| Date post: | 21-Jun-2015 |
| Category: |
Technology |
| Upload: | albert-hui |
| View: | 253 times |
| Download: | 2 times |
CYBER SECURITY:
Cyber Security & FSI: Lock-Down on the Final Frontier?May 23rd 2013 @ Hong Kong
Albert Hui GREM, GCFA, GCFE, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISAPrincipal Consultant
CHALLENGES AND SOLUTIONS FOR THE CORPORATE
EXTERNAL CHALLENGES
Increased Sophistication of Adversaries
Regulatory and Audit
Compliance
Risks of New Technologies
SOXEU DPA
GLBA
PD(P)O
MAS
HKMA
PCI DSS
Copyright © 2013 Security Ronin
INTERNAL CHALLENGES
Disparate Risk
Functions
Risk Appetite Misalignment
Insufficient Resources and
Competing Priorities
Copyright © 2013 Security Ronin
INCREASED SOPHISTICATION OF ADVERSARIES
Problem• Financially-driven attacks
• Hacker supply chain
Solution• Full-scoped CSIRT
CMU SEI CSIRT Handbook
Copyright © 2013 Security Ronin
REGULATORY AND AUDIT COMPLIANCE
Problem• Too many standards
• Duplicated efforts (overlapping requirements)
Solution• Unified compliance framework
• Centralized risk register
Copyright © 2013 Security Ronin
RISKS OF NEW TECHNOLOGIES
Problem• Unknown unknown risks
• Increased exposures
Solution• Forward-looking security research
• Compensatory controls
Copyright © 2013 Security Ronin
DISPARATE RISK FUNCTIONS
Problem• Lack of unified risk oversight
• Duplicated activities
Solution• Cross-functional committees
• Centralized risk register
Te ch
Ri skIT
Se cu rit yLe ga l an d Co m pli
an ceInt
er na l Au dit
Int
er na l Co nt rol
Fr au d In ve sti ga tio n
Copyright © 2013 Security Ronin
RISK APPETITE MISALIGNMENT
Problem• Ever changing risk environment
• Inadequate supporting justifications
Solution• Security intelligence
• Security metrics
Copyright © 2013 Security Ronin
INSUFFICIENT RESOURCESAND COMPETING PRIORITIES
Problem• Lack of funding
• Lack of talents and technologies
• Competing priorities
Solution• Holistic risk assessment
• Security metrics
• Judicious outsourcing
Copyright © 2013 Security Ronin
QUICK WIN
1. CSIRT
2. Cross-functional committees for risk functions
3. Security metrics
Copyright © 2013 Security Ronin
