CISO View: Top 4 Major Imperatives for Enterprise Defense

Similar documents
Sage Data Security Services Directory

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Building a Resilient Security Posture for Effective Breach Prevention

Cyber Risks in the Boardroom Conference

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Combating Cyber Risk in the Supply Chain

Modern Database Architectures Demand Modern Data Security Measures

Cybersecurity. Securely enabling transformation and change

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Changing face of endpoint security

SECURITY SERVICES SECURITY

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Keys to a more secure data environment

2017 Annual Meeting of Members and Board of Directors Meeting

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

PORTFOLIO OVERVIEW. Security. A Comprehensive Set of Security Services for Today s Complex Cyber Security Needs. Portfolio Overview.

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

How To Build or Buy An Integrated Security Stack

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Next Generation Privilege Identity Management

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

External Supplier Control Obligations. Cyber Security

CYBER RESILIENCE & INCIDENT RESPONSE

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

Best Practices in Securing a Multicloud World

State of South Carolina Interim Security Assessment

Putting It All Together:

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

The Impact of Cybersecurity, Data Privacy and Social Media

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

What It Takes to be a CISO in 2017

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

The Modern SOC and NOC

Securing a Dynamic Infrastructure. IT Virtualization new challenges

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Cybersecurity Session IIA Conference 2018

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Are we breached? Deloitte's Cyber Threat Hunting

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Cyber Security Incident Response Fighting Fire with Fire

THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015

Florida Board of Governors General Office Legislative Budget Request

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

The Evolving Threat to Corporate Cyber & Data Security

RSA NetWitness Suite Respond in Minutes, Not Months

Information Governance, the Next Evolution of Privacy and Security

Information Security Controls Policy

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

A Data-Centric Approach to Endpoint Security

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

01.0 Policy Responsibilities and Oversight

The Business Case for Network Segmentation

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Internet of Things Toolkit for Small and Medium Businesses

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

The CERT Top 10 List for Winning the Battle Against Insider Threats

Mastering The Endpoint

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

to Enhance Your Cyber Security Needs

Effective Strategies for Managing Cybersecurity Risks

CA Security Management

University of Pittsburgh Security Assessment Questionnaire (v1.7)

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

IT Consulting and Implementation Services

THALES DATA THREAT REPORT

Corporate Information Security Policy

How to Prepare a Response to Cyber Attack for a Multinational Company.

Information Security Controls Policy

NYDFS Cybersecurity Regulations

Data Security: Public Contracts and the Cloud

DeMystifying Data Breaches and Information Security Compliance

Maximum Security with Minimum Impact : Going Beyond Next Gen

Angela McKay Director, Government Security Policy and Strategy Microsoft

Certified Information Security Manager (CISM) Course Overview

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Session ID: CISO-W22 Session Classification: General Interest

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cybowall Solution Overview

MEETING ISO STANDARDS

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Transcription:

CISO View: Top 4 Major Imperatives for Enterprise Defense James Christiansen Chief Information Security Officer Evantix, Inc. Gary Terrell CIPP Chief Information Security Officer Adobe Session ID: Star 403 Session Classification: Intermediate

InfoSec Major Imperatives How do you focus your limited resources to keep up with the ever changing threat landscape? How can a CISO keep up? This session focuses on the 4 major imperatives for enterprise defense: evolving security beyond Outside/In defenses increasing regulatory focus on data protection extending security controls into the Cloud mobilization of enterprise 2

Objectives Learn from current cyber events why these 4 imperatives are so important See how to establish your own strategy to meet the demand of modern threats and make it relevant to your environment Discuss practical advice for creating a tactical plan for protecting your company from people that have the experience to tackle these issues Understand how to build an action plan so you can be ready and quickly react to new threats 3

Key Leadership Questions Given the actual threats encountered in 2011 what do threats look like in 2012? How do you think about threats and how do you communicate them to executive teams? What 4 imperatives help you deal with threats to separate real threats from background noise? 4

#1-Beyond Outside / In to Inside / Out Defense Outside / In focuses on external threats Mature tools in place have helped control threats Many years experience dealing with these threats has resulted in well established procedures Disaster Recovery and Business Continuity initiatives have elevated awareness of this class of threats Inside / Out focuses on malicious insiders Fewer tools to monitor data leakage and threats posed by insiders employees, business partners, temporary workers and contractors 5

Beyond Outside / In to Inside / Out Defense Data Leakage sources Unintentional employee errors Outsiders: malware, spam, spyware, and hackers Data stolen by employee or Third Party Insider sabotage Monitor internal environment FTP, Email and Instant Messaging Media Room Media Disposal 6

#2-Increased Focus on Data Protection Federal Government GLBA HIPAA-HITECH FCRA Red Flags State Privacy Acts Massachusetts Nevada International Regulations UK Data Protection Directive Malaysia Data Protection Act French Data Protection Authority 7

Impact of Data Breaches Growing Organized, planned and coordinated attacks generally target specific data/information Breaches impact involve short and long term financial losses Breaches may involve reputation impact when reported Hactivism attacks generally target customer information and related data Breaches involve short term financial loss Breaches often involve long term reputation impact 8

#3-Extend Security Controls to the Cloud Before Engagement: Risk vary depending on the cloud category and service model During Negotiations: Address the risk requirements, ongoing due diligence and exit strategy During Relationship: At least an annual review of security practices. Use a best practice risk methodology to manage the risk Exiting Relationship: Plan and continually revise your exit strategy. During exit make sure all information is destroyed 9

Pro: Security is Core to Cloud Services Cloud Computing Companies offer benefits of scale Core product of company provides focus on infrastructure Staffing dedicated to infrastructure and security Reduced overall cost of physical security Scale and Agility Cloud computing companies depend on their ability to be agile in delivery and scale quickly to meet client demands Ability to reroute application/network traffic to thwart DOS attacks 10

Con: Controlling Data is Challenging Loss of Direct Control The security controls are in the hands of the cloud providers Malicious Insiders Data Protection A shared environment can offer more avenues for data access Movement of data between clouds Complete Data destruction is very difficult in shared cloud Legal Risks Electronic Discovery Electronic Forensics 11

Con: Controlling Data is Challenging Compliance Risk State, Local, Federal and International Regulations Industry specific requirements (e.g. PCI) Providing evidence of compliance Exit Strategy Being able to move your service in-house or other provider 12

Cloud Computing Security Management Tools Audience interactive discussion: How to handle event logs? How do we manage malware? How do we manage data integrity Tools that are missing in market? What experiences have you had that worked and didn t work? 13

#4-Mobilization of the Enterprise Mobil Device Growth According to a survey by Good Technology, the number of consumer devices entering the workplace has doubled in six months Mobile Device Breaches Mobile devices used to commit data breaches increased significantly in cases closed in 2010 Leading the way were compromised POS terminals, pay-at-the-pump terminals, and ATMs 14

#4-Mobilization of the Enterprise Security Strategy Traditional practices for securing data on servers does not protect data cached on mobile devices Mobile Security Agent An agent on the mobile device is required to establish security controls to encrypt, pins and pw and selective wipes of business data 15

Applying Limited Resources to Changing Threats Applying Technology Investments Balance investments in traditional security technology and some cloud centric technologies Examples and benefits of technology investments Applying Human Investments Retrain/redeploy human resource to higher value risk activities Examples and benefits of human resource investments Attacks are trending up sharply year over year 16

How to Apply What You Have Learned Within three months, you should: Assess the impact of organization s use of mobile devices and cloud applications on data loss Assess the rate of deployment to Cloud based applications and mobile services Seek funding for the top 4 imperatives based on the risk of data loss 17

Conclusion We have covered: How to focus your limited resources to keep up with the ever changing threat landscape How a CISO can keep up with new innovations? Top 4 major imperatives for cyber security defenses: evolving security beyond Outside/In defenses increasing regulatory focus on data protection extending security controls to the Cloud mobilization of enterprise 18

Q&A Questions? Presenter Contact Information: James Christiansen james.christiansen@evantix.com (949) 614-7076 http://www.linkedin.com/in/evantixjames Gary Terrell gary.terrell@adobe.com (408) 536-4311 http://www.linkedin.com/in/garyterrell Thank You! 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback