SlideShare una empresa de Scribd logo

4 b. thomas whipp presentation

Descargar como PPTX, PDF
CFG
CFG
Economía y finanzasEmpresarialesTecnología
1 de 20
Achieving Durable Security : Being Honest About What You Can Really Do. Thomas Whipp MSc MEng CISSP CPP CBCI Head of Risk Oval Ltd
Presentation Overview What are the Thinking Where are the Where are you real costs of differently risks? starting from? your strategy? about security
Where are you starting from?
Your Information? Printers Mobile Excel Phones SQL Emails Memory Sticks Scanned Images
Your Business Capital Will it really Who’s Value for Incident Politics Costs Vs. Displacement Prevention Detection Will it work? be spent? budget? Response Money? Revenue
Where are the risks?
Who is out there? Technical Industrial Script State Social Hacktavists Criminals Attacks Sponsored Espionage Kiddies Engineering
Thinking Differently About Security
Rational Choice Theory Evaluation of risk and return ? How much will I get ? How likely am I to be caught Uses ? How large is the punishment A good model for planned offences Typically acquisitive in nature Largely fails to explain expressive offences
Routine activity theory Can be used to Lack of a explain Motivated capable offender everyday type guardian crimes
Situational Prevention Ronald v Clarke Examples: Crimenot Near not Increasethe Reduce the 5 Main Remove Reduce Key Concerns How not why Event driven distant cause criminality provocations excuses mechanisms rewards effort risk
Defensible Space Oscar Newman Thinking point: Territoriality Natural Key Points (key behaviour to surveillance Image Milieu Is it worth allowing encourage) personalisation at the desktop? some
Displacement A key criteria used to assess physical security initiatives Putting in a control May not reduce offending May simply move it elsewhere
Disinhibition Key challenge Leads to Strong sense of for InfoSec anonymity significant Lack of a sense of consequence awareness but changes in also situational Disassociation behaviour from the ‘real controls world’
What are the real costs of your strategy?
Covering your bases... Spreading the costs Prevention Response Residual Detection
Choosing a Strategy... What are the options? Process Any option canProduct deliver an effective control if implemented properly Service Architecture
Risks to Strategy...
Choosing a Strategy... Controls and their true costs 100% 90% 80% 70% 60% Political Effort 50% Revenue Capital 40% 30% 20% 10% 0% Process Product Service Architecture
Tom Whipp MSc MEng CISSP CPP CBCI Head of Risk, Oval Ltd Tel: 01924 433081 Mbl: 07500 796391 Email: tom.whipp@theovalgroup.com

Recomendados

Sensible defence
Sensible defenceSensible defence
Sensible defence
Koen Maris
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Skybox Security
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business Continuity
Mustafa KILIC
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concerns
healthcareisi
 
Healthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us CaptiveHealthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us Captive
paulmarshall
 
State of on call report 2014
State of on call report 2014State of on call report 2014
State of on call report 2014
Todd Vernon
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Ahmed Al Enizi
 

Recomendados

Sensible defence
Sensible defenceSensible defence
Sensible defence
Koen Maris
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Skybox Security
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business Continuity
Mustafa KILIC
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concerns
healthcareisi
 
Healthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us CaptiveHealthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us Captive
paulmarshall
 
State of on call report 2014
State of on call report 2014State of on call report 2014
State of on call report 2014
Todd Vernon
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Ahmed Al Enizi
 
2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds
CFG
 
Custom WordPress Content Options
Custom WordPress Content OptionsCustom WordPress Content Options
Custom WordPress Content Options
Dee Teal
 
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
CFG
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
CFG
 
2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?
CFG
 
VR Voice Special Edition #1
VR Voice Special Edition #1VR Voice Special Edition #1
VR Voice Special Edition #1
Cool Blue Company, LLC
 
National geographic
National geographicNational geographic
National geographic
Iván Anero Terradillos
 
1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright
CFG
 
Wp maintenance and Security
Wp maintenance and SecurityWp maintenance and Security
Wp maintenance and Security
Dee Teal
 
2 a mark hallam
2 a mark hallam2 a mark hallam
2 a mark hallam
CFG
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure
CFG
 
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
CFG
 
The Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDOThe Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDO
CFG
 
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer VincentPDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
CFG
 
1 a tina and philip
1 a tina and philip1 a tina and philip
1 a tina and philip
CFG
 
3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson
CFG
 
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
CFG
 
Day 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHDay 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISH
Elizabeth Techman
 
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
CFG
 
3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins
CFG
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
zapp0
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
 

Más contenido relacionado

Destacado

2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds
CFG
 
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
CFG
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
CFG
 
2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?
CFG
 
2 a mark hallam
2 a mark hallam2 a mark hallam
2 a mark hallam
CFG
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure
CFG
 
1 a tina and philip
1 a tina and philip1 a tina and philip
1 a tina and philip
CFG
 
3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson
CFG
 
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
CFG
 
Day 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHDay 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISH
Elizabeth Techman
 
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
CFG
 

Destacado (20)

2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds
 
Custom WordPress Content Options
Custom WordPress Content OptionsCustom WordPress Content Options
Custom WordPress Content Options
 
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 
2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?
 
VR Voice Special Edition #1
VR Voice Special Edition #1VR Voice Special Edition #1
VR Voice Special Edition #1
 
National geographic
National geographicNational geographic
National geographic
 
1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright
 
Wp maintenance and Security
Wp maintenance and SecurityWp maintenance and Security
Wp maintenance and Security
 
2 a mark hallam
2 a mark hallam2 a mark hallam
2 a mark hallam
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure
 
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
 
The Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDOThe Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDO
 
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer VincentPDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
 
1 a tina and philip
1 a tina and philip1 a tina and philip
1 a tina and philip
 
3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson
 
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
 
Day 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHDay 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISH
 
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
 
3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins
 

Similar a 4 b. thomas whipp presentation

The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
Resolver Inc.
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
Ed Bellis
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
Jorge Sebastiao
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
Matthew Rosenquist
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber Cafe
Amy Lenzo
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit management
Computer Aid, Inc
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
 

Similar a 4 b. thomas whipp presentation (20)

Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
Risk bridges business and security
Risk bridges business and securityRisk bridges business and security
Risk bridges business and security
 
Secure360 on Risk
Secure360 on RiskSecure360 on Risk
Secure360 on Risk
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
 
Anton Chuvakin on What is NOT Working in Security 2004
Anton Chuvakin on What is NOT Working in Security 2004Anton Chuvakin on What is NOT Working in Security 2004
Anton Chuvakin on What is NOT Working in Security 2004
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Crash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative AnalysisCrash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative Analysis
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
 
EESS Day 1 - Justin Ludcke
EESS Day 1 - Justin LudckeEESS Day 1 - Justin Ludcke
EESS Day 1 - Justin Ludcke
 
A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human error
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber Cafe
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit management
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 

Más de CFG

WORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENTWORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENT
CFG
 
4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDS4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDS
CFG
 
3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTS3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTS
CFG
 
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCEWORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
CFG
 
2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENT2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENT
CFG
 
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
CFG
 
2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNT2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNT
CFG
 
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
CFG
 
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
CFG
 
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
CFG
 
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
CFG
 
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
CFG
 
Opening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan CorryOpening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan Corry
CFG
 
Session 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin BelcherSession 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin Belcher
CFG
 
4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed Zedlewski4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed Zedlewski
CFG
 
4A - Working remotely - Richard Craig
4A - Working remotely - Richard Craig4A - Working remotely - Richard Craig
4A - Working remotely - Richard Craig
CFG
 
3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...
CFG
 
1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter Wainman1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter Wainman
CFG
 
Opening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel ShadboltOpening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel Shadbolt
CFG
 
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine FaulknerThe real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
CFG
 

Más de CFG (20)

WORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENTWORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENT
 
4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDS4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDS
 
3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTS3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTS
 
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCEWORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
 
2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENT2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENT
 
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
 
2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNT2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNT
 
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
 
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
 
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
 
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
 
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
 
Opening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan CorryOpening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan Corry
 
Session 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin BelcherSession 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin Belcher
 
4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed Zedlewski4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed Zedlewski
 
4A - Working remotely - Richard Craig
4A - Working remotely - Richard Craig4A - Working remotely - Richard Craig
4A - Working remotely - Richard Craig
 
3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...
 
1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter Wainman1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter Wainman
 
Opening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel ShadboltOpening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel Shadbolt
 
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine FaulknerThe real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
 

Último

Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Call Girls in Nagpur High Profile
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Call Girls in Nagpur High Profile
 
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
Pooja Nehwal
 
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
dipikadinghjn ( Why You Choose Us? ) Escorts
 

Último (20)

Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdf
 
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdf
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdfShrambal_Distributors_Newsletter_Apr-2024 (1).pdf
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdf
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
 
Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
The Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfThe Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdf
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdf
 
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdf
 
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
 
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
 
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 

4 b. thomas whipp presentation

  • 1. Achieving Durable Security : Being Honest About What You Can Really Do. Thomas Whipp MSc MEng CISSP CPP CBCI Head of Risk Oval Ltd
  • 2. Presentation Overview What are the Thinking Where are the Where are you real costs of differently risks? starting from? your strategy? about security
  • 3. Where are you starting from?
  • 4. Your Information? Printers Mobile Excel Phones SQL Emails Memory Sticks Scanned Images
  • 5. Your Business Capital Will it really Who’s Value for Incident Politics Costs Vs. Displacement Prevention Detection Will it work? be spent? budget? Response Money? Revenue
  • 6. Where are the risks?
  • 7. Who is out there? Technical Industrial Script State Social Hacktavists Criminals Attacks Sponsored Espionage Kiddies Engineering
  • 9. Rational Choice Theory Evaluation of risk and return ? How much will I get ? How likely am I to be caught Uses ? How large is the punishment A good model for planned offences Typically acquisitive in nature Largely fails to explain expressive offences
  • 10. Routine activity theory Can be used to Lack of a explain Motivated capable offender everyday type guardian crimes
  • 11. Situational Prevention Ronald v Clarke Examples: Crimenot Near not Increasethe Reduce the 5 Main Remove Reduce Key Concerns How not why Event driven distant cause criminality provocations excuses mechanisms rewards effort risk
  • 12. Defensible Space Oscar Newman Thinking point: Territoriality Natural Key Points (key behaviour to surveillance Image Milieu Is it worth allowing encourage) personalisation at the desktop? some
  • 13. Displacement A key criteria used to assess physical security initiatives Putting in a control May not reduce offending May simply move it elsewhere
  • 14. Disinhibition Key challenge Leads to Strong sense of for InfoSec anonymity significant Lack of a sense of consequence awareness but changes in also situational Disassociation behaviour from the ‘real controls world’
  • 15. What are the real costs of your strategy?
  • 16. Covering your bases... Spreading the costs Prevention Response Residual Detection
  • 17. Choosing a Strategy... What are the options? Process Any option canProduct deliver an effective control if implemented properly Service Architecture
  • 19. Choosing a Strategy... Controls and their true costs 100% 90% 80% 70% 60% Political Effort 50% Revenue Capital 40% 30% 20% 10% 0% Process Product Service Architecture
  • 20. Tom Whipp MSc MEng CISSP CPP CBCI Head of Risk, Oval Ltd Tel: 01924 433081 Mbl: 07500 796391 Email: tom.whipp@theovalgroup.com

Notas del editor

  1. Thinking about offendingThinking about controlWhy do people behave differently online?Are we going in the wrong direction sometimes?
  2. evaluation of risk and returnHow much will I getHow likely am I to be caughtHow large is the punishmentUsesA good model for planned offencesTypically acquisitive in natureLargely fails to explain expressive offences
  3. A good model for "drive by" actssuitable targetmotivated offenderlack of a capable guardianCan be used to explain everyday type crimes.
  4. Key ConcernsCrime not criminalityEvent drivenNear not distant causeHow not why5 main mechanismsIncrease the EffortIncrease the risksReduce the rewardsReduce provocationsRemove excusesExamples: CCTVHashing of card datalogon notice stating audit log policy