Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age -...
Transcript of Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age -...
![Page 1: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/1.jpg)
Name
Title:
Glen GoodingDirector, Institute for Advanced SecurityAsia Pacific
Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite
![Page 2: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/2.jpg)
The Planet is getting more…Smart
Supply ChainsSmart
CountriesSmart
RetailSmart Water
ManagementSmart
WeatherSmart
Energy Grids
Smart Oil Field
TechnologiesSmart
RegionsSmart
HealthcareSmart Traffic
SystemsSmart
CitiesSmart
Food Systems
INSTRUMENTED INTERCONNECTED INTELLIGENT
![Page 3: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/3.jpg)
EVERYTHING IS EVERYWHEREContinued movement of business to new platforms including cloud, virtualization, mobile, social business and more.
EVERYTHING IS EVERYWHEREContinued movement of business to new platforms including cloud, virtualization, mobile, social business and more.
![Page 4: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/4.jpg)
CONSUMERIZATION OF ITWith the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared.
CONSUMERIZATION OF ITWith the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared.
![Page 5: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/5.jpg)
DATA EXPLOSIONThe age of Big Data –
the explosion of digital information –
has arrived and is facilitated by the pervasiveness of applications accessed from everywhere.
DATA EXPLOSIONThe age of Big Data –
the explosion of digital information –
has arrived and is facilitated by the pervasiveness of applications accessed from everywhere.
![Page 6: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/6.jpg)
ATTACK SOPHISTICATIONThe speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired.
ATTACK SOPHISTICATIONThe speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired.
![Page 7: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/7.jpg)
An explosion of breaches has opened 2011 marking this year as “The Year of the Security Breach.”
A secure Web presence has become the Achilles heel of Corporate IT Security
IBM’s Rational Application Security Group research tested 678 sites (Fortune 500) – 40% contained client-side vulnerabilities
Mass endpoint exploitation happening not only through browser vulnerabilities, but also malicious movies and documents
IBM Managed Security Services show favorite attacker methods are SQL injection, and the brute forcing of passwords, databases, and Windows shares
EVOLVING THREATS 2011 X-Force Mid-Year Trend And Risk Report
![Page 8: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/8.jpg)
Cyber attacks
Organized crime
Corporate espionage
State-sponsored attacks
External threats
Sharp rise in external attacks from non-traditional sources
Administrative mistakes
Careless inside behavior
Internal breaches
Disgruntled employee actions
Internal threats
Ongoing risk of careless and malicious insider behavior
National regulations
Industry standards
Local mandates
Compliance
Growing need to address an increasing number of mandates
Impacting innovation
Security challenges are impacting innovation
Cloud Computing Mobile Computing Social Business Business Analytics
![Page 9: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/9.jpg)
The impact of a breach is now not contained to IT, but reverberates across the corporation
CxO
priority
Security risks
Potential impact
CEO
Maintain competitive differentiation
Misappropriation of intellectual property
Misappropriation of business sensitive data
Loss of market share and reputation
Legal exposure
CFO/COO
Comply with regulations
Failure to address regulatory requirements
Audit failure
Fines and criminal charges
Financial loss
CIO
Expand use of mobile devices
Data proliferation
Unsecured endpoints and inappropriate access
Loss of data confidentiality, integrity and/or availability
CHRO
Enable global labor flexibility
Release of sensitive data
Careless insider behavior
Violation of employee privacy
CMO
Enhance the brand
Stolen personal information from customers or employees
Loss of customer trust
Loss of brand reputation
Increasingly, companies are appointing CROs
and CISOs
with a direct line to the Audit Committee
![Page 10: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/10.jpg)
The Result: Security is becoming a board room discussion
Business Results
AuditRisk
Impact of hacktivism
Legal ExposureSupply Chain
Sony estimates potential $1B long term impact – $171M / 100 customers
Epsilon breach impacts 100 national brands
TJX estimates $150M class action settlement in release of credit / debit card info
Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony …
Zurich Insurance PLc fined £2.275M ($3.8M) for the loss and exposure of 46K customer records
BrandImage
Bank data breach discloses 24K private banking customers
Can this happen to us?
![Page 11: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/11.jpg)
It’s time to start thinking differently about security.
![Page 12: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/12.jpg)
People
Data
Applications
Infrastructure
Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers
Systems applications Web applications Web 2.0 Mobile apps
Structured Unstructured At rest In motion
77% of firms feel cyber-attacks harder to detect and 34% low confidence to prevent
75% felt effectiveness would increase with end-to-end solutions
The attack surface for a typical business is growing at an exponential rate
![Page 13: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/13.jpg)
SecurityIntelligence
Proactive
Aut
omat
ed
BasicBasic
Optimized
Optimized
Man
ual
Reactive
Organizations use predictive and automated security analytics to drive toward security intelligence
Security is layered into the IT fabric and business operations
Organizations employ perimeter protection, which
regulates access and feeds manual
reportingProficient
Proficient
In this “new normal”, IBM is helping organizations usher in an era of Security Intelligence
![Page 14: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/14.jpg)
People Data Applications Infrastructure
Optimized
Governance, risk and complianceAdvanced correlation and deep analytics
Role based analytics
Identity governance
Privileged user controls
Data flow analytics
Data governance
Secure app engineering processes
Fraud detection
Advanced network monitoring
Forensics / data mining
Secure systems
ProficientUser provisioning
Strong authentication
Access monitoring
Data loss prevention
Application firewall
Source code scanning
Asset mgmt
Endpoint / network security
management
Basic Centralized directory
Encryption
Access controlApplication scanning
Perimeter security
Anti-virus
SecurityIntelligence
Optimize security across domains
![Page 15: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/15.jpg)
GETTING TO SECURITY INTELLIGENCE: A Three Point Plan
GET INFORMED
Take a structured approach to assessing business and IT risks
GET ALIGNED
Implement and enforce security excellence across the extended enterprise
GET SMART
Deploy intelligent controls and analytics within and across key domains
![Page 16: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/16.jpg)
Take a structured approach to assessing business and IT risks
ADDRESSING RISK MANAGEMENT
Align and integrate IT risk into the business’
Enterprise Risk Management framework
Identify key threats and compliance mandates
Implement and enforce a risk management process and common controls framework
Execute incident management processes when crises occurs
Get Informed
![Page 17: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/17.jpg)
Implement and enforce security excellence across the extended enterprise
17
EXTENDED ENTERPRISE
PARTNERSCUSTOMERS REGULATORSEMPLOYEES AUDITORS
Get Aligned
![Page 18: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/18.jpg)
Deploy intelligent controls and analytics within and across key domains
Complex, low-latency Cybersecurity analytics with InfoSphere Streams
21B events per day correlated in Managed Security Services leveraging Cognos
Identity Governance to help demonstrate
compliance
Next generation network security
designed to integrate web, content, and
network activity
Hybrid scanning capabilities from
Rational AppScan
SPSS Predictive Analytics reducing the cost of a client’s audit
investigations by
60%
Get Smart
![Page 19: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/19.jpg)
IBM’s unique security expertise and approach…
21 billion events monitored per day
4,000+ managed services customers
10 security development labs
9 security operations centers
6,000+ technical experts
20+ leadership recognitions
2010 Security Company of the Year
SECURITY APPROACH
GET ALIGNED
GET INFORMED
GET SMART
UNIQUE EXPERTISE
![Page 20: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/20.jpg)
… is combined with IBM’s depth of capabilities, and with Q1 Labs, IBM will have the most complete portfolio in IT security
Security Consulting
Managed
Services
X-Force
and IBM Research
IBM Security PortfolioIBM Security Portfolio
People Data Applications Infrastructure
IT Infrastructure –
Operational Security Domains
IT Security and Compliance Analytics & Reporting
QRadar
SIEMQRadar
Log ManagerQRadar
Risk ManagerIBM Privacy, Audit and
Compliance Assessment Services
Identity & Access Management Suite
Federated Identity Manager
Enterprise Single Sign-On
Identity Assessment, Deployment and Hosting Services
Guardium Database Security
Optim Data Masking
Key Lifecycle Manager
Data Security Assessment Service
Encryption and DLP Deployment
AppScan Source Edition
AppScan Standard Edition
Security Policy Manager
Application Assessment Service
AppScan OnDemand Software as a Service
Network Intrusion Prevention
DataPower Security Gateway
QRadar
Anomaly Detection / QFlow
Managed Firewall, Unified Threat and Intrusion Prevention Services
Endpoint Manager (BigFix)
zSecure, Server and Virtualization Security
Penetration Testing Services
Native Server Security (RACF, IBM Systems)
Network Endpoint
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
![Page 21: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/21.jpg)
Let me leave you with 10 thoughts… If X-Force were running the IT Department
![Page 22: Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation.](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed6dc6b4d6d45293b6be8fd/html5/thumbnails/22.jpg)