Exploring the Power of Physical, Logical and Cyber Security Convergence

Size: px

Start display at page:

Download "Exploring the Power of Physical, Logical and Cyber Security Convergence"

Logan Mason
8 years ago
Views:

1 Exploring the Power of Physical, Logical and Cyber Security Convergence Steven York Head of Group Security & Business Resillience, Group Risk Bank of Queensland

2 Physical, Logical and Cyber Security Convergence Steve York MSc MDR Head of Group Security & Business Resilience BOQ

3 Outline Convergence concept for business Security as the (not so new) new risk topic Convergence of process, people and technology in crime and counter measures Observations and predictions Questions

4 Security Definition Concept [mass noun] The state of being free from danger or threat: The safety of a state or organization against criminal activity such as terrorism, theft, or espionage: Procedures followed or measures taken to ensure the security of a state or organization: From Cyber/Digital/Physical perspectives

terrorism, theft, or espionage: Procedures followed or measures taken to ensure

5 Convergence Digital convergence refers to the convergence of four industries into one, ITTCE (Information Technologies, Telecommunication, Consumer Electronics, and Entertainment). Previously separate technologies such as voice (and telephony features), data (and productivity applications), and video can now share resources and interact with each other synergistically. - The smart phone

Previously separate technologies such as voice (and telephony features), data (and productivity

6 Morphing

7 Some observations Using the Internet for voice telephony Video on demand Fixed-mobile convergence Mobile-to-mobile convergence (WiFi and Cellular) Location-based services (Social Networks and applications based on geography) Integrated products and bundles

(WiFi and Cellular) Location-based services (Social Networks

8 Increasing danger of convergence Telcos face mass SIM card recall after spy agencies' encryption hack revealed Date February 23, :28PM Hannah Francis and Ben Grubb The SIM cards of Telstra, Vodafone and Optus may be compromised. Photo: Penny Stephens Telstra, Optus and Vodafone may be forced to order the recall of potentially millions of mobile phone SIM cards after it was revealed that US and British spy agencies stole encryption keys that secured personal information, including calls and texts, on the chips.

Photo: Penny Stephens Telstra, Optus and Vodafone may be forced to order the recall of potentially millions of mobile phone SIM cards after it was revealed that US and

9 Security Organisational Approach Security within major corporations include DR (Red = relatively new areas) BCP Asset protection (physical security) Investigation (response) Policy and planning Fraud prevention and monitoring (digital, physical and cultural) ID issuing and management (digital and physical) IT security and response (internal and external) Compliance (AML/FACTA)

and planning Fraud prevention and monitoring (digital, physical and cultural) ID issuing and

10 Security Position New level of visibility within organisations Now reporting to C Level as standard Chief Security Officer as part of Exco Cyber Security now part of a countries overall defence posture

Chief Security Officer as part of Exco Cyber

11 BOQ - Group Security & Business Resilience GS & BR, Group Risk; Financial Crimes transactional monitoring, response and investigation Physical Security Business Continuity & Crisis Management AML/PEP Monitoring and Compliance

response and investigation Physical Security Business

12 BOQ - IT Security IT Security; Group IT; IT Security, IT Governance and IT Risk (including IT Disaster Recovery, IT Audit and IT Management Reporting)

13 Reporting Lines Convergence is NOT smashing reporting lines together It is however, ensuring that different parts of the organisation work cooperatively and that s why they exist in the first place There is very little between big organisations other than the ability to respond to new environments convergence is the key

and that s why they exist in the first place There is very little between big

14 BOQ Digital Ecosystem APP Enablement API Integration Third Party Overlay BOQ Digital Layer Core Payments Capability Payments Hub Card Management System Value Added Services

15 GS&BR Current Position Internet Banking PEP s (VEDA ) AML/CTF Acquiring Issuing NameWatch VBV

16 BOQ - GS&BR Roadmap Data feed into the Single Pane of Glass, which will be displayed in the one viewing system. Single Pane of Glass Benefits Removal of silos Cost reduction in vendors. Increase in data worth Cross training Able to add new modules (ATM, debtor finance etc).

Single Pane of Glass Benefits Removal of silos Cost reduction in

17 Cost savings in convergence

19 Goal make crime less profitable Cost of defending against an attack is 10-10,000X greater than launching one ROI is clearly in favour of the criminals. How can we tilt the scales? New role of corporations law enforcement and sharing of intel?

20 Predictions Cyber security role in all industries Use of imbedded cameras for crime ID, paedophilia, stalking, espionage Cost of fraud gradually transferred to consumer requiring different and new insurance Physical location no inhibitor to most crimes Law enforcement being over-run much of cyber crime left to business

to consumer requiring different and new insurance Physical location no

21 Questions?

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What