BarnOwl. SA#Cyber# Opportunity &# Threat Landscape. Craig#Rosewarne# (Wolfpack#Information#Risk)

Similar documents
Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

2015 Information Security Awareness Catalogue

Cybersecurity The role of Internal Audit

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Addressing Cyber Risk Building robust cyber governance

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

ISO27032 Guidelines for Cyber Security

Smart Security. Smart Compliance.

CONSULTING IMAGE PLACEHOLDER

Into the cybersecurity breach

The 2012/3 SA Cyber Threat Barometer. Craig Rosewarne

What Directors need to know about Cybersecurity?

A NEW APPROACH TO CYBER SECURITY

(BDT) BDT/POL/CYB/Circular

defense through discovery

National Cyber Security Policy -2013

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Certified Information Security Manager (CISM)

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Bradford J. Willke, CISSP

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Deloitte Cyber Risk Services Providing trust in a digital world

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Protecting critical infrastructure from Cyber-attack

Why you should adopt the NIST Cybersecurity Framework

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Assessing the Effectiveness of a Cybersecurity Program

our enterprise security Empowering business

(Instructor-led; 3 Days)

Cybersecurity. Are you prepared?

Agile Information Security Management in Software R&D

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Bellevue University Cybersecurity Programs & Courses

Cyber Security key emerging risk Q3 2015

McAfee Security Architectures for the Public Sector

Cloud Infrastructure Security Management

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

NIST Cybersecurity Framework & A Tale of Two Criticalities

Department of Management Services. Request for Information

Cyber Risks in the Boardroom

FFIEC Cybersecurity Assessment Tool

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

National Cybersecurity Management System: Framework, Maturity Model and Implementation Guide

National Initiative for Cybersecurity Education

Cyber Security solutions

RECOMMENDATIONS OF JOINT WORKING GROUP ON ENGAGEMENT WITH PRIVATE SECTOR ON CYBER SECURITY

GEARS Cyber-Security Services

An enterprise grade information security & forensic technical team

CYBERBOK Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

Qatar Computer Emergency Team

Secure by design: taking a strategic approach to cybersecurity

Cybercrime Security Risks and Challenges Facing Business

REPUBLIC OF MAURITIUS NATIONAL CYBER SECURITY STRATEGY

BT Assure Threat Intelligence

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

A Cyber Security Integrator s perspective and approach

Looking at the SANS 20 Critical Security Controls

NERC CIP VERSION 5 COMPLIANCE

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

Developing National Frameworks & Engaging the Private Sector

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia

Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare

Managing cyber risks with insurance

Cybersecurity: What CFO s Need to Know

Cyber Security: from threat to opportunity

Microsoft s cybersecurity commitment

Obtaining Enterprise Cybersituational

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI

Assessing the strength of your security operating model

ICBA Summary of FFIEC Cybersecurity Assessment Tool

National Initiative for Cyber Security Education

Professional Services Overview

OUTCOME OF PROCEEDINGS

Cyber Security Evolved

Benchmark of controls over IT activities Report. ABC Ltd

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

Central Asian Information Security Survey Results (2014) Insight into the information security maturity of organisations, with a

Cyber Security in Austria

Defending against modern cyber threats

CFIR - Finance IT 2015 Cyber security September 2015

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Executive Cyber Security Training. One Day Training Course

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Introduction to Cybersecurity Overview. October 2014

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

Transcription:

BarnOwl SA#Cyber# Opportunity &# Threat Landscape Craig#Rosewarne# (Wolfpack#Information#Risk)

393#(Q1#2015) 1215#(2014) 1004 (2013)

The#Internet#of#Things Cloud#Technology 3D#Printing Advanced#Robotics Autonomous#Vehicles

Humans(will(become(hybrids(in(the(2030s.( That(means(our(brains(will(be(able(to( connect(directly(to(the(cloud(via(nanobots,( and(those(computers(will(augment(our( existing(intelligence. (Ray%Kurzweil%. Director%of%engineering%at%Google)

THREAT#CLASSES Insiders Administrators Hackers 7

Office'of'Personnel'

Where#to#start?

1.#UNDERSTAND#W BUILDING#A#RISK#AWARE#ORGANISATION 1.'ANALYSE THE'THREAT#/#OPPORTUNITY# 2.'ASSESS'YOUR' WEAKNESS#/#STRENGTH GLOBAL COUNTRY INDUSTRIES ORGANISATION PEOPLE PROCESS TECHNOLOGY 3. IMPROVE YOUR CAPABILITY

2.#ESTABLISH#ORDER#W INFORMATION#RISK#FRAMEWORK# GOVERNANCE BUSINESS#(Strategic# What) Executive' Board Committee Organisational' Objectives Governance,' Risk'&' Compliance Business' &' Threat' Intelligence Enterprise' Architecture Programmes'/' Projects' Assurance'Functions'' HR'/'Audit'/'Security'/' BCM'/'Fraud Enterprise' Risk'Committee Compliance'Committee INFORMATION#RISK#MANAGEMENT#(Tactical##W How) IR'Steering' Committee Governance'&' Risk' Legal'&' Compliance Security' Architecture'&' Design Asset' Human' Resource' &' Supplier'Mngt Physical'Risk Programme'/'Project' Office'Committee Access'Control Telecoms' &' Networking' Software' Development' &'Acquisition Cryptography Operations' Security Incident'Mngt,' BCM'&' DR Performance'Metrics'&' Incentives IT' Governance'Council IT#&#OPERATIONS#MANAGEMENT#(Monitor#interdependencies) HR'/'Communications'/' Training' Procurement'/'Supplier' Change'' Committee' IT'Operations Infrastructure' Security Change' Capacity' Application' Security IT'Service' Continuity' IT'Incident' Release' Configuration' Problem' IT' Vulnerability' Service'Desk Facilities' Performance' Event' HR'Processes Third'Party' Information' &' Asset' Physical' Security Service'Level' Systems' 12

3.#REMEDIATE#W ENSURE#RISK#APPROACH#IS#INTEGRATED RISK MANAGEMENT (ISO 31000) GOVERNANCE (KING3 / ISO 38500 / COBIT) INFORMATION & CYBER SECURITY (ISO 27001/2/5 / ISO 27032 / SANS 20CC) CRISIS MANAGEMENT BCM /DR (ISO 22301) INCIDENT MANAGEMENT (ISO 27035) IT OPERATIONS ITIL / ISO 20000

4.#CONTINUOUS#IMPROVEMENT# TEST,#AUTOMATE#&#CERTIFY Cyber.Threat.Assessment.Dashboard Cyber.Threat.Overall.Rating Assessment.Uncertainty.Percentage 3,00 Bank.Name Demo 7 Assessment.Level 1 Maturity of Cyber Domains Cyber Resilience Maturity Level Software&Development&and Application&Security Cyber&Security&Governance&and Risk& 5,00 4,00 Legal,&Regulations&and Compliance 5 4 Cryptography 3,00 2,00 Business&Continuity&and Disaster&Recovery&Planning 3 1,00 Operations&Security 0,00 Asset& 2 Access&Control Human&Resource&and&Supplier Security 1 Telecommunications&and Network&Security Security&Architecture&and Design Physical&(Environmental) Security 0 Evolve Anticipate Withstand Recover Cyber.Domain Maturity. Uncertainty.(%) Category Maturity Cyber.Security.Governance.and.Risk. 2,09 15 Evolve 1 Legal,.Regulations.and.Compliance 3,00 0 Anticipate 3 Business.Continuity.and.Disaster.Recovery.Planning 4,00 0 Withstand 3 Asset. 3,00 0 Recover 4 Human.Resource.and.Supplier.Security. 2,00 0 Physical.(Environmental).Security. 1,33 0 Security.Architecture.and.Design 3,16 60 Telecommunications.and.Network.Security 3,02 2 Access.Control. 5,00 0 Operations.Security 2,72 4 Cryptography 3,00 0 Software.Development.and.Application.Security 3,68 0 14

5.#SKILL#UP# BUILD#CAPABILITY AWARENESS5 PROGRAMME Personnel'Sourcing Graduate' Development Industry%&%Organisational%Skills%Requirements% Research'&' Threat' Intelligence' Reports Governance,' Risk' '&' Compliance' Curriculum Awareness' Programme' Maturity' Improvement Information' Security' Curriculum Awareness' Content' Development' Forensics' Curriculum Simulation,' Animated' Video'&' Cartoon' Solutions Audit' Curriculum Phishing' &'Social' Engineering' Assessments CONTINUOUS#SKILLS#ASSESSMENT#/##BLENDED#LEARNING#MODEL# Software' Security' Curriculum STRUCTURED5TRAINING5PROGRAMMES 1 FOUNDATION 2 MANAGEMENT 3 TEHNICAL 4 CONTINUOUS 15

SUGGESTED#APPROACH 1. INDEPENDENT ASSESSMENT Roadmap 2. SHARED REMEDIATION 3. REALISTIC THREAT TESTING Workshop Assessment IR FRAMEWORK ISMS

COMMUNITY#INITIATIVES 9500+#CYBER# SECURITY#COMMUNITY

GLOBAL#THREAT#&#OPPORTUNITY# ECOSYSTEM

SA#NATIONAL#CYBERSECURITY#STAKEHOLDERS#&# STRUCTURES International*Bodies* *Justice,* Crime*Prevention*and*Security* Cluster*(JCPS)*; Cybersecurity Response*Committee*(SSA*lead) Corporate*reputation*is*at*stake Embarrassing*headlines STRATEGIC Remediation*costs Industry*Bodies*; SABRIC* * SAFPS* *ISPA* *SACCI* * Regulators State*Security*Agency* *SA*Police* Service*(SITA) *SA*National* Defence*Force*(CSIR*DPSS*/*SITA)* * Justice*&*Corrections*(SIU*/*NPA)* * Dept Telecomms &*Postal*Service* (DOC*/*NCAC)* *Dept Science*&* Tech* *Home*Affairs* *SAPO* * AGSA* *DPSA* SAFPB National*Key*Points* *National,* Provincial*&*Local*Government* * Citizens* *Children Compliance*violation Fines/Fees TACTICAL ATO*revoked OPERATIONAL Financial *Retailers* *ISPs* * TMT *Manufacturing* Academia* *Healthcare* *Professional* Services* *Vendors Local*&*International*Partners * B2B* *B2C* *Informal*Traders* * Customers 19

NATIONAL#FOCUS#AREAS 1. AWARENESS 2. SKILLS 3. CIIP 4. CYBER CRIME 5. LEGAL

NATIONAL#AWARENESS#PORTAL http://www.alertafrica.com

CYBER#SECURITY#AWARENESS#MONTH##

GOVERNMENT#CYBER#ACADEMY#PROGRAMME Technical'and'Soft'skills' assessment'to'determine' Current' State Skills'&' Competency Assessment Each'Area'Receives' Feedback'+'Group'' Analysis'Report'Generated Baseline'Foundation' Training'Programme'for' Existing'sectors'or'' Graduate'Intakes Establish' Training' Baseline Determine'Technical'and' 'Training' Requirements Technical' Training' Curricula Beginner'/'Intermediate'/'Advanced ' Training' Curricula Key'Matrix'of'Security' Specialists' Elite Core' Incident'Response' Team Determine#Programme# Requirements Foundation#skills Domain#Specialist# skills Expert#skills# 23

SKILLS#TRANSFER Over'35'Information'Security'&'Cyber' Security'Courses 100 s'of'distance Learning'Courses Foundation' 'Intermediate' Advanced Graduate'Development' Programme Tailored Curricula 24

CRITICAL#INFORMATION#INFRASTRUCTURE#PROTECTION#W PARTICIPATING#INDUSTRIES Water#Systems Information#Technology Energy Transport Government#Facilities Financial#Services Health Ports Electricity Critical#Manufacturing# Telecommunication Other#Industry#Stakeholders 25

2015#CIIP#SA#PROJECT#KEY#DELIVERABLES! Establish#a#task#force#to'help'drive'national'efforts'to'enhance'cybersecurity'and'improve' Critical'Information'Infrastructure'Protection'in'South'Africa! Help'empower'and'raise'the'importance'of'proper'information'and'cyber#security# practices#within'government'and'private'sector! Develop'a'public#national#cybersecurity#research#report#to'coordinate'the'actions'of'the' task'force.'! Develop'a'CIIP#framework#covering'differing'CIIP'maturity'levels! Establish'a'secure#collaboration#platform#to'allow'for'interaction'by'CIIP'stakeholders! Provide'advanced'security#&#incident#response#training#and'a targeted#awareness# programme#for'key'ciip'stakeholders'! Present'findings'of'report'at'Cybercon Africa#2015 26

CYBERCRIME New#Improved#Cybercrime#Unit#in#SAPS Cybercrime#Task#Force 27

The$Goal$ A$Safer$Country$for$all PROACTIVE Creating'stakeholder'value REACTIVE Preserving'stakeholder' value Assured'Economic'Growth Secured'National'Services Improved'Collaboration Fighting'Crime Data'Breaches Compliance V A L U E 28

Wolfpack#Information#Risk#(Pty)#Ltd Craig#Rosewarne info@wolfpackrisk.com www.wolfpackrisk.com Threat'Intelligence 'Advisory' 'Training' Awareness

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information