Cyber COBIT. Ophir Zilbiger, CEO SECOZ Shay Zandani, CEO CyberARM. December 2013

Transcription

1 Cyber COBIT Ophir Zilbiger, CEO SECOZ Shay Zandani, CEO CyberARM December

2 Agenda 1. Background & Definitions 2. Applying COBIT5 to Cybersecurity Governance 3. Cybersecurity Management 4. Cybersecurity Assurance 5. Summary 2

3 1. Background & Definitions 3

4 Cyber COBIT5 This integration of COBIT enables enterprises and individuals to harmonize their security strategies in a systemic way 4

5 So - What is Cybersecurity? Cybersecurity encompasses all that protects enterprises and individuals from intentional attacks, breaches and incidents as well as the consequences Cybersecurity addresses primarily those types of attack, breach or incident that are targeted, sophisticated and difficult to detect or manage The focus of cybersecurity is on what has become known as advanced persistent threats (APTs), cyberwarfare and their impact on enterprises and individuals 5

6 Traditional Information Security Controls Secure Development IdM Information Security Shredding Field Security Firewalls Risk Mng. Incident Response Mobile Security 6

7 Always On Trends and Game Changers Typical IT Centric home bandwidth Public Banking access and point Finance Mobile Shopping devices Proximity-based Travel and Logistics connectivity Stronger Critical dependencies infrastructures on being Increasing connected reliance on fully automated B2B as well as B2C processes 7

8 Evolution of the Threat Landscape 8

9 Cybersecurity New-Old Controls SCADA Information Security Shredding Field Security Firewalls Incident Response Mobile Security Intel APT Simulation Cybersecurity 9

10 New Prioritization Firewalls Shredding Incident response Mobile SCADA Intel 10

11 Impact of Cybercrime and Cyberwarfare on Business and Society Theft of competitive data/competitive intelligence, including economic espionage Theft of intellectual property or trade secrets, misappropriation of assets Financial fraud, credit card and wider identity theft, impersonation and fraudulent transactions US $21 billion for

12 2. Applying COBIT5 to Cybersecurity Governance 12

13 Integrate with other Frameworks Cybersecurity, as defined in ISO Information technology Security techniques Guidelines for cybersecurity Information security, e.g., ISO or National Institute of Standards and Technology (NIST) SP SANS Critical Controls (Top 20) Enterprise governance of IT, as defined through COBIT 5 or other frameworks Risk management frameworks and practices influencing cybersecurity Business continuity, service continuity and emergency/crisis handling provisions at the governance level, e.g., ISO 22301, ISO Organizational (corporate) governance provisions influencing cybersecurity directly or indirectly 13

14 COBIT5 Processes EDM APO BAI MEA DSS 14

15 Evaluate, Direct & Monitor (EDM) 15

16 Align, Plan and Organize (APO) 16

17 3. Cybersecurity Management 17

18 COBIT5 Enablers 18

19 Different approaches to Information Security and Cybersecurity Enabler Information Security Cybersecurity Principles, policies and frameworks Culture, Ethics and Behaviour Information People, Skills and Competencies Establish policies and implement frameworks. Provide guidance and tools for the law-abiding and loyal associates within the enterprise. Protect business sensitive information. Security management requires a comprehensive set of skills and competencies Develop and implement flexible guiding principles. Anticipating nonconformance with model behaviors. Add attractiveness to cybercrime or cyberwarfare to determine what to further protect. It is essential that end users be included in the enterprise skills profile in order to protect them from avoidable errors as well as new forms of attack 19

20 Different approaches to Information Security and Cybersecurity Enabler Information Security Cybersecurity Organizational Structure Services, Infrastructure and Applications Processes The information security function, including its management roles and responsibilities, is usually defined as part of IT or, in some cases, corporate security Various security areas (e.g., awareness, secure development) are implemented as a basis for security management. COBIT 5 information security processes Very large and complex enterprises often assign cybersecurity responsibility to entire units within the various security functions, or to an existing CERT Each domain should be bent to accommodate Cybersecurity (e.g., monitoring and logging influenced by Cybersecurity would enable breaches detection and forensics. Cybersecurity transforms COBIT 5 processes: BAI06 Manage changes: changes and emergency changes in Cybersecurity. 20

21 INTERNAL INTELLIGENCE Security Controls Maturity Indicators CORRELATION & ANALYTICS ANALYSIS & RECOMMENDATIONS Security Events Data Security Threats Assessment Controls Maturity Assessment Actionable Controls Recommendations EXTERNAL INTELLIGENCE Security Controls Maturity Criteria Cyber Intelligence Geolocation(s) Coverage Industry Sector(s) Functionalities Technologies Updateness Assets Processes Analytical Engine UNIFIED DATA MODEL Risk Maps Attacker Models Attack Models Defense Models Threat Data

22 4. Cybersecurity Assurance 22

23 Auditing and Reviewing Cybersecurity 23

24 Cybercrime Audit/Assurance Program 24

25 4. Summary 25

26 Guiding Principles for Transforming Cybersecurity Principle 1. Know the potential impact of cybercrime and cyberwarfare Principle 2. Understand end users, their cultural values and their behavior patterns Principle 3. Clearly state the business case for cybersecurity, and the risk appetite of the enterprise. Principle 4. Establish cybersecurity governance Principle 5. Manage cybersecurity using principles and enablers Principle 6. Know the cybersecurity assurance universe and objectives Principle 7. Provide reasonable assurance over cybersecurity Principle 8. Establish and evolve systemic cybersecurity 26

27 Q&A Shay Zandani, CEO CyberARM Ophir Zilbiger, CEO SECOZ

28 Information Security Manager Profile 28

29 Cybersecurity Specialist Profile & Interfaces 29