Less Security Products, More Secured Products You are squinting if - - PowerPoint PPT Presentation

less security products more secured products
SMART_READER_LITE
LIVE PREVIEW

Less Security Products, More Secured Products You are squinting if - - PowerPoint PPT Presentation

Apr 01, 2024 284 likes •550 views

Less Security Products, More Secured Products You are squinting if you can read this Which is Worst? ERP system down for a week or Customer Data Hacked | slide 2 Less Security Products, More Secured Products You are squinting if you can

slide-1
SLIDE 1

Less Security Products, More Secured Products

You are squinting if you can read this

slide-2
SLIDE 2

| slide 2

Customer Data Hacked ERP system down for a week

Which is Worst?

  • r
slide-3
SLIDE 3

Less Security Products, More Secured Products

You are squinting if you can read this

slide-4
SLIDE 4

TELUS Restricted

Agenda

  • 1. Introduction – Kin Kwan, TELUS Health
  • 2. What is Cyber Security?
  • 3. Recent News and Trends
  • 4. What Business Analysts Should Know about

Cyber Security

  • Everything Can Be Hacked
  • Data Sensitivity
  • Cyber Security is Risk Management
  • BA is a Technical Liaison
  • Cyber Security Requirements
slide-5
SLIDE 5

| slide 5

Exercise #1 https://vimeo.com/29985766

slide-6
SLIDE 6

| slide 6 | slide 6

Presenter

Position Overview

  • Manage the Information/Cyber Security Program

for TELUS Health*

Responsibilities

  • Governance, Risk, and Compliance
  • Collaborate with TELUS CSO
  • Internal & External Communication
  • Don’t get hacked / Demonstrate due-diligence

Security Officer TELUS Health

slide-7
SLIDE 7

| slide 7

Cyber Threat World Map

slide-8
SLIDE 8

| slide 8

What is Cyber Security?

slide-9
SLIDE 9

| slide 9

Exercise #2

slide-10
SLIDE 10

| slide 10

Exercise #3 https://www.youtube.com/watch?v=4gR562GW7TI

slide-11
SLIDE 11

| slide 11 | slide 11

What motivates Hackers? 1.Financial Gain (ransom)

  • 2. Espionage (competition)
  • 3. FIG (fun, ideology, and grudge)
  • 4. Other (errors, glitches, etc.)
slide-12
SLIDE 12

| slide 12 | slide 12

Cyber Security – Most Targeted Industry

1.PHI/PII is very lucrative (10x)

  • 2. Legacy Equipment (XP)
  • 3. High Impact (Life or Death)
  • 4. Very Connected
slide-13
SLIDE 13

| slide 13

World’s Biggest Data Breaches

Cyber Security – Recent News and Trends

slide-14
SLIDE 14

| slide 14

Ransomware

https://www.youtube.com/watch?v=2sNrhcVGbx0

slide-15
SLIDE 15

| slide 15

Ransomware

slide-16
SLIDE 16

| slide 16 | slide 16

Equifax – 4th Largest Hack in History

What Happened?

  • Impact - 145.5 million records (8K Canadians) leaked (Full Name, SSN/SIN,

BOD, Address, Driver’s License, Credit Cards, Bank Accounts, etc.)

  • Root Cause: Unpatched application bug (Apache Struts)
  • Company Impact:
  • 24% drop in stock price, Q3 earning TBD
  • CEO, CISO, CIO “retired”

Core Lessons

  • Application security is critical
  • Layers of Defense is more critical and reinforcement of the “difficult basics”

(patching, vulnerability scanning, incident management, etc.)

  • Compliance driven approach is not adequate - must go above and beyond
  • Accountability is becoming the new norm
  • We are all in this together
slide-17
SLIDE 17

| slide 17 | slide 17

Looking Back at 2017 and Looking Forward at 2018

  • Large Data Breaches is becoming the New Norm
  • Equifax (145m)
  • Yahoo (3b)
  • Uber (57m)
  • Nissan Canada (1.13m)
  • Deloitte
  • DNC (Trump won)
  • HBO (GoT)
  • Security market 50% growth (85m market

cap)

  • Cloud Security remains a top risk
  • People are still the Weakest Link
  • Ransomware – “WannaCry”
  • Perimeter is disappearing

2017

  • More Large Data Breaches
  • $150 per record
  • Compliance – GDPR (May 2018), Fines

and Notification rules

  • Market Consolidation - M&A
  • Ransomware continue to increase (1b)
  • Poor security habits continues
  • Poor passwords
  • Lack of patching
  • Out-of-date anti-virus software
  • Lack of monitoring
  • Legacy systems and application
  • API
  • IoT (11b)

2018 2018

slide-18
SLIDE 18

| slide 18

What BAs Should Know about Cyber Security?

Everything Can Be Hacked Data Sensitivity Security is Risk Management BA is a Technical Liaison Cyber Security Requirements

slide-19
SLIDE 19

| slide 19 | slide 19

Everything Can Be Hacked

Know Your Crown Jewels

slide-20
SLIDE 20

| slide 20 | slide 20

Data Sensitivity

Not All Data are Equal

slide-21
SLIDE 21

| slide 21 | slide 21

Security is Risk Management

Don’t Accept the Risk On Your Own!!

slide-22
SLIDE 22

| slide 22 | slide 22

BA is a Technical Liaison

Consult with Privacy and Security Groups Ensuring Compliance with Internal Policies and External Regulations (PCI, PIPA) Business Cases and Budgeting

Business Cyber Security

slide-23
SLIDE 23

| slide 23 | slide 23

Cyber Security Requirements | Secure-by-Design

Similar to resilient-by-design or privacy-by-design, secure-by-design specifies that security must be included in the fundamental design of the system, application or solution from the ground up. This differs from current approaches that identify security later and treat it as a layer that can be added to an existing design to make it secure, or a technique that can be applied at a discrete point in the process.

slide-24
SLIDE 24

| slide 24

Exercise #3 Hawaiian Emergency Management Officials Hold Interview

slide-25
SLIDE 25

| slide 25

  • Kin.Kwan@Hotmail.com
  • https://www.linkedin.com/in/kinkwan/

Contact