ISACA Zuid 2015 01 21
-
Upload
jurgen-van-der-vlugt -
Category
Documents
-
view
40 -
download
0
Transcript of ISACA Zuid 2015 01 21
![Page 1: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/1.jpg)
Predicting the future is easy … getting it right is the hard part. Version 2015.0
Jurgen van der VlugtISACA Zuid, Eindhoven 21 januari 2015
![Page 2: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/2.jpg)
Introductie
• Ir.drs. J. van der Vlugt RE CISA CRISC CCX RCX• Jurgen• Maverisk Consultancy, IS Audit & Advisory services
• ICC Audit/Advies
• Blogblogblog – maverisk.wordpress.com• ERM/ORM, (IS) Audit, (Info)Security
Gaarne discussie ..!
![Page 3: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/3.jpg)
![Page 4: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/4.jpg)
(Agenda)
1. Terugblik
2. Governance
3. Business
4. IoT(A)
5. AI
6. ITSec
7. InfoSec
8. Conspectus
![Page 5: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/5.jpg)
Terugblik
![Page 6: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/6.jpg)
Mijn• Trust Loopt door
• Identity Hoewel… Bitcoin et al! • Things IoT …
• Social WhatsApp / Telegram / Ello / Viv / …
• Mobile Mehhh
• Analytics → ‘smart’ / mensenwerk
• Cloud Mehhh
• Demise of ERP Beetje uit-de-cloud, verder niks
• InfoSec• APTs Sony. En vele andere!• Certificaatkwestbaarheden ()• Crypto-breuken NSA m.n.• Quantum Computing • New methodologies OSSTMM
• Deflation of TLD Gelukkig wel (BoE, Forbes, et al)
![Page 7: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/7.jpg)
Cycle
![Page 8: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/8.jpg)
End of Hipster
![Page 9: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/9.jpg)
Governance
![Page 11: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/11.jpg)
“GRC”
![Page 12: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/12.jpg)
• SOx ↓
• “PDCA” ↓• Quod non!• Alles tegelijk
• Audit industry ↓
• Risk Analysis ↓• Quod non• Brugklas:
![Page 13: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/13.jpg)
Brugklas
![Page 14: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/14.jpg)
‘GRC’ in 2015 (I)
• “...we hebben hier geen regels; we proberen wat te bereiken!”
• ‘Disruption’Kaizen .. verbeterstapjes .. upgrade .. innovatie .. Disruptie
![Page 15: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/15.jpg)
• Kippenhok / When the going gets tough, the Info(Sec) masters get going:
• ISO27001:2013, ISO15504(SPICE)
• OSSTMM (hopelijk)
• Risicoanalyse: • Doorbraak van Normaal Doen (hopelijk)• Be Prepared + Acceptatie
‘GRC’ in 2015 (II)
![Page 16: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/16.jpg)
Business
![Page 17: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/17.jpg)
Business
• Big IT
• IoT
• B2C ‘Innovatie’
• (Hobbeltje InfoSec → ITSec)
![Page 18: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/18.jpg)
Business (Big IT 2015)
• Big Data segmentation
• Docker, Firebase
• e.v.a.• SMACI(o)T• (Google Docs, Klaut)
![Page 19: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/19.jpg)
• Convergence van APIs
• Stealth
Business (IoT 2015)
![Page 20: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/20.jpg)
Nog wat B(2B, 2C)
• Bitcoin / Blockchain (onder water)163 cryptocurrencies
• Webrooming → Showrooming• Alibaba, Tencent, Baidu > Amazon+Ebay• Mobile payments, NFC• 3rd Platform / Fabric
• Drones• Sharing Economy• Virtual Reality ..?
![Page 21: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/21.jpg)
Blockchain trust
![Page 22: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/22.jpg)
IT in business 2015 – finance
![Page 23: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/23.jpg)
Business (B2C ‘Innovatie’ 2015)
![Page 24: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/24.jpg)
IoT(A)
![Page 25: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/25.jpg)
IoT(A) 2015
4 richtingen• B-inhouse:
3D printing, robots, remote fabrieken
• C-inhouse: Domotica (Nest e.v.a., setjes; alles-in-1), Connected Cars
• B2B: ‘SaaS’, DACs?, groep/clubvorming. Industrial Internet!
• B2C/C2B: Smart Cities, lifelogging, wearables, tracking ..!
![Page 26: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/26.jpg)
IoT(A)
Security-boom →
Risico’s (Stuxnet ↔ privacy) →
Auditprogramma’s (Yours Truly)
![Page 27: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/27.jpg)
Yours Truly (?)
![Page 28: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/28.jpg)
To watch
![Page 29: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/29.jpg)
AI
![Page 30: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/30.jpg)
AI
• Ethiek• Trolley problem• Vertrouwen/Singularity
• Veel AI-‘plugins’• [visual|speech]-naar-[tekst|interpretatie]-naar-[informatie|handeling]• Losse ideetjes t/m API-achtige tools
• Onder water: Nog veel meer
![Page 31: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/31.jpg)
Reeds
“The RMV itself was unsympathetic, claiming that it was the accused individual’s ‘burden’ to clear his or her name in the event of any mistakes, and arguing that the pros of protecting the public far outweighed the inconvenience to the wrongly targeted few.”
![Page 32: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/32.jpg)
Sluipend
![Page 33: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/33.jpg)
And so it begins…
![Page 34: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/34.jpg)
ITSec
![Page 35: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/35.jpg)
ITSec
• Poodle, Beast, Heartbleed → Open Source ?• Encryptie-by-default; Diaspora*, TORbrowser, PGP • OSSTMM / ISO27k1:2013• IoT Security / Audit → IAM ? / Analyse ?• APTs
![Page 36: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/36.jpg)
Droom (wiegeliedje?)
![Page 37: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/37.jpg)
And so it begins…
![Page 38: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/38.jpg)
Van Vroeger Was Alles Beter naar Mordor
TargetDader Individu Gang Organisatie Land
Individu Meh. Ehhh ‘Hacker’ ‘Hacker’
Gang Meh. Ah! ‘Hacker’
‘Hacker’ / Defacing / Ideology
driven
OrganisatieMeh. /
Defacing de klokkenluider?
InfiltratieAPTs /
SpionageAPTs /
Spionage
LandMeh. /
SnowdonPolitiewerk
APTs / Intel-werk
APTs / Spionage
![Page 39: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/39.jpg)
ITSec: into the hardcore mosh pit
![Page 40: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/40.jpg)
Alle details doen ertoe
![Page 41: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/41.jpg)
Armageddon..! ..?
![Page 42: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/42.jpg)
L33t Skillz
![Page 43: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/43.jpg)
InfoSec
![Page 44: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/44.jpg)
InfoSec
• Info → Risico’s → All-in oplossingencomplexen + restrisico’s!
• Kwetsbaarheden overal• 3rd parties• Open Source• Shadow IT, BYOD/CYOD• Complexiteit, veranderlijkheid
• (Mosh pit wordt de New Normal)
![Page 45: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/45.jpg)
Doe iets!
![Page 46: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/46.jpg)
Buiten de deur (?)
• Altijd-waakzaam publiek• Van socmed naar messaging• Snapchat, Telegram voorbij• Ello, Viv, YikYak, Tsu, Whisper, Kik, WeChat,
Line, Viber, surespot, Whicker, Treema, KakaoTalk, Nimbuzz, Tango, MessageMe, Slack, HipChat, Peerio, Wizters, Secret, The Insider, Awkward, Cloaq, Chrends, Dropon …
• Privacy … (by design) (Q1, Q2)• Blockchain trust
![Page 47: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/47.jpg)
Nation-state attacks Extortion Data destruction Bank card breaches continue 3rd party breaches Critical infra
![Page 48: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/48.jpg)
Conspectus
Terugblik
Governance: Mehhh
Business: As usual; fin-disruption
IoT(A): Domotica, Ccars, ++
AI: Tooltjes, ++
ITSec: Hardcore strijd
InfoSec: Alles tegelijk / privacy
Conspectus: (Recursie)
![Page 49: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/49.jpg)
Wammoedikkermeej?• Be a lert. The world needs more lerts.
1. Voor uzelf
2. Voor uw werkgever(s)
• Door met reeds ingezette verbeteringen
• Maar: • Oude plannen bijbuigen• Nieuwe plannen: ‘Open’ voor toekomst
• Spread The Word
![Page 50: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/50.jpg)
![Page 51: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/51.jpg)
Recommended Reading
![Page 52: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/52.jpg)
![Page 53: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/53.jpg)
Thank you
![Page 54: ISACA Zuid 2015 01 21](https://reader038.fdocuments.us/reader038/viewer/2022110312/55b8dbedbb61eba3138b4717/html5/thumbnails/54.jpg)
• [email protected]• @jvdvlugt• Maverisk.wordpress.com• http://nl.linkedin.com/in/jurgenvandervlugt/• (G+, etc.etc.)
HTTP status 418Contact details