10
Managing Threats in Changing Managing Threats in Changing World World John DeGroot Lead Architect – Security, RBC Federation of Security Professionals – October 26, 2012

Managing Threats in Changing World

Embed Size (px)

DESCRIPTION

Managing Threats in Changing World. John DeGroot Lead Architect – Security, RBC Federation of Security Professionals – October 26, 2012. Trends Canada’s auditor general report on cyber-security Failure to pass US 2012 Cybersecurity Act Cyber attack on Canadian government in 2011 - PowerPoint PPT Presentation

Citation preview

Page 1: Managing Threats in Changing World

Managing Threats in Changing Managing Threats in Changing WorldWorld

John DeGrootLead Architect – Security, RBC

Federation of Security Professionals – October 26, 2012

Page 2: Managing Threats in Changing World

Trends

• Canada’s auditor general report on cyber-security• Failure to pass US 2012 Cybersecurity Act• Cyber attack on Canadian government in 2011• DDOS attacks on US banks• Many others

Page 3: Managing Threats in Changing World

Evolution of Threats Evolution of Threats

Organized Crime,

Nation States

Fraudsters

“Script Kiddies”, Individuals

Increasing sophistication

and impact

Number of attackers

Page 4: Managing Threats in Changing World

What is changing?

• APT – Advanced Persistent Threats Targeted Highly motivated Well-financed Coordinated across attack points Will try multiple times using multiple methods

• Cloud computing and mobility increase complexity and attack surface

Evolutionary, not revolutionary change

Page 5: Managing Threats in Changing World

What is the same?

• Same bad guys• Same motivation

Using new tools, operating in IT world, leveraging the cloud

Page 6: Managing Threats in Changing World

Where are the gaps?

• Defenses are strongly attack-oriented Signature-based defenses geared to single general attacks

• Controls are strongly people-oriented Awareness programs, discretionary security, application development

• Defenses often deployed in silos • Security “bolted on”• Defense in Depth

Layers rather than breadth

Page 7: Managing Threats in Changing World

7

Integrated Defense

Page 8: Managing Threats in Changing World

Toward Integrated Defense

• Acknowledge reality The bad guys are already in Denial of service attacks will cause outages You will be attacked

• Understand your business• Integrate with operational risk management• Proactive approach to threat management

Threat modeling and predictive analysis What does a coordinated attack look like?

Prepare for attack and test your response Behavior analysis – good and bad

Page 9: Managing Threats in Changing World

Toward Integrated Defense

• Security by design Embed security into processes, applications, data, and infrastructureMove from discretionary to policy-driven securitySimplify and automate

• Virtual security operations centreProvide complete visibility into operational environment Provide useful and relevant informationProvide effective intelligence – inside and out Share information and services

• Invest in people with threat management skills

Page 10: Managing Threats in Changing World

10

Thank You


Managing Identity Threats

Managing Identity Threats

Documents
Hidden Threats: Legionella and Managing Risk through PM

Hidden Threats: Legionella and Managing Risk through PM

Technology
Managing Threats and Errors - SmartCockpit · 2012. 6. 27. · Managing Threats and Errors during Approach and Landing Managing Threats and Errors during Approach and Landing How

Managing Threats and Errors - SmartCockpit · 2012. 6. 27. · Managing Threats and Errors during Approach and Landing Managing Threats and Errors during Approach and Landing How

Documents
Presentation: Managing Cyver Threats Through Effective

Presentation: Managing Cyver Threats Through Effective

Documents
Timing Security: Mitigating Threats in a Changing ... · Timing Security: Mitigating Threats in a Changing Landscape Webinar May 22, 2018 Panelists: Barry Dropping, Senior Director,

Timing Security: Mitigating Threats in a Changing ... · Timing Security: Mitigating Threats in a Changing Landscape Webinar May 22, 2018 Panelists: Barry Dropping, Senior Director,

Documents
Managing Security Threats

Managing Security Threats

Documents
Managing Cyber Threats Risk Management & Insurance Solutions Pre - Risk Management and... · Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R

Managing Cyber Threats Risk Management & Insurance Solutions Pre - Risk Management and... · Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R

Documents
Managing Threats to Domestic Security

Managing Threats to Domestic Security

Documents
Managing Financial Risks – Threats And Challenges

Managing Financial Risks – Threats And Challenges

Economy & Finance
New and Emerging Health Threats in a Rapidly Changing

New and Emerging Health Threats in a Rapidly Changing

Documents
Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation

Name Managing threats in the Digital Age - Addressing ... · Managing threats in the Digital Age - Addressing security, risk and compliance in the C-Suite. ... Impacting innovation

Documents
Managing threats in the digital age - IBM

Managing threats in the digital age - IBM

Documents
to Combat Threats in Rapidly Changing Organizations...to Combat Threats in Rapidly Changing Organizations 320 DAYS Cybercriminals evade traditional security solutions, break into organizations

to Combat Threats in Rapidly Changing Organizations...to Combat Threats in Rapidly Changing Organizations 320 DAYS Cybercriminals evade traditional security solutions, break into organizations

Documents
Managing Wastewater in a Changing Climate

Managing Wastewater in a Changing Climate

Documents
Managing Changing Data

Managing Changing Data

Documents
Introduction to managing internal cyber threats

Introduction to managing internal cyber threats

Documents
Cybersecurity: Managing Risk Around New Data Threats

Cybersecurity: Managing Risk Around New Data Threats

Business
C hanging times, changing threats · 2015-08-03 · C hanging times, changing threats ... representative of the changing context of livestock-keeping in East Africa in general, it

C hanging times, changing threats · 2015-08-03 · C hanging times, changing threats ... representative of the changing context of livestock-keeping in East Africa in general, it

Documents
TAJIKISTAN: THE CHANGING INSURGENT THREATS Tajikistan - The Changing Insurgent Threats...TAJIKISTAN: THE CHANGING INSURGENT THREATS I. INTRODUCTION Efforts to understand most insurgencies

TAJIKISTAN: THE CHANGING INSURGENT THREATS Tajikistan - The Changing Insurgent Threats...TAJIKISTAN: THE CHANGING INSURGENT THREATS I. INTRODUCTION Efforts to understand most insurgencies

Documents
Managing Change or Changing Management

Managing Change or Changing Management

Documents
SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS Presentation 1... · SARBANES-OXLEY COMPLIANCE – MANAGING CHANGING EXPECTATIONS January 20, 2017 Pat Mitchell Managing Director

SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS Presentation 1... · SARBANES-OXLEY COMPLIANCE – MANAGING CHANGING EXPECTATIONS January 20, 2017 Pat Mitchell Managing Director

Documents
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations

Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations

Technology
MANAGING INNER FORCES AND OUTER THREATS OF THE … · 3 table of content managing inner forces and outer threats of the company during crisis ..... 9

MANAGING INNER FORCES AND OUTER THREATS OF THE … · 3 table of content managing inner forces and outer threats of the company during crisis ..... 9

Documents
e dangers within: managing internal cyber threats

e dangers within: managing internal cyber threats

Documents
Managing threats in the digital agepublic.dhe.ibm.com/software/cn/Keynote_Managing_threats...©2011 IBM Corporation managing threats in the digital age The world is becoming more digitized

Managing threats in the digital agepublic.dhe.ibm.com/software/cn/Keynote_Managing_threats...©2011 IBM Corporation managing threats in the digital age The world is becoming more digitized

Documents
Managing Liabilities from Cyber Threats Using the SAFETY Act

Managing Liabilities from Cyber Threats Using the SAFETY Act

Documents
Managing Risk - Leicester · Risk management is all about managing the council’s threats and opportunities. By managing the council’s threats effectively we will be in a stronger

Managing Risk - Leicester · Risk management is all about managing the council’s threats and opportunities. By managing the council’s threats effectively we will be in a stronger

Documents
Managing Sustainability in a Changing Climate

Managing Sustainability in a Changing Climate

Documents
Managing Threats and Errors during Approach and Landing

Managing Threats and Errors during Approach and Landing

Documents
MANAGING HUMAN CAPITAL IN CHANGING TIMES

MANAGING HUMAN CAPITAL IN CHANGING TIMES

Documents