SlideShare una empresa de Scribd logo

Information Security Managing Risks & Building Cyber Resilience

Donald Tabone
Donald Tabone

The document discusses approaches to information security, risk management, and cyber resilience. It recommends taking a three-pronged approach to information security that includes awareness, technical controls, and periodic reviews. It also suggests adopting a framework for cyber risk management that is appropriate for the organization's needs and risk appetite. Finally, it outlines six key points to achieving cyber resilience: organizational readiness, situational awareness, detection, cyber defense, mitigation and containment, and recovery.

Tecnología
1 de 26
Descargar para leer sin conexión
Dealing with Information Security, Risk Management & Cyber Resilience Donald Tabone 27/01/2015
2 Introductions Introductions • >19 years working in all areas of IT • Former Associate Director, KPMG • Former Lead Security Analyst & Architect for American-based CCBill • Lecturer on Information Security & Computer Forensics, NCC • >6 years PCI-DSS industry • Information Security, Software Engineering, IT & Telecoms Law
3 1. Why the need to think about it? 2. What exactly are we talking about? 3. How do we go about doing something about it? 4. Is there a one-size-fits-all framework? Brief Agenda Brief Agenda [Information Security]
4 IT Governance Information Security? • After an incident occurs? • If budget permits? • Because you are mandated to comply? • Who possesses the knowledge within your company to advise? • Is it even a priority or a concern? • Is there any structure to your approach? • Are you really prepared / in control? [Information Security] is the preservation of confidentiality, integrity and availability of information. But how do you really go about it within your business?
5 Establishing IT Governance IT Governance..1/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf • IT is aligned with the business • IT enables the business and maximizes benefits • IT resources are used responsibly • IT risks are managed appropriately [COBIT (4.1) Framework]
6 Establishing IT Governance IT Governance..2/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
7 Establishing IT Governance IT Governance..3/3 • Periodic assessments of IT processes for their quality and compliance • Performance management • Monitoring internal controls • Regulatory compliance • Provide IT governance • Is IT’s performance measured to detect problems before it is too late? • Are internal controls effective and efficient? • Are adequate confidentiality, integrity and availability controls in place for information Security? Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
8 Incidents Incidents
9 The targets? Who are the targets? * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business •30% of its members were victims of fraud as a result of virus infections •50% hit by malware •8% victims of hacking •5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that •53% of the British public is worried about the damage of cyber attacks •40% feel more vulnerable to cyber attacks now than a year ago •38% feel that their personal data exchanged with organisations they do business with may already have been compromised Increased attack sophistication Inappropriate business response UNCERTAINITY =
10 Meanwhile in a non-descript building Should we be concerned? … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Source: Hello, Unit 61398, The Economist Meanwhile.. … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks…
11 Threat horizon for 2015 Threat horizon • Reputation is a new target for cyber-attacks, from insider activists who leak information, and hacktivist collectives who vote on who they dislike this week. • Criminals value your information, they’re highly motivated to obtain it, or to use what leaks out of your organization. • The changing pace of technology doesn’t help; bring your own cloud (BYOC) and bring your own device (BYOD) also bring their own risks. Source: Information Security Forum
12 Approach 1 Approach 1
13 A Strategy Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Technical Controls Risk Assessments Information Security Requirements Policies ManagementCommitment Awareness Periodic reviews Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Awareness Technical Controls Periodic reviews Policies Awareness Technical Controls PoliciesRisk Assessments • Identify critical information assets • Obtain management buy-in • Take a 3 pronged approach • Conduct periodic reviews Approach 2
14 Approach 3 Adopting a framework “What does good cyber risk management look like?” By definition a framework is an agreed structured approach to dealing with a particular subject. • There is no such thing as a one-size-fits-all framework • Use / implement the appropriate framework for your organisation’s requirements • i.e. access your requirements and design the appropriate framework for your needs • Such that your organisation is not trying to ‘fit’ to a particular benchmark or rule book Implement what is appropriate to your business objectives, risk appetite and facilitates reporting to any third party against international generic cyber risk frameworks. Source: Paul C Dwyer, Cyber Risk Expert
15 Approach 3 Adopting a framework Source: Paul C Dwyer, Cyber Risk Expert
16 Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk •With appropriate due diligence, management accept the potential risk and continue operatingRisk Assumption •Management approve the implementation of controls to lower risk to an acceptable levelRisk Alleviation •Eliminate the process that could cause the risks Risk Avoidance •Management limit the risk exposure by putting controls to limit the impact of a threatRisk Limitation •A process to manage risk by developing an architecture that prioritises, implements and maintains controlsRisk Planning •Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policyRisk Transference Juggling the risks Dealing with the risks
18 “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies Cyber Resilience 3. Detection 1. Organizational Readiness 2. Situational awareness 4. Cyber defence 5. Mitigation and containment 6. Recovery Six Point action plan Becoming resilient
19 Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences #1 Organisational Readiness Becoming resilient
20 Specialist knowledge Keep abreast of the latest advanced threats Hacking for fame & glory Cybercrime moved into monetisation Criminal gangs Protest hacktivism Anonymous & Lulzsec target corporate infrastructures Corporate espionage Disruption Know your information assets Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group #2 Situational Intelligence Becoming resilient
21 Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction #3 - Detection Becoming resilient
22 Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target #4 – Cyber Defence Becoming resilient
23 The aim is to limit the damage to your services and reputation Limit the impact / shutdown the source Being prepared is the key Contingency planning – define and review your plans Ensure adequate testing of business continuity plans Prepared PR statements Continuity of Operations Plan Disaster Recovery Plan IT / Network Contingency Plans Crisis Communication Plan Cyber Incident Plan Occupant Emergency Plan #5 – Mitigation and containment Becoming resilient
24 You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it #6 - Recovery Becoming resilient
25 Cyber Resiliency Business Continuity IT Service Continuity Management functions BEING PROACTIVE IS THE NAME OF THE GAME Awareness Knowledge Controls Detection Mitigation Recovery • Good IT governance by following a framework gives structure and business alignment • Apply some form of strategy to the way you deal with information security • Cyber threats are on the increase, so prevention and detection are always better than cure • Becoming cyber resilient gives you the benefit of knowing how to tackle IT risks • Take a pragmatic approach to investing in your defences Conclusions Take back conclusions
Thank you! Donald Tabone  dtabone@gmail.com
Nineteen Twenty Three, Valletta Road, Marsa MRS 3000, Malta. T. (+356) 2144 5566 E. info@ptl.com.mt | www.ptl.com.mt IT & SECURITY EXPERTS

Recomendados

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 

Recomendados

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesSlideTeam
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness programAvanzo net
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesLearningwithRayYT
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxWeyai1
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 

Más contenido relacionado

La actualidad más candente

ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesSlideTeam
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness programAvanzo net
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesLearningwithRayYT
 
CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxWeyai1
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 

La actualidad más candente (20)

ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework Types
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptx
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 

Destacado

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Crew
 
Six Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecuritySix Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecurityIT@Intel
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
The cyber resilient enterprise
The cyber resilient enterpriseThe cyber resilient enterprise
The cyber resilient enterpriseAndrew Bycroft
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...pero periuc
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementCA Technologies
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Swiss Digital Index 2015
Swiss Digital Index 2015Swiss Digital Index 2015
Swiss Digital Index 2015accenture
 

Destacado (20)

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
ICTSA v2
ICTSA v2ICTSA v2
ICTSA v2
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
 
Six Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecuritySix Irrefutable Laws of Information Security
Six Irrefutable Laws of Information Security
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
 
The cyber resilient enterprise
The cyber resilient enterpriseThe cyber resilient enterprise
The cyber resilient enterprise
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information Systems
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity Management
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Swiss Digital Index 2015
Swiss Digital Index 2015Swiss Digital Index 2015
Swiss Digital Index 2015
 

Similar a Information Security Managing Risks & Building Cyber Resilience

Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Security-Invest Where it Matters Most
Security-Invest Where it Matters MostSecurity-Invest Where it Matters Most
Security-Invest Where it Matters MostInnoTech
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assetscyberprosocial
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Matthew Rosenquist
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 

Similar a Information Security Managing Risks & Building Cyber Resilience (20)

Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Security-Invest Where it Matters Most
Security-Invest Where it Matters MostSecurity-Invest Where it Matters Most
Security-Invest Where it Matters Most
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Topic11
Topic11Topic11
Topic11
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 

Más de Donald Tabone

Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security StrategyDonald Tabone
 
ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologistDonald Tabone
 
MARM State of Security v2
MARM State of Security v2MARM State of Security v2
MARM State of Security v2Donald Tabone
 
The Realm Of Digital Forensics
The Realm Of Digital ForensicsThe Realm Of Digital Forensics
The Realm Of Digital ForensicsDonald Tabone
 

Más de Donald Tabone (6)

Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security Strategy
 
ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologist
 
ELPUB_2015
ELPUB_2015ELPUB_2015
ELPUB_2015
 
MARM State of Security v2
MARM State of Security v2MARM State of Security v2
MARM State of Security v2
 
Mca Erg Oct 09
Mca Erg Oct 09Mca Erg Oct 09
Mca Erg Oct 09
 
The Realm Of Digital Forensics
The Realm Of Digital ForensicsThe Realm Of Digital Forensics
The Realm Of Digital Forensics
 

Último

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Último (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Information Security Managing Risks & Building Cyber Resilience

  • 1. Dealing with Information Security, Risk Management & Cyber Resilience Donald Tabone 27/01/2015
  • 2. 2 Introductions Introductions • >19 years working in all areas of IT • Former Associate Director, KPMG • Former Lead Security Analyst & Architect for American-based CCBill • Lecturer on Information Security & Computer Forensics, NCC • >6 years PCI-DSS industry • Information Security, Software Engineering, IT & Telecoms Law
  • 3. 3 1. Why the need to think about it? 2. What exactly are we talking about? 3. How do we go about doing something about it? 4. Is there a one-size-fits-all framework? Brief Agenda Brief Agenda [Information Security]
  • 4. 4 IT Governance Information Security? • After an incident occurs? • If budget permits? • Because you are mandated to comply? • Who possesses the knowledge within your company to advise? • Is it even a priority or a concern? • Is there any structure to your approach? • Are you really prepared / in control? [Information Security] is the preservation of confidentiality, integrity and availability of information. But how do you really go about it within your business?
  • 5. 5 Establishing IT Governance IT Governance..1/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf • IT is aligned with the business • IT enables the business and maximizes benefits • IT resources are used responsibly • IT risks are managed appropriately [COBIT (4.1) Framework]
  • 6. 6 Establishing IT Governance IT Governance..2/3 Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
  • 7. 7 Establishing IT Governance IT Governance..3/3 • Periodic assessments of IT processes for their quality and compliance • Performance management • Monitoring internal controls • Regulatory compliance • Provide IT governance • Is IT’s performance measured to detect problems before it is too late? • Are internal controls effective and efficient? • Are adequate confidentiality, integrity and availability controls in place for information Security? Source: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
  • 9. 9 The targets? Who are the targets? * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business •30% of its members were victims of fraud as a result of virus infections •50% hit by malware •8% victims of hacking •5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that •53% of the British public is worried about the damage of cyber attacks •40% feel more vulnerable to cyber attacks now than a year ago •38% feel that their personal data exchanged with organisations they do business with may already have been compromised Increased attack sophistication Inappropriate business response UNCERTAINITY =
  • 10. 10 Meanwhile in a non-descript building Should we be concerned? … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Source: Hello, Unit 61398, The Economist Meanwhile.. … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks…
  • 11. 11 Threat horizon for 2015 Threat horizon • Reputation is a new target for cyber-attacks, from insider activists who leak information, and hacktivist collectives who vote on who they dislike this week. • Criminals value your information, they’re highly motivated to obtain it, or to use what leaks out of your organization. • The changing pace of technology doesn’t help; bring your own cloud (BYOC) and bring your own device (BYOD) also bring their own risks. Source: Information Security Forum
  • 13. 13 A Strategy Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Technical Controls Risk Assessments Information Security Requirements Policies ManagementCommitment Awareness Periodic reviews Information Security Strategy Awareness Technical Controls Risk Assessments Periodic reviews Information Security Requirements Policies ManagementCommitment Information Security Strategy Awareness Technical Controls Periodic reviews Policies Awareness Technical Controls PoliciesRisk Assessments • Identify critical information assets • Obtain management buy-in • Take a 3 pronged approach • Conduct periodic reviews Approach 2
  • 14. 14 Approach 3 Adopting a framework “What does good cyber risk management look like?” By definition a framework is an agreed structured approach to dealing with a particular subject. • There is no such thing as a one-size-fits-all framework • Use / implement the appropriate framework for your organisation’s requirements • i.e. access your requirements and design the appropriate framework for your needs • Such that your organisation is not trying to ‘fit’ to a particular benchmark or rule book Implement what is appropriate to your business objectives, risk appetite and facilitates reporting to any third party against international generic cyber risk frameworks. Source: Paul C Dwyer, Cyber Risk Expert
  • 15. 15 Approach 3 Adopting a framework Source: Paul C Dwyer, Cyber Risk Expert
  • 16. 16 Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk •With appropriate due diligence, management accept the potential risk and continue operatingRisk Assumption •Management approve the implementation of controls to lower risk to an acceptable levelRisk Alleviation •Eliminate the process that could cause the risks Risk Avoidance •Management limit the risk exposure by putting controls to limit the impact of a threatRisk Limitation •A process to manage risk by developing an architecture that prioritises, implements and maintains controlsRisk Planning •Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policyRisk Transference Juggling the risks Dealing with the risks
  • 17. 18 “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies Cyber Resilience 3. Detection 1. Organizational Readiness 2. Situational awareness 4. Cyber defence 5. Mitigation and containment 6. Recovery Six Point action plan Becoming resilient
  • 18. 19 Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences #1 Organisational Readiness Becoming resilient
  • 19. 20 Specialist knowledge Keep abreast of the latest advanced threats Hacking for fame & glory Cybercrime moved into monetisation Criminal gangs Protest hacktivism Anonymous & Lulzsec target corporate infrastructures Corporate espionage Disruption Know your information assets Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group #2 Situational Intelligence Becoming resilient
  • 20. 21 Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction #3 - Detection Becoming resilient
  • 21. 22 Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target #4 – Cyber Defence Becoming resilient
  • 22. 23 The aim is to limit the damage to your services and reputation Limit the impact / shutdown the source Being prepared is the key Contingency planning – define and review your plans Ensure adequate testing of business continuity plans Prepared PR statements Continuity of Operations Plan Disaster Recovery Plan IT / Network Contingency Plans Crisis Communication Plan Cyber Incident Plan Occupant Emergency Plan #5 – Mitigation and containment Becoming resilient
  • 23. 24 You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it #6 - Recovery Becoming resilient
  • 24. 25 Cyber Resiliency Business Continuity IT Service Continuity Management functions BEING PROACTIVE IS THE NAME OF THE GAME Awareness Knowledge Controls Detection Mitigation Recovery • Good IT governance by following a framework gives structure and business alignment • Apply some form of strategy to the way you deal with information security • Cyber threats are on the increase, so prevention and detection are always better than cure • Becoming cyber resilient gives you the benefit of knowing how to tackle IT risks • Take a pragmatic approach to investing in your defences Conclusions Take back conclusions
  • 25. Thank you! Donald Tabone  dtabone@gmail.com
  • 26. Nineteen Twenty Three, Valletta Road, Marsa MRS 3000, Malta. T. (+356) 2144 5566 E. info@ptl.com.mt | www.ptl.com.mt IT & SECURITY EXPERTS