SlideShare une entreprise Scribd logo

Cyber Security Management in a Highly Innovative World

SafeNet
SafeNet

Cyber attacks are reaching pandemic levels. State-sponsored groups and organized crime are successfully stealing valuable intellectual property—including critical infrastructure and operational readiness information, businesses’ and consumers’ financial data—often without anyone realizing the attack has occurred! But preparedness cannot be delegated solely to the IT department. The involvement of the entire enterprise, armed with an understanding of the highly dynamic landscape, is vital for warding off potential threats. Author: David Etue, VP of CorpDev Strategy, SafeNet Watch the webcast on demand: https://www.brighttalk.com/webcast/6319/75109

Technologie
1  sur  49
Insert Your Name Insert Your Title Insert Date Cyber Security Management In a Highly Innovative World David Etue, VP Corporate Development Strategy, SafeNet June 2013 © SafeNet - All Rights Reserved
Agenda About Me and SafeNet Context Evolving Adversaries, Evolving Threats Evolving Technology, Evolving Dependence Solutions and Ideas
About David Etue @djetue • VP, Corporate Development Strategy at SafeNet • Former Cyber Security Practice Lead [PRTM Management Consultants] (now PwC) • Former VP Products and Markets [Fidelis Security Systems] • Former Manager, Information Security [General Electric Company] • Industry • Faculty: The Institute for Applied Network Security (IANS) • Certified Information Privacy Professional (CIPP/G) • Certified CISO (C|CISO) • Cyber things that interest me • Adversary innovation • Applying intelligence cycle / OODA loop in cyber • Supply chain security • Cloud and virtualization security
Who We Are Trusted to protect the world’s most sensitive data for the world’s most trusted brands. We protect the most money that moves in the world, $1 trillion daily. We protect the most digital identities in the world. We protect the most sensitive information in the world. FOUNDED 1983 REVENUE ~330m EMPLOYEES +1,400 In 25 countries OWENERSHIP Private GLOBAL FOOTPRINT +25,000 Customers in 100 countries ACCREDITED Products certified to the highest security standard
Insert Your Name Insert Your Title Insert Date Context
We Have Finite Resources… We Can Not Protect Everything! http://commons.wikimedia.org/wiki/File:Fdr_sidefront.jpgLufthansa Airbus A380 D-AIMC with the name "Peking" at Stuttgart Lasse Fuss http://commons.wikimedia.org/wiki/File:Lufthansa_A380_D-AIMC.jpg “Black Box”
Consequences: Value & Replaceability http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/
Misplaced Focus “With the breach-a-week over the last two years, the key determinate was nothing YOU did… but rather was WHO was after you.”
The Control Continuum
Insert Your Name Insert Your Title Insert Date Evolving Adversaries… …Evolving Threats 10
What is a “Threat”? A Threat is an Actor with a Capability and a Motive Threats Are A “Who”, Not a “What”
A Modern Pantheon of Adversary Classes Methods “MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware Physical Impacts Reputational Personal Confidentiality Integrity Availability Target Assets Credit Card #s Web Properties Intellectual Property PII / Identity Cyber Infrastructure Core Business Processes Motivations Financial Industrial Military Ideological Political Prestige Actor Classes States Competitors Organized Crime Script Kiddies Terrorists “Hactivists” Insiders Auditors
Methods “MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltratio n Malware Physical Impacts Reputational Personal Confidentiality Integrity Availability Target Assets Credit Card #s Web Properties Intellectual Property PII / Identity Cyber Infrastructure Core Business Processes Motivations Financial Industrial Military Ideological Political Prestige Actor Classes States Competitors Organized Crime Script Kiddies Terrorists “Hactivists” Insiders Auditors Profiling a Particular Actor
Script Kiddies (aka Casual Adversary) 14 “MetaSploit”, SQLi, Phishing Confidentially, Reputation CCN/Fungible Profit, Prestige Skiddie
Organized Crime Malware, Botnets, Rootkits Confidentially Fungible, Banking Profit Organized Crime
Custom Malware, SpearPhishing, Physi cal, ++ Intellectual Property Trade Secrets Infrastructure Confidentially, Reputation Industrial/Military State/Espionage Adaptive Persistent Adversaries
Hactivists Chaotic Actors DoS, SQLi, Phishing Availability, Confidentiality, Reputation, Personal Web Properties, Individuals, Po licy Ideological and/or LULZ Chaotic Actor
Insert Your Name Insert Your Title Insert Date Evolving Technology… …Evolving Dependence 18
The Value An Organization Delivers Is Driven By Its Differentiation Suppliers & Partners Your Organization Customers Differentiation Intellectual Property Strategy Core Processes
Competitive Differentiation is Dependent on Information and the IT Infrastructure Intellectual Property Strategy Core Processes Information Security’s Mission Is To Protect These Key Digital Assets
Optimizing Security Management Is a Multi-Faceted Challenge Customer Needs Business Needs Regulators (Compliance) Threats
Branch Office Cloud, Virtualization, Mobile, and Consumerization! Oh My! 22 Web 2.0 Application Remote Replication • Sensitive Data on the Rise • More IT Dependency • Compliance • Variety of Threat Actors Growing Risk • Traditional Perimeter GONE! • SaaS, Cloud & Web 2.0 Apps • Collaboration Partners • Growing Mobile Devices No Physical Controls Internet SaaS Cloud Extranet WAN Docs Offline Folders Shared Folders DatabaseGroupware E-Mail Media Flash- drive Data Center Laptop Mobile
Virtualization and Cloud Computing Are Economically Compelling and Here to Stay 23
What Has Changed? Perimeter Layers Collaboration Integrated Amount of Information and Infrastructure Attack Surface Cost of Failure Time As Organizations Have Embraced Technology, the Amount of Information, Attack Surface, and Cost of Failure Have All Skyrocketed!
Another Change: The New Definition of Privilege 25
Privileged Users Even More Powerful In Cloud/VIrt 26 Virtual Machine Virtual Machine Virtual Machine Compute Storage Network Virtual Compute CPU Virtual Storage NAS / SAN Management Database As- A-Service Application Guest OS Application Application Guest OSGuest OS Virtual Network Physical Network Hypervisor Server Application OS CPU Disk Network BEFORE AFTER
Insert Your Name Insert Your Title Insert Date Solutions and Ideas 27
Insert Your Name Insert Your Title Insert Date Adversary ROI
Why Adversary ROI  Adversaries want assets - vulnerabilities are a means  Our attack surface is approaching infinity  Adversaries have scarce resources too Adversaries care if *they* can get a return on investment from an attack, not you…
Adversary ROI Came About By Looking at Risk A risk requires a threat and a vulnerability that results in a negative consequence We have finite resources, and must optimize the entire risk equation for our success! Current State Threat Vulnerability Consequence Proposed State?
Understanding the Risk Equation Risk = Threat + Vulnerability Most Cyber Security programs focused solely on vulnerability management, which necessary but insufficient: • Technology changes at high rate of speed making vulnerability a moving target • Adversary community changes faster than defenders • Attacks quickly move to the most porous layer • End users likely to remain a significant vulnerability Focus of most cyber security programs The Cyber Security “arms race” today focuses Vulnerabilities—Its time to address other variables!
Value Favors the Attacker Public Sensitive Highly Replicable Sensitive Irreplaceable Information Classification AttackerGains Typical IT Security Budget (1-12% of IT Budget) Are you prepared to address a funded nation state targeting your highest value intellectual property?
The Adversary ROI Equation Adversary ROI = Attack Value Cost of the Attack Probability of Success Deterrence Measures (% Chance of Getting Caught x Cost of Getting Caught) Value of Assets Compromised + Adversary Value of Operational Impact X - [ ] Cost of the Attack - ( )
Ability to respond and recover key Impacting Adversary ROI It is typically not desirable to make your assets less valuable Impact of getting caught is typically a government issue Increase adversary “Work Effort” Ability to respond and recover key Increase adversary “Work Effort” Adversary ROI = Attack Value Cost of the Attack Probability of Success Deterrence Measures (% Chance of Getting Caught x Cost of Getting Caught) Value of Assets Compromised + Adversary Value of Operational Impact X - ( ) Cost of the Attack - ( )
Every Organization Should Know The Key Components to This Model Methods Impacts Target Assets Motivations Actor Classes
Insert Your Name Insert Your Title Insert Date The Control Quotient 36
The Control Quotient Definition  Quotient: (from http://www.merriam-webster.com/dictionary/quotient ) • the number resulting from the division of one number by another • the numerical ratio usually multiplied by 100 between a test score and a standard value • quota, share • the magnitude of a specified characteristic or quality  Control Quotient: optimization of a security control based on the maximum efficacy within sphere of control (or influence or trust) of the underlying infrastructure*  *unless there is an independent variable…
Amazon EC2 - IaaS The lower down the stack the Cloud provider stops, the more security you are tactically responsible for implementing & managing yourself. Salesforce - SaaS Google AppEngine - PaaS The Control Quotient and the SPI Stack Stack by Chris Hoff -> CSA
Security Management & GRC Identity/Entity Security Data Security Host Network Infrastructure Security Application Security CSA Cloud Model The Control Quotient and the SPI Stack
CSA Cloud Model Security Management & GRC Identity/Entity Security Data Security Host Network Infrastructure Security Application Security Virtualization, Software Defined Networks, and Public/Hybrid/Community Cloud Forces a Change in How Security Controls Are Evaluated and Deployed The Control Quotient and the SPI Stack
To Be Successful, We Must Focus on the Control Kept (or Gained!), NOT the Control Lost… Half Full or Half Empty?
http://www.flickr.com/photos/markhillary/6342705495 http://www.flickr.com/photos/tallentshow/2399373550 More Than Just Technology…
Insert Your Name Insert Your Title Insert Date The Secure Breach 43
Crunchy on the Outside… 44 http://www.flickr.com/photos/theilr/2240742119/
Time to Secure the Breach 45 Breach Prevention Era Secure Breach Era
Key Enablers to the Secure Breach Encryption (and Key Management) Identity and Access Management with Strong Authentication Segmentation Privilege User Management Detection and Response Capabilities Asset, Configuration, and Change Management 46
4 Step Program For Ushering In the “Secure Breach” Era • Its time to try something new… Introspection • You can’t prevent a perimeter breach… Acceptance • Know your enemies and what they are after… Understanding • Decrease adversary ROI… Action 47
Insert Your Name Insert Your Title Insert Date Thank You! Any questions David Etue @djetue Watch the full webcast on demand: https://www.brighttalk.com/webcast/6319/75109 48
Follow SafeNet on Social Media [Blog] http://data-protection.safenet-inc.com @safenetinc http://www.linkedin.com/company/safenet http://youtube.com/safenetinc http://facebook.com/safenetinc https://plus.google.com/+safenet http://pinterest.com/safenetinc/ http://www.safenet-inc.com/rss.aspx http://www.slideshare.net/SafeNet http://www.govloop.com/group/safenetgov http://www.brighttalk.com/channel/2037 http://community.spiceworks.com/pages/safenetinc 49

Recommandé

Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Cyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber Security Infotech
 

Recommandé

Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Cyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber Security Infotech
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingRobert Herjavec
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfYounesChafi1
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the CloudChirag Joshi, CISA, CISM, CRISC
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingCloudSecurityAllianceAustralia
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityCentrify Corporation
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015Paul F. Roberts
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS
 

Contenu connexe

Tendances

LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingRobert Herjavec
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfYounesChafi1
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityCentrify Corporation
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 

Tendances (20)

LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 

Similaire à Cyber Security Management in a Highly Innovative World

John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015Paul F. Roberts
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 

Similaire à Cyber Security Management in a Highly Innovative World (20)

John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
The Cyber Attack Risk
The Cyber Attack RiskThe Cyber Attack Risk
The Cyber Attack Risk
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 

Plus de SafeNet

eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesSafeNet
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSafeNet
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementSafeNet
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 

Plus de SafeNet (20)

eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and Strategies
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key Strategies
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key Management
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key Management
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 

Dernier

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Dernier (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Cyber Security Management in a Highly Innovative World

  • 1. Insert Your Name Insert Your Title Insert Date Cyber Security Management In a Highly Innovative World David Etue, VP Corporate Development Strategy, SafeNet June 2013 © SafeNet - All Rights Reserved
  • 2. Agenda About Me and SafeNet Context Evolving Adversaries, Evolving Threats Evolving Technology, Evolving Dependence Solutions and Ideas
  • 3. About David Etue @djetue • VP, Corporate Development Strategy at SafeNet • Former Cyber Security Practice Lead [PRTM Management Consultants] (now PwC) • Former VP Products and Markets [Fidelis Security Systems] • Former Manager, Information Security [General Electric Company] • Industry • Faculty: The Institute for Applied Network Security (IANS) • Certified Information Privacy Professional (CIPP/G) • Certified CISO (C|CISO) • Cyber things that interest me • Adversary innovation • Applying intelligence cycle / OODA loop in cyber • Supply chain security • Cloud and virtualization security
  • 4. Who We Are Trusted to protect the world’s most sensitive data for the world’s most trusted brands. We protect the most money that moves in the world, $1 trillion daily. We protect the most digital identities in the world. We protect the most sensitive information in the world. FOUNDED 1983 REVENUE ~330m EMPLOYEES +1,400 In 25 countries OWENERSHIP Private GLOBAL FOOTPRINT +25,000 Customers in 100 countries ACCREDITED Products certified to the highest security standard
  • 5. Insert Your Name Insert Your Title Insert Date Context
  • 6. We Have Finite Resources… We Can Not Protect Everything! http://commons.wikimedia.org/wiki/File:Fdr_sidefront.jpgLufthansa Airbus A380 D-AIMC with the name "Peking" at Stuttgart Lasse Fuss http://commons.wikimedia.org/wiki/File:Lufthansa_A380_D-AIMC.jpg “Black Box”
  • 7. Consequences: Value & Replaceability http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/
  • 8. Misplaced Focus “With the breach-a-week over the last two years, the key determinate was nothing YOU did… but rather was WHO was after you.”
  • 10. Insert Your Name Insert Your Title Insert Date Evolving Adversaries… …Evolving Threats 10
  • 11. What is a “Threat”? A Threat is an Actor with a Capability and a Motive Threats Are A “Who”, Not a “What”
  • 12. A Modern Pantheon of Adversary Classes Methods “MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware Physical Impacts Reputational Personal Confidentiality Integrity Availability Target Assets Credit Card #s Web Properties Intellectual Property PII / Identity Cyber Infrastructure Core Business Processes Motivations Financial Industrial Military Ideological Political Prestige Actor Classes States Competitors Organized Crime Script Kiddies Terrorists “Hactivists” Insiders Auditors
  • 13. Methods “MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltratio n Malware Physical Impacts Reputational Personal Confidentiality Integrity Availability Target Assets Credit Card #s Web Properties Intellectual Property PII / Identity Cyber Infrastructure Core Business Processes Motivations Financial Industrial Military Ideological Political Prestige Actor Classes States Competitors Organized Crime Script Kiddies Terrorists “Hactivists” Insiders Auditors Profiling a Particular Actor
  • 14. Script Kiddies (aka Casual Adversary) 14 “MetaSploit”, SQLi, Phishing Confidentially, Reputation CCN/Fungible Profit, Prestige Skiddie
  • 16. Custom Malware, SpearPhishing, Physi cal, ++ Intellectual Property Trade Secrets Infrastructure Confidentially, Reputation Industrial/Military State/Espionage Adaptive Persistent Adversaries
  • 17. Hactivists Chaotic Actors DoS, SQLi, Phishing Availability, Confidentiality, Reputation, Personal Web Properties, Individuals, Po licy Ideological and/or LULZ Chaotic Actor
  • 18. Insert Your Name Insert Your Title Insert Date Evolving Technology… …Evolving Dependence 18
  • 19. The Value An Organization Delivers Is Driven By Its Differentiation Suppliers & Partners Your Organization Customers Differentiation Intellectual Property Strategy Core Processes
  • 20. Competitive Differentiation is Dependent on Information and the IT Infrastructure Intellectual Property Strategy Core Processes Information Security’s Mission Is To Protect These Key Digital Assets
  • 21. Optimizing Security Management Is a Multi-Faceted Challenge Customer Needs Business Needs Regulators (Compliance) Threats
  • 22. Branch Office Cloud, Virtualization, Mobile, and Consumerization! Oh My! 22 Web 2.0 Application Remote Replication • Sensitive Data on the Rise • More IT Dependency • Compliance • Variety of Threat Actors Growing Risk • Traditional Perimeter GONE! • SaaS, Cloud & Web 2.0 Apps • Collaboration Partners • Growing Mobile Devices No Physical Controls Internet SaaS Cloud Extranet WAN Docs Offline Folders Shared Folders DatabaseGroupware E-Mail Media Flash- drive Data Center Laptop Mobile
  • 23. Virtualization and Cloud Computing Are Economically Compelling and Here to Stay 23
  • 24. What Has Changed? Perimeter Layers Collaboration Integrated Amount of Information and Infrastructure Attack Surface Cost of Failure Time As Organizations Have Embraced Technology, the Amount of Information, Attack Surface, and Cost of Failure Have All Skyrocketed!
  • 25. Another Change: The New Definition of Privilege 25
  • 26. Privileged Users Even More Powerful In Cloud/VIrt 26 Virtual Machine Virtual Machine Virtual Machine Compute Storage Network Virtual Compute CPU Virtual Storage NAS / SAN Management Database As- A-Service Application Guest OS Application Application Guest OSGuest OS Virtual Network Physical Network Hypervisor Server Application OS CPU Disk Network BEFORE AFTER
  • 27. Insert Your Name Insert Your Title Insert Date Solutions and Ideas 27
  • 28. Insert Your Name Insert Your Title Insert Date Adversary ROI
  • 29. Why Adversary ROI  Adversaries want assets - vulnerabilities are a means  Our attack surface is approaching infinity  Adversaries have scarce resources too Adversaries care if *they* can get a return on investment from an attack, not you…
  • 30. Adversary ROI Came About By Looking at Risk A risk requires a threat and a vulnerability that results in a negative consequence We have finite resources, and must optimize the entire risk equation for our success! Current State Threat Vulnerability Consequence Proposed State?
  • 31. Understanding the Risk Equation Risk = Threat + Vulnerability Most Cyber Security programs focused solely on vulnerability management, which necessary but insufficient: • Technology changes at high rate of speed making vulnerability a moving target • Adversary community changes faster than defenders • Attacks quickly move to the most porous layer • End users likely to remain a significant vulnerability Focus of most cyber security programs The Cyber Security “arms race” today focuses Vulnerabilities—Its time to address other variables!
  • 32. Value Favors the Attacker Public Sensitive Highly Replicable Sensitive Irreplaceable Information Classification AttackerGains Typical IT Security Budget (1-12% of IT Budget) Are you prepared to address a funded nation state targeting your highest value intellectual property?
  • 33. The Adversary ROI Equation Adversary ROI = Attack Value Cost of the Attack Probability of Success Deterrence Measures (% Chance of Getting Caught x Cost of Getting Caught) Value of Assets Compromised + Adversary Value of Operational Impact X - [ ] Cost of the Attack - ( )
  • 34. Ability to respond and recover key Impacting Adversary ROI It is typically not desirable to make your assets less valuable Impact of getting caught is typically a government issue Increase adversary “Work Effort” Ability to respond and recover key Increase adversary “Work Effort” Adversary ROI = Attack Value Cost of the Attack Probability of Success Deterrence Measures (% Chance of Getting Caught x Cost of Getting Caught) Value of Assets Compromised + Adversary Value of Operational Impact X - ( ) Cost of the Attack - ( )
  • 35. Every Organization Should Know The Key Components to This Model Methods Impacts Target Assets Motivations Actor Classes
  • 36. Insert Your Name Insert Your Title Insert Date The Control Quotient 36
  • 37. The Control Quotient Definition  Quotient: (from http://www.merriam-webster.com/dictionary/quotient ) • the number resulting from the division of one number by another • the numerical ratio usually multiplied by 100 between a test score and a standard value • quota, share • the magnitude of a specified characteristic or quality  Control Quotient: optimization of a security control based on the maximum efficacy within sphere of control (or influence or trust) of the underlying infrastructure*  *unless there is an independent variable…
  • 38. Amazon EC2 - IaaS The lower down the stack the Cloud provider stops, the more security you are tactically responsible for implementing & managing yourself. Salesforce - SaaS Google AppEngine - PaaS The Control Quotient and the SPI Stack Stack by Chris Hoff -> CSA
  • 39. Security Management & GRC Identity/Entity Security Data Security Host Network Infrastructure Security Application Security CSA Cloud Model The Control Quotient and the SPI Stack
  • 40. CSA Cloud Model Security Management & GRC Identity/Entity Security Data Security Host Network Infrastructure Security Application Security Virtualization, Software Defined Networks, and Public/Hybrid/Community Cloud Forces a Change in How Security Controls Are Evaluated and Deployed The Control Quotient and the SPI Stack
  • 41. To Be Successful, We Must Focus on the Control Kept (or Gained!), NOT the Control Lost… Half Full or Half Empty?
  • 43. Insert Your Name Insert Your Title Insert Date The Secure Breach 43
  • 44. Crunchy on the Outside… 44 http://www.flickr.com/photos/theilr/2240742119/
  • 45. Time to Secure the Breach 45 Breach Prevention Era Secure Breach Era
  • 46. Key Enablers to the Secure Breach Encryption (and Key Management) Identity and Access Management with Strong Authentication Segmentation Privilege User Management Detection and Response Capabilities Asset, Configuration, and Change Management 46
  • 47. 4 Step Program For Ushering In the “Secure Breach” Era • Its time to try something new… Introspection • You can’t prevent a perimeter breach… Acceptance • Know your enemies and what they are after… Understanding • Decrease adversary ROI… Action 47
  • 48. Insert Your Name Insert Your Title Insert Date Thank You! Any questions David Etue @djetue Watch the full webcast on demand: https://www.brighttalk.com/webcast/6319/75109 48
  • 49. Follow SafeNet on Social Media [Blog] http://data-protection.safenet-inc.com @safenetinc http://www.linkedin.com/company/safenet http://youtube.com/safenetinc http://facebook.com/safenetinc https://plus.google.com/+safenet http://pinterest.com/safenetinc/ http://www.safenet-inc.com/rss.aspx http://www.slideshare.net/SafeNet http://www.govloop.com/group/safenetgov http://www.brighttalk.com/channel/2037 http://community.spiceworks.com/pages/safenetinc 49

Notes de l'éditeur

  1. Economics is the study of how society allocates scarce resources and goods. A well managed Info/Cyber/Security/Assurance program requires intelligent allocation of scarce resources–we can not protect everythingWe can’t build the entire airplane out of the “black box”
  2. Classes of actors can be identified (and even particular actors in some cases)Capabilities can be estimated (and potentially managed by working Governments and Law Enforcement)Motive can be analyzed via “Adversary ROI”
  3. Rorschach Test: http://en.wikipedia.org/wiki/Rorschach_testWe see in Anonymous what we WANT to see.. We project. Our perceptions say more about us than they do about the multitude of subgroups/causes in Anonymous.
  4. http://www.vmware.com/files/pdf/solutions/Business-Value-Virtualization.pdfhttp://aws.amazon.com/free/
  5. When our attack surfaces approach infinity, its easier to manage threatsCONTROL QUOTIENTMost security programs focused solely on vulnerability management, which necessary but insufficientTechnology changes at high rate of speed making vulnerability a moving targetAdversary community changes faster than defendersAttacks quickly move to the most porous layerEnd users likely to remain a significant vulnerability
  6. Serenity prayer