SlideShare une entreprise Scribd logo

Pivotal Role of HR in Cybersecurity

Matthew Rosenquist
Matthew Rosenquist

Although a latecomer to the security party, HR organizations can play an important role in protecting assets and influencing good security behaviors. HR leadership can strengthen hiring practices, tighten responses for disgruntled employees, spearhead effective employee security education, advocate regulatory compliance and exemplify good privacy practices, be a good custodian of HR data, and rise to the challenges of hiring good cybersecurity professionals.

Technologie
1  sur  33
Télécharger pour lire hors ligne
Strategic Leadership for Managing Evolving Cybersecurity Risks –HR’s Pivotal Role CHO Event November 13th2014, Phoenix AZ Matthew RosenquistCybersecurity Strategist, Intel Corp
Biography 2 Matthew Rosenquist Cybersecurity Strategist Intel Security Group Matthew benefits from 20 years in the field of security, specializing in strategy, threats, operations, crisis management, measuring value, communicating industry changes, and developing cost effective capabilities which deliver the optimal level of security. As a cybersecurity strategist, he works to understand and communicate the future of security and drive industry collaboration to tackle challenges and uncover opportunities to significantly improve global computing security. Mr. Rosenquist built and managed Intel’s first global 24x7 Security Operations Center, overseen internal platform security products and services, was the first Incident Commander for Intel’s worldwide IT emergency response team, and managed security for Intel’s multi-billion dollar worldwide mergers and acquisitions activities. He has conducted investigations, defended corporate assets, established policies, developed strategies to protect Intel’s global manufacturing, and owned the security playbook for the PC strategic planning group. Most recently, Matthew worked to identify the synergies of Intel and McAfee as part of the creation of the Intel Security Group, one of the largest security product organizations in the world. Twitter @Matt_Rosenquist LinkedIn Blogs Intel IT Peer Network
Technology connects and enriches the lives of every person on earth Security is critical to protect computing technology from threats which undermine the health of the industry
“...If security breaks down, technology breaks down” Brian Krebs Noted Cybersecurity Reporter
Human Behaviors Play a Key Role in Cybersecurity 5 Security is comprised of both Technologyand People Human Resources can support or undermine security Intertwined and Inseparable
We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. “Cybersecurity may be fought with technology, but it is people who triumph. We must invest in the future generations of professionals who will carry on the fight”
7 Peering into the future of cybersecurity
49% Unpleasant Cybersecurity Trends 8 Annual malware growth rate 200M+ total malware samples Organizations sufferingdata loss Online adults victims of cybercrime or negative situations Worldwide IT security spending in 2014, 7.9% increase Organizations compromised by attacker bypassing all defenses 552M Total identities exposed in 2013, 493% increase $71B 97% 93% 50% 31 million New 3-monthrecord
Chain Reactions Drive Cybersecurity Evolution… 9
Technology-Landscape Environmental changes Graphic 10 More Users ~4B internet users by 2020 6.6B mobile cellular accts 2013 New users are less savvy, more likely to share sensitive data Easier to manipulate & victimize More Devices 50B ‘things’ connected by 2020 35% will be M2M connections Proliferation of sensor data New architecture vulnerabilities More Usages New services, applications, social ecosystems, and infrastructures New data types, aggregation Risky behaviors, untested tech, and unforeseen consequences
Technology-Landscape Environmental changes 11 More Data 13x increase of mobile data 2012-17 3x data increase by 2018 30GB per person/mo. (2x 2013) 18% CAGR of Business traffic Cheaper to store data vs delete Greater Value $14T Internet of Things value, 2022 $90T value of the networked economy by end of next decade Enterprises responsible 85% data Controlling financial, defense & critical infrastructure Evolving IT Infrastructures M2M, Software Defined Infrastructures (SDDC, SDN, Virtualization), cloud 4x DC traffic by 2018, 31% CAGR 13,300 trillion connections by 2020 Internet of Things M2M networks will grow fastest ITU International Telecommunications Union
12 A growing target-rich environment of more users, data, and devices Motivation for attacks rise as information and systems increase in value New technology adoption, infrastructures, and usages creates a larger attack surface EasyUsers/Devices/Data TargetGraphic Effects of Technology-Landscape changes More attractive targets emerge asopportunities for attacks
Threat Evolution 13 Security talent pool shrinks 70% orgs are understaffed 58% senior and 36% staff level positions went unfilled in 2013 High leadership turnover Threats Accelerate Professionals emerge, educated, organized, funded, and capable Resources & community thrives Success reinforces investment and attracts new attackers Threat Agents Evolve Rise of government surveillance, cyberwarfare, information control Social, political attacks, outsourcing Motivations shift from personal gains to aspirations of control
14 Attackers capabilities increases with investments, experience, and professional threat agents Successes boosts confidence, raises the lure for more attacks and boldness to expand scope Defenders struggle with a growing attack surface, challenging effectiveness models, lack of talent, and insufficient resources Effects of the Threat Evolution Threats advance, outpacing defenders The Race to Evolve is On!
Impacts and Effects 15 Speed of Attacks Increased pace: vulnerability to exploit to compromises New malware at 4 per second 1M+ victims/day (12/second) Collective impact $3T impact to the tech market 20%-30% of IT budgets Privacy, personal finance Emerging Life-Safety risks Stress and Fear Outages, downtime, reporting Data breaches, reputation, IP Job loss, brand, competition, downsize, other major impacts, Security jobs in demand An average Day in an Average Enterprise
16 Users are impacted more and more. Awareness increases and security issues are recognized as a serious problem Organizations feel the pain in losses, negative press, interruption, leadership, & competitiveness Demands for more security staff, better designed products, savvy employees, advanced security systems, and more regulation to protect assets, usability, privacy, and availability Effects of Impacts Expectations around security rise, driving change www.informationisbeautiful.net
Defenses Respond Graphic 17 Comprehensive Security as a continuous cycle Defense-In-Depth process Technologyand Behaviors Obstaclesand Opposition Seeking Optimal Risk Risk management planning Perceptions by executives Balancing the triple constraints of Cost, Risk, and Usability Meeting users shifting demands 17 Explicit Regulations Increase in number and specificity, covering more segments and usages Raises the bar, but not a guarantee of security Can be impediments to growth
Good Practices will Emerge… 18 Smarter vs More Collaboration across security functions improving effectiveness Better IT choices & enablement Measurably balancing the triple constraints of risk, cost, & usability Expectations Drive Change Society’s expectations shift with pain, impact, and inconvenience Trust will be valued, demanded Better security, privacy, and more control (even if it is not used) Improved controls Innovation intersecting emerging attacks to keep pace with attackers Integration across solutions vs point products Intelligence, analysis, and action
How Cybersecurity will Evolve 19 Verge of rapid changes, will get worse before it gets better Threat landscape becomes more professional, organized, and funded Technology ecosystem grows rapidly, creating new attack surfaces Value of security rises in the eyes of the public, government, and commercial sectors Attackers will outpace defenders in the short term, until fundamental changes take place Defenses will evolve to be smarter, with optimal and sustainable security as the goal
We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. crisis In the absence of leadership, we are left with crisis
HR Leadership is a Key Resource 21 HR plays a role in organizations ability to Predict, Prevent, Detect, and Respond to cybersecurity threats 1EY’s Global Information Security Survey 2014 55% of organizations do not include security in employee performance evaluations1 53% of organizations say a lack of skilled resources is one of the main problems to information security1 HR expertise around people and personnel practices, can ease many challenges
HR Issues and Challenges 22 HR must consider a number of issues across several domains HR can be a strong advocate for security or an apathetic bystander Lead wisely… Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education
Cybersecurity Considerations for Human Resources 23 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Hiring Practices Properly vetting new employees is the front line prevention against insiders Consider additional scrutiny for sensitive roles Minimize access to the business need, including when workers shift roles Compartmentalize data and access based upon roles Insure coverage and peer oversight
Cybersecurity Considerations for Human Resources 24 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Disgruntled Employees Support open-door and online anonymous reporting as outlets to resolution, relieving pressure Reinforce peer reporting of mounting issues, and detecting use of technology to vent Configure cybersecurity tools and teams to look inward as well as outward for suspicious activity Include cyber controls as part of DE response plans, effective LDO is a must
Cybersecurity Considerations for Human Resources 25 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Employee Security Education Policies define the accepted level of risk and regulatory compliance Annual, at a minimum, training of employees is needed Awareness of risks, smart practices, and a healthy dose of paranoia of electronic communication (web, email, text, etc.) Continuous updates to workers of cyber issues and threats Reinforce a culture to report issues
Cybersecurity Considerations for Human Resources 26 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Regulatory Compliance1 Involve Legal to review gathering and storage practices for hiring data Geographic regulations differ for employee data security Privacy controls must extend to employees, vendors, customers and partners Be prepared for electronic discovery Understand when data breach notices are required Be aware of geo limitations for hiring questions and background checks Transparency in public privacy policy 1I am not a lawyer, nor am I providing legal advice. These are considerations to evaluate and not all inclusive. Seek professional legal advice.
Cybersecurity Considerations for Human Resources 27 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Protecting HR data Security controls must exist across internal and outsource vendors Prioritize confidentiality as primary, with integrity and availability as secondary Beware sharing data with 3rdparty partners. You inherit their security, or lack of it Apply good security practices: data- classification, encryption, backups, audits, retention, access control, etc.
Cybersecurity Considerations for Human Resources 28 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Cybersecurity Resource Hiring The cybersecurity pool is nearly empty, senior leadership especially Retention of quality is tough, expect aggressive headhunting Next generation being trained, but will lack timely knowledge and experience Skills are inconsistent with hires. Be specific for what you want Practicality of experience varies greatly Be patient to find a good candidate, but move fast when you find one!
We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. Leadership is key in organizing resources to achieve and maintain an optimal level of security value
Recommendations for HR 30 Maintain good hiring practices to vet new employees Consider more intense scrutiny for sensitive roles Insure proper security policies are established and continually trained to reinforce good cyber behaviors Include HR involvement in a strong cyber response plan (including LDO) Be aware of confidentiality risks for HR data, privacy, and regulatory compliance Expect challenges when hiring or retaining cybersecurity professionals
Question and Answer Discussion 31
32
Security Industry Data and Sources 33 •3.6B people by 2020. Source:ITU International Telecommunications Union •6.6B mobile cellular subscriptions in 2013. Source: WorldBank.org •Growth of devices chart. Source: BI Intelligence •50B ‘things’ connected by 2020. Source: Cisco •35% will be M2M connections. Source: Cisco •More Data growth estimate graphic Source: IDC •13x increase of mobile data 2012-17 Source: Cisco •3x data increase by 2018 Source: Cisco •30GB per person/mo. (2x 2013) Source: Cisco •18% CAGR of Business traffic Source: Cisco •$14.4 trillion dollars by 2022Internet of Things value. Source: Cisco •Theoretical network connections table. Source: Cisco •4x DC traffic by 2018, 31% CAGR. Source: Cisco •13,300 trillion connections by 2020. Source: Cisco •70% of organizations claim they do not have enough IT security staff. Source: PonemonInstitute report: Understaffed and at Risk •58% of senior staff positions and 36% of staff positions went unfilled in 2013. Source: PonemonInstitute report: Understaffed and at Risk •15% of vulnerabilities exploited Source: University of Maryland •Average Day in an Average Enterprise Stopwatch. Source: Check Point Security Report 2014 •New malware at 4 per second. Source: McAfee •1M+ victims/day (12/second). Source: McAfee •$3T impact to the tech market: Source: World 2014 World Economic Forum’s Risk and Responsibility in a HyperconnectedWorld •20%-30% of IT budgets. Sources: McKinsey report (20-30%), Forrester 21%, SANS 11%-25% •49%, 200M+ total malware samples 240 per minute, 4 per second Source: McAfee Threat Report Q1 2014 •50% Online adults victims of cybercrime or negative situations Source: Symantec •93% Organizations suffering data loss: Source: UK Government BIS survey 2013 •$71B Worldwide IT security spending in 2014, 7.9% increase Source: Gartner •97% Organizations compromised by attacker bypassing all defenses. Source: FireEyeand Mandiantreport Cybersecurity’s Maginot Line •552M Total identities exposed in 2013, 493% increase Source: Symantec •Data Breach bubble graph. Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Recommandé

Human resources security
Human resources securityHuman resources security
Human resources securityCAS
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle managementhaneen Emeir, CISA, ISO27001
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackrohit2495
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 

Recommandé

Human resources security
Human resources securityHuman resources security
Human resources securityCAS
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle managementhaneen Emeir, CISA, ISO27001
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackrohit2495
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Employee Engagement RBS
Employee Engagement RBSEmployee Engagement RBS
Employee Engagement RBSAnkit Malhotra
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxnikshaikh786
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
HP at Cultural Crossroads - Impact of Cultural Change - Organisational Behaviour
HP at Cultural Crossroads - Impact of Cultural Change - Organisational BehaviourHP at Cultural Crossroads - Impact of Cultural Change - Organisational Behaviour
HP at Cultural Crossroads - Impact of Cultural Change - Organisational BehaviourPrakhar Jain
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Hrm in lic
Hrm in licHrm in lic
Hrm in licDharmik
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Strategic Human Resources Management and HR Business Partnering
Strategic Human Resources Management and HR Business Partnering Strategic Human Resources Management and HR Business Partnering
Strategic Human Resources Management and HR Business Partnering Charles Cotter, PhD
 
Automation Of HR Operation Proposal PowerPoint Presentation Slides
Automation Of HR Operation Proposal PowerPoint Presentation SlidesAutomation Of HR Operation Proposal PowerPoint Presentation Slides
Automation Of HR Operation Proposal PowerPoint Presentation SlidesSlideTeam
 
Hot Topics of Human Resources
Hot Topics of Human ResourcesHot Topics of Human Resources
Hot Topics of Human ResourcesMPCA
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Symantec
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeMuhammad Irfan
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 

Contenu connexe

Tendances

Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Employee Engagement RBS
Employee Engagement RBSEmployee Engagement RBS
Employee Engagement RBSAnkit Malhotra
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxnikshaikh786
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
HP at Cultural Crossroads - Impact of Cultural Change - Organisational Behaviour
HP at Cultural Crossroads - Impact of Cultural Change - Organisational BehaviourHP at Cultural Crossroads - Impact of Cultural Change - Organisational Behaviour
HP at Cultural Crossroads - Impact of Cultural Change - Organisational BehaviourPrakhar Jain
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Hrm in lic
Hrm in licHrm in lic
Hrm in licDharmik
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Strategic Human Resources Management and HR Business Partnering
Strategic Human Resources Management and HR Business Partnering Strategic Human Resources Management and HR Business Partnering
Strategic Human Resources Management and HR Business Partnering Charles Cotter, PhD
 
Automation Of HR Operation Proposal PowerPoint Presentation Slides
Automation Of HR Operation Proposal PowerPoint Presentation SlidesAutomation Of HR Operation Proposal PowerPoint Presentation Slides
Automation Of HR Operation Proposal PowerPoint Presentation SlidesSlideTeam
 
Hot Topics of Human Resources
Hot Topics of Human ResourcesHot Topics of Human Resources
Hot Topics of Human ResourcesMPCA
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Symantec
 

Tendances (20)

Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Employee Engagement RBS
Employee Engagement RBSEmployee Engagement RBS
Employee Engagement RBS
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
HP at Cultural Crossroads - Impact of Cultural Change - Organisational Behaviour
HP at Cultural Crossroads - Impact of Cultural Change - Organisational BehaviourHP at Cultural Crossroads - Impact of Cultural Change - Organisational Behaviour
HP at Cultural Crossroads - Impact of Cultural Change - Organisational Behaviour
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Hrm in lic
Hrm in licHrm in lic
Hrm in lic
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Strategic Human Resources Management and HR Business Partnering
Strategic Human Resources Management and HR Business Partnering Strategic Human Resources Management and HR Business Partnering
Strategic Human Resources Management and HR Business Partnering
 
Automation Of HR Operation Proposal PowerPoint Presentation Slides
Automation Of HR Operation Proposal PowerPoint Presentation SlidesAutomation Of HR Operation Proposal PowerPoint Presentation Slides
Automation Of HR Operation Proposal PowerPoint Presentation Slides
 
Hot Topics of Human Resources
Hot Topics of Human ResourcesHot Topics of Human Resources
Hot Topics of Human Resources
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

Similaire à Pivotal Role of HR in Cybersecurity

2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONAI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONChristopherTHyatt
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Matthew Rosenquist
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew RosenquistMatthew Rosenquist
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Deepa Devadas
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
Safeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdfSafeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdfjasonuchiha2
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 

Similaire à Pivotal Role of HR in Cybersecurity (20)

2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
 
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONAI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
Safeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdfSafeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdf
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 

Plus de Matthew Rosenquist

Improving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsImproving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsMatthew Rosenquist
 
Six Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdfSix Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdfMatthew Rosenquist
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsMatthew Rosenquist
 
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...Matthew Rosenquist
 
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistCybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistMatthew Rosenquist
 
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...Matthew Rosenquist
 
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Matthew Rosenquist
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistDiversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistMatthew Rosenquist
 
2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat ReportMatthew Rosenquist
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Matthew Rosenquist
 

Plus de Matthew Rosenquist (20)

Improving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsImproving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security Budgets
 
Six Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdfSix Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdf
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats Predictions
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
 
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
 
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistCybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
 
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
 
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
 
Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistDiversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
 
2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 

Dernier

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Dernier (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Pivotal Role of HR in Cybersecurity

  • 1. Strategic Leadership for Managing Evolving Cybersecurity Risks –HR’s Pivotal Role CHO Event November 13th2014, Phoenix AZ Matthew RosenquistCybersecurity Strategist, Intel Corp
  • 2. Biography 2 Matthew Rosenquist Cybersecurity Strategist Intel Security Group Matthew benefits from 20 years in the field of security, specializing in strategy, threats, operations, crisis management, measuring value, communicating industry changes, and developing cost effective capabilities which deliver the optimal level of security. As a cybersecurity strategist, he works to understand and communicate the future of security and drive industry collaboration to tackle challenges and uncover opportunities to significantly improve global computing security. Mr. Rosenquist built and managed Intel’s first global 24x7 Security Operations Center, overseen internal platform security products and services, was the first Incident Commander for Intel’s worldwide IT emergency response team, and managed security for Intel’s multi-billion dollar worldwide mergers and acquisitions activities. He has conducted investigations, defended corporate assets, established policies, developed strategies to protect Intel’s global manufacturing, and owned the security playbook for the PC strategic planning group. Most recently, Matthew worked to identify the synergies of Intel and McAfee as part of the creation of the Intel Security Group, one of the largest security product organizations in the world. Twitter @Matt_Rosenquist LinkedIn Blogs Intel IT Peer Network
  • 3. Technology connects and enriches the lives of every person on earth Security is critical to protect computing technology from threats which undermine the health of the industry
  • 4. “...If security breaks down, technology breaks down” Brian Krebs Noted Cybersecurity Reporter
  • 5. Human Behaviors Play a Key Role in Cybersecurity 5 Security is comprised of both Technologyand People Human Resources can support or undermine security Intertwined and Inseparable
  • 6. We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. “Cybersecurity may be fought with technology, but it is people who triumph. We must invest in the future generations of professionals who will carry on the fight”
  • 7. 7 Peering into the future of cybersecurity
  • 8. 49% Unpleasant Cybersecurity Trends 8 Annual malware growth rate 200M+ total malware samples Organizations sufferingdata loss Online adults victims of cybercrime or negative situations Worldwide IT security spending in 2014, 7.9% increase Organizations compromised by attacker bypassing all defenses 552M Total identities exposed in 2013, 493% increase $71B 97% 93% 50% 31 million New 3-monthrecord
  • 9. Chain Reactions Drive Cybersecurity Evolution… 9
  • 10. Technology-Landscape Environmental changes Graphic 10 More Users ~4B internet users by 2020 6.6B mobile cellular accts 2013 New users are less savvy, more likely to share sensitive data Easier to manipulate & victimize More Devices 50B ‘things’ connected by 2020 35% will be M2M connections Proliferation of sensor data New architecture vulnerabilities More Usages New services, applications, social ecosystems, and infrastructures New data types, aggregation Risky behaviors, untested tech, and unforeseen consequences
  • 11. Technology-Landscape Environmental changes 11 More Data 13x increase of mobile data 2012-17 3x data increase by 2018 30GB per person/mo. (2x 2013) 18% CAGR of Business traffic Cheaper to store data vs delete Greater Value $14T Internet of Things value, 2022 $90T value of the networked economy by end of next decade Enterprises responsible 85% data Controlling financial, defense & critical infrastructure Evolving IT Infrastructures M2M, Software Defined Infrastructures (SDDC, SDN, Virtualization), cloud 4x DC traffic by 2018, 31% CAGR 13,300 trillion connections by 2020 Internet of Things M2M networks will grow fastest ITU International Telecommunications Union
  • 12. 12 A growing target-rich environment of more users, data, and devices Motivation for attacks rise as information and systems increase in value New technology adoption, infrastructures, and usages creates a larger attack surface EasyUsers/Devices/Data TargetGraphic Effects of Technology-Landscape changes More attractive targets emerge asopportunities for attacks
  • 13. Threat Evolution 13 Security talent pool shrinks 70% orgs are understaffed 58% senior and 36% staff level positions went unfilled in 2013 High leadership turnover Threats Accelerate Professionals emerge, educated, organized, funded, and capable Resources & community thrives Success reinforces investment and attracts new attackers Threat Agents Evolve Rise of government surveillance, cyberwarfare, information control Social, political attacks, outsourcing Motivations shift from personal gains to aspirations of control
  • 14. 14 Attackers capabilities increases with investments, experience, and professional threat agents Successes boosts confidence, raises the lure for more attacks and boldness to expand scope Defenders struggle with a growing attack surface, challenging effectiveness models, lack of talent, and insufficient resources Effects of the Threat Evolution Threats advance, outpacing defenders The Race to Evolve is On!
  • 15. Impacts and Effects 15 Speed of Attacks Increased pace: vulnerability to exploit to compromises New malware at 4 per second 1M+ victims/day (12/second) Collective impact $3T impact to the tech market 20%-30% of IT budgets Privacy, personal finance Emerging Life-Safety risks Stress and Fear Outages, downtime, reporting Data breaches, reputation, IP Job loss, brand, competition, downsize, other major impacts, Security jobs in demand An average Day in an Average Enterprise
  • 16. 16 Users are impacted more and more. Awareness increases and security issues are recognized as a serious problem Organizations feel the pain in losses, negative press, interruption, leadership, & competitiveness Demands for more security staff, better designed products, savvy employees, advanced security systems, and more regulation to protect assets, usability, privacy, and availability Effects of Impacts Expectations around security rise, driving change www.informationisbeautiful.net
  • 17. Defenses Respond Graphic 17 Comprehensive Security as a continuous cycle Defense-In-Depth process Technologyand Behaviors Obstaclesand Opposition Seeking Optimal Risk Risk management planning Perceptions by executives Balancing the triple constraints of Cost, Risk, and Usability Meeting users shifting demands 17 Explicit Regulations Increase in number and specificity, covering more segments and usages Raises the bar, but not a guarantee of security Can be impediments to growth
  • 18. Good Practices will Emerge… 18 Smarter vs More Collaboration across security functions improving effectiveness Better IT choices & enablement Measurably balancing the triple constraints of risk, cost, & usability Expectations Drive Change Society’s expectations shift with pain, impact, and inconvenience Trust will be valued, demanded Better security, privacy, and more control (even if it is not used) Improved controls Innovation intersecting emerging attacks to keep pace with attackers Integration across solutions vs point products Intelligence, analysis, and action
  • 19. How Cybersecurity will Evolve 19 Verge of rapid changes, will get worse before it gets better Threat landscape becomes more professional, organized, and funded Technology ecosystem grows rapidly, creating new attack surfaces Value of security rises in the eyes of the public, government, and commercial sectors Attackers will outpace defenders in the short term, until fundamental changes take place Defenses will evolve to be smarter, with optimal and sustainable security as the goal
  • 20. We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. crisis In the absence of leadership, we are left with crisis
  • 21. HR Leadership is a Key Resource 21 HR plays a role in organizations ability to Predict, Prevent, Detect, and Respond to cybersecurity threats 1EY’s Global Information Security Survey 2014 55% of organizations do not include security in employee performance evaluations1 53% of organizations say a lack of skilled resources is one of the main problems to information security1 HR expertise around people and personnel practices, can ease many challenges
  • 22. HR Issues and Challenges 22 HR must consider a number of issues across several domains HR can be a strong advocate for security or an apathetic bystander Lead wisely… Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education
  • 23. Cybersecurity Considerations for Human Resources 23 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Hiring Practices Properly vetting new employees is the front line prevention against insiders Consider additional scrutiny for sensitive roles Minimize access to the business need, including when workers shift roles Compartmentalize data and access based upon roles Insure coverage and peer oversight
  • 24. Cybersecurity Considerations for Human Resources 24 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Disgruntled Employees Support open-door and online anonymous reporting as outlets to resolution, relieving pressure Reinforce peer reporting of mounting issues, and detecting use of technology to vent Configure cybersecurity tools and teams to look inward as well as outward for suspicious activity Include cyber controls as part of DE response plans, effective LDO is a must
  • 25. Cybersecurity Considerations for Human Resources 25 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Employee Security Education Policies define the accepted level of risk and regulatory compliance Annual, at a minimum, training of employees is needed Awareness of risks, smart practices, and a healthy dose of paranoia of electronic communication (web, email, text, etc.) Continuous updates to workers of cyber issues and threats Reinforce a culture to report issues
  • 26. Cybersecurity Considerations for Human Resources 26 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Regulatory Compliance1 Involve Legal to review gathering and storage practices for hiring data Geographic regulations differ for employee data security Privacy controls must extend to employees, vendors, customers and partners Be prepared for electronic discovery Understand when data breach notices are required Be aware of geo limitations for hiring questions and background checks Transparency in public privacy policy 1I am not a lawyer, nor am I providing legal advice. These are considerations to evaluate and not all inclusive. Seek professional legal advice.
  • 27. Cybersecurity Considerations for Human Resources 27 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Protecting HR data Security controls must exist across internal and outsource vendors Prioritize confidentiality as primary, with integrity and availability as secondary Beware sharing data with 3rdparty partners. You inherit their security, or lack of it Apply good security practices: data- classification, encryption, backups, audits, retention, access control, etc.
  • 28. Cybersecurity Considerations for Human Resources 28 Human Resources Hiring Practices Disgruntled Employees CybersecHiring Protecting HR data Regulatory Compliance Employee Security Education Cybersecurity Resource Hiring The cybersecurity pool is nearly empty, senior leadership especially Retention of quality is tough, expect aggressive headhunting Next generation being trained, but will lack timely knowledge and experience Skills are inconsistent with hires. Be specific for what you want Practicality of experience varies greatly Be patient to find a good candidate, but move fast when you find one!
  • 29. We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. Leadership is key in organizing resources to achieve and maintain an optimal level of security value
  • 30. Recommendations for HR 30 Maintain good hiring practices to vet new employees Consider more intense scrutiny for sensitive roles Insure proper security policies are established and continually trained to reinforce good cyber behaviors Include HR involvement in a strong cyber response plan (including LDO) Be aware of confidentiality risks for HR data, privacy, and regulatory compliance Expect challenges when hiring or retaining cybersecurity professionals
  • 31. Question and Answer Discussion 31
  • 32. 32
  • 33. Security Industry Data and Sources 33 •3.6B people by 2020. Source:ITU International Telecommunications Union •6.6B mobile cellular subscriptions in 2013. Source: WorldBank.org •Growth of devices chart. Source: BI Intelligence •50B ‘things’ connected by 2020. Source: Cisco •35% will be M2M connections. Source: Cisco •More Data growth estimate graphic Source: IDC •13x increase of mobile data 2012-17 Source: Cisco •3x data increase by 2018 Source: Cisco •30GB per person/mo. (2x 2013) Source: Cisco •18% CAGR of Business traffic Source: Cisco •$14.4 trillion dollars by 2022Internet of Things value. Source: Cisco •Theoretical network connections table. Source: Cisco •4x DC traffic by 2018, 31% CAGR. Source: Cisco •13,300 trillion connections by 2020. Source: Cisco •70% of organizations claim they do not have enough IT security staff. Source: PonemonInstitute report: Understaffed and at Risk •58% of senior staff positions and 36% of staff positions went unfilled in 2013. Source: PonemonInstitute report: Understaffed and at Risk •15% of vulnerabilities exploited Source: University of Maryland •Average Day in an Average Enterprise Stopwatch. Source: Check Point Security Report 2014 •New malware at 4 per second. Source: McAfee •1M+ victims/day (12/second). Source: McAfee •$3T impact to the tech market: Source: World 2014 World Economic Forum’s Risk and Responsibility in a HyperconnectedWorld •20%-30% of IT budgets. Sources: McKinsey report (20-30%), Forrester 21%, SANS 11%-25% •49%, 200M+ total malware samples 240 per minute, 4 per second Source: McAfee Threat Report Q1 2014 •50% Online adults victims of cybercrime or negative situations Source: Symantec •93% Organizations suffering data loss: Source: UK Government BIS survey 2013 •$71B Worldwide IT security spending in 2014, 7.9% increase Source: Gartner •97% Organizations compromised by attacker bypassing all defenses. Source: FireEyeand Mandiantreport Cybersecurity’s Maginot Line •552M Total identities exposed in 2013, 493% increase Source: Symantec •Data Breach bubble graph. Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/