Les joies et les peines de la transformation numérique

Similar documents
Cybersecurity Fundamentals

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

IT Governance and emerging trends

Designing and Building a Cybersecurity Program

CISO as Change Agent: Getting to Yes

CyberSecurity: Top 20 Controls

K12 Cybersecurity Roadmap

DUNS CAGE 5T5C3

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

Cybersecurity Today Avoid Becoming a News Headline

BRING EXPERT TRAINING TO YOUR WORKPLACE.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Sage Data Security Services Directory

Cyber Protections: First Step, Risk Assessment

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Automating the Top 20 CIS Critical Security Controls

Ingram Micro Cyber Security Portfolio

Defensible Security DefSec 101

Cyber Security Incident Response Fighting Fire with Fire

Building Secure Systems

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Helping you understand the impact of GDPR.

TIPS FOR AUDITING CYBERSECURITY

ISE North America Leadership Summit and Awards

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

ISACA International Perspective

NCSF Foundation Certification

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Mohammad Shahadat Hossain

Security and Privacy Governance Program Guidelines

EU General Data Protection Regulation (GDPR) Achieving compliance

Training + Information Sharing: Pillars of enhancing cybersecurity posture

Predstavenie štandardu ISO/IEC 27005

PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Postgraduate Degree in ICT Audit & Security. Is your IT really under control?

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

BHConsulting. Your trusted cybersecurity partner

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

Cybersecurity & Privacy Enhancements

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Cybersecurity and the Board of Directors

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

building for my Future 2013 Certification

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

THE POWER OF TECH-SAVVY BOARDS:

FDIC InTREx What Documentation Are You Expected to Have?

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Cybersecurity, safety and resilience - Airline perspective

Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017

Effective COBIT Learning Solutions Information package Corporate customers

falanx Cyber ISO 27001: How and why your organisation should get certified

Cybersecurity Auditing in an Unsecure World

Information Technology General Control Review

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

NCSF Foundation Certification

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Incident Response Services

Framework for Improving Critical Infrastructure Cybersecurity

Effective Cyber Incident Response in Insurance Companies

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

COURSE BROCHURE CISA TRAINING

Position Description IT Auditor

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Certified Information Security Manager (CISM) Course Overview

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

BHConsulting. Your trusted cybersecurity partner

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

Sirius Security Overview

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

Rethinking Information Security Risk Management CRM002

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Cyber Security Program

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes

How Secure is Blockchain? June 6 th, 2017

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Background FAST FACTS

Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Business Context: Key for Successful Risk Management

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Transcription:

Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education Managing Partner, ICT Control NV

Executive Education in Information Security Management Executive Education in IT Management SOLVAY.EDU/IT

Executive Master in IT Management Executive Programme in. CIO Practices. CIO Leadership. IT Business Agility. Enterprise and IT Architecture. IT Sourcing. IT Management Consulting Executive Education in IT Management SOLVAY.EDU/IT

Executive Master in Information Risk and Cybersecurity Executive Programme in. Security Governance. Information Security. Cybersecurity Executive Education in Information Security Management SOLVAY.EDU/IT

Lectured tracks and modules Copyright ICTC.EU 2017 S track Info Security G track IT Governance M track IT Management B track Business Agility A track Activating skills S1 Information Security Management G1 The CIO Foundation M1 Applications Build and Management B1 Enterprise Strategy and Architecture A1 IT Finance and Portfolio Management S2 IT Security Practices G2 IT Governance Workshop M2 IT Services and Run Management B2 Business Transformation A2 Soft Skills for IT professionals S3 Cybersecurity Workshop G3 IT Risk and Legal concerns M3 IT Sourcing Management B3 Digital Agility and Innovation A3 Building Expert Opinion Monday Thursday Wednesday Tuesday Monday 2014 ictc.eu 2017 Georges Ataya

PROGRAMME IN EUROPEAN DATA PROTECTION Leading to certified DPO Solvay.edu/gdpr 6

European Program in Data Protection Next edition starting on March 22 Solvay.edu/gdpr

www.cybersecuritycoalition.be

Awareness Campaigns 2017 Georges Ataya

Free membership for DPO and GDPR professionals Dpocircle.eu.COM

PROGRAM IN EUROPEAN DATA PROTECTION (GDPR) SOLVAY.EDU/GDPR Legal and Management Requirements Risk and Impact Assessment Compliance Transformation Information Security and Privacy Response and Breach Management Define Data Protection objectives and scope Identify the gap in reaching defined protection targets Manage compliance Related transformation Protect and secure architectural components Prepare, React and notify when needed

.COM Actively looking for GDPR experts

13 ICT juillet Control 2015 SA Publications 14 2017 Georges Ataya

Digital transformation is the profound and accelerating transformation of business activities, processes, competencies and models to fully leverage the changes and opportunities of digital technologies and their impact across society in a strategic and prioritized way, with present and future shifts in mind. 15

Focus of IT activities and orientations Infrastructure Application Management Digital Transformation Copyright 2014 Georges Ataya

Digitization will change the traditional retail-banking business model, in some cases radically. The bad news is that change is coming whether or not banks are ready. Source: The rise of the digital bank By Tunde Olanrewaju, Principal in McKinsey s London office

18 2017 Georges Ataya

Source: Leading Digital: Turning Technology into Business Transformation, George Westerman, Didier Bonnet & Andrew McAfee, Harvard Business, Review Press, October 2014 19

Why should we care? 2017 Georges Ataya

21 2017 Georges Ataya

Sources of external threat Intelligence Agencies Criminal Groups Terrorist Groups Activist Groups Armed Forces 22

Regulatory context 23

Business Process Information Services Applications Infrastructure

Enterprise Security Architecture (cont.) Business processes Information Services Applications Infrastructure 25 2017 Georges Ataya

Processus Métier Processus Métier Information Information Services Applications Transformation projects Evolution projects Services Applications Infrastructure Current Infrastructure Future

Levels of security IT Security Security mangement Security program objectives Specific projects Security operations Information Security Essential assets Risks Mitigation Planning Business as usual/run General Security Physical security Safety Fraud, compliancy, etc. * Security aspects 28 2017 Georges Ataya

Cybersecurity processes IDENTIFY PROTECT DETECT RESPOND RECOVER 2015 ICTC.EU 29

Cybersecurity processes Functions Develop and implement IDENTIFY PROTECT DETECT RESPOND RECOVER 30

Anomalies and Events (DE.AE): Anomalous activity is detected in a timely manner and DETECT the potential impact of events is understood. 2015 ICTC.EU DE.AE-1 DE.AE-2 DE.AE-3 DE.AE-4 DE.AE-5: Incident alert thresholds are established COBIT 5 APO12.06 ISA 62443-2-1:2009 4.2.3.10 NIST SP 800-53 Rev. 4 IR-4, IR-5, IR-8 The need for good business practices 31 2017 Georges Ataya

ISO 27002:2013 control blocks 32 2017 Georges Ataya

Bottom-up approach using the SANS CIS top 20 security controls CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for fffhardware and Software CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs CSC 7: Email and Web Browser Protections CSC 8: Malware Defenses CSC 9: Limitation and Control of Network Ports CSC 10: Data Recovery Capability Eliminate the vast majority of organization's vulnerabilities CSC 11: Secure Configurations for Network Devices CSC 12: Boundary Defense CSC 13: Data Protection CSC 14: Controlled Access Based on the Need to Know CSC 15: Wireless Access Control CSC 16: Account Monitoring and Control CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps CSC 18: Application Software Security CSC 19: Incident Response and Management CSC 20: Penetration Tests and Red Team Exercises The SANS CIS top 20 security controls are based on most frequent recurring finding about security weaknesses in organizations. Implementing those controls is always regarded as good practice from a bottom-up perspective. 33 2017 Georges Ataya

34 2017 Georges Ataya The Ten Most Critical Web Application Security Risks www.owasp.org the free and open software security community Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention.

Enablers 2017 Georges Ataya

37 2017 Georges Ataya Building adequate lines of defense source

38 2017 Georges Ataya A MANAGER FOR CYBER SECURITY INCIDENT MANAGEMENT Information Security Governance Information Risk Management & Compliance Information Security Program Development & Management Information Security Incident Management

Georges Ataya Career Summary Expertise Summary Education/ Certification Professor and Academic Director (SBS-EM) Managing Director ICT Control advisory firm Past International Vice President at ISACA Past Partner Ernst & Young Past Deputy International CIO ITT World Directories Previously Project Manager and Senior IT Auditor IT Governance (development of Cobit 4 and COBIT 5) IT Governance and Value governance (co-author VALIT and supervision CGEIT BOK) Information Security Management (Co-author CISM Body of Knowledge) IT Audit and Governance Information security and risk Strategy and Enterprise Architecture and IT Sourcing Master in Computer Science (faculty of Sciences ULB) Postgraduate in Management (Solvay Brussels School ULB) Certified Information Systems Auditor (CISA); Certified Information security Manager (CISM); Certified in Risk and control (CRISC); Certified Information Systems Security Professional (CISSP); Certified in Governance of Enterptise IT (CGEIT) gataya@solvay.edu ataya.info be.linkedin.com/in/ataya

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback