a risk based security program approach security enables
play

A Risk-based Security Program Approach: Security Enables Digital - PowerPoint PPT Presentation

Jan 31, 2023 •35 likes •245 views

A Risk-based Security Program Approach: Security Enables Digital Transformation and Compliance Michael Gutsche, Cybersecurity Strategy Peter Bronson, Cybersecurity Strategy #MicroFocusCyberSummit This document contains forward looking

  1. A Risk-based Security Program Approach: Security Enables Digital Transformation and Compliance Michael Gutsche, Cybersecurity Strategy Peter Bronson, Cybersecurity Strategy #MicroFocusCyberSummit

  2. This document contains forward looking statements regarding future operations, product development, FORWARD-LOOKING STATEMENTS product capabilities and availability dates. This information is subject to substantial uncertainties and is www.microfocus.com subject to change at any time without prior notification. Statements contained in this document concerning these matters only reflect Micro Focus ArcSight’s predictions and / or expectations as of the date of this document and actual results and future plans of Hewlett-Packard may differ significantly as a result of, among other things, changes in product strategy resulting from technological, internal corporate, market and other changes. This is not a commitment to deliver any material, code or functionality and should not be relied upon in making purchasing decisions. User Interface depictions should be considered non-final and subject to re-design and / or removal. This is a rolling (up to three year) Roadmap and is subject to change without notice.

  3. Agenda State of Cyber Security and Threats Compliance vs. Risk Based Programs Cyber Security Program Approaches Areas of Focus to “Move the Needle” 3

  4. The State of Cyber Security and Threats

  5. The Impact is Global World Economic Forum – 2018 Global Risk Report Top 10 risks in terms of likelihood #3 – Cyber attacks 2015 2016 Today Attack on Ukraine’s power SWIFT attack led to the European Aviation Safety grid shut down 30 theft of US$81 million from Agency has stated their substations , interrupting the central bank of systems are subject to an power to 230,000 people Bangladesh average of 1,000 attacks each month Global interconnectedness continues to expand the attack surface 5

  6. Cyber Damages Continue to Outpace Spend Cyber damages to Cyber security Cyber crime will Human attack Ransomware hit $6 trillion spending to more than triple the surface to reach damage costs are annually by 2021 exceed $1 trillion number of unfilled 6 billion people predicted to reach from 2017 to 2021 security jobs by 2022 $11.5 billion Up from $3 trillion by 2019 in 2015 Predicted to reach 3.5 million by 2021 CSO online: Top 5 cybersecurity facts, figures and statistics for 2018 6

  7. The Reach of Cyber Attacks 143 million customers data stolen 3 billion customers impacted 57 million customers and due to a vulnerability found in drivers impacted open software Every Yahoo customers’ data was exposed spanning 3 years Every Uber customers’ data A majority of people over 18 in went exposed for a year the U.S. data is now exposed Net income fell $20B market M&A impact 27 % cap loss ; untold of $350M in ONE quarter amount in litigation 7

  8. It’s no longer a question of if, but when your data breach will happen

  9. It is a new level of complexity! Threats Information Regulatory/ Infrastructure (internal and Overload Privacy complexity external) concerns 9

  10. Risk vs. Compliance Based Information Security Programs

  11. Compliance/Standards – A Subset!! NIST 800- CSA 4.0 ITIL DISA 53/CSF CIS 20 PCI-DSS BSIMM ISACA ILTA OWASP ISF COBIT 5 ISO/IEC 27001/2

  12. Know Your Enemy  Attacks come in all shapes and sizes High  Organized crime has become very Ad fraud Organized crime sophisticated and operate like IP theft Extortion corporations Payout potential  Main goal is to maximize profits and Bank fraud Payment system fraud minimize risks Bug bounty  Compete on quality, customer services, Medical records fraud Credential harvesting Identity theft price, reputation, and innovation Credit card fraud Low Hacktivism Cyber warfare  Use SDLC and are adopting SaaS Difficult Effort and risk Easy 12

  13. Know Your Treasure and Where It Resides Health records your care provider manages for you Payments made to you Banks’ data about your finances and accounts Your email Your interactions with correspondence SaaS applications Your Telco’s information about your account Your credit rating information Your private email to and from your smartphone Your customers’ data. Your organizational data.

  14. Additional Treasure Chests HR Systems CRM Systems Financial Systems Workday Microsoft Dynamics Lawson Peoplesoft Point of Sale Systems Customer Portals Credit Card Processing TBD TBD TBD “The health record is worth 10x that of a credit card number on the black market” 14

  15. Establish a Risk-based Approach Assess security investments and posture  How will attacks likely occur? How will you spot them on each platform? What corrective action will you take? Transform from silos to a comprehensive view Actionable Security  On-prem traditional systems, SaaS, IaaS, and PaaS all of Intelligence which should fall under the same security umbrella Optimize to proactively improve security posture Manage security effectively  Including internal SLAs and SLAs related to cloud providers. Maintain SLAs in the context of your security program Moving from Reactive to Proactive Information Security & Risk Management

  16. Cyber Kill Chain

  17. Cycle of Security – Breaking the Cyber Kill Chain

  18. Risk Based Security Programs Table-stakes – Good security hygiene, perimeter security, endpoint protection Identifying risks – Unique to each organization Addressing the risks by implementation of programs not products Risk based security programs enable cloud and hybrid adoption Goal: Overall security posture improvement “Compliance to industry regulations should be “free bonus” to a robust risk based security program.” “Compliance does not equate to security”

  19. IDENTITY & ACCESS • Adaptive Identity governance • Adaptive access management • Adaptive privileged users APP ENDPOINT SECURITY SECURITY • Lifecycle management • Static, Dynamic, & Runtime • Patching & containerization application testing • Application virtualization • Application security-as-a- • Mobile & server management service Comprehensive CYBERSECURITY, PRIVACY & RISK security for the MANAGEMENT DATA SECURITY SECURITY OPERATIONS enterprise • Data de-identification • Real-time detection (encryption/tokenization) • Workflow automation • Key management • Open source data ingestion • Hardware-based trust assurance • Hunt and investigation GOVERNANCE, • Messaging security RISK & COMPLIANCE • eDiscovery & Classification • Information Management

  20. #MicroFocusCyberSummit Thank You.

  21. #MicroFocusCyberSummit

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz

Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz

Risk Assessment the Heart of Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz Introduction to our security challenge What is Risk-based Security? The language of risk some

787 views • 53 slides
Protective Security Requirements A Risk Based Approach UNCLASSIFIED What is the PSR? .a

Protective Security Requirements A Risk Based Approach UNCLASSIFIED What is the PSR? .a

UNCLASSIFIED Protective Security Requirements A Risk Based Approach UNCLASSIFIED What is the PSR? .a new framework of New Zealand Protective Security Requirements which provides clear guidance and support for State sector departments

353 views • 17 slides
USING A RISK-BASED APPROACH TO ALIGN SECURITY ARCHITECTURE WITH THE BUSINESS FOR DLP DEPLOYMENT

USING A RISK-BASED APPROACH TO ALIGN SECURITY ARCHITECTURE WITH THE BUSINESS FOR DLP DEPLOYMENT

USING A RISK-BASED APPROACH TO ALIGN SECURITY ARCHITECTURE WITH THE BUSINESS FOR DLP DEPLOYMENT Jeff Bardin VP , CS O ITS olut ions j eff.bardin@ it solut ions-llc.com Insert presenter logo here on slide master AGENDA What is

531 views • 35 slides
Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the

Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the

Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the Security Mind: Making the Tough Decisions , Prentice-Hall, 2003, ISBN: 0-13-111829-3] Why? Why concentrate on Information Security (or IT Security) when

152 views • 11 slides
INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security

INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security & Privacy Office June 8, 2017 Why Unit Risk Management Programs Are Important For the most part FSU has enjoyed

402 views • 9 slides
AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AI and Security Enabler AI Security Enabler AI enables security applications Security enables better AI Integrity: produces intended/correct

1.03k views • 81 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

5/18/2017 Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big Picture: Integrated Security Pathways Cyber Security ISERC Student portal National Security Studies CAPSTONE: Gateway course Peace Studies

298 views • 3 slides
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005 Risk

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005 Risk

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005 Risk Management Operational security is not about being able to create and maintain absolute security. Its about a pragmatic approach to risk

494 views • 14 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Reliability Engineering in Information Security: A Novel Approach to Risk Assessment Chris

Reliability Engineering in Information Security: A Novel Approach to Risk Assessment Chris

Reliability Engineering in Information Security: A Novel Approach to Risk Assessment Chris Woods, CISSP Mount Holyoke College Disclaimer This talk is: Speculative Additive Not intended to replace the advice of a competent

765 views • 42 slides
On the security of security extensions for IP-based KNX networks Aljosha Judmayer

On the security of security extensions for IP-based KNX networks Aljosha Judmayer

On the security of security extensions for IP-based KNX networks Aljosha Judmayer ajudmayer@sba-research.org ajudmayer@auto.tuwien.ac.at On the security of security extensions for IP-based KNX networks 1 SBA Research P1.1: Risk Management

1.06k views • 51 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
A simulation-optimization approach for information security risk management Elmar Kiesling,

A simulation-optimization approach for information security risk management Elmar Kiesling,

A simulation-optimization approach for information security risk management Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strau, Christian Stummer International Conference on Operations Research September 4, 2013; Rotterdam

1.12k views • 81 slides
(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom frei@techzoom.net Twitter @stefan_frei Cyber & Networking Security Networking security has become critical issue for all types

788 views • 66 slides
An Ontology-based Approach to the Formalization of Information Security Policies Fernando Nufel

An Ontology-based Approach to the Formalization of Information Security Policies Fernando Nufel

An Ontology-based Approach to the Formalization of Information Security Policies An Ontology-based Approach to the Formalization of Information Security Policies Fernando Nufel do Amaral Carlos Bazlio Geiza Maria Hamazaki da Silva

878 views • 46 slides
2014 Regulatory Outreach for Student Educa8on (ROSE) Program

2014 Regulatory Outreach for Student Educa8on (ROSE) Program

2014 Regulatory Outreach for Student Educa8on (ROSE) Program FSB Consulta8ve Document: Assessment Methodologies for Iden8fying Non-Bank Non-Insurer Global

607 views • 11 slides
Social Services & Child Welfare Reform Plans The Center for the Support of Families (CSF)

Social Services & Child Welfare Reform Plans The Center for the Support of Families (CSF)

Social Services & Child Welfare Reform Plans The Center for the Support of Families (CSF) Vernon Drew, President Center for the Support of Families : Nationwide leader in consulting and program redesign for human services Who we are

526 views • 11 slides
Critical Success Factors SFY 2016 Q1 1 2 People CSFs Work Life Index District 12 District 12

Critical Success Factors SFY 2016 Q1 1 2 People CSFs Work Life Index District 12 District 12

People Safety Capital Program System Conditions Critical Success Factors SFY 2016 Q1 1 2 People CSFs Work Life Index District 12 District 12 State Goal: 75% District 2 District 2 70% 70% 67.99% 67.99% State Total: 71.3% District

291 views • 25 slides
PUBLIC HEALTH GRAND ROUNDS PUBLIC HEALTH GRAND ROUNDS Accessible version:

PUBLIC HEALTH GRAND ROUNDS PUBLIC HEALTH GRAND ROUNDS Accessible version:

PUBLIC HEALTH GRAND ROUNDS PUBLIC HEALTH GRAND ROUNDS Accessible version: https://youtu.be/u_vCoF07w9Q December 17, 2009 December 17, 2009 1 FROM RIGOROUS SCIENCE FROM RIGOROUS SCIENCE TO IMPACTFUL PRACTICE TO IMPACTFUL PRACTICE 2 PUBLIC

898 views • 74 slides
Catchment Sensi-ve Farming (CSF) Working with farmers to improve

Catchment Sensi-ve Farming (CSF) Working with farmers to improve

Catchment Sensi-ve Farming (CSF) Working with farmers to improve water quality Photos of the Wye Valley thanks to Wayne Davies CSFO Catchment Sensi-ve

177 views • 13 slides
Working Group 1 Meeting Brussels, 14-15 May 2019 Membership update EaP CSF Statute updated as

Working Group 1 Meeting Brussels, 14-15 May 2019 Membership update EaP CSF Statute updated as

Working Group 1 Meeting Brussels, 14-15 May 2019 Membership update EaP CSF Statute updated as a result of the adopted internal reform not finalized, to be voted at AA 2019 - defines membership permanent members, delegates, friends of

438 views • 19 slides
2020 Finance Breakout Partner Agency Orientation December 13, 2019 1 2018 2019 Core Agency

2020 Finance Breakout Partner Agency Orientation December 13, 2019 1 2018 2019 Core Agency

2020 Finance Breakout Partner Agency Orientation December 13, 2019 1 2018 2019 Core Agency Billing Wrap Up 2020 Invoice Template Changes Policy Changes Impacting Invoice Process Invoice Template Data Field Reminders

461 views • 22 slides
Nassau County BOCES BUILDING AN INFORMATION SECURITY PROGRAM WITH CIS 20 AND NIST CSF MARCH 13,

Nassau County BOCES BUILDING AN INFORMATION SECURITY PROGRAM WITH CIS 20 AND NIST CSF MARCH 13,

Nassau County BOCES BUILDING AN INFORMATION SECURITY PROGRAM WITH CIS 20 AND NIST CSF MARCH 13, 2020 Adaptive Security AGENDA Introductions Presidio Cyber Security Practice Overview Why are we here? Common District Cyber

814 views • 56 slides

More recommend