SlideShare une entreprise Scribd logo

CIA Trifecta ISACA Boise 2016 Watson

Patricia M Watson
Patricia M Watson
1  sur  11
Télécharger pour lire hors ligne
ISACA Boise Chapter CPE Luncheon CIA Trifecta: Mind the Gap – IT | *OT Convergence Presentation Synopsis: As eloquently stated by Peter Drucker…Culture eats strategy for breakfast! In this ever interconnected world, Cybersecurity has become an integral function for just about every business activity. While the CIA triad serves as a model that is diligently applied in the Cybersecurity landscape, operational functions mandate real-time expediency. Cross-functional collaboration and adaptation of the proverbial interconnected reality warrants a shift in the way we approach Cybersecurity solutions. *In the context of this presentation, OT encompasses the business and/or administrative side of the house (all departments outside of IT/Cybersecurity) 1
As per the usual…Disclaimer • Material discussed in this presentation are the views of the author • This presentation is intended for discussion purposes, not to be relied upon as advice 2
Discussion Summary – Cybersecurity: The Good Old Days Back in the good old days…Cybersecurity was a niche within the IT field with the main objective to ensure Confidentiality, Integrity and Availability of data & systems Static, proactive, preventive solutions that were housed in the company’s data center (physical appliances) A Few Examples Discussed: SOC – Blue Team, Red Team Network segmentation DMZs MS Active Directory Group Policy Perimeter (network controls: IPS/IDS, firewalls, NAC, Web traffic, SIEM), Endpoint (AV, USB mgt, Data Loss Prevention (DLP)) Two factor authentication Application and perimeter firewalls To encrypt or not to encrypt Cybersecurity Framework Function Areas 3
Discussion Summary – Surge of The Digital Age We’ve made the transition from the Industrial age to the ever dynamic information age of interconnected devices traversing cyberspace Even if your company/firm is not directly engaging/leveraging the latest and greatest technology solutions, your customers, suppliers, vendors and competitor are…be ware! A Few Examples Discussed: Business Intelligence OS Agnostic Devices BYOD IoT Quote: Every generation needs a new revolution – Thomas Jefferson 4
Discussion Summary – Cybersecurity Fast Forward Finally…Cybersecurity gets a seat at the table! The new trend is moving towards having an independent Cybersecurity department (outside of IT) that is challenged by a dynamic, persistent, proactively leveraging predictive analytics (Iot, artificial intelligence, machine learning) to identify, protect, detect, respond & recover (all in real time). In this ever interconnected world, Cybersecurity has become an integral function for just about every business activity. Cross-functional collaboration and adaptation of the proverbial interconnected reality warrants a shift in the way we approach Cybersecurity solutions. A Few Examples Discussed: SOC – White hat | Black Hat | Kinetic & Cyber layers Traditional vs artificial intelligence, machine learning, dynamic, real-time, proactive Operating System Agnostic Devices, Cloud hybrid environment, BYOD *In the context of this presentation, OT encompasses the business and/or administrative side of the house (all departments outside of IT/Cybersecurity) 5
Discussion Summary – IT | OT – Mind The Gap! *In the context of this presentation, OT encompasses the business and/or administrative side of the house (all departments outside of IT/Cybersecurity) While it’s great that in many environments, Cybersecurity finally has a seat at the table. Now we have the responsibility to keep that seat and continue to have a voice. More than ever, it’s important to take a holistic view of the potential impact Cybersecurity services have on the business so we can be part of the solution and not be viewed as getting in the way of productivity The CIA triad, which serves as a model that is diligently applied in the Cybersecurity landscape, is often the debate between IT and OT personnel given that operational functions mandate real-time expediency. We are often task with the challenge of supporting the business need to sustain innovation while ensuring the confidentiality and integrity of our systems/data. Cybersecurity is no longer just about the technical skills, we need to know our company’s risk appetite so we can align our strategy with the overall company’s roadmap and be able to anticipate potential risks due to changes to the environment. We need to understand competing priorities so we can proactively determine how to manage limitation of resources 6
Discussion Summary – Culture Change vs. Transformation Quote: Culture eats strategy for breakfast...Peter Drucker. We need to leverage the Cybersecurity foundation and build new layers that harness People, Process & Technology to introduce new methods of protection needed to address the digital age! A Few Examples Discussed: People: Need buy-in from top down | Need to ensure your Training & Awareness program aligns with your corporate culture. Process: Compliance is NOT Cybersecurity but rather it should be a complimentary function that can be leveraged to further enhance your layers of protection. Cybersecurity Policies, Standards & Guidelines should align with the company’s governance (not create unintended conflicts or contradictions). The Cybersecurity strategy should align with the company’s vision, outlook and roadmap. Technology: Leverage technology to continue building seamless layers of protection. Cybersecurity controls should be automated as much as possible in a way that they don’t interfere with the business operations Cybersecurity should never be part of the problem but rather enabling solutions! 7
Discussion Summary – IT Takes a Village! More than ever, collaboration, communication and knowledge transfer play a critical role in Cybersecurity. Not only do we have the challenge of keeping our seat at the table (play nice with others), but we have to keep up with the ever changing digital world. Securing devices becomes more difficult as we move from the physical world to virtual resources (such as the cloud). Not to mention that the bad guys tend to have an edge when it comes to levering cyberspace to conceal their traces and develop advanced attacks. A Few Examples Discussed: We live in an interconnected world | There is NO one-way connection in cyberspace | Collaboration – Power in numbers | Communication (see something, say something) | Knowledge Transfer – Because sharing is caring! Make sure you sustain buy-in from the top (not just your C-suite but your board of directors as well) | Leverage professional organizations such as ISACA, InfraGard, ISSA, HTCIA to stay up to date with the ever changing threat landscape | Get to know your local law enforcement (LLE). If you have critical infrastructure in your environment, it is very helpful if at least one person in your team has a clearance so you can get classified briefings Make sure you include your remote sites for all Training & Awareness | Foster an environment of trust and collaboration with your vendors, contractors & suppliers. 8
Trust but verify…make sure you work closely with your Legal team to ensure contracts have the appropriate wording when it comes to Cybersecurity responsibilities, expectations and liabilities (in the event of a breach) | Keep in constant communication with your regulators so you understand how new regulations impact Cybersecurity solutions 8
Discussion Summary – Cybersecurity Continuum! Cybersecurity is not a one-time, one solution fits all – It’s a continuous process! Review your Governance on regular intervals to ensure it is still relevant and in alignment with your company’s strategic direction (which in some sectors can be very dynamic) Perform both internal and external Risk Assessments Leverage results of assessments to identify gaps, request needed resources and adjust your Cybersecurity strategy Continue promoting cybersecurity awareness, We all play a key role when it comes to securing our assets Document lessons learned and insure that you don’t make the same mistakes twice 9
10

Recommandé

Cloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance DirectorCloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance Director
Livingstone Advisory
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Livingstone Advisory
 
Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?
Livingstone Advisory
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
IT Network marcus evans
 
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Livingstone Advisory
 
The ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologiesThe ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologies
Livingstone Advisory
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Livingstone Advisory
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Livingstone Advisory
 

Recommandé

Cloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance DirectorCloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance Director
Livingstone Advisory
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Livingstone Advisory
 
Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?
Livingstone Advisory
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
IT Network marcus evans
 
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Livingstone Advisory
 
The ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologiesThe ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologies
Livingstone Advisory
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Livingstone Advisory
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Livingstone Advisory
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 
Cloud computing implications for project management methodologies
Cloud computing implications for project management methodologiesCloud computing implications for project management methodologies
Cloud computing implications for project management methodologies
Livingstone Advisory
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
Livingstone Advisory
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
Livingstone Advisory
 
Career resilience is the name of the game
Career resilience is the name of the gameCareer resilience is the name of the game
Career resilience is the name of the game
Livingstone Advisory
 
Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?
Livingstone Advisory
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
Livingstone Advisory
 
REDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to ContainersREDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to Containers
artseremis
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Troy Marshall
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
EMC
 
Tech trends
Tech trendsTech trends
Tech trends
Ed Smith
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Tripwire
 
Next-Gen Security for SDDC Infographic
Next-Gen Security for SDDC InfographicNext-Gen Security for SDDC Infographic
Next-Gen Security for SDDC Infographic
VMware Academy
 
Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...
Thoughtworks
 
It staff augmentation before and after covid 19
It staff augmentation before and after covid 19It staff augmentation before and after covid 19
It staff augmentation before and after covid 19
Katy Slemon
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
centralohioissa
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
UBM_Design_Central
 
How to Better Manage Your IT Infrastructure
How to Better Manage Your IT InfrastructureHow to Better Manage Your IT Infrastructure
How to Better Manage Your IT Infrastructure
Edarat Group
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
NJVC Brochure
NJVC BrochureNJVC Brochure
NJVC Brochure
Spencer Nelson
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Great
accenture
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 

Contenu connexe

Tendances

Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 
Cloud computing implications for project management methodologies
Cloud computing implications for project management methodologiesCloud computing implications for project management methodologies
Cloud computing implications for project management methodologies
Livingstone Advisory
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
Livingstone Advisory
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
Livingstone Advisory
 
Tech trends
Tech trendsTech trends
Tech trends
Ed Smith
 

Tendances (20)

Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
Cloud computing implications for project management methodologies
Cloud computing implications for project management methodologiesCloud computing implications for project management methodologies
Cloud computing implications for project management methodologies
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
 
Career resilience is the name of the game
Career resilience is the name of the gameCareer resilience is the name of the game
Career resilience is the name of the game
 
Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
 
REDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to ContainersREDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to Containers
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 
Tech trends
Tech trendsTech trends
Tech trends
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
 
Next-Gen Security for SDDC Infographic
Next-Gen Security for SDDC InfographicNext-Gen Security for SDDC Infographic
Next-Gen Security for SDDC Infographic
 
Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...
 
It staff augmentation before and after covid 19
It staff augmentation before and after covid 19It staff augmentation before and after covid 19
It staff augmentation before and after covid 19
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
How to Better Manage Your IT Infrastructure
How to Better Manage Your IT InfrastructureHow to Better Manage Your IT Infrastructure
How to Better Manage Your IT Infrastructure
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
NJVC Brochure
NJVC BrochureNJVC Brochure
NJVC Brochure
 

Similaire à CIA Trifecta ISACA Boise 2016 Watson

ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologist
Donald Tabone
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013
Jennie Hwang
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
EnergySec
 

Similaire à CIA Trifecta ISACA Boise 2016 Watson (20)

End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Great
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-book
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologist
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeaways
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economy
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid it
 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
 

Plus de Patricia M Watson

CyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_WatsonCyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_Watson
Patricia M Watson
 
ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013
Patricia M Watson
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004
Patricia M Watson
 
IT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | WatsonIT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | Watson
Patricia M Watson
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Cyber Security | Patricia Watson
Cyber Security | Patricia WatsonCyber Security | Patricia Watson
Cyber Security | Patricia Watson
Patricia M Watson
 
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia WatsonLeveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Patricia M Watson
 

Plus de Patricia M Watson (9)

CyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_WatsonCyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_Watson
 
Securing your cyberspace_Watson
Securing your cyberspace_WatsonSecuring your cyberspace_Watson
Securing your cyberspace_Watson
 
ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004
 
IT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | WatsonIT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | Watson
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Cyber Security | Patricia Watson
Cyber Security | Patricia WatsonCyber Security | Patricia Watson
Cyber Security | Patricia Watson
 
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia WatsonLeveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
 

CIA Trifecta ISACA Boise 2016 Watson

  • 1. ISACA Boise Chapter CPE Luncheon CIA Trifecta: Mind the Gap – IT | *OT Convergence Presentation Synopsis: As eloquently stated by Peter Drucker…Culture eats strategy for breakfast! In this ever interconnected world, Cybersecurity has become an integral function for just about every business activity. While the CIA triad serves as a model that is diligently applied in the Cybersecurity landscape, operational functions mandate real-time expediency. Cross-functional collaboration and adaptation of the proverbial interconnected reality warrants a shift in the way we approach Cybersecurity solutions. *In the context of this presentation, OT encompasses the business and/or administrative side of the house (all departments outside of IT/Cybersecurity) 1
  • 2. As per the usual…Disclaimer • Material discussed in this presentation are the views of the author • This presentation is intended for discussion purposes, not to be relied upon as advice 2
  • 3. Discussion Summary – Cybersecurity: The Good Old Days Back in the good old days…Cybersecurity was a niche within the IT field with the main objective to ensure Confidentiality, Integrity and Availability of data & systems Static, proactive, preventive solutions that were housed in the company’s data center (physical appliances) A Few Examples Discussed: SOC – Blue Team, Red Team Network segmentation DMZs MS Active Directory Group Policy Perimeter (network controls: IPS/IDS, firewalls, NAC, Web traffic, SIEM), Endpoint (AV, USB mgt, Data Loss Prevention (DLP)) Two factor authentication Application and perimeter firewalls To encrypt or not to encrypt Cybersecurity Framework Function Areas 3
  • 4. Discussion Summary – Surge of The Digital Age We’ve made the transition from the Industrial age to the ever dynamic information age of interconnected devices traversing cyberspace Even if your company/firm is not directly engaging/leveraging the latest and greatest technology solutions, your customers, suppliers, vendors and competitor are…be ware! A Few Examples Discussed: Business Intelligence OS Agnostic Devices BYOD IoT Quote: Every generation needs a new revolution – Thomas Jefferson 4
  • 5. Discussion Summary – Cybersecurity Fast Forward Finally…Cybersecurity gets a seat at the table! The new trend is moving towards having an independent Cybersecurity department (outside of IT) that is challenged by a dynamic, persistent, proactively leveraging predictive analytics (Iot, artificial intelligence, machine learning) to identify, protect, detect, respond & recover (all in real time). In this ever interconnected world, Cybersecurity has become an integral function for just about every business activity. Cross-functional collaboration and adaptation of the proverbial interconnected reality warrants a shift in the way we approach Cybersecurity solutions. A Few Examples Discussed: SOC – White hat | Black Hat | Kinetic & Cyber layers Traditional vs artificial intelligence, machine learning, dynamic, real-time, proactive Operating System Agnostic Devices, Cloud hybrid environment, BYOD *In the context of this presentation, OT encompasses the business and/or administrative side of the house (all departments outside of IT/Cybersecurity) 5
  • 6. Discussion Summary – IT | OT – Mind The Gap! *In the context of this presentation, OT encompasses the business and/or administrative side of the house (all departments outside of IT/Cybersecurity) While it’s great that in many environments, Cybersecurity finally has a seat at the table. Now we have the responsibility to keep that seat and continue to have a voice. More than ever, it’s important to take a holistic view of the potential impact Cybersecurity services have on the business so we can be part of the solution and not be viewed as getting in the way of productivity The CIA triad, which serves as a model that is diligently applied in the Cybersecurity landscape, is often the debate between IT and OT personnel given that operational functions mandate real-time expediency. We are often task with the challenge of supporting the business need to sustain innovation while ensuring the confidentiality and integrity of our systems/data. Cybersecurity is no longer just about the technical skills, we need to know our company’s risk appetite so we can align our strategy with the overall company’s roadmap and be able to anticipate potential risks due to changes to the environment. We need to understand competing priorities so we can proactively determine how to manage limitation of resources 6
  • 7. Discussion Summary – Culture Change vs. Transformation Quote: Culture eats strategy for breakfast...Peter Drucker. We need to leverage the Cybersecurity foundation and build new layers that harness People, Process & Technology to introduce new methods of protection needed to address the digital age! A Few Examples Discussed: People: Need buy-in from top down | Need to ensure your Training & Awareness program aligns with your corporate culture. Process: Compliance is NOT Cybersecurity but rather it should be a complimentary function that can be leveraged to further enhance your layers of protection. Cybersecurity Policies, Standards & Guidelines should align with the company’s governance (not create unintended conflicts or contradictions). The Cybersecurity strategy should align with the company’s vision, outlook and roadmap. Technology: Leverage technology to continue building seamless layers of protection. Cybersecurity controls should be automated as much as possible in a way that they don’t interfere with the business operations Cybersecurity should never be part of the problem but rather enabling solutions! 7
  • 8. Discussion Summary – IT Takes a Village! More than ever, collaboration, communication and knowledge transfer play a critical role in Cybersecurity. Not only do we have the challenge of keeping our seat at the table (play nice with others), but we have to keep up with the ever changing digital world. Securing devices becomes more difficult as we move from the physical world to virtual resources (such as the cloud). Not to mention that the bad guys tend to have an edge when it comes to levering cyberspace to conceal their traces and develop advanced attacks. A Few Examples Discussed: We live in an interconnected world | There is NO one-way connection in cyberspace | Collaboration – Power in numbers | Communication (see something, say something) | Knowledge Transfer – Because sharing is caring! Make sure you sustain buy-in from the top (not just your C-suite but your board of directors as well) | Leverage professional organizations such as ISACA, InfraGard, ISSA, HTCIA to stay up to date with the ever changing threat landscape | Get to know your local law enforcement (LLE). If you have critical infrastructure in your environment, it is very helpful if at least one person in your team has a clearance so you can get classified briefings Make sure you include your remote sites for all Training & Awareness | Foster an environment of trust and collaboration with your vendors, contractors & suppliers. 8
  • 9. Trust but verify…make sure you work closely with your Legal team to ensure contracts have the appropriate wording when it comes to Cybersecurity responsibilities, expectations and liabilities (in the event of a breach) | Keep in constant communication with your regulators so you understand how new regulations impact Cybersecurity solutions 8
  • 10. Discussion Summary – Cybersecurity Continuum! Cybersecurity is not a one-time, one solution fits all – It’s a continuous process! Review your Governance on regular intervals to ensure it is still relevant and in alignment with your company’s strategic direction (which in some sectors can be very dynamic) Perform both internal and external Risk Assessments Leverage results of assessments to identify gaps, request needed resources and adjust your Cybersecurity strategy Continue promoting cybersecurity awareness, We all play a key role when it comes to securing our assets Document lessons learned and insure that you don’t make the same mistakes twice 9
  • 11. 10