enterprise grc framework p unified approach to address
play

Enterprise GRC Framework p Unified Approach to Address Silo Cyber - PowerPoint PPT Presentation

Aug 31, 2023 •34 likes •404 views

Ministry of Science, People First, Performance Now Technology and Innovation Enterprise GRC Framework p Unified Approach to Address Silo Cyber Security Landscape Ramaguru Ramasubbu and Rahul Moondra 7 th November 2012 h Ministry of

  1. Ministry of Science, People First, Performance Now Technology and Innovation Enterprise GRC Framework – p Unified Approach to Address Silo Cyber Security Landscape Ramaguru Ramasubbu and Rahul Moondra 7 th November 2012 h

  2. Ministry of Science, People First, Performance Now Technology and Innovation A Agenda d � Current Scenario � Cyber security � EGRC Space � Future Vision � Unification � Automation � Case Study � Correlation � Value Proposition p

  3. Technology and Innovation Ministry of Science, Performance Now People First, Current Scenario

  4. Ministry of Science, People First, Performance Now Technology and Innovation Cyber security challenges that orgs face today Actors Actors Tools & Tools & Business Business Vulnerability Vulnerability Techniques Impacts CTURE Insecure Identity theft Cyber Criminals Malware protocols FRASTRUC Data loss / Social Outdated External Attackers leakage Attacks patches/signatures engineering Unauthorized Organized groups g g p Backdoors Weak passwords p Access Access A RPRISE IN Image / Business/ Lack of Freeware / open Reputation loss awareness National rivals scripts ENTER Service Weak perimeter Ignorant insider Botnets unavailability defense Disgruntled Customer Default employee / Espionage dissatisfaction configurations g P Partner t

  5. Ministry of Science, People First, Performance Now Technology and Innovation And orgs respond to them with point solutions A d d t th ith i t l ti Vulnerability Patch Management Management NAP/NAC Configuration Security ON FORMATIO Breaches/Attacks Breaches/Attacks RUCTURE Espionage Security security Cyber threats Gateways, Malware/Botnets Malware protection Proxies, and Firewalls Identity theft Identity theft s TICAL INF NFRASTR Phishing/Social Engineering Network Security Application Security Monitoring g CRIT IN Wireless/Mobile Email Security Security Insider Attacks / Backdoors

  6. Ministry of Science, People First, Performance Now Technology and Innovation Globally the attacks are ever increasing… “Cybercrime is more of a more of a reputational threat than threat than systems f il failure” ” “2012 IBM Global Reputational Risk and IT Study” 2012 IBM Global Reputational Risk and IT Study conducted by the Economist Intelligence Unit

  7. Ministry of Science, People First, Performance Now Technology and Innovation Statistics in Malaysia are not different either…

  8. Ministry of Science, People First, Performance Now Technology and Innovation On the other hand…. Policy Management Business Audit Continuity Management Planning GRC GRC Compliance Performance Management Management Controls Risk Management Management

  9. Ministry of Science, People First, Performance Now Technology and Innovation Various org initiatives are related to each other Policy Control Management Management Compliance Performance Risk Management Management Management Business Audit Audit Continuity Management Planning

  10. Ministry of Science, People First, Performance Now Technology and Innovation And cyber security is related Policy Business Audit Continuity Continuity GRC GRC Cyber Cyber IT GRC Security Compliance Performance Control Risk

  11. .. and current state is… Solutions Element Security Cyber GRC GRC Anti Virus Poli cy Manage ement Malw ware protection Firewalls Compl iance Manage ement Proxies Ne twork Security Monitoring Perform mance Manage ement Patc ch Management GRC V Vulnerability M Management Contr rol Manage ement Wi reless Security App lication Security Busin ess Contin uity Plann ing Secured C Configuration Sec curity Gateways Aud it Performance Now People First, Manage ement NAP/NAC Technology and Innovation Email security E Ministry of Science, Risk k Manage ement M obile Security

  12. .. running in silos… Solutions Element Security Cyber GRC Anti Virus Policy M Management Malw ware protection Firewalls C Compliance M Management Proxies Ne twork Security Monitoring Pe erformance Ma anagement Patc ch Management GRC GRC Vulnerability V M Management Control Ma anagement Wi reless Security App lication Security Business Continuity C Planning Secured C Configuration Sec curity Gateways Audit Performance Now People First, Ma anagement NAP/NAC Technology and Innovation Email security E Ministry of Science, Risk Ma anagement M obile Security

  13. Solutions Security Element Cyber GRC GRC ..and overlapping with each other… Anti Virus Policy Managem ment Malw ware protection Firewalls Complian nce Managem ment Proxies Ne twork Security Monitoring Performan nce Manageme ent Patc ch Management GRC Vulnerability V Management M Control l Manageme ent Wi reless Security App lication Security Business s Continuit ty Secured Planning g C Configuration Sec curity Gateways Audit Performance Now People First, Manageme ent NAP/NAC Technology and Innovation E Email security Ministry of Science, Risk Manageme ent M obile Security

  14. Technology and Innovation Ministry of Science, Performance Now People First, .. and the result is …

  15. Technology and Innovation Ministry of Science, Performance Now People First, Case Study

  16. Things look normal, in silo… Ministry of Science, People First, Performance Now Technology and Innovation Things look normal in silo Things look normal, in silo… Digitally signed Connectio and encrypted MS08-067 Anti-spyware n to port communication with RC4 Vulnerabili installed installed Users Users and RSA algorithms d RSA l ith 445/TCP 445/TCP ty patched locked out Files downloaded for wrong from internet passwords sites Operating Asset NIDS Vulnerability system manager scanner Operating Internet system security suite HTTP web Firewall File and Printer Files updated sites browsed rules sharing services in system updated accessed New Dlls folder attached tt h d to services Firewall NIDS File integrity File integrity HIDS monitor Antivirus

  17. .. And suddenly few abnormal symptoms .. Ministry of Science, People First, Performance Now Technology and Innovation .. And suddenly few abnormal symptoms… Services are Network not available traffic Systems Systems to customers increases increases shutdown shutdown b become slow ISP bl blocks k Services are Disk Freeware your IP :- not available usage and PPP DDOS to customers increasing found on detected your servers your servers FROM FROM your IP

  18. .. Analysis finds it .. Ministry of Science, People First, Performance Now Technology and Innovation .. Analysis finds it .. How Conficker Wh Who Wh Why worm When What

  19. Ministry of Science, People First, Performance Now Technology and Innovation Which was an outcome of .. Employee used infected MS08-067 vulnerability USB patched with custom fix patched with custom fix Week policy on removable Automating patch media management MS08-067 Check for random DNS Custom protocols allowed , connect to HTTP service and download updates custom fix Week policy on removable Automating patch media management DLL based Autorun Trojan Open backdoor in firewall installed installed and Wi-Fi devices Week authorization to install Week configuration software management Scan other machines on Exploit MS08-067 Port 445/TCP for open p Vulnerability, Use Default Vulnerability Use Default windows shares passwords Week authorization to install software Default configurations Search for other vulnerable NetBIOS push to upload it machines , Infect any new self to exploited machines Removable Media Use of Unnecessary No vulnerability assessment protocols

  20. Ministry of Science, People First, Performance Now Technology and Innovation .. And consequences could be .. Zombie systems Zombie systems Legal Financial losses Financial losses consequences ?

  21. Ministry of Science, People First, Performance Now Technology and Innovation .. Let us see how they relate to .. L h h l Security Security Risk IT Risk Cyber security security Impact Impact incident Control IT IT objective bj ti Vulnerability

  22. Technology and Innovation Ministry of Science, Performance Now People First, Future Vision

  23. Ministry of Science, People First, Performance Now Technology and Innovation Key objectives are… Unification GRC GRC Automation

  24. Solutions Element Security Cyber Cyber GRC GRC Unification at two levels… Anti Viru us Polic y Managem ment Malware prot tection Firewall ls Complia ance Managem ment Proxies s Network Sec curity Monitori ng Performa ance Managem ment Patch Manag gement GRC GRC Vulnerabi ility Managem ment Contro ol Managem ment Wireless Sec curity Application S ecurity Busine ss Continu uity Plannin ng Secured d Configurat tion Security Gate eways Audit t Performance Now People First, Managem ment NAP/NA AC Technology and Innovation Email secu urity Ministry of Science, Risk Managem ment Mobile Sec urity

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ECMs and Institutional Repositories: The Case for a Unified Enterprise Approach to Content

ECMs and Institutional Repositories: The Case for a Unified Enterprise Approach to Content

ECMs and Institutional Repositories: The Case for a Unified Enterprise Approach to Content Management Malcolm Wolski (Presenter) Associate Director (eResearch and Academic Resource Development Services), Information Services Joanna

696 views • 15 slides
A Unified Framework for the A Unified Framework for the Consumer-Grade Image Pipeline

A Unified Framework for the A Unified Framework for the Consumer-Grade Image Pipeline

Multimedia & Mathematics July 23-28, 2005 Banff, Alberta A Unified Framework for the A Unified Framework for the Consumer-Grade Image Pipeline Consumer-Grade Image Pipeline

672 views • 27 slides
Streamlining & Adapting: A Unified Approach A Unified Approach G. Scott Weese IT

Streamlining & Adapting: A Unified Approach A Unified Approach G. Scott Weese IT

conference & convention enabling the next generation of networks & services Streamlining & Adapting: A Unified Approach A Unified Approach G. Scott Weese IT International Telecom conference & convention enabling the next

287 views • 15 slides
What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

Correspondence on The Logical Framework Approach Developed for SNV PARTNERS 14-18 July 2008 Supported by SNV Zimbabwe Compiled by: What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

653 views • 34 slides
Unified Authentication, Authorization, and User Administration An Open Source Approach Ted

Unified Authentication, Authorization, and User Administration An Open Source Approach Ted

Unified Authentication, Authorization, and User Administration An Open Source Approach Ted C. Cheng, Howard Chu, Matthew Hardin Symas Corporation Outline Evolution of Related Technologies Unified AAA Architecture Provisioning AAA

396 views • 27 slides
A Unified Framework for Mul4- Target Tracking and Collec4ve

A Unified Framework for Mul4- Target Tracking and Collec4ve

A Unified Framework for Mul4- Target Tracking and Collec4ve Ac4vity Recogni4on Wong Choi and Silvio Savarese Presented by: David J. Garcia November 9,

730 views • 25 slides
Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a wholesale distribution business providing complete range of Electronic Security Systems Kamlesh 093232 51184 Adit Enterprise Adit Enterprise Adit

619 views • 29 slides
EA Anamnesis: Towards an approach for Enterprise Architecture rationalization Georgios

EA Anamnesis: Towards an approach for Enterprise Architecture rationalization Georgios

DSM 2012 EA Anamnesis: Towards an approach for Enterprise Architecture rationalization Georgios Plataniotis Sybren de Kinderen Henderik A. Proper CRP Henri Tudor, Luxembourg 1 Enterprise Architecture A design that shows

450 views • 17 slides
Component Based Software Engineering approach on DSP Targets Agenda 2 / 2 / Motivations

Component Based Software Engineering approach on DSP Targets Agenda 2 / 2 / Motivations

Component Based Software Engineering approach on DSP Targets Agenda 2 / 2 / Motivations Context LwCCM/MyCCM GPP - DSP unified approach (EULER) Framework optimizations for DSP Benchmarks Perspectives Conclusion 2011/05/20 Motivations

783 views • 25 slides
Virtualized ICN (vICN) Towards a Unified Network Virtualization Framework for ICN Experimentation

Virtualized ICN (vICN) Towards a Unified Network Virtualization Framework for ICN Experimentation

Virtualized ICN (vICN) Towards a Unified Network Virtualization Framework for ICN Experimentation M. Sardara*, L. Muscariello, J. Aug, M. Enguehard* , A. Compagno, G. Carofiglio September 28 th 2017 ACM ICN, Berlin *also with Telecom ParisTech

450 views • 15 slides
Traditional Framework Downtown vs. Unified Shopping Center Downtown Unified Shopping Center

Traditional Framework Downtown vs. Unified Shopping Center Downtown Unified Shopping Center

Traditional Framework Downtown vs. Unified Shopping Center Downtown Unified Shopping Center Property Ownership Numerous Owners Single Owner or Corporation Business Relationship Rent or Own Rent to Property Property Ownership Business

362 views • 11 slides
A Unified Framework for Simultaneous Layout Decomposition and Mask Optimization Yuzhe Ma 1 ,

A Unified Framework for Simultaneous Layout Decomposition and Mask Optimization Yuzhe Ma 1 ,

A Unified Framework for Simultaneous Layout Decomposition and Mask Optimization Yuzhe Ma 1 , Jhih-Rong Gao 2 , Jian Kuang 2 , Jin Miao 2 , Bei Yu 1 1 The Chinese University of Hong Kong 2 Cadence Design Systems 1 / 31 Outline Introduction

422 views • 38 slides
Unified Communications A presentation for the DFP Committee Robert Fee Enterprise Design

Unified Communications A presentation for the DFP Committee Robert Fee Enterprise Design

Unified Communications A presentation for the DFP Committee Robert Fee Enterprise Design Authority Robert.fee@dfpni.gov.uk Flexible Working Within the NICS flexible working tends to mean things such as: Flexi time Part time

471 views • 11 slides
A unified continuum mechanical approach for the computer age About the course Hans Petter

A unified continuum mechanical approach for the computer age About the course Hans Petter

Mathematical Modeling of Flow, Heat Transfer, and Deformation A unified continuum mechanical approach for the computer age About the course Hans Petter Langtangen Simula Research Laboratory and Dept. of Informatics University of Oslo

1.05k views • 82 slides
Inference is Everything: Recasting Semantic Resources into a Unified Evaluation Framework Aaron

Inference is Everything: Recasting Semantic Resources into a Unified Evaluation Framework Aaron

Inference is Everything: Recasting Semantic Resources into a Unified Evaluation Framework Aaron White (Rochester) Kevin Duh (JHU) Pushpendre Rastogi (JHU) Benjamin Van Durme (JHU) Have you ever What experienced this? next? Accuracy

403 views • 27 slides
Classical Sabermetrics vs. Formal Statistical Inference: Towards a Unified Approach to

Classical Sabermetrics vs. Formal Statistical Inference: Towards a Unified Approach to

Classical Sabermetrics vs. Formal Statistical Inference: Towards a Unified Approach to Quantitative Baseball Research Patrick Kilgo, Brian Schmotzer, Hillary Superak, Paul Weiss, Jeff Switchenko, Lisa Elon, Jason Lee, and Lance Waller

632 views • 48 slides
The role of aviation in Africas economic development effort Development of national

The role of aviation in Africas economic development effort Development of national

The role of aviation in Africas economic development effort Development of national economies is closely tied to the efficiency of the transport system; Transport systems in most Africa are often inadequate or completely lacking;

909 views • 14 slides
WebKitGTK+ Security Status Michael Catanzaro Igalia S.L. November 11-12, 2015 Outline 1

WebKitGTK+ Security Status Michael Catanzaro Igalia S.L. November 11-12, 2015 Outline 1

WebKitGTK+ Security Status Michael Catanzaro Igalia S.L. November 11-12, 2015 Outline 1 Security Updates 2 Sandboxing 3 HTTPS WebKit1 Compatibility Packages All distros have TWO WebKitGTK+ packages WebKitGTK+ 2.4 package, for

199 views • 18 slides
NetFlow Data Capturing and Processing at SWITCH and ETH Zurich Arno Wagner

NetFlow Data Capturing and Processing at SWITCH and ETH Zurich Arno Wagner

NetFlow Data Capturing and Processing at SWITCH and ETH Zurich Arno Wagner wagner@tik.ee.ethz.ch Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich) Talk Outline The DDoSVax Project The SWITCH Network

249 views • 23 slides
IETF-88 Update: Pervasive Monitoring Jari Arkko Russ Housley IETF Chair

IETF-88 Update: Pervasive Monitoring Jari Arkko Russ Housley IETF Chair

IETF-88 Update: Pervasive Monitoring Jari Arkko Russ Housley IETF Chair IAB Chair I. IETF-88 hot topics II. The pervasive monitoring problem III. What is the IETF doing about it? 1 Monday, November 18,

402 views • 12 slides
Analysis of errors in measurements and inversion By Philippe LE MASSON & Morgan DAL

Analysis of errors in measurements and inversion By Philippe LE MASSON & Morgan DAL

METTI IV Thermal Measurements and Inverse Techniques, Roscoff, France, June 13-18, 2011 Tutorial 12 : Analysis of errors in measurements and inversion By Philippe LE MASSON & Morgan DAL Laboratoire dIngnierie des

753 views • 47 slides
Repor&ng Solu&ons for Oracle APEX - Choose Your

Repor&ng Solu&ons for Oracle APEX - Choose Your

Repor&ng Solu&ons for Oracle APEX - Choose Your Weapons Dietmar Aust Opal-Consul&ng, Kln www.opal-consul&ng.de Vorstellung Opal Consul&ng

637 views • 62 slides
New design method for C30 recycled concr ete using mixed source concrete coarse agg regates

New design method for C30 recycled concr ete using mixed source concrete coarse agg regates

Recycled concrete with coarse recycled concrete aggregates (CRCA) Recycled concrete with coarse recycled concrete aggregates (CRCA) New design method for C30 recycled concr ete using mixed source concrete coarse agg regates Reporter : DING

346 views • 22 slides
The Eig ighth Review Conference: Process overv rview EU Regional Workshop on Preparations for

The Eig ighth Review Conference: Process overv rview EU Regional Workshop on Preparations for

The Eig ighth Review Conference: Process overv rview EU Regional Workshop on Preparations for the Eighth BWC Review Conference New Delhi, India, 29-30 August 2016 Daniel Feakes Chief, BWC Implementation Support Unit United Nations Office

274 views • 25 slides

More recommend