COBIT 5 Security. Robert E Stroud CGEIT CRISC Vice President Strategy & Innovation ISACA Strategic Advisory Council

Similar documents
ISACA International Perspective

ISACA MADRID DECEMBER Robert E Stroud CEGIT CRISC International President December 2014

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

Les joies et les peines de la transformation numérique

COBIT 5 Update October 2010

Implementation PREVIEW VERSION

Building a Resilient Security Posture for Effective Breach Prevention

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Report of the Nominating Committee

building for my Future 2013 Certification

Bringing Cybersecurity to the Boardroom Bret Arsenault

Next Generation Authentication

Cloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.

Combating Cyber Risk in the Supply Chain

MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

HYDERABAD CHAPTER OF ISACA FIFTEENTH ANNUAL REPORT

Spotlight Report. Information Security. Presented by. Group Partner

A Global Look at IT Audit Best Practices

Securing Today s Mobile Workforce

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Five Reasons It s Time For Secure Single Sign-On

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Keep the Door Open for Users and Closed to Hackers

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

Run the business. Not the risks.

Top Business/Technology Issues Survey 2011

Cyber Security Updates and Trends Affecting the Real Estate Industry

Digital Service Management (DSM)

IT Redefined. Hans Timmerman CTO EMC Nederland. Copyright 2015 EMC Corporation. All rights reserved.

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Changing face of endpoint security

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Cybersecurity in Higher Ed

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

FDIC InTREx What Documentation Are You Expected to Have?

Government IT Modernization and the Adoption of Hybrid Cloud

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

Go mobile. Stay in control.

Cybersecurity & Privacy Enhancements

IDC FutureScape: Worldwide Security Products and Services 2017 Predictions

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

The Business of Security in the Cloud

align security instill confidence

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Maximize your move to Microsoft in the cloud

Certified Information Security Manager (CISM) Course Overview

Bill Wear. VirtualVault Product Manager. Internet Banking Case Study

CSP 2017 Network Virtualisation and Security Scott McKinnon

AKAMAI CLOUD SECURITY SOLUTIONS

Google Identity Services for work

ISACA West Florida Chapter - Cybersecurity Event

NERC Staff Organization Chart Budget 2019

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

GLBA. The Gramm-Leach-Bliley Act

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

SOC for cybersecurity

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

2013 ISACA New Delhi Chapter All Rights Reserved

Cyber Risks in the Boardroom Conference

NERC Staff Organization Chart Budget 2019

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Altius IT Policy Collection Compliance and Standards Matrix

2018 CALENDAR OF ACTIVITIES

Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Making Security a Business Enabler

NERC Staff Organization Chart Budget 2018

Crash course in Azure Active Directory

FiXs - Federated and Secure Identity Management in Operation

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Altius IT Policy Collection Compliance and Standards Matrix

VMware Hybrid Cloud Solution

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

PROFESSIONAL SERVICES (Solution Brief)

Turning Risk into Advantage

Cybersecurity Session IIA Conference 2018

COURSE BROCHURE CISA TRAINING

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

CA Security Management

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Evolution of IT in the Finance Industry. Europe

Management Update: Information Security Risk Best Practices

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

NIST RISK ASSESSMENT TEMPLATE

STRATEGIC PLAN

Transcription:

COBIT 5 Security Robert E Stroud CGEIT CRISC Vice President Strategy & Innovation ISACA Strategic Advisory Council

Robert E Stroud CGEIT Vice President, Strategy & Innovation Cloud Computing, Service Management & Governance Evangelist Vice President Strategy & Innovation Immediate Past International Vice President ISACA\ITGI ISACA Strategic Advisory Council 15 years Banking Experience Contributor COBIT, VALIT and RISK IT Immediate Past Executive Board itsmf Intl. Treasurer and Director Audit Standards & compliance Former Board Member USA itsmf Author, Public Speaker & Industry GeeK

disclaimer This presentation is based on currently available information and the final product may change based the development process.

security and compliance are still major challenges The average cost of a security breach rose to $214 per compromised record in 2010. The biggest cause was negligence. Of the top 5 most important issues for companies migrating to the cloud, the #1 issue was identity and access management Compliance activities cost the average medium-sized company $5.4K per employee. 4

lets go to the numbers $124 48% 87% 74% Average cost of a security breach, per compromised record (2010), with negligence the main cause CA-sponsored survey Percent of all breaches that involved privileged user misuse Verizon report, 2010 Percentage of companies that have experienced a data breach IT Compliance Institute Percentage of breached companies who lost customers as a result of the breach IT Compliance Institute 5

the world is now changing dramatically 73% of workers will be mobile by 2012 1 62% of IT organizations will have flat or reduced budgets 2 By 2015, 40% of the enterprise security controls will be virtualized, up from less than 5% in 2010 3 63% of companies are using, or implementing SaaS solutions 4 There are stillover 4,000 (approx) new rules/regulations issued each year by the US government 5 6

the business of IT is changing Empowered users with high expectations as employees and customers The blurring of professional and personal lives brought on by pervasive connectivity Externalization of the business The Business is changing The New Business of IT and so IT must also change Accessibledata and applications anytime, anywhere Huge increase in social collaboration and sharing Enable mobile access to enterprise resources 7

This image cannot currently be displayed. This image cannot currently be displayed. Moving from no to know Web Servers Apps Privileged Users Service Security Servers Web Services Security of KNOW KNOW User, Access, Data, Activity Infrastructure Security Security of NO NO Viruses, Spyware, Vulnerabilities, Intrusions 8 Trojans Spam Worms Spyware

service security the key challenge Connect users to information Seems easy enough 9

This image cannot currently be displayed. This image cannot currently be displayed. This image cannot currently be displayed. things are getting more complex every day. Security must ensure that the right people have the right access to the right information at the right time Employees, Contractors, Privileged Users Portals Security Systems You have to Authenticate People Services Devices 10 Customers Supply Chain Partners Servers Applications Information Directories Operating Systems You have to Authorize Systems Applications Information use You have to Report User/Service Activity Information Activity Privileged Activity Privacy/Compliance

content-aware model for security Identity Role Management & Provisioning Identity Governance User Activity Reporting Access Web Access Management & Federation Privileged User Management & PUPM Advanced Authentication & Fraud Prevention Information Data Classification Data Loss Prevention 11

TOO much security?

COBIT Security Build on the new COBIT 5 framework to provide members, prospective members and other ISACA constituents with a robust approach to information security governance and management which is builtinto the business processes of an organization COBIT Security will make use of existing ISACA IP such as BMIS, information security governance guidance, & the COBIT Security Baseline and will connect to other major frameworks and standards in the marketplace as considered appropriate

COBIT Security COBIT Security will be an extended view of COBIT that explains each piece of COBIT from a security perspective. Additional value for security constituents will be created through additional explanations, activities, processes, and recommendations. The document will also provide implementation guidance for security professionals in a similar manner to that of the COBIT Implementation Guide

COBIT Security The COBIT Security deliverable will be a view of information security governance and management that will provide security professionals detailed guidance for using COBIT 5 as they establish, implement, and maintain information security in the business processes of an enterprise

COBIT Security Detailed design reviewed the SME community Development completed will begin at the end of May and will involve a workshop of SME s in June SME review completed expectation is that COBIT Security will be available July 2012

COBIT 5 news updates www.isaca.org/cobit5 COBIT Focus Newsletter Community.ca.com/blogs/ppm @ISACA

COBIT 5 security summary A lens into the COBIT 5 framework delivering practical guidance for security practitioners Empowers security professionals to deliver TRUST and VALUE First of multiple practitioner publications

control is important especially when you don t have it!

thank you Robert E Stroud CGEIT CRISC Robert.Stroud@ca.com +1 (631) 8802544 Twitter @robertestroud Blog http://community.ca.com/blogs/itil Blog http://community.ca.com/blogs/ppm

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback