SlideShare une entreprise Scribd logo

4 b. thomas whipp presentation

CFG
CFG
Économie & financeBusinessTechnologie
1  sur  20
Télécharger pour lire hors ligne
Achieving Durable Security : Being Honest About What You Can Really Do. Thomas Whipp MSc MEng CISSP CPP CBCI Head of Risk Oval Ltd
Presentation Overview What are the Thinking Where are the Where are you real costs of differently risks? starting from? your strategy? about security
Where are you starting from?
Your Information? Printers Mobile Excel Phones SQL Emails Memory Sticks Scanned Images
Your Business Capital Will it really Who’s Value for Incident Politics Costs Vs. Displacement Prevention Detection Will it work? be spent? budget? Response Money? Revenue
Where are the risks?
Who is out there? Technical Industrial Script State Social Hacktavists Criminals Attacks Sponsored Espionage Kiddies Engineering
Thinking Differently About Security
Rational Choice Theory Evaluation of risk and return ? How much will I get ? How likely am I to be caught Uses ? How large is the punishment A good model for planned offences Typically acquisitive in nature Largely fails to explain expressive offences
Routine activity theory Can be used to Lack of a explain Motivated capable offender everyday type guardian crimes
Situational Prevention Ronald v Clarke Examples: Crimenot Near not Increasethe Reduce the 5 Main Remove Reduce Key Concerns How not why Event driven distant cause criminality provocations excuses mechanisms rewards effort risk
Defensible Space Oscar Newman Thinking point: Territoriality Natural Key Points (key behaviour to surveillance Image Milieu Is it worth allowing encourage) personalisation at the desktop? some
Displacement A key criteria used to assess physical security initiatives Putting in a control May not reduce offending May simply move it elsewhere
Disinhibition Key challenge Leads to Strong sense of for InfoSec anonymity significant Lack of a sense of consequence awareness but changes in also situational Disassociation behaviour from the ‘real controls world’
What are the real costs of your strategy?
Covering your bases... Spreading the costs Prevention Response Residual Detection
Choosing a Strategy... What are the options? Process Any option canProduct deliver an effective control if implemented properly Service Architecture
Risks to Strategy...
Choosing a Strategy... Controls and their true costs 100% 90% 80% 70% 60% Political Effort 50% Revenue Capital 40% 30% 20% 10% 0% Process Product Service Architecture
Tom Whipp MSc MEng CISSP CPP CBCI Head of Risk, Oval Ltd Tel: 01924 433081 Mbl: 07500 796391 Email: tom.whipp@theovalgroup.com

Recommandé

Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business ContinuityMustafa KILIC
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concernshealthcareisi
 
Healthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us CaptiveHealthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us Captivepaulmarshall
 
State of on call report 2014
State of on call report 2014State of on call report 2014
State of on call report 2014Todd Vernon
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Ahmed Al Enizi
 

Recommandé

Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business ContinuityMustafa KILIC
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concernshealthcareisi
 
Healthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us CaptiveHealthcare Risk Analytics Power Of Knowledge Us Captive
Healthcare Risk Analytics Power Of Knowledge Us Captivepaulmarshall
 
State of on call report 2014
State of on call report 2014State of on call report 2014
State of on call report 2014Todd Vernon
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Ahmed Al Enizi
 
2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard MouldsCFG
 
Custom WordPress Content Options
Custom WordPress Content OptionsCustom WordPress Content Options
Custom WordPress Content OptionsDee Teal
 
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDERCFG
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?CFG
 
VR Voice Special Edition #1
VR Voice Special Edition #1VR Voice Special Edition #1
VR Voice Special Edition #1Cool Blue Company, LLC
 
National geographic
National geographicNational geographic
National geographicIván Anero Terradillos
 
1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon WrightCFG
 
Wp maintenance and Security
Wp maintenance and SecurityWp maintenance and Security
Wp maintenance and SecurityDee Teal
 
2 a mark hallam
2 a mark hallam2 a mark hallam
2 a mark hallamCFG
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud InfrastructureCFG
 
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...CFG
 
The Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDOThe Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDOCFG
 
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer VincentPDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer VincentCFG
 
1 a tina and philip
1 a tina and philip1 a tina and philip
1 a tina and philipCFG
 
3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawsonCFG
 
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...CFG
 
Day 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHDay 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHElizabeth Techman
 
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICECFG
 
3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon HopkinsCFG
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
 

Contenu connexe

En vedette

2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard MouldsCFG
 
Custom WordPress Content Options
Custom WordPress Content OptionsCustom WordPress Content Options
Custom WordPress Content OptionsDee Teal
 
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDERCFG
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?CFG
 
1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon WrightCFG
 
Wp maintenance and Security
Wp maintenance and SecurityWp maintenance and Security
Wp maintenance and SecurityDee Teal
 
2 a mark hallam
2 a mark hallam2 a mark hallam
2 a mark hallamCFG
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud InfrastructureCFG
 
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...CFG
 
The Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDOThe Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDOCFG
 
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer VincentPDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer VincentCFG
 
1 a tina and philip
1 a tina and philip1 a tina and philip
1 a tina and philipCFG
 
3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawsonCFG
 
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...CFG
 
Day 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHDay 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHElizabeth Techman
 
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICECFG
 
3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon HopkinsCFG
 

En vedette (20)

2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds2B - Business IT Investment Risks - Richard Moulds
2B - Business IT Investment Risks - Richard Moulds
 
Custom WordPress Content Options
Custom WordPress Content OptionsCustom WordPress Content Options
Custom WordPress Content Options
 
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 
2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?2A Computers: The fraudsters friend?
2A Computers: The fraudsters friend?
 
VR Voice Special Edition #1
VR Voice Special Edition #1VR Voice Special Edition #1
VR Voice Special Edition #1
 
National geographic
National geographicNational geographic
National geographic
 
1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright1E - Property Management - Christine Janaway & Jon Wright
1E - Property Management - Christine Janaway & Jon Wright
 
Wp maintenance and Security
Wp maintenance and SecurityWp maintenance and Security
Wp maintenance and Security
 
2 a mark hallam
2 a mark hallam2 a mark hallam
2 a mark hallam
 
2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure2B Maggie's Cloud Infrastructure
2B Maggie's Cloud Infrastructure
 
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
 
The Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDOThe Future of Financial Reporting for Charities, Don Bawtree, BDO
The Future of Financial Reporting for Charities, Don Bawtree, BDO
 
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer VincentPDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
 
1 a tina and philip
1 a tina and philip1 a tina and philip
1 a tina and philip
 
3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson3 b. iain pritchard & laura dawson
3 b. iain pritchard & laura dawson
 
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
 
Day 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISHDay 1 CLASS START UP ALL LEVELS SPANISH
Day 1 CLASS START UP ALL LEVELS SPANISH
 
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
 
3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins3E - FD as a leader on risk compliance and governance - Simon Hopkins
3E - FD as a leader on risk compliance and governance - Simon Hopkins
 

Similaire à 4 b. thomas whipp presentation

Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
 
Risk bridges business and security
Risk bridges business and securityRisk bridges business and security
Risk bridges business and securityM. Isaiah McGowan
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017zapp0
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
Anton Chuvakin on What is NOT Working in Security 2004
Anton Chuvakin on What is NOT Working in Security 2004Anton Chuvakin on What is NOT Working in Security 2004
Anton Chuvakin on What is NOT Working in Security 2004Anton Chuvakin
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesEd Bellis
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC SummitTripwire
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Crash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative AnalysisCrash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative Analysis"Apolonio \"Apps\"" Garcia
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions
 
A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human errorAnup Narayanan
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber CafeAmy Lenzo
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit managementComputer Aid, Inc
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 

Similaire à 4 b. thomas whipp presentation (20)

Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
Risk bridges business and security
Risk bridges business and securityRisk bridges business and security
Risk bridges business and security
 
Secure360 on Risk
Secure360 on RiskSecure360 on Risk
Secure360 on Risk
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
 
Anton Chuvakin on What is NOT Working in Security 2004
Anton Chuvakin on What is NOT Working in Security 2004Anton Chuvakin on What is NOT Working in Security 2004
Anton Chuvakin on What is NOT Working in Security 2004
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Crash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative AnalysisCrash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative Analysis
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
 
EESS Day 1 - Justin Ludcke
EESS Day 1 - Justin LudckeEESS Day 1 - Justin Ludcke
EESS Day 1 - Justin Ludcke
 
A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human error
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber Cafe
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit management
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 

Plus de CFG

WORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENTWORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENTCFG
 
4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDS4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDSCFG
 
3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTS3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTSCFG
 
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCEWORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCECFG
 
2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENT2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENTCFG
 
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALSCFG
 
2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNT2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNTCFG
 
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENTCFG
 
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPISCFG
 
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOWCFG
 
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...CFG
 
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOWCFG
 
Opening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan CorryOpening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan CorryCFG
 
Session 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin BelcherSession 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin BelcherCFG
 
4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed Zedlewski4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed ZedlewskiCFG
 
4A - Working remotely - Richard Craig
4A - Working remotely - Richard Craig4A - Working remotely - Richard Craig
4A - Working remotely - Richard CraigCFG
 
3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...CFG
 
1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter Wainman1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter WainmanCFG
 
Opening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel ShadboltOpening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel ShadboltCFG
 
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine FaulknerThe real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine FaulknerCFG
 

Plus de CFG (20)

WORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENTWORKSHOP 2 – CHANGE MANAGEMENT
WORKSHOP 2 – CHANGE MANAGEMENT
 
4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDS4D – PERFORMANCE AND REWARDS
4D – PERFORMANCE AND REWARDS
 
3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTS3C – PAYMENT BY RESULTS
3C – PAYMENT BY RESULTS
 
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCEWORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
 
2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENT2C – SOCIAL INVESTMENT
2C – SOCIAL INVESTMENT
 
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
 
2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNT2A – AUTO ENROLMENT: LESSONS LEARNT
2A – AUTO ENROLMENT: LESSONS LEARNT
 
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
 
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
 
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
 
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
 
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
 
Opening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan CorryOpening plenary – The future of the sector - Dan Corry
Opening plenary – The future of the sector - Dan Corry
 
Session 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin BelcherSession 1B – Fraud - Collin Belcher
Session 1B – Fraud - Collin Belcher
 
4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed Zedlewski4B - Is the cloud safe - Ed Zedlewski
4B - Is the cloud safe - Ed Zedlewski
 
4A - Working remotely - Richard Craig
4A - Working remotely - Richard Craig4A - Working remotely - Richard Craig
4A - Working remotely - Richard Craig
 
3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...
 
1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter Wainman1B - Outsourcing - Kevin Calder & Peter Wainman
1B - Outsourcing - Kevin Calder & Peter Wainman
 
Opening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel ShadboltOpening Plenary - Prof. Nigel Shadbolt
Opening Plenary - Prof. Nigel Shadbolt
 
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine FaulknerThe real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
 

Dernier

Global Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride ConsultingGlobal Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride Consultingswastiknandyofficial
 
Money Forward Integrated Report “Forward Map” 2024
Money Forward Integrated Report “Forward Map” 2024Money Forward Integrated Report “Forward Map” 2024
Money Forward Integrated Report “Forward Map” 2024Money Forward
 
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfKempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfHenry Tapper
 
10 QuickBooks Tips 2024 - Globus Finanza.pdf
10 QuickBooks Tips 2024 - Globus Finanza.pdf10 QuickBooks Tips 2024 - Globus Finanza.pdf
10 QuickBooks Tips 2024 - Globus Finanza.pdfglobusfinanza
 
2024-04-09 - Pension Playpen roundtable - slides.pptx
2024-04-09 - Pension Playpen roundtable - slides.pptx2024-04-09 - Pension Playpen roundtable - slides.pptx
2024-04-09 - Pension Playpen roundtable - slides.pptxHenry Tapper
 
Banking: Commercial and Central Banking.pptx
Banking: Commercial and Central Banking.pptxBanking: Commercial and Central Banking.pptx
Banking: Commercial and Central Banking.pptxANTHONYAKINYOSOYE1
 
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshare
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshareAon-UK-DC-Pension-Tracker-Q1-2024. slideshare
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshareHenry Tapper
 
OAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptx
OAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptxOAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptx
OAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptxhiddenlevers
 
The Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance LeaderThe Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance LeaderArianna Varetto
 
What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024prajwalgopocket
 
2B Nation-State.pptx contemporary world nation
2B Nation-State.pptx contemporary world nation2B Nation-State.pptx contemporary world nation
2B Nation-State.pptx contemporary world nationko9240888
 
Hello this ppt is about seminar final project
Hello this ppt is about seminar final projectHello this ppt is about seminar final project
Hello this ppt is about seminar final projectninnasirsi
 
Crypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance Verification
Crypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance VerificationCrypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance Verification
Crypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance VerificationAny kyc Account
 
Building pressure? Rising rents, and what to expect in the future
Building pressure? Rising rents, and what to expect in the futureBuilding pressure? Rising rents, and what to expect in the future
Building pressure? Rising rents, and what to expect in the futureResolutionFoundation
 
Introduction to Health Economics Dr. R. Kurinji Malar.pptx
Introduction to Health Economics Dr. R. Kurinji Malar.pptxIntroduction to Health Economics Dr. R. Kurinji Malar.pptx
Introduction to Health Economics Dr. R. Kurinji Malar.pptxDrRkurinjiMalarkurin
 
ΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτος
ΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτοςΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτος
ΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτοςNewsroom8
 
ekthesi-trapeza-tis-ellados-gia-2023.pdf
ekthesi-trapeza-tis-ellados-gia-2023.pdfekthesi-trapeza-tis-ellados-gia-2023.pdf
ekthesi-trapeza-tis-ellados-gia-2023.pdfSteliosTheodorou4
 
Thoma Bravo Equity - Presentation Pension Fund
Thoma Bravo Equity - Presentation Pension FundThoma Bravo Equity - Presentation Pension Fund
Thoma Bravo Equity - Presentation Pension FundAshwinJey
 
Liquidity Decisions in Financial management
Liquidity Decisions in Financial managementLiquidity Decisions in Financial management
Liquidity Decisions in Financial managementshrutisingh143670
 
Gender and caste discrimination in india
Gender and caste discrimination in indiaGender and caste discrimination in india
Gender and caste discrimination in indiavandanasingh01072003
 

Dernier (20)

Global Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride ConsultingGlobal Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride Consulting
 
Money Forward Integrated Report “Forward Map” 2024
Money Forward Integrated Report “Forward Map” 2024Money Forward Integrated Report “Forward Map” 2024
Money Forward Integrated Report “Forward Map” 2024
 
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfKempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
 
10 QuickBooks Tips 2024 - Globus Finanza.pdf
10 QuickBooks Tips 2024 - Globus Finanza.pdf10 QuickBooks Tips 2024 - Globus Finanza.pdf
10 QuickBooks Tips 2024 - Globus Finanza.pdf
 
2024-04-09 - Pension Playpen roundtable - slides.pptx
2024-04-09 - Pension Playpen roundtable - slides.pptx2024-04-09 - Pension Playpen roundtable - slides.pptx
2024-04-09 - Pension Playpen roundtable - slides.pptx
 
Banking: Commercial and Central Banking.pptx
Banking: Commercial and Central Banking.pptxBanking: Commercial and Central Banking.pptx
Banking: Commercial and Central Banking.pptx
 
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshare
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshareAon-UK-DC-Pension-Tracker-Q1-2024. slideshare
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshare
 
OAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptx
OAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptxOAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptx
OAT_RI_Ep18 WeighingTheRisks_Mar24_GlobalCredit.pptx
 
The Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance LeaderThe Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance Leader
 
What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024
 
2B Nation-State.pptx contemporary world nation
2B Nation-State.pptx contemporary world nation2B Nation-State.pptx contemporary world nation
2B Nation-State.pptx contemporary world nation
 
Hello this ppt is about seminar final project
Hello this ppt is about seminar final projectHello this ppt is about seminar final project
Hello this ppt is about seminar final project
 
Crypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance Verification
Crypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance VerificationCrypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance Verification
Crypto Confidence Unlocked: AnyKYCaccount's Shortcut to Binance Verification
 
Building pressure? Rising rents, and what to expect in the future
Building pressure? Rising rents, and what to expect in the futureBuilding pressure? Rising rents, and what to expect in the future
Building pressure? Rising rents, and what to expect in the future
 
Introduction to Health Economics Dr. R. Kurinji Malar.pptx
Introduction to Health Economics Dr. R. Kurinji Malar.pptxIntroduction to Health Economics Dr. R. Kurinji Malar.pptx
Introduction to Health Economics Dr. R. Kurinji Malar.pptx
 
ΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτος
ΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτοςΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτος
ΤτΕ: Ανάπτυξη 2,3% και πληθωρισμός 2,8% φέτος
 
ekthesi-trapeza-tis-ellados-gia-2023.pdf
ekthesi-trapeza-tis-ellados-gia-2023.pdfekthesi-trapeza-tis-ellados-gia-2023.pdf
ekthesi-trapeza-tis-ellados-gia-2023.pdf
 
Thoma Bravo Equity - Presentation Pension Fund
Thoma Bravo Equity - Presentation Pension FundThoma Bravo Equity - Presentation Pension Fund
Thoma Bravo Equity - Presentation Pension Fund
 
Liquidity Decisions in Financial management
Liquidity Decisions in Financial managementLiquidity Decisions in Financial management
Liquidity Decisions in Financial management
 
Gender and caste discrimination in india
Gender and caste discrimination in indiaGender and caste discrimination in india
Gender and caste discrimination in india
 

4 b. thomas whipp presentation

  • 1. Achieving Durable Security : Being Honest About What You Can Really Do. Thomas Whipp MSc MEng CISSP CPP CBCI Head of Risk Oval Ltd
  • 2. Presentation Overview What are the Thinking Where are the Where are you real costs of differently risks? starting from? your strategy? about security
  • 3. Where are you starting from?
  • 4. Your Information? Printers Mobile Excel Phones SQL Emails Memory Sticks Scanned Images
  • 5. Your Business Capital Will it really Who’s Value for Incident Politics Costs Vs. Displacement Prevention Detection Will it work? be spent? budget? Response Money? Revenue
  • 6. Where are the risks?
  • 7. Who is out there? Technical Industrial Script State Social Hacktavists Criminals Attacks Sponsored Espionage Kiddies Engineering
  • 9. Rational Choice Theory Evaluation of risk and return ? How much will I get ? How likely am I to be caught Uses ? How large is the punishment A good model for planned offences Typically acquisitive in nature Largely fails to explain expressive offences
  • 10. Routine activity theory Can be used to Lack of a explain Motivated capable offender everyday type guardian crimes
  • 11. Situational Prevention Ronald v Clarke Examples: Crimenot Near not Increasethe Reduce the 5 Main Remove Reduce Key Concerns How not why Event driven distant cause criminality provocations excuses mechanisms rewards effort risk
  • 12. Defensible Space Oscar Newman Thinking point: Territoriality Natural Key Points (key behaviour to surveillance Image Milieu Is it worth allowing encourage) personalisation at the desktop? some
  • 13. Displacement A key criteria used to assess physical security initiatives Putting in a control May not reduce offending May simply move it elsewhere
  • 14. Disinhibition Key challenge Leads to Strong sense of for InfoSec anonymity significant Lack of a sense of consequence awareness but changes in also situational Disassociation behaviour from the ‘real controls world’
  • 15. What are the real costs of your strategy?
  • 16. Covering your bases... Spreading the costs Prevention Response Residual Detection
  • 17. Choosing a Strategy... What are the options? Process Any option canProduct deliver an effective control if implemented properly Service Architecture
  • 19. Choosing a Strategy... Controls and their true costs 100% 90% 80% 70% 60% Political Effort 50% Revenue Capital 40% 30% 20% 10% 0% Process Product Service Architecture
  • 20. Tom Whipp MSc MEng CISSP CPP CBCI Head of Risk, Oval Ltd Tel: 01924 433081 Mbl: 07500 796391 Email: tom.whipp@theovalgroup.com

Notes de l'éditeur

  1. Thinking about offendingThinking about controlWhy do people behave differently online?Are we going in the wrong direction sometimes?
  2. evaluation of risk and returnHow much will I getHow likely am I to be caughtHow large is the punishmentUsesA good model for planned offencesTypically acquisitive in natureLargely fails to explain expressive offences
  3. A good model for "drive by" actssuitable targetmotivated offenderlack of a capable guardianCan be used to explain everyday type crimes.
  4. Key ConcernsCrime not criminalityEvent drivenNear not distant causeHow not why5 main mechanismsIncrease the EffortIncrease the risksReduce the rewardsReduce provocationsRemove excusesExamples: CCTVHashing of card datalogon notice stating audit log policy