Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Capita - Managing Cyber Risk in the Enterprise - DW-V1

359 vues

Publié le

  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Soyez le premier à aimer ceci

Capita - Managing Cyber Risk in the Enterprise - DW-V1

  1. 1. Managing Cyber Risk in the Enterprise Security Leadership Summit Dave Whitelegg CISSP Head of Information Security & Payments Capita plc February 2016
  2. 2. The Traditional Information Security Approach 2 Risk Focus Information Security Impact • Industry Best Practice Information Security • Traditional ‘out of the box’ ‘Security Focus’ and Controls Frequency
  3. 3. Evolving Threat Landscape 3 Risk Focus Information Security • Attackers are increasingly successful at evading traditional infrastructure-focussed security controls i.e. DDoS, Zero-Day Exploits, Spear Phishing, Social Engineering, Sophisticated Attacks • Growing number of Opportunistic Attacks i.e. Hacktivists, Criminals, Insiders • Cost of Attacks are Falling and Easier to Perform Impact Risk Frequency
  4. 4. Impact Evolution of Information Security 4 Risk Focus Best Practice InfoSec • ‘One Size’ Security doesn’t fit a ‘diverse’ Enterprise • Best Practices and InfoSec Policy set a ‘Minimum Enterprise Baseline’ for Security • Traditional Best Practice InfoSec + Risk Based Cyber Security Risk Based Cyber Security Information Security Risk Probability
  5. 5. Assessing and Managing Cyber Risk 5 Likelihood( * )Cyber Risk Impact=F Target Asset Threat Scenario Threat Actor Aims ( * * )Likelihood Vulnerability =F CapabilityMotivation
  6. 6. Cyber Threat Model 6 Threat Actor Aims Target Asset Threat Scenario has which may effect Using Causing Motivation Capability Threat Intelligence Identification Categorisation Threat Model Goals • Categorises Threats, Assets & Compromise Methodologies • Measure Cyber Risks • Identify Mitigating Controls Likelihood( * )Cyber Risk Impact=F
  7. 7. Cyber Risk: Targets Asset Identifying Critical Assets (Criticality Assessment) Q. What is the Business Impact from a compromise of this assets?  Informational Assets  A data set or other information source which has critical value to the operation of the business. Compromise of this information asset would have material impact on the objectives of the business.  Non-Informational Assets • Physical Infrastructure • Business Operations & Services • People Q. How Vulnerable are Target Assets to Threat Actors? 7 Threat Model
  8. 8. Threat Actors Threat Actors general aim is to cause a negative business and/or positive personal impact, through a compromise of an Asset:  Confidentiality  Integrity  Availability 8 Threat Model
  9. 9. Threat Model Enterprise Threats to the Enterprise Disgruntled Insider Insider Trader Press Criminal Insider State-sponsored hacker Researcher Whistle Blower Private investigator Hacktivist Accidental Insider Criminal Third Party Criminal Group Competitor Rogue Trader
  10. 10. Threat Actor Categories Criminal • Lone actor • Theft of funds/assets • Financial reward 10 Accidental Insider Disgruntled Insider Insider Trader Hacktivist Whistle-blower Criminal Insider Criminal Group Criminal State-sponsored hacker Competitor Rogue Trader Press Researcher Private investigator Third Party Accidental Insider • Friendly insider • Lack of training • Stress State-Sponsored Hacker • Foreign intelligence-backed hacker • Customised attacks • Geopolitical ideology • Money Hacktivist • Like-minded individuals • Chaotic • Defacement / DoS • Political causes • Fun
  11. 11. Cyber Risk: Measuring Threat Levels Motivation is the qualitative metric used to relatively categorise the intent and dedication of the Threat Actor  High, Medium, Low Capability is the qualitative metric used to relatively categorise the skills and tools available to the Threat Actor  High, Medium, Low A Threat Actor’s Threat Level is a function of Capability & Motivation • The likelihood of a risk occurring i.e. a capable, motivated Threat Actor seeking to compromise a particular information asset is more likely to succeed  Threat Intelligence  Threat levels aren’t static 11 Capability Motivation Threat Model
  12. 12. Threat Actor Aims & Threat Scenarios Aims • Hacktivist Group wishes to cause embarrassment to client ‘Company A’ • Disrupt client services • Criminal Insider are self financially motivated to steal customer credit card data • State Sponsored Hacker seeks to destabilise the UK economy • Negatively affecting the share price of FTSE 100 companies Threat Scenarios (Specific attack methods with measurable outcomes - Impact) • Hacktivist Group DDoS attack on the Data Centre’s Internet facing Connectivity • The objective is to take down a client’s hosted web service • Criminal Insider writes down credit card numbers during customer phone call interaction • The objective is to steal credit card data from the Call Centre, then commit fraud. • State Sponsored DDoS attack on the corporate website at financial year end • The objective is to prevent release of the company’s annual financial results 12 Threat Model
  13. 13. Cyber Risk Management 13 Risk Treatment • Acceptance and do nothing • Acceptance with a Contingency Plan (when it happens) • Mitigation Plan (Reduce Risk, Avoid, Transfer) Threat Level Cyber Risk
  14. 14. Strategic Enterprise Cyber Threat & Risk View 14 Focus Threat Intelligence efforts Focus Enterprise Security efforts
  15. 15. Enterprise InfoSec keeping pace with Evolving Threats 15 Continual Process
  16. 16. Questions? 16
  17. 17. Thank You Dave Whitelegg @SecurityExpert https://www.linkedin.com/in/whitelegg 17

×