The enemies ashore Vulnerabilities & hackers: A relationship that works



Similar documents
Addressing Cyber Risk Building robust cyber governance

The cyber security imperative. Protect your organization from cyber threats

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks

Cyber Security Evolved

CYBER SECURITY TRAINING SAFE AND SECURE

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

ISO27032 Guidelines for Cyber Security

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cybersecurity and internal audit. August 15, 2014

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cybersecurity The role of Internal Audit

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

HP Cyber Security Control Cyber Insight & Defence

CYBER SECURITY, A GROWING CIO PRIORITY

The Next Generation of Security Leaders

Cyber intelligence exchange in business environment : a battle for trust and data

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

A NEW APPROACH TO CYBER SECURITY

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Deloitte Service Code: D-G6-L4-543 December 2014

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Cybersecurity. Considerations for the audit committee

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Security Risk Management Strategy in a Mobile and Consumerised World

CYBER SECURITY Audit, Test & Compliance

Intelligence Driven Security

Into the cybersecurity breach

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

SECURITY CONSIDERATIONS FOR LAW FIRMS

CGI Cyber Risk Advisory and Management Services for Insurers

Continuous Network Monitoring

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

CFIR - Finance IT 2015 Cyber security September 2015

Italy. EY s Global Information Security Survey 2013

Caretower s SIEM Managed Security Services

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

CyberArk Privileged Threat Analytics. Solution Brief

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Advanced Threats: The New World Order

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

ISO Information Security Management Services (Lot 4)

Securing Industrial Control Systems Secure. Vigilant. Resilient. May 2015

Digital Forensics G-Cloud Service Definition

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Unit 3 Cyber security

Cyber Learning Solutions

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Developing a Mature Security Operations Center

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

External Supplier Control Requirements

1. Understanding Big Data

developing your potential Cyber Security Training

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

State of South Carolina InfoSec and Privacy Career Path Model

CyberSecurity Solutions. Delivering

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Sytorus Information Security Assessment Overview

REPORT. Next steps in cyber security

Cyber security Building confidence in your digital future

Internal Audit Landscape 2014

Key Cyber Risks at the ERP Level

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

KEY TRENDS AND DRIVERS OF SECURITY

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Cybernetic Global Intelligence. Service Information Package

Mitigating and managing cyber risk: ten issues to consider

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

IBM QRadar as a Service

Transcription:

The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services

Cyber security maturity model How effectively does your organisation prepare for, become aware of, and respond to cyber threats? Proactive Threat Management Media & SMEs Consumer Business & Life Sciences Retail Banks & Energy Providers Investment Banks Military & Defence Shipping Blissful Ignorance Basic Network Protection IT Service Desk & Whistleblowing Acceptable Usage Policy IT BC & DR Exercises Transformation Ad Hoc Infrastructure & Application Protection Security Log Collection & Ad Hoc Reporting Ad Hoc System / Malware Forensics Ad-hoc Threat Intelligence Sharing with Peers Commercial & Open Source Threat Intelligence Feeds Network & System Centric Activity Profiling General Information Security Training & Awareness IT Cyber Attack Simulations Enterprise-Wide Infrastructure & Application Protection 24x7 Technology Centric Security Event Reporting Operational Excellence Basic Online Brand Monitoring Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat Intelligence Collaboration Criminal / Hacker Surveillance Workforce / Customer Behaviour Profiling Targeted Intelligence-Based Cyber Security Awareness Business-Wide Cyber Attack Exercises Identity-Aware Information Protection External & Internal Threat Intelligence Correlation Situational Awareness of Cyber Threats Online Brand & Social Media Policing Automated Electronic Discovery & Forensics Global Cross-Sector Threat Intelligence Sharing Baiting & Counter-Threat Intelligence Real-time Business Risk Analytics & Decision Support Business Partner Cyber Security Awareness Sector-Wide & Supply Chain Cyber Attack Exercises Adaptive & Automated Security Control Updates Cross-Channel Malicious Activity Detection Brand Monitoring E-Discovery & Forensics Intelligence Collaboration External Threat Intelligence Behavioural Analytics Training & Awareness Cyber Attack Preparation Asset Protection Security Event Monitoring Traditional Signature-Based Security Controls Periodic IT Asset Vulnerability Assessments Automated IT Asset Vulnerability Monitoring Targeted Cross-Platform User Activity Monitoring Tailored & Integrated Business Process Monitoring Internal Threat Intelligence Cyber Security Maturity Levels Level 1 Level 2 Level 3 Level 4 Level 5 1

Module Technology 1: Introduction to for Security Business and Privacy in the Cloud Threats 2

What were the most common ways in which the breach(es) occurred in the past 12 months? Source: Forrester Research Understand The State Of Data Security And Privacy: 2012 To 2013

A t t a c k e r S o p h i s t i c a t i o n Accidental Discovery Malware Insider Lone Hacker / Hobbyist Business Partner Script kiddy Disgruntled ex - IT Administrator Competitor Disgruntled Customer Disgruntled ex - Employee State - sponsored Cyber Warfare Organised Crime Hacker Collectives Cyber Terrorism Hacktivism Attacker Determination

Guiding principles Five principles should underpin Cyber Security, and promote a cohesive approach to protection from cyber threats. Only when you have fully understood your assets, the risks that threaten them, and how these fit into the overall threat landscape can you determine what level of threat maturity you need to defend against, and where you draw the line to focus on limiting the impact of a successful attack. It is not practical to prevent all forms of cyber attack, especially those that are particularly sophisticated and targeted. You should ensure you have the organisational and technical capability to rapidly detect and respond to a successful attack in order to limit its impact. Your security is only as strong as the weakest link; ensure that the risks associated with cyber security, and the steps that your organisation is taking to combat these risks are understood across the organisation, from the board and senior management, to all staff, partners and third parties. 1. Understand your risk appetite 2. Ensure close alignment with business goals 3. Prepare for the worst 4. Share intelligence 5. Instil a broad awareness of cyber security Ensure that your strategic direction for cyber security is in close alignment with business goals, and the organisation s strategy for achieving these. Focus effort on defending the most strategically important parts of the business, or those that are being delivered in the riskiest way. Collaborate and share intelligence with industry, national and international cyber threat intelligence organisations. By sharing intelligence with other organisations you will be in a position to receive the benefit of shared wisdom. 5

Vulnerabilities Exposure over Time 100 Server upgrade Audit Findings Remediation Etc. Exposure to Vulnerabilities 75 50 25 0 Patching Assessment Assessment Assessment Assessment Etc. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Ad hoc Assessments Periodic Assessments Continuous Assessments Time 6

Appetizers Menu 7

Why Deloitte? Our security, privacy, and risk management services are independently recognised as world leading. Independent analyst recognition Global footprint Depth and breadth of skills Expertise and experience across a range of sectors Investment in innovation Forrester Wave : Information Security And Risk Consulting, Q3 10 In Forrester s 75-criteria evaluation of information security and risk consulting service providers, we found that Deloitte led the pack because of its maniacal customer focus and deep technical expertise. Deloitte Member Firm Accreditations Strategic Partners ISC 2 ISACA BSI IAPP Specialty Over 1,100 CISSPs Over 2,000 certified as CISA, CISM, & CGEIT Over 150 trained lead system auditors Privacy certified practitioners Wide range of domain specific certifications 8

Questions? Hadjipavlou Sofianos & Cambanis S.A. Alexandros Charvalias CISSP, CISA, ACDA Manager Assurance & Enterprise Risk Services 3a Fragoklissias & Granikou str. GR 151 25 Maroussi Athens, Greece Tel: +30 210 6781 100 Mob: +30 695 1921 042 acharvalias@deloitte.gr www.deloitte.gr Member of Deloitte Touche Tohmatsu Limited 9

About Deloitte Deloitte Greece is a member of Deloitte Touche Tohmatsu Limited (DTTL), a private UK company limited by guarantee, the world s largest professional services firm, with approximately 182,000 people, in more than 150 countries, and annual turnover of USD 28.8 bn. (2011). Deloitte combines world-class capabilities with deep local expertise to help clients succeed. It s tens of thousands of professionals, are committed to becoming the standard of excellence. In Greece, Deloitte Hadjipavlou Sofianos & Cambanis S.A. provides audit services, Deloitte Business Solutions Hadjipavlou Sofianos & Cambanis S.A. financial advisory, tax and consulting services and Direct Accounting Compliance & Reporting Services SA accounting outsourcing services. With a staff of 400 professionals and offices in Athens and Thessaloniki, Deloitte focuses on all major industries including financial services; shipping; energy; consumer business; life sciences & health care and government services. Deloitte clients include most of the leading private and public, commercial, financial and industrial companies. For more information, please visit our website at www.deloitte.gr 3a Fragoklissias & Granikou Str., 151 25 Maroussi, Athens-Greece, Tel: 210 6781100

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information