Information Security is not an IT problem! Enterprise Risk & Security Management

Size: px
Start display at page:

Download "Information Security is not an IT problem! Enterprise Risk & Security Management"

Transcription

1 Information Security is not an IT problem! Enterprise Risk & Security Management Raymond Slot Security Seminar 20 maart 2015

2 Some Security Incidents in 2014 Anthem 80 million customer records exposed JPMorgan Chase million private customer and an 7 million small businesses records stolen Sony Pictures attack -- exposing new movies and s Gemalto -- Attack to obtain SIM card encryption keys Attack on a Large European Bank ATM s NFC hack on Chilean Transport Public systems 2

3 Security Attacks Over 2014 more than corporate sector targets in at least 55 countries worldwide The number of victims affected by targeted attacks in 2014 is 2.4 times that of 2013, when up to corporate targets were discovered. Attacks move from general attacks to targeted, long-term attacks. Example Targeted Attacks Attacks specifically aimed at C-level and senior management in hotels Attacks aimed at banks and at billing companies Attacks to obtain encryption keys Attacks on home banking systems Source Kaperski,

4 Cost of Cyber Crime? UK 0,16% of GDP 4.8 billion Euro Netherlands 1.5 % of GDB 8.8 billion Euro Germany 1,6% of GDP 56 billion Euro Global losses are estimated from $ 375 Billion to $ 575 Billion Source McAfee,

5 Reasons for increased attack rates We are heading for a security meltdown of our economy 1. Attacking is technically becoming easier and cybercrime is target of criminal big-money 2. In the Internet of Things, security is considered often as an afterthought 3. High visibility successes attract new cybercriminals 4. Risks for cybercriminals are relatively low Legislation has not kept pace International nature makes prosecution almost impossible 5. Cyberterrorism and Cyber Warfare are facts of life 6. We are building more and more large mission-critical IT systems, without including security at a key designcriterion Source Sessions,

6 Cost vs. Risk Trade-Off High Low Low 6

7 Uitgaven versus Niveau van Veiligheid Expense 7

8 Characteristics of Enterprise Risk & Security Management Goal: acceptable residual risk at a minimal cost Based on business risks Key questions What risks are we exposed to? What is for our organization an acceptable level of risk? These questions are business questions. IT cannot answer it. For these questions to be answered by business, business has to have insight into the risks and acceptable residual risks. The role of security architecture is to provide business managers with this insight. 8

9 Secure Enterprise Architecture There two approaches to a secure enterprise architecture bolt-it-on (usual) build-it-in (much more safe) Go for inherently secure designs Examples Android Snowman SOA architecture Business Architecture Information Architecture Security Application Architecture Data Architecture Technical Architecture Instead of Security Architecture we should speak of a Secure Enterprise Architecture 9

10 Security Niveaus Strategic Security Policy Security organization Acceptable Risk level Tactical Gap between Policy en Operation Operational Fire Wall Virus Checking 10 Network Zones

11 Security Approach Drivers Business Domain Policies Threats Opportunities Responsibilities Risks Vulnerabilities Security requirements Firewall Architecture Virus Scanning Measures Authentication Access control Solution Domain 11

12 Security process Risk Analysis en Policy definition Security Requirements Definition Security Measures Residual Risk Security Architecture 12

13 Non-Functional Requirements Security Requirements Confidentiality Authentication Integrity Non-repudiation Auditability Governance Requirements Availability Contingency Incident resolvability Ability for administration and configuration Cost Accountability Scalability Traceability Volumetric Requirements Performance Throughput Response time Currency (data) Correctness (data) % Modified (data) Simultaneous Users # Transactions Storage Development Requirements Maintainability Portability Reusability Testability Green Requirements Energy efficiency Environmental Friendly Materials Sustainability 13

14 Non-functional Aspects (ISO 25010) Source: ISO 14

15 Levels of Security Requirements Level Integrity Authentication Availability Performance High Medium Low It is very difficult to compromise the accuracy and completeness of data, both in storage and in transport It is fairly difficult to compromise the accuracy and completeness of data, both in storage and in transport No value is attached to the accuracy and completeness of data. Example It is very difficult to assume somebody else s identity Sufficient measures are taken so that the average user will not be capable of assuming someone else s identity There is no need to identify the actor. 7 * 24 hour 6 * 12 hour Office hours Very fast response time (< 0,5 sec) Fast response time (<2 sec) Internet level response times unmanaged 15

16 Security Requirement Profile Profile Name Example Integrity Authentication Confidentiality Availability Performance Public Level Standard Level Confidential Level People surfing the website Information is freely available Company-confidential actions Information is freely available within the organisation Confidential actions Information availability is Restricted High Low Low High Medium Medium Medium Medium Medium Medium High High High Medium Medium Example Security requirement profiles - Organizations require 5-10 profiles 16

17 Security Use Case ACTOR executing an ACTIVITY (using some INFO) 1. Client retrieving Product Information 2. Client inquiring Account Balance 3. Client executing Financial Transaction 4. Employee conducting Standard Operation (e.g., developing product) 5. Employee conducting High-risk Operations (e.g., handling financial sums above ) Number of Security Use Cases in an Organization is about 20 17

18 Classification of Security Use Case Security Requirements Profile Security Use Case Public Stand. Conf. 1.Client retrieving Product Information t 2. Client inquiring Account Balance t 3. Client executing Transactions t 4. Employee conducting Standard Operations 5. Employee conducting High-risk Operations t t 18

19 Use Case Context: Locations Internal Access Hotel Company Office Client Location Home External Access 19

20 Use Case Context: and Platforms PC / Laptop Tablet Phone 20

21 Define Security Measures Security Requirement High-Secure (Confidential Level) Example Measures Multi-Level Authentication 4-eyes principle Personnel screening Baseline (Standard Level) Virus Checking Application Virtualization Network Zones Firewall Below Baseline (Public Level) No Access Control Accessible from Internet 21

22 Example 1: End-to-End Security Measures for a Security Context Specification Use Case: Employee conduction standard Operation from External Location Security Requirements Profile: Standard Level Location: External Access Platform: PC Measures are ISO Based 22

23 Example 2: End-to-End Security Measures for a Security Context Specification Use Case: Cklient conduction standard Operation from External Location Security Requirements Profile: Standard Level Location: External Access Platform: Phone! 23

24 Definition of Security Architecture Security Use Cases Actor Activity & Information Security Requirements Profile Use Case Context Platform Location Use Case Measures Organizations require Use Case Descriptions 24

25 Security Architecture Cycle 6. Gaps and Residual Risks 5. Measures per Use Case Measures 1. Risk Analysis Analysis Requirements 2. Policy and Acceptable Risk 3. Security Requirements 1. Risk analysis provides insight 2. Policy determines the acceptable risks level (Risk Appetite) 3. Requirement profile describes the required level of confidentiality, integrity, etc. 4. Each security use case gets assigned a requirement profile 5. For each use case and requirement profile a set of security measures is defined, the target security architecture 6. Gaps are identified between the actual situation and the sites integration 4. Classify Use Cases 25

26 Qualitative Risk Assessment Loss event frequency (LEF) Risk Vulnerability (Vuln) 26

27 A Risk Overlay for ArchiMate 27

28 A Risk Overlay for ArchiMate 28

29 Example 29

30 Lessons Learned 1. Do not assume that information security is okay 2. Take the lead as business management in Information Security 3. Operational continuity and justification of information security costs is a responsibility by management 4. Analysis of existing security environments shows Security too high ( All authorization need to be two-factor ) Security too low ( Wait, does that process also use medical data!?! ) 5. Business management needs insight in actual and target residual risks and the gaps 6. Plan how to handle security gaps Information Security is not an IT problem! 30

31 Concluding Business management is responsible for cyber security Policies & compliance Sensitivity of information Acceptable risk levels Execution is the responsibility of IT HR Facilities Finance Architecture bridges the gap Clear relation between needs and measures In business terms Business is in control Effective and efficient use of resources 31

32 Questions? Raymond Slot Webinars, blogs, e-books, customer stories, training portfolio, software and more on 32

33 2014 BiZZdesign. All rights reserved. BiZZdesign and BiZZdesign logos are registered trademarks of BiZZdesign Company.

Visualizing the Business Impact of Technical Cyber Risks

Visualizing the Business Impact of Technical Cyber Risks Visualizing the Business Impact of Technical Cyber Risks May 21, 2014 Henk Jonkers Senior Research Consultant, BiZZdesign Agenda Introduction and problem statement Enterprise Architecture with ArchiMate

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security

More information

Leveraging Regulatory Compliance to Improve Cyber Security

Leveraging Regulatory Compliance to Improve Cyber Security Leveraging Regulatory Compliance to Improve Cyber Security Leveraging Regulatory Compliance to Improve Cyber Security Brian Irish, Cyber Security Assurance Manager Salt River Project LEVERAGING REGULATORY

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

2012 NORTON CYBERCRIME REPORT

2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND,

More information

How are we keeping Hackers away from our UCD networks and computer systems?

How are we keeping Hackers away from our UCD networks and computer systems? How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

Information Security Awareness Training

Information Security Awareness Training Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information

More information

SUPPLIER SECURITY STANDARD

SUPPLIER SECURITY STANDARD SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard

More information

National Cyber Crime Unit

National Cyber Crime Unit National Cyber Crime Unit Kevin Williams Partnership Engagement & National Cyber Capabilities Programme Kevin.Williams@nca.x.gsi.gov.uk Official Problem or opportunity Office for National Statistics In

More information

FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA

FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA OFFSITE DATA PROTECTION FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA Backup encryption should be one of many activities that formulate a comprehensive security strategy. In many environments, storage

More information

Classify, Protect, Audit: New Approach to SAP Data Security. Aparna Jue, SECUDE

Classify, Protect, Audit: New Approach to SAP Data Security. Aparna Jue, SECUDE Classify, Protect, Audit: New Approach to SAP Data Security Aparna Jue, SECUDE About SECUDE SECUDE is an innovarve global provider of IT data protecron solurons for SAP customers. Our user- friendly solurons

More information

Is your business secure in a hosted world?

Is your business secure in a hosted world? Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

Information Technology Risk Management

Information Technology Risk Management Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT

More information

Wireless (In)Security Trends in the Enterprise

Wireless (In)Security Trends in the Enterprise A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved. WiFi is proliferating fast.

More information

Bachelor of Information Technology (Network Security)

Bachelor of Information Technology (Network Security) Bachelor of Information Technology (Network Security) Course Structure Year 1: Level 100 Foundation knowledge subjects SEMESTER 1 SEMESTER 2 ITICT101A Fundamentals of Computer Organisation ITICT104A Internetworking

More information

Unit title: Cyber Security Fundamentals (SCQF level 4)

Unit title: Cyber Security Fundamentals (SCQF level 4) National Unit specification General information Unit code: H9T5 44 Superclass: CC Publication date: October 2015 Source: Scottish Qualifications Authority Version: 01 Unit purpose The purpose of this Unit

More information

ERM Symposium April 2009. Moderator Nancy Bennett

ERM Symposium April 2009. Moderator Nancy Bennett ERM Symposium April 2009 RI4-Implementing a Comprehensive Privacy Program John Kelly Joseph Nocera Moderator Nancy Bennett Data & Identity Theft: Keeping sensitive data out of the wrong hands Presented

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

McAfee Server Security

McAfee Server Security Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology London School of Economics & Political Science Information Management and Technology Guidelines Remote Access and Mobile Working Guidelines Jethro Perkins Information Security Manager Summary This document

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh Developing an Architectural Framework towards achieving Cyber Resiliency Presented by Deepak Singh Presentation Content Cyber Threat Landscape Cyber Attack and Threat Profile Cyber Threat Map Cyber Security

More information

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business Qualification Specification Level 4 Certificate in Cyber Security and Intrusion For Business ProQual 2015 Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

If you can't beat them - secure them

If you can't beat them - secure them If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access

More information

Fortinet Solutions for Compliance Requirements

Fortinet Solutions for Compliance Requirements s for Compliance Requirements Sarbanes Oxley (SOX / SARBOX) Section / Reference Technical Control Requirement SOX references ISO 17799 for Firewall FortiGate implementation specifics IDS / IPS Centralized

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

What Directors need to know about Cybersecurity?

What Directors need to know about Cybersecurity? What Directors need to know about Cybersecurity? W HAT I S C YBERSECURITY? PRESENTED BY: UTAH BANKERS ASSOCIATION AND JON WALDMAN PARTNER, SENIOR IS CONSULTANT - SBS 1 Contact Information Jon Waldman Partner,

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

A HELPING HAND TO PROTECT YOUR REPUTATION

A HELPING HAND TO PROTECT YOUR REPUTATION OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION

More information

ICT Barriers, High Tech Crime, and Police

ICT Barriers, High Tech Crime, and Police ICT Barriers, High Tech Crime, and Police Mitchell F. Rice, Ph.D. Fellow, National Academy of Public Administration (Washington, DC) Professor of Political Science Mail Stop 4348 Texas A&M University College

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Cyber Security solutions

Cyber Security solutions Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside

More information

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com Microsoft Security Development Lifecycle for IT Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com The Reasons for Secure Software There are many threats to data and systems

More information

Improving Residual Risk Management Through the Use of Security Metrics

Improving Residual Risk Management Through the Use of Security Metrics Improving Residual Risk Management Through the Use of Security Metrics Every investment in security should be effective in reducing risk, but how do you measure it? Jonathan Pagett and Siaw-Lynn Ng introduce

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

Protecting your information

Protecting your information Protecting your information Secure your information Each year, governments, businesses and institutions suffer untold losses through not protecting their information. A UK government survey* puts the cost

More information

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance

More information

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Christopher T. Van Marter Senior Deputy Prosecuting Attorney Chief White Collar Crime Unit Department of the Prosecuting Attorney

More information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against

More information

Unisys Security Insights: Germany A Consumer Viewpoint - 2015

Unisys Security Insights: Germany A Consumer Viewpoint - 2015 Unisys Security Insights: Germany A Consumer Viewpoint - 2015 How consumers in Germany feel about: Personal data security, ranked by industry Experiences concerning security of personal data Research by

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Reducing Cyber Risk in Your Organization

Reducing Cyber Risk in Your Organization Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than

More information

7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com

7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com 7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com 7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

Cloud Security In Your Contingency Plans

Cloud Security In Your Contingency Plans Cloud Security In Your Contingency Plans Jerry Lock Security Sales Lead, Greater China Contingency Plans Avoid data theft and downtime by extending the security perimeter outside the data-center and protect

More information

Reducing the Cost and Complexity of Web Vulnerability Management

Reducing the Cost and Complexity of Web Vulnerability Management WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this

More information

Utica College. Information Security Plan

Utica College. Information Security Plan Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles

More information

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse

More information

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 WHITEPAPER Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 Malcolm Orekoya Network & Security Specialist 30 th January 2015 Table of Contents Introduction... 2 Identity Defines

More information

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked

More information

Cyber Security & Managing KYC Data

Cyber Security & Managing KYC Data SPECIAL REPORT Cyber Security & Managing KYC Data The views and opinions expressed in this paper are those of the author(s) and do not necessarily reflect the official policy or position of Thomson Reuters.

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Web Application Security: Connecting the Dots

Web Application Security: Connecting the Dots Web Application Security: Connecting the Dots Jeremiah Grossman Founder & Chief Technology Officer OWASP AsiaPac 04.13.2012 2012 WhiteHat Security, Inc. 1 Jeremiah Grossman Ø Founder & CTO of WhiteHat

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Year of Mega Breaches & Identity Theft

Year of Mega Breaches & Identity Theft 2014 Year of Mega Breaches & Identity Theft Findings from the 2014 BREACH LEVEL INDEX POWERED BY BREACH LEVEL INDEX THE NUMBERS RECORDS BREACHED IN 2014 1,023,108,267 NUMBER OF BREACH INCIDENTS 1,541 BREACHED

More information

2015 Information Security Awareness Catalogue

2015 Information Security Awareness Catalogue Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with

More information

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI UNICRI s Main Goals The United Nations Interregional Crime and

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

Can Your Organization Brave The New World of Advanced Cyber Attacks?

Can Your Organization Brave The New World of Advanced Cyber Attacks? Can Your Organization Brave The New World of Advanced Cyber Attacks? www.websense.com/apx Overview: When it comes to defending against cyber attacks, the global business community faces a dangerous new

More information

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510 TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME Haya Fetais & Mohammed Shabana Saint Leo University COM- 510 November 23, 2014 Introduction Globalization and technological developments have infiltrated

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

Executive Summary. McAfee Labs Threats Report: Third Quarter 2013

Executive Summary. McAfee Labs Threats Report: Third Quarter 2013 Executive Summary McAfee Labs Threats Report: Third Quarter Although summer can be a relatively slow season for cybercriminal activity (even the bad guys need a break occasionally), the third quarter of

More information

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer

More information

Website Security: It s Not all About the Hacker Anymore

Website Security: It s Not all About the Hacker Anymore Website Security: It s Not all About the Hacker Anymore Mike Smart Sr. Manager, Products and Solutions Trust Services & Website Security Website Security 1 Website Security Challenges Evolving Web Use

More information