CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

Similar documents

KEY TRENDS AND DRIVERS OF SECURITY

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

CYBERSECURITY NEXUS CSX. 15 October 2014 ISACA Winchester Chapter

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

ISACA S CYBERSECURITY NEXUS (CSX) October 2015

Trends in Information Technology (IT) Auditing

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Certified Cyber Security Analyst VS-1160

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

ISACA Tools Help Develop Cybersecurity Expertise

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

The enemies ashore Vulnerabilities & hackers: A relationship that works

Certified Information Security Manager (CISM)

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cyber Risk Management with COBIT 5

Defending Against Data Beaches: Internal Controls for Cybersecurity

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

CYBERSECURITY HOT TOPICS

Jort Kollerie SonicWALL

What keep the CIO up at Night Managing Security Nightmares

Executive Cyber Security Training. One Day Training Course

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Wisconsin National Governor s Association: Call To Action

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Rethinking Cyber Security Threats

Current Threat Scenario and Recent Attack Trends

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

The EU s approach to Cyber Security and Defence

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Computer Security (EDA263 / DIT 641)

Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA

CISA, CISM, CGEIT, CRISC COBIT Foundations Certificate CISSP, OSCP ITIL v3 Foundations Certificate

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014

The McAfee SECURE TM Standard

EC-Council. Certified Ethical Hacker. Program Brochure

Internet Safety and Security: Strategies for Building an Internet Safety Wall

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

Happy First Anniversary NIST Cyber Security Framework:

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

Security Transcends Technology

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

State of South Carolina InfoSec and Privacy Career Path Model

The Impact of Cybercrime on Business

A PROVEN THREAT A TRUSTED SOLUTION MCCANN CYBER SECURITY SOLUTIONS

Cybercrime in Canadian Criminal Law

Introduction to Information Security Management

IT Senior Audit Leader

EC Council Certified Ethical Hacker V8

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Certified Cyber Security Analyst VS-1160

Course Content: Session 1. Ethics & Hacking

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Click to edit Master title style

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

PACB One-Day Cybersecurity Workshop

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

Attacks from the Inside

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Legislative Council Panel on Information Technology and Broadcasting. Information Security

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

CYBER ATTACKS CASHING IN ON RETAILERS: A WEBINAR ON CYBERSECURITY

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia

CYBERTRON NETWORK SOLUTIONS

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

Information Systems Security Certificate Program

Are you prepared to be next? Invensys Cyber Security

Making Your Enterprise SSL Security Less of a Gamble

Terms of Reference for an IT Audit of

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Promoting Network Security (A Service Provider Perspective)

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Protecting critical infrastructure from Cyber-attack

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

About the Presenter About the Cloud Security Alliance Guidance 1.0 Getting Involved Call to Action

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd Riga. Baltic IT&T

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Introduction to Cybersecurity Overview. October 2014

On-Site Manager Exclusive Customer Offer

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Transcription:

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

Robert Stroud International President, ISACA VP Strategy & Innovation, CA Technologies @RobertEStroud RobertEStroud@live.com Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt International Vice President, ISACA Security Strategist & Evangelist, Dell Software Presidente, ISACA, Capítulo Barcelona Privacy by Design Ambassador, Gobierno de Ontario, Canada @ramsesgallego ramses.gallego@me.com

Malicious code Hackers DDos Session-hijacking Internal threat Spyware Control Brute force Trojans Worms Intrusion Scans Botnet Spoofing Scams Malware Spam SQL Injection Vulnerabilities Spionage Zombie Scripting Virus Phishing Attack Hacktivism Disgruntled employees

Diagram Page 100% 90% 80% Diskette 70% 60% 50% 40% 30% 20% E-mail Download Don t know 10% 0% 1996 1997 1998 Source: http://rt.com/usa/160328-utility-cyber-attack-hack

Diagram Page Source: http://www.cnbc.com/id/101862753

EVOLUTION OF ATTACKS

CSX ELEMENTS AVAILABLE NOW Cybersecurity Fundamentals Certificate (workshops and exams taking place in Q3; first workshop sold out) Transforming Cybersecurity Using COBIT 5 Responding to Targeted Cyberattacks Advanced Persistent Threats: Managing the Risks to Your Business 2014 APT Awareness Study Cybersecurity webinars and conference tracks (six-part webinar series) COMING SOON Mentoring Program Cybersecurity practitioner-level certification (first exam: 2015) Cybersecurity training courses SCADA guidance Digital forensics guidance.... And announcing Cybersecurity Knowledge Center community Implementation guidance for NIST s US Cybersecurity Framework (which incorporates COBIT 5) and the EU Cybersecurity Strategy

CAREER PATH 0-3 years: Cybersecurity Fundamentals Certificate (no experience required; must pass knowledge-based exam) 3-5 years: Cybersecurity practitioner-level certification (coming in mid-2015) 5+ years: Certified Information Security Manager certification (25,000+ professionals certified since inception)

CYBERSECURITY FUNDAMENTALS KNOWLEDGE CERTIFICATE Knowledge-based exam for those with 0 to 3 years experience Foundational level covers four domains: 1) Cybersecurity architecture principles 2) Security of networks, systems, applications and data 3) Incident response 4) Security implications related to adoption of emerging technologies The content aligns with the US NICE framework and was developed by a team of about 20 cybersecurity professionals from around the world. The team is involved in all areas of development through content contribution and subject matter expert reviews.

ADVANCED PERSISTENT THREAT AWARENESS STUDY

CSX EUROPEAN GUIDANCE European Cybersecurity Implementation Series: European Cybersecurity Implementation: Overview European Cybersecurity Implementation: Assurance European Cybersecurity Implementation: Resilience European Cybersecurity Implementation: Risk Guidance www.isaca.org/eu-cyberimplementation

SPECIFIC GUIDANCE FOR THE NIST FRAMEWORK

LEADERSHIP FOR EXECUTIVES WITH THE IIA

TRANSFORMING CYBERSECURITY USING COBIT 5 Eight Key Principles: 1. Understand the potential impact of cybercrime and warfare on your enterprise. 2. Understand end users, their cultural values and their behavior patterns. 3. Clearly state the business case for cybersecurity and the risk appetite of the enterprise. 4. Establish cybersecurity governance. 5. Manage cybersecurity using principles and enablers. (The principles and enablers found in COBIT 5 will help your organization ensure end-to-end governance that meets stakeholder needs, covers the enterprise to end and provides a holistic approach, among other benefits. The processes, controls, activities and key performance indicators associated with each enabler will provide the enterprise with a comprehensive picture of cybersecurity.) 6. Know the cybersecurity assurance universe and objectives. 7. Provide reasonable assurance over cybersecurity. (This includes monitoring, internal reviews, audits and, as needed, investigative and forensic analysis.) 8. Establish and evolve systemic cybersecurity.

AND ANNOUNCING... Global in 2016 and 2017

Becoming a successful security practitioner is hard. Ideal candidates are well-rounded and have a solid foundation in networking, operating systems, web technologies and incident response, and an understanding of the threat landscape and risk management. Darren Van Booven, CISA, CISM, CISSP, CPA, Chief Information Security Officer, U.S. House of Representatives, and ISACA Member

www.isaca.org/cyber

THANK YOU For more information: https://www.isaca.org