerability – A weakness or gap in our controls • Controls are not adequate to fully address threat concerns • Controls – Actions taken to mitigate threat effectiveness • Administrative, Logical, Physical • Preventative, Corrective, Detective • RISK = The potential for an asset to experience negative consequences as a result of a threat exploiting a vulnerability.
8.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 8 Risk Equation Risk = Assets * Threats * Vulnerabilities Countermeasures (controls) • Assets – what we are trying to protect • Threats – what we are trying to protect against • Vulnerability – what we are trying to address • Controls – what we are doing to address them
9.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 9 Another View of the Risk Equation
10.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 10 Asset Valuation ISO 22317
11.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 11 Research Threat Landscape Information Security is the preservation of confidentiality, integrity, and availability of information and information systems Organized Criminals Hacktivists Groups Nation-States Competitors Internal / External Motivation Financial gain - Sale information on black market. Use trusted partner data for further attacks Politics, ideology, business disruption, or reputation Politics, economics, intellectual property, or military advantage Intellectual property, competitive advantage, customer data Financial gain, intellectual property, or malicious destruction, non-malicious actions Target Information Personal Identifiable Information (PII), Personal Health Information (PHI), Trusted Partner Information, Financial Accounts, Credit Cards Destroy data or disrupt business to lose credibility, influence, competitiveness, or stock value Intellectual Property, Competitive Formulas and Processes Intellectual Property, Growth, M&A Plans, Financial Results, Pricing, Competitive Formulas and Processes Combination of all groups Actor
12.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 12 Vulnerability Assessment Threat Mapping Using an Attack Tree
13.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 13 Vulnerability Analysis
14.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 14 Controls Assessment ISO 27000
15.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 15 Controls Assessment RIIOT Approach • Review documents • Interview key personnel • Inspect controls • Observe behaviour • Test controls
16.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 16 Define and Prioritize Risks Impact Likelihood Risk Critical Frequent R1.1 Impact of Occurrence Frequent Probable Conceivable Improbable Remote Critical Probable R1.3 Critical R1.1 R1.3 R2.3 R3.5 R4.7 High Frequent R1.2 High R1.2 R2.1 R3.3 R3.6 R4.8 Critical Conceivable R2.3 Moderate R2.2 R3.1 R3.4 R4.5 R5.3 High Probable R2.1 Low R3.2 R4.1 R4.4 R4.6 R5.4 Moderate Frequent R2.2 Informational R4.2 R4.3 R5.1 R5.2 R5.5 Critical Improbable R3.5 High Conceivable R3.3 High Improbable R3.6 Moderate Probable R3.1 Risk Ranking Value Moderate Conceivable R3.4 R1.1 100 Low Frequent R3.2 R1.2 98 Critical Remote R4.7 R1.3 96 High Remote R4.8 R2.1 94 Moderate Improbable R4.5 R2.2 87 Low Probable R4.1 R2.3 80 Low Conceivable R4.4 R3.1 71 Low Improbable R4.6 R3.2 61 Informational Frequent R4.2 R3.3 51 Informational Probable R4.3 R3.4 41 Moderate Remote R5.3 R3.5 31 Low Remote R5.4 R3.6 21 Informational Conceivable R5.1 R4.1 20 Informational Improbable R5.2 R4.2 18 Informational Remote R5.5 R4.3 16 R4.4 14 R4.5 12 R4.6 10 R4.7 8 R4.8 6 R5.1 4 R5.2 3 R5.3 2 R5.4 1 R5.5 0 Likelihood of Occurrence • Likelihood and Impact are DERIVED Characteristics – Impact = Asset Worth X Scale – Likelihood = Exploitability X Exposure
17.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 17 Define and Prioritize Risks - Another View Business Impact ProbabilityofFailure/Exploit LMH ML H IT Risk Assessment
18.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 18 Risk Register Category Definition Likelihood Impact Mitigation Complexity Risk Rank Data Exfiltration Unauthorized access and/or theft of IP or sensitive data High High High 1 Insider Threat Privilege misuse by disgruntled or careless employee and/or trusted third party High High Medium 2 Spear Phishing / Social Engineering Targeted email with malicious link / malware High High Medium 3 Data Leakage / Loss Exposure of sensitive information on endpoints and Cloud apps High High Medium 4 Compromised Privileged Credentials Stolen login ID provides authorized access to an attacker Medium High Medium 5 Malware / Ransomware Software that is intended to damage or disable computers and computer systems Medium High High 6 Advanced Persistent Threat Attack Advanced attack by well-funded adversary over a long period Medium High High 7 Exploit of Known Security Flaws Systems do not conform to configuration standards; patches not applied regularly Medium High Medium 8 External Website Compromise Branded websites and external applications defaced or damaged Medium Medium Medium 9 Social Media Facebook, Twitter, etc. where brand information could be posted Medium Low Medium 10 Increasedrisk
19.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 19 Another Method for Determining Risk DREAD model: Damage potential – How great is the damage if the vulnerability is exploited? Reproducibility – How easy is it to reproduce the attack? Exploitability – How easy is it to launch an attack? Affected users – As a rough percentage, how many users are affected? Discoverability – How easy is it to find the vulnerability? Risk = Min(D, (D+R+E+A+D) / 5)
20.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 20 Compliance <> Security May need to conduct other assessments: Credit Card Data PCI DSS Personal Health Information HIPAA Security Risk Assessment tool www.HealthIT.gov/security-risk-assessment
21.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 21 Agenda Third Party / Cloud Considerations IOT ConsiderationsRisk Assessments
22.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 22 Customers don’t care about your business partners. They entrust you with the information. Brand Damage Loss of Customer Loyalty LawsuitsIncreased Scrutiny Higher Audit Costs Litigation Eroded Share Value Consequences: Are You Responsible for a Breach at a Third Party?
23.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 23 (1) Source: Key findings from The Global State of Information Security® Survey 2014, PWC, CSO Magazine (2) 2014 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 2014 Your are not in control of the response or communications Responding is more complex and time consuming 51% of All Breaches Come from Third Parties(1) The Cost of a Breach at a Third Party is Higher than an Internal Breach (2) Third-Party Breaches
24.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 24 The Future Looks Bleak Gartner predicts that through 2020 all security incidents realized in the cloud will be broken down by a 95% to 5% ratio. – 5% of all cloud ecosystem breaches will be CSP’s fault – 95% will be the fault of the customer
25.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 25 The Real Cloud Picture Unmanaged Approved and Managed • Typical enterprise has on average 613 cloud applications in use • 88% of those not considered enterprise ready • Over 90% are being used without knowledge or approval of enterprise Source: Netskope January 2015
26.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 26 Cloud Risks Loss of Direct Control • The security and continuity controls are in the hands of the provider • Threat of malicious insider is extended to cloud provider Data Protection • A shared environment can offer more avenues for data loss • Dynamic movement of data between clouds makes protection complex • Complete data destruction is very difficult in shared cloud Governance is hard • Due diligence is costly with duplication of effort • no true standard of care • Lack of a trusted third party assessor Protecting sensitive data is more complex in cloud environment
27.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 27 More Cloud Risks Regulatory Compliance • Cloud computing security and retention issues can arise with respect to complying various data privacy and protection regulations Legal Discovery / Forensics • Provider may not provide security incident logs without violating other client agreements • Electronic forensics is more challenging and must be established in advance Cloud Service Provider • Once you have migrated your systems to a cloud provider it is expensive and difficult to change. Exit strategy needs to be completed prior to engagement • The consolidation of multiple organizations into a single infrastructure presents an attractive high-value target Additional considerations when migrating to cloud services
28.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 28 Third Party Risk Process Business Profile Risk – Who Are They? 2 How Are They Protecting the Information? 3 1 Relationship Risk – What Are They Doing for Us? 4 Control Validation 5 Monitoring and Reporting - Regulatory or Contract Exposure - Data Exposure - Business Process Exposure 1 - Financial Strength - Geopolitical / Country Risk - Breach History or Indication 2 - Electronic Validation - Onsite Validation - Control Evidence 4 - Changes in Relationship - Changes in Business - Changes in Controls 5 - Standardized, Service Type - ISO27001/NIST - HIPAA/STAR 3
29.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 29 Match the Level of Due Diligence to Inherent Risk Inherent Risk is a Function of Relationship and Profile Risk Tier 1 • Strategic accounts (high revenue dependence) • Regulatory/contract requirements • High reputation risk • “Trusted” relationships 29 Tier 2 • Lower volume with no or minimal sensitive data • Lower revenue risk • Business operations risk • Some business profile risk Tier 3 • No sensitive data • Minimal reputation risk • Minimal or no revenue dependence • “Trusted” relationship with low-level access Risk Tiers Based on Inherent Risk
30.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 30 Tier 1 Assessments Fully Validated • Validate (not a complete list) • Security policies • Incident response plan and procedures • Detection & Monitoring Systems (e.g. SEIM, SOC) • Business continuity/disaster recovery plan and test results • Vulnerability management procedures and sample reports • Security awareness, training and completion log • Last independent security assessment - status of high risks Tip: Multiple sites and outsourcing by third-party significantly increases level of effort Tier 1 Due Diligence
31.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 31 Partially Validated Tier 2 Assessments Tier 3 Assessments Self Attest of Controls Random Audit Self Attest of Controls Tier 2 and 3 Assessments
32.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 32 Due Diligence Frequency •Match Due Diligence to the Associated Risk – Tier One •Annual – Fully Validated Controls Assessment •Quarterly – Penetration and Vulnerability Scan Results •Monthly – Touch Base on Incident Response and Contact Management – Tier Two •Annual – Validation of Primary Controls •Quarterly – Incident Response Contact Management – Tier Three •Annual – Self Assessment and Random Audits When Possible •Annual – Incident Response Contact Management
33.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 33 • On April 5, USA Today published results from survey of 40 banks and found: • 30% don’t require third-party vendors to notify of security breach • Less than 50% conduct onsite assessments of third-parties • Approximately 20% do not conduct on-site assessments of service providers 33 1.5% - 2% 6% - 8% 90% - 95% Average Enterprise Has 1000s of Third-Parties Tier 1 Tier 2 Tier 3 Third-Party Risk – Current Situation
34.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 34 The Key Question: “What data of ours can be breached?” • Relationship Exposure Inventory – Risk Registry • Maintain a relationship list (type and quantity) • Relationship “Creep” • Due diligence is performed during the first contract • Relationship grows over time • Increased liability without updating the risk exposure metrics Relationship Exposure Inventory
35.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 35 Third-Party Contracts Right to Audit Security Service Level Agreement Breach Notification Restrictions on Outsourcing Security Safeguards Indemnification, Cyber Insurance, etc. Exit Strategy
36.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 36 • Match Due-Diligence to Risk and Type of Service • Minimize Ambiguity • How You Ask Questions is as Important as What You Ask • SSAE16 SOC 2 review • Provides information pertaining to the IT controls that has been certified by an accredited firm Tip: Make sure scope matches the services being provided. • Questionnaires • Popular • Onsite Third-Party Validation • Costly and Time Prohibitive • Cloud Security Alliance Control Assessments
37.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 37 Cloud Security Alliance
38.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 38 CSA Security Trust & Assurance Registry (STAR)
39.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 39 • Response Red Flags • “Sorry I can’t give you that. It is confidential” • “I’ll send it to you after our legal review” • People Red Flags • Evasive answers -Shifty eyes • Long explanations • Governance Red Flags • No formal training and awareness program • Security organization is a side job, no executive oversight • Security Technology Red Flags • Vulnerability management is not fully implemented • Threat management is incomplete or nonexistent. • No IM, privileged access, two factor authentication What to Watch For
40.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 40 When to Review During the RFP Process When the Relationship Changes When a Regulation Changes When the Business Profile Risk Changes At Least Annually
41.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 41 90 Days + 90 Days Begin due diligence on critical third parties Evaluate your risk inventory and assign risk tier Start slow – Get quick wins Within Three Months, You Should: Beyond Three Months, Establish: ✓ ✓ ✓ A tiered program to evaluate risk A remediation plan to address deficient controls Reporting program✓ ✓ ✓ How to Apply What You Have Learned
42.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 42 Agenda Third Party / Cloud Considerations IOT ConsiderationsRisk Assessments
43.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 43 1. 50 to 200 billion connected devices by 2020 “Number of connected devices worldwide will rise from 15 billion today to 50 billion by 2020.” - Cisco 2. $1.7 trillion in spending by 2020 “Global spending on IoT devices & services will rise from $656 billion in 2014 to $1.7 trillion in 2020.” - IDC 3. The $79 billion smart-home industry “Smart-home industry generated $79.4 billion in revenue in 2014 and is expected to rise substantially as mainstream awareness of smart appliances rises.” - Harbor Research & Postscapes 4. 90% of cars will be connected by 2020 “By 2020, 90% of cars will be online, compared with just 2% in 2012 supporting in-car infotainment, autonomous-driving, and embedded OS markets” - Telefonica 5. 173.4 million wearable devices by 2019 “Global wearable device shipments will surge from 76.1 million in 2015 to 173.4 million units by 2019.” - IDC Chart source: http://www.intel.com/content/www/us/en/internet-of-things/infographics/guide-to-iot.html State of the Internet of Things (IOT)
44.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 44 IOT Drawbacks •Designed with strict constraints – Low power consumption – Small memory and disk space – Minimal processing power – Little human interaction – Reduced options •Weak update mechanisms – Devices are not engineering for patching – Lack of alerting regarding need for patching – Challenges in notification and delivery of patches
45.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 45 IOT Misconceptions •“ My devices are too simple to be exploited by an attacker.” •“ My devices are too old or too customized to be targeted.” •“ My devices are not capable of being updated, therefore there are no security controls at my disposal.” •“My vendors are not delivering patches.” •“ The risks posed by my IOT devices are not as severe as other more traditionally connected machines, therefore these devices are a lower priority.”
46.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 46 IOT Challenges •No end to vulnerabilities •Little compatibility with enterprise infrastructure •Rise of Shadow-IT – Devices are easy to purchase, install and use •More consumer to business cross-over •Need to interact with groups that may not be used to working with IT and IT Security or may think they don’t need to work with them at all
47.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 47 IOT Assessments •Need to follow traditional risk assessment approaches – RIIOT process will be key – Engage vendor and industry groups – Step-up awareness efforts •Catch it early during vetting process •Remediation is the challenge – May have rely on a rip and replace strategy – Adopt a micro-segmentation architecture – Rely on upstream and downstream controls – Technology cannot be the only solution
48.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 48 Goal = Minimize Impacts of a Breach • Hard costs from disruption or destruction of infrastructure • Increased scrutiny from third parties • Attrition of employees or management • Diminished brand value • Profitability • Revenue, Customer Retention • Damage Repair - $200+ per stolen identity Loss of Intellectual Property • Competitive advantage • New market opportunities • Long term growth Reputation Operational
49.
Proprietary and Confidential.
Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. 49 Questions Brian Wrozek Brian.Wrozek@optiv.com @bdwtexas Proprietary and Confidential. Do Not Distribute. © 2015 Optiv Inc. All Rights Reserved.
Descargar ahora