Training + Information Sharing: Pillars of enhancing cybersecurity posture

Similar documents
BRING EXPERT TRAINING TO YOUR WORKPLACE.

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

Les joies et les peines de la transformation numérique

ISACA Enterprise. Solutions and Resources

Security in Today s Insecure World for SecureTokyo

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

ENISA EU Threat Landscape

Hybrid Cyber Warfare, dual risks?

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

DXC Security Training

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.

Cybersecurity & Privacy Enhancements

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Enhancing the cyber security &

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Launch of the Cybersecurity Fortification Initiative by the HKMA at Cyber Security Summit 2016

European Union Agency for Network and Information Security

Cybersecurity Strategy of the Republic of Cyprus

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Cybersecurity & Digital Privacy in the Energy sector

Business Context: Key for Successful Risk Management

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

THE POWER OF TECH-SAVVY BOARDS:

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

Cyber Security in Europe

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Cyber Security Incident Response Fighting Fire with Fire

ISACA MADRID DECEMBER Robert E Stroud CEGIT CRISC International President December 2014

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

ISACA 2017 OVERVIEW. 3º Fórum IBGP de Tecnologias da Informação. Paulo Henrique Abreu Moreira. Brasília Chapter Associate & CSX Director 08/11/2017

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

POSITION DESCRIPTION

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

EU policy on Network and Information Security & Critical Information Infrastructures Protection

building for my Future 2013 Certification

Defensible Security DefSec 101

General Data Protection Regulation (GDPR): Securing Data, Leading with both Legal and Technical Expertise

CYBERSECURITY NEXUSTM (CSX) The Premier Source For Cyber Security Knowledge and Expertise

PROFILE FRANCIS KAITANO. Francis Kaitano is a strategic, innovative, delivery focused Cyber Security professional.

TIPS FOR AUDITING CYBERSECURITY

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

COURSE BROCHURE CISA TRAINING

Predstavenie štandardu ISO/IEC 27005

Provisional Translation

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

ISACA International Perspective

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

RISK MANAGEMENT Education and Certification

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Package of initiatives on Cybersecurity

Implementation PREVIEW VERSION

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

PIPELINE SECURITY An Overview of TSA Programs

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Wolfpack Cyber Academy Training Catalogue

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Statement for the Record

MALAYSIA S APPROACH IN CAPACITY BUILDING. Dr Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia 24 March 2017

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

K12 Cybersecurity Roadmap

ENISA s Position on the NIS Directive

Certified Cyber Security Specialist

Strengthening Capacity in Cyber Talent sans.org/cybertalent

Cyber Hygiene: A Baseline Set of Practices

Ingram Micro Cyber Security Portfolio

EU General Data Protection Regulation (GDPR) Achieving compliance

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Regulatory Update Cyber Security

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

FOR FINANCIAL SERVICES ORGANIZATIONS

GDPR Update and ENISA guidelines

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

13967/16 MK/mj 1 DG D 2B

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Cyber Security Roadmap

Cyber Security Technologies

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

CyberVista Certify cybervista.net

Directive on security of network and information systems (NIS): State of Play

Building a Resilient Security Posture for Effective Breach Prevention

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

Discussion on MS contribution to the WP2018

Transcription:

Training + Information Sharing: Pillars of enhancing cybersecurity posture Welland Chu VP, Professional Development & Secretary ISACA China Hong Kong Chapter June 2018 www.isaca.org

Reported cyber incidents in Hong Kong HK$387,400 per case Losses >HK$2.3B, growth at 25% Sources: hkpc.org, legco.gov.hk 2017, Telstra.com 2017, scmp.com 2

Cybersecurity defense needs collaboration 2018-05: Europol signed two memorandums of understanding related to cybersecurity cooperation World Economic Forum (WEF) European Union Agency for Network and Information Security (ENISA), the European Defence Agency (EDA), and the EU s Computer Emergency Response Team (CERT-EU) Focus 3 Cyber exercises, Education and training, Exchange of information Strategic and administrative matters Technical cooperation

US Department of Homeland Security Cybersecurity Strategy https://www.dhs.gov/sites/default/files/publications/dhs-cybersecurity-strategy_1.pdf Risk Identification Vulnerability Reduction Threat Reduction Consequence Mitigation Enable Cybersecurity Outcomes 222 Cybersecurity 30 28 25 Strategy Risk management Information sharing How many mentions? APT + Anti-Virus + Firewall + DLP + Multifactor Authentication 0 4

HKMA s Cybersecurity Fortification Initiative (CFI) & OGCIO Hong Kong Monetary Authority Cyber Resilience Assessment Framework ISACA s 5 certificates have been recognised as the pre-requisite qualifications of Assessor and Enhanced Competency Framework by HKMA ISACA s Certified Information Systems Auditor (CISA); (ISC)2 s Certified Information Systems Security Professional (CISSP); ISACA s Certified Information Security Manager (CISM); ISACA s Certified in Risk and Information Systems Control (CRISC); ISACA Certified in the Governance of Enterprise IT (CGEIT) ISACA s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or China Information Technology Security Evaluation Centre s Certified Information Security Professional - Hong Kong (CISP - HK). Certification: CISSP, CISA 5 Source: This document www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20161221e1.pdf, may not be reproduced, modified adapted, published, http://www.hkma.gov.hk/media/chi/doc/key-information/guidelines-and-circular/2016/20161219c1.pdf, OGCIO

Major challenge: Skill shortage By 2022, there will be a shortage of 1.8 million information security workers >50% of respondents say filling open positions takes at least three months More than 7 in 10 respondents say their organizations are seeking strong technical skills 6 Source: OGCIO 2016, ISACA.org

How does Public-Private-Partnership help? Source: Thalesgroup.com 7

About and myself >45 years 180+ countries 135,000+ members worldwide 2,800 volunteers About Welland Secretary, VP Professional Development at the China Hong Kong Chapter of ISACA 24 years experience in information security Business Development Director at Thales esecurity 8

Wealth of resource and assets on cyber security and topical subjects https://www.isaca.org/j ournal/current- Issue/Pages/default.aspx https://www.isaca.org.hk /web/about-us/isacachina-hk-chapter/ http://www.isaca.org/cyber/documents /CSX-General-Awareness- Brochure_Bro_Eng_0816.pdf https://cmmiinstitute.com/products/cyb ermaturity/cmmi-framework http://www.isaca.org/knowledge- Center/Research/ResearchDeliverables/Pages/Adopting -GDPR-Using-COBIT-5.aspx http://www.isaca.org/knowledge- Center/Research/ResearchDeliverables/Pages/GDPR- Data-Protection-Impact-Assessments.aspx 9

Publications: State of Cybersecurity Does your organization have unfilled (open) cybersecurity/information security positions? Time to fill cyber security and information security position Comparison of current attack types to last year's results Threat actors Active cyber defense Source: ISACA.org 10

Encouraging knowledge & insights sharing with point system 11

Critical success factors of enhancing cybersecurity posture Public-Private-Partnership Skillset upgrade (Individual + org) Encouragement + Incentives Knowledge sharing platforms 12

Together we make the world safer Contact: secretary@isaca.org.hk 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback