CFIR - Finance IT 2015 Cyber security September 2015



Similar documents
Cyber security Building confidence in your digital future

Cloud Infrastructure Security Management

HP Cyber Security Control Cyber Insight & Defence

InfoSec Academy Forensics Track

The Next Generation of Security Leaders

Access Governance. Delivering value. What you gain. Putting a project back on track for success

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Cybersecurity The role of Internal Audit

InfoSec Academy Application & Secure Code Track

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

G-Cloud IV Services Service Definition Accenture Cloud Security Services

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

The enemies ashore Vulnerabilities & hackers: A relationship that works

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Introduction Jim Rowland, Senior System Architect and Project Manager Daly

How To Manage Social Media Risk

Big Data Analytics: 14 November 2013

20+ At risk and unready in an interconnected world

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

InfoSec Academy Pen Testing & Hacking Track

IBM Security QRadar Risk Manager

Network Security. Intertech Associates, Inc.

Cyber Risks in the Boardroom

Continuous Network Monitoring

Managing cyber risks with insurance

IBM Security QRadar Risk Manager

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

IoT & SCADA Cyber Security Services

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Addressing Cyber Risk Building robust cyber governance

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Logging In: Auditing Cybersecurity in an Unsecure World

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

HP Fortify Software Security Center

Report on CAP Cybersecurity November 5, 2015

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014

Cyber R &D Research Roundtable

The PCI Dilemma. COPYRIGHT TecForte

G-Cloud III Services Service Definition Accenture Cloud Security Services

CONSULTING IMAGE PLACEHOLDER

Solving the Security Puzzle

Information Security Specialist Training on the Basis of ISO/IEC 27002

Technology Risk Management Are you ready?

CYBER SECURITY TRAINING SAFE AND SECURE

CyberArk Privileged Threat Analytics. Solution Brief

Cyber security Building confidence in your digital future

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Computer Security and Investigations

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

The fast track to top skills and top jobs in cyber. Guaranteed.

CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together.

Applying IBM Security solutions to the NIST Cybersecurity Framework

Educa&onal Event Spring Cyber Security - Implications for Records Managers Art Ehuan

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

Past vs. Present: Third Party Risk

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director

White Paper: Enterprise Hosting 2013

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

SCADA Security Training

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Big Data, Big Risk, Big Rewards. Hussein Syed

Vulnerability Assessment & Compliance

(S2.3) Security Spotlight: How cyber criminals can steal millions in seconds and how to fight back. Johannesburg

2) trusted network, resilient against large scale Denial of Service attacks

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

Program Overview and 2015 Outlook

SecureVue Product Brochure

KEY TRENDS AND DRIVERS OF SECURITY

Advanced Threats: The New World Order

Mitigating and managing cyber risk: ten issues to consider

Leveraging Network and Vulnerability metrics Using RedSeal

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Overview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink.

VeilMail Penetration Test Executive Summary PRESENTED TO: GREG ROAKE, CEO.TURNER TECHNOLOGIES LTD - VEILMAIL STEVE BYRNE, DIRECTOR.

CYBER SECURITY WORKFORCE

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

ISO27032 Guidelines for Cyber Security

Evolution Of Cyber Threats & Defense Approaches

Executive Cyber Security Training. One Day Training Course

John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems

Address C-level Cybersecurity issues to enable and secure Digital transformation

Best Practices to Improve Breach Readiness

Internal Audit Takes On Emerging Technologies

Changing the Enterprise Security Landscape

Developments in cybercrime and cybersecurity

Cybersecurity. Are you prepared?

Enterprise Security Tactical Plan

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget

McAfee Security Architectures for the Public Sector

Digi Device Cloud: Security You Can Trust

future data and infrastructure

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Bellevue University Cybersecurity Programs & Courses

A NEW APPROACH TO CYBER SECURITY

Transcription:

www.pwc.dk Cyber security Audit. Tax. Consulting.

Our global team and credentials Our team helps organisations understand dynamic cyber challenges, adapt and respond to risks inherent to their business ecosystem, and prioritise and protect the most valuable assets fundamental to their business strategy. 3,200+ professionals Focused on consulting, solution implementation, incident response, and forensic investigation Knowledge and experience across key industries and sectors Largest professional security consulting provider as ranked by Gartner 1 Leader ranking by Forrester Research " has very strong global delivery capabilities, and the firm offers solid, comprehensive services with the ability to address almost all of the security and risk challenges that clients will face 2 Knowledge & Experience Advanced degrees and certifications including Certified Information System Security Professional (CISSP) Encase Certified Examiner (EnCE) Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) Identity Management Specialization Former federal and international law enforcement and intelligence officers Security clearances that allow for classified discussions that often stem from cyber related incidents We provide pragmatic insight and a balanced view of how to prioritise investments in people, processes and technology solutions needed to address the cybersecurity challenge 60+ labs Technical security and forensics labs located in forty countries Designed to conduct assessments, design and test security solutions, and conduct cyber forensic analysis and investigations. Proprietary tools and methods Extensive library of templates, tools, and accelerators Cyber threat intelligence fusion and big data analysis platforms to process data related to cyber threats and incidents 1 Gartner: Competitive Landscape: Professional Security Consulting Services, Worldwide, 2013 2 The Forrester Wave: Information Security and Risk Consulting Services, Q1 2013, Forrester Research, Ed Ferrara and Andrew Rose, February 1, 2013 2

The landscape Users Criminals The employees trying to survive every work day with an increased level of enforced security. single opportunists, well-organised criminals etc. valuables customer services Business sensitive information intellectual capital Customers A business trying to create attractive services for new and existing customers while also trying to limit the cost of actually managing these services in favour of an increasing share price. Consuming the services, using credit and debit cards, managing their financials and expecting to be sufficiently secured. 3

The PAVA model The PAVA model is developed by Denmark and is based on our experience with cyber security assessment. The model aims to quantify the level of coverage of a given analysis within Process, Awareness, Vulnerabilities and Architecture. There are five levels for each area, and the analysis will always contain at least level one of all areas. The higher the level of an area, the more in-depth the analysis will be. Process This area clarifies the processes that exist in the company. The area also covers to which degree the theoretical aspect correlates with the practical aspect. Depending on the level, the company will be assessed based on e.g. the ISO 27000 standard, SANS Critical Security Controls, various NIST standards or similar frameworks. Awareness This area clarifies how users of the systems actually act in everyday life. It examines whether users know about the company security policy and whether it is respected. This could for example also include social engineering attacks. Vulnerabilities This area clarifies the level of security in terms of actual vulnerabilities of the analysed systems. Depending on the level, a given analysis will vary from an automated analysis to an indepth manual analysis. This could for example also include source code analysis. Architecture This area clarifies whether the company's system landscape, network design and interfaces are sound with regards to security. Depending on the level, we can prepare a statement of the sensitivity of different systems, i.e. how sensitive they are to crashes in various parts of the infrastructure. 4

The crazy ideas Pop-up branches - Lets close down some branches and do it all via ipads. Lost my card it would be neat if I could withdraw cash using my smart phone I wonder if we could utilise ibeacons for access to ATMs in anyway Why not use transactional data for analysis and do targeted marketing 5

Business vs security The auditors won t accept this No support for HSMs We need to embrace change The technology isn t mature enough Why all this security stuff log management will solve it.. The security team is always the bottleneck for progress We can t deploy an insecure solution like this on a flat network The supported crypto algorithms isn t compliant with our standards Let s try it out in the cloud and ask security later on 6

Concluding thoughts Business: Is it possible to engage with security at an earlier stage? Both: Acknowledge the conflict and communicate Security: What are the actual attack vectors and can we be more pragmatic when considering the controls? Both: Promote security awareness and education. Consider a more decentralised security approach 7

Thanks for listening! See you at: Cyber Crime Conference on 7 Oct http://www.pwc.dk/da/arrangementer/cybercrimekonference2015.jhtml Questions? Mark Barnkob Security Architect Security & Technology Mobile: 2020 5231 E-mail: mko@pwc.dk Together we succeed This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Statsautoriseret Revisionspartnerselskab, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2015 PricewaterhouseCoopers Statsautoriseret Revisionspartnerselskab. All rights reserved. In this document, refers to PricewaterhouseCoopers Statsautoriseret Revisionspartnerselskab which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information