Contenu connexe Similaire à Cyber Security: Challenges and Solutions for the Corporate (20) Cyber Security: Challenges and Solutions for the Corporate1. CYBER SECURITY:
Cyber Security & FSI: Lock-Down on the Final Frontier?
May 23rd 2013 @ Hong Kong
Albert Hui GREM, GCFA, GCFE, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA
Principal Consultant
CHALLENGES AND SOLUTIONS FOR THE CORPORATE
5. REGULATORY AND AUDIT
COMPLIANCE
Problem
• Too many standards
• Duplicated efforts (overlapping
requirements)
Solution
• Unified compliance framework
• Centralized risk register
Copyright © 2013 Security Ronin
6. RISKS OF NEW TECHNOLOGIES
Problem
• Unknown unknown risks
• Increased exposures
Solution
• Forward-looking security research
• Compensatory controls
Copyright © 2013 Security Ronin
7. DISPARATE RISK FUNCTIONS
Problem
• Lack of unified risk oversight
• Duplicated activities
Solution
• Cross-functional committees
• Centralized risk register
TechRisk
ITSecurity
Legaland
Compliance
Internal
Audit
Internal
Control
Fraud
Investigation
Copyright © 2013 Security Ronin
8. RISK APPETITE MISALIGNMENT
Problem
• Ever changing risk environment
• Inadequate supporting
justifications
Solution
• Security intelligence
• Security metrics
Copyright © 2013 Security Ronin
9. INSUFFICIENT RESOURCES
AND COMPETING PRIORITIES
Problem
• Lack of funding
• Lack of talents and technologies
• Competing priorities
Solution
• Holistic risk assessment
• Security metrics
• Judicious outsourcing
Copyright © 2013 Security Ronin
10. QUICK WIN
1. CSIRT
2. Cross-functional committees for risk functions
3. Security metrics
Copyright © 2013 Security Ronin