Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Philip Victor, Head of Market Development (APAC), (ISC)2

•

2 j'aime•1,408 vues

BCM Institute

World Continuity Congress conference on 7th October 2015 at Pullman Putrajaya Lakeside by BCM Institute

Présentations et discours publics

Cyber Resilience – Strengthening
Cybersecurity Posture & Preparedness
Philip Victor
Head of Market Development (APAC), (ISC)2
pvictor@isc2.org

The Threat Landscape in SE Asia
• Enterprises in Asia spent about $230 billion in
2014 to deal with issues caused by malware
deliberately loaded onto pirated software,
according to IDC and the National
University of Singapore.
– Of $230 billion: $59 billion to deal with security
issues
– $170 billion for data breaches

C-suite Attitude towards Security
A survey released in Nov 2014 by Vanson Bourne, sponsored by BT Global, reveals
that the wrong attitude about security, starting at the top and trickling downwards, is
putting organizations at serious risks.
Uptake of BYOD (Bring Your Own Device) and COPE (Corporately Owned
Personally-Enabled) devices at workplace

Strengthening Cyber Resilience
• Understand the security
architecture
• Access the environment
• Risk assessment
• Understand the business
• Monitor the environment
• Qualified, certified security
personnel

Understand Security Architecture
• Use of appropriate
technologies to
provide/protect
architecture
• Protect your
network
• Content inspection

Assess the Environment
• Risk Assessment
• Continuous Vulnerability
Assessment

Risk Assessment
Understand internal
(on premise) vs. use
of cloud solutions.

People
• User Education/Awareness
• Qualified, Certified Security Personnel
• Ethics

DoD 8570 Approved Baseline
Certifications

DoD 8140
DoD 8140 model which is based on the U.S. National Institute of Standard and Technology
(NIST) National Initiative for Cybersecurity Education (NICE) standard

USA’s National Initiative for Cybersecurity
Education (NICE)
Cybersecurity Workforce Framework

Federal Information Security Management Act
CAP Domains:
• Risk Management Framework (RMF)
• Categorization of Information Systems
• Selection of Security Controls
• Security Control Implementation
• Security Control Assessment
• Information System Authorization
• Monitoring of Security Controls

Executive Order 13636
Cybersecurity Framework

NICF Framework in Singapore
• The National Infocomm Competency Framework
(NICF) developed by Infocomm Development
Authority of Singapore (iDA) and Singapore
Workforce Development Agency (WDA)
• The NICF Overview Map is a snapshot of the
Infocomm sector
• Serves as a reference for career progression and
corresponding training pathways leading to NICF
qualifications.
• Similar to DoD 8140 model

National Infocomm Competency
Framework Map
You can go to the interactive map to learn more
http://www.nicf.sg/NicfOverview/InteractiveMap.aspx

Infocomm Security
• Involves in
protecting
hardware,
software,
network and
services of an
organization
against
unauthorized
access,
modification,
destruction, or
disclosure

Global Academic Program
Education
Research
Outreach

Information security
professionals must be
highly adaptable in
learning and applying
new skills, technologies,
and procedures.
Critical Times Demand Critical Skills

Thank You
Philip Victor
Head of Market Development (APAC), (ISC)2
pvictor@isc2.org

Contenu connexe

Tendances

In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.

Threat Hunting - Moving from the ad hoc to the formal

Priyanka Aash

Cyber Threat Intelligence Integration Center -- ONDI

David Sweigert

Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets. Amongst others, the webinar covers: • Top Cyber Trends for 2023 • Cyber Insurance • Prioritization of Cyber Risk Presenters: Colleen Lennox Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job! Madhu Maganti Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes. Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting. Date: January 25, 2023 Tags: ISO, ISO/IEC 27032, Cybersecurity Management ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 https://pecb.com/article/cybersecurity-risk-assessment https://pecb.com/article/a-deeper-understanding-of-cybersecurity Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/BAAl_PI9uRc

Cybersecurity trends - What to expect in 2023

PECB

MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation. Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.

Leveraging MITRE ATT&CK - Speaking the Common Language

Erik Van Buggenhout

Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.

Cyber Security Governance

Priyanka Aash

In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security. Key Takeaways: 1. Gain perspective regarding common security threats facing industrial networks. 2. Learn about the relevant standards governing industrial cyber security. 3. Increase understanding of some best practices for securing industrial networks.

CyberSecurity Best Practices for the IIoT

Creekside Marketing Group, LLC

Meaningfull security metrics

Vladimir Jirasek

Overview of the Cyber Kill Chain [TM]

David Sweigert

SOC and SIEM.pptx

SandeshUprety4

Bulding Soc In Changing Threat Landscapefinal

Mahmoud Yassin

Building Security Operation Center

S.E. CTS CERT-GOV-MD

Cybersecurity Priorities and Roadmap: Recommendations to DHS

John Gilligan

Vulnerability Management

asherad

Presentation for March 2017 webcast by NIST. www.nist.gov/cyberframework Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.

NIST Cybersecurity Framework 101

Erick Kish, U.S. Commercial Service

Dealing with Information Security, Risk Management & Cyber Resilience

Donald Tabone

Cybersecurity - Overview

Thanuja Seneviratne

SOC presentation- Building a Security Operations Center

Michael Nickle

DTS Solution - Building a SOC (Security Operations Center)

Shah Sheikh

Dell Technologies Cyber Security playbook

Margarete McGrath

You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model. Learning Objectives: 1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm? 2: What are the pros and cons of in-house, fully managed and hybrid security? 3: What considerations go into deciding whether to employ a hybrid strategy? (Source: RSA Conference USA 2018)

From SIEM to SOC: Crossing the Cybersecurity Chasm

Priyanka Aash

Tendances (20)

Threat Hunting - Moving from the ad hoc to the formal

Cyber Threat Intelligence Integration Center -- ONDI

Cybersecurity trends - What to expect in 2023

Leveraging MITRE ATT&CK - Speaking the Common Language

Cyber Security Governance

CyberSecurity Best Practices for the IIoT

Meaningfull security metrics

Overview of the Cyber Kill Chain [TM]

SOC and SIEM.pptx

Bulding Soc In Changing Threat Landscapefinal

Building Security Operation Center

Cybersecurity Priorities and Roadmap: Recommendations to DHS

Vulnerability Management

NIST Cybersecurity Framework 101

Dealing with Information Security, Risk Management & Cyber Resilience

Cybersecurity - Overview

SOC presentation- Building a Security Operations Center

DTS Solution - Building a SOC (Security Operations Center)

Dell Technologies Cyber Security playbook

From SIEM to SOC: Crossing the Cybersecurity Chasm

En vedette

Deploying A Crisis Management and Business Continuity Approach to Product Tam...

BCM Institute

Journey to cyber resilience

Andrew Bycroft

Is Cyber Resilience Really That Difficult?

John Gilligan

Final presentation january iia cybersecurity securing your 2016 audit plan

Cameron Forbes Over

Science of Security: Cyber Ecosystem Attack Analysis Methodology

Shawn Riley

Building Cyber Resilience in the Digital Economy

Agus Wicaksono

Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.

Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...

Government Technology and Services Coalition

Risk Based Security and Self Protection Powerpoint

randalje86

Cybersecurity and The Board

Paul Melson

Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015

Phil Agcaoili

Cyber security awareness

Jason Murray

General Awareness On Cyber Security

Dominic Rajesh

Social Media Cyber Security Awareness Briefing

Department of Defense

The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.

7 cyber security questions for boards

Paul McGillicuddy

The Board and Cyber Security

FireEye, Inc.

En vedette (15)

Deploying A Crisis Management and Business Continuity Approach to Product Tam...

Journey to cyber resilience

Is Cyber Resilience Really That Difficult?

Final presentation january iia cybersecurity securing your 2016 audit plan

Science of Security: Cyber Ecosystem Attack Analysis Methodology

Building Cyber Resilience in the Digital Economy

Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...

Risk Based Security and Self Protection Powerpoint

Cybersecurity and The Board

Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015

Cyber security awareness

General Awareness On Cyber Security

Social Media Cyber Security Awareness Briefing

7 cyber security questions for boards

The Board and Cyber Security

Similaire à Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Philip Victor, Head of Market Development (APAC), (ISC)2

With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself. The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.

Infrastructure Security by Sivamurthy Hiremath

ClubHack

A successful cyber attack on a plant’s Industrial Control Systems (ICS) can be catastrophic. It can impact the plant’s operations, finances, damage reputation and even threaten lives. A resilient cyber security programme is essential in order to mitigate against potential cyber attacks. To help ensure that your plant is fully prepared to defend against potential cyber attacks, we provide a range of ICS Cyber Security services, each customised for your plant’s unique requirements, based on the latest international cyber security standards and best practice. Pöyry is active in designing, assessing and supervising the implementation of ICS cyber security programmes to both operating and greenfield facilities.

Pöyry ICS Cyber Security brochure (English)

Pöyry

Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation. Adopting ISO 27032 will help to: • Understanding the nature of Cyberspace and Cybersecurity • Explore Cybersecurity Ecosystem – Roles & Responsibilities • Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls Presenter: Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education. Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM

Improve Cybersecurity posture by using ISO/IEC 27032

PECB

Datasheet

Carlos urrea

Csc520 you are a senior level employee and you must tailor your deliverables ...

leonardjonh145

Software security, secure software development in the age of IoT, smart thing...

LabSharegroup

Indian perspective of cyber security

Aurobindo Nayak

Welcome to the cybersecurity & continuous intelligence knowledge slidedeck of NISI (Nederlands Instituut voor de Software Industrie). Cybersecurity & Continuous Intelligence is a broad topic, covering rules & regulation, internet, cyberwar, software, machine learning and society & trust. This slidedeck offers you a more in-depth view of this exciting area. Please contact us directly for more information via email info@nisi.nl or the contact on form on nisi.nl. Nederlands Instituut voor de Software Industrie

Cybersecurity and continuous intelligence

NISIInstituut

risk assessment 27.docx

write5

Information Security Audit Consultant

dcs HH

Application Security - Dont leave your AppSec for the last moment Meetup 2104...

lior mazor

Certified Information Systems Security Professional

Helen Njuguna

Ibm app security assessment_ds

Arun Gopinath

Move Inn Estates Case Study

Michael W. Chitwa

IDBI Intech - Information security consulting

IDBI Intech

Lessons Learned from the NIST CSF

Digital Bond

EC-Council Certified Network Defender

ITpreneurs

IBM Relay 2015: Securing the Future

IBM

Federal Cybersecurity: The latest challenges, initiatives and best practices

John Gilligan

Most of the money thrown at securing information systems misses the weak spots. Huge amounts are spent securing infrastructure while web applications are left exposed. It is a crisis that is largely ignored. Software development teams, under pressure to deliver features and meet deadlines, often respond to concerns about the security of their web applications by commissioning a last-minute security assessment and then desperately attempt to address only the most glaring findings. They may even simply throw up a web application firewall to mitigate the threats. Such bolted-on solutions are not long-term answers to web application security. Instead, we advocate a built-in approach. We will show that by weaving security into the software development life cycle, and using mature resources for security coding standards, toolkits and frameworks such as those from OWASP, development teams can consistently produce secure systems without dramatically increasing the development effort or cost. This slide deck was most recently presented at a SPIN meeting in Cape Town In September 2012 by Paul and Theo from ThinkSmart (www.thinksmart.co.za). For more information, contact Paul at ThinkSmart (dot see oh dot zed ay).

Application Security Done Right

pvanwoud

Similaire à Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Philip Victor, Head of Market Development (APAC), (ISC)2 (20)

Infrastructure Security by Sivamurthy Hiremath

Pöyry ICS Cyber Security brochure (English)

Improve Cybersecurity posture by using ISO/IEC 27032

Datasheet

Csc520 you are a senior level employee and you must tailor your deliverables ...

Software security, secure software development in the age of IoT, smart thing...

Indian perspective of cyber security

Cybersecurity and continuous intelligence

risk assessment 27.docx

Information Security Audit Consultant

Application Security - Dont leave your AppSec for the last moment Meetup 2104...

Certified Information Systems Security Professional

Ibm app security assessment_ds

Move Inn Estates Case Study

IDBI Intech - Information security consulting

Lessons Learned from the NIST CSF

EC-Council Certified Network Defender

IBM Relay 2015: Securing the Future

Federal Cybersecurity: The latest challenges, initiatives and best practices

Application Security Done Right

Plus de BCM Institute

Business Continuity and Resilience: What Lies in the Future and What Steps Ca...

BCM Institute

Enterprise Risk Management and Business Continuity: How Can They Work Togethe...

BCM Institute

Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...

BCM Institute

Operational and Business Continuity Management Strategy for Multi-type Nation...

BCM Institute

Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...

BCM Institute

Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...

BCM Institute

The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...

BCM Institute

Experience Sharing - Risk Management, Crisis Management & BCM In An Education...

BCM Institute

Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...

BCM Institute

Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...

BCM Institute

DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...

BCM Institute

Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...

BCM Institute

BCM Institute Course Schedule 2016

BCM Institute

Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...

BCM Institute

Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...

BCM Institute

Certified Crisis Management Professional Programme Brochure

BCM Institute

BCM Institute Malaysia Course Schedule 2015

BCM Institute

Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...

BCM Institute

Bhakorn Vanuptikul

BCM Institute

Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...

BCM Institute

Plus de BCM Institute (20)