Agenda

1. What are the Digital Security Challenges?

2. Who is being impacted?

3. Why (Digital Security Risks)?

4. How to mitigate Digital Security Risks?

What is Digital Business?

Common Digital Platforms

Digital Platforms Are the Focal Point for Integrating Ecosystems of People, Business and Things

What is Digital Security?

Digital Security

Cyber Security

Information Security

IT Security

Physical Security

IoT Security

OT Security

Smart Grid Security

Network PerimeterDisappearing

Digital Security is the evolution of Cyber Security or The scope of Cyber Security is evolving into Digital Security

2016 Major Cyber Attacks

Source: http://www.darkreading.com/cloud/biggest-attacks-of-2016-(so-far) Source: http://thehackernews.com/2016/09/ddos-attack-iot.html

Source: http://www.welivesecurity.com/2016/12/30/biggest-security-incidents-2016/ Source: http://www.computerweekly.com/news/

Source: http://www.hackmageddon.com/ Source: https://www.hackread.com/russian-malware-found-in-vermont-utilitys-laptops/

All I see is chaos – Where do I start?

Malware Protection

Workload Protection

Threat Sharing Intrusion Prevention

Systems

Incident and Threat

Management

Data Access Control

Network Visibility

Log flow and Data Analysis

Sandboxing Virtual Patching

Digital Forensics

Transaction Protection

Vulnerability Management

Anomaly Detection

Application Scanning

Anti-Malware

Endpoint Protection

Access Management

Access Management

Cloud Access Security Broker

Firewalls

Identity Management

Data Monitoring

Fraud Protection

Device Management

IP reputation

Indicators of Compromise

Malware Protection

Security Disciplines impacted by Digital Security

Infrastructure Security

Network Security

IAM Security

Application Security

Data and Information

Security

SOC Security

Cloud Security

Endpoint Security

Mobile Security

Threat Intelligence

Threat and Vulnerability Management

Public Key Infrastructure

Cyber Security

Digital Security

Digital Security

Dig

ita

l S

ec

uri

ty

Dig

ital S

ec

urity

Agenda

1. What are the Digital Security Challenges?

2. Who is being impacted?

3. Why (Digital Security Risks)?

4. How to mitigate Digital Security Risks?

Who is going to be impacted?•10 HYPER-DISRUPTIVE BUSINESS MODELS

1. The Subscription Model (Netflix, Dollar Shave Club, Apple Music) Disrupts through “lock-in” by taking a product or service that is traditionally purchased on an ad hoc basis, and locking-in repeat custom by charging a subscription fee for continued access to the product/service

2. The Freemium Model (Spotify, LinkedIn, Dropbox) Disrupts through digital sampling, where users pay for a basic service or product with their data or ‘eyeballs’, rather than money, and then charging to upgrade to the full offer. Works where marginal cost for extra units and distribution are lower than advertising revenue or the sale of personal data

3. The Free Model (Google, Facebook) Disrupts with an ‘if-you’re-not-paying-for-the-product-you-are-the-product’ model that involves selling personal data or ‘advertising eyeballs’ harvested by offering consumers a ‘free’ product or service that captures their data/attention

4. The Marketplace Model (eBay, iTunes, App Store, Uber, AirBnB) Disrupts with the provision of a digital marketplace that brings together buyers and sellers directly, in return for a transaction or placement fee or commission

5. The Access-over-Ownership Model (Zipcar, Peerbuy, AirBnB) Disrupts by providing temporary access to goods and services traditionally only available through purchase. Includes ‘Sharing Economy’ disruptors, which takes a commission from people monetising their assets (home, car, capital) by lending them to ‘borrowers’

Who is being impacted?

•10 HYPER-DISRUPTIVE BUSINESS MODELS

6. The Hypermarket Model (Amazon, Apple) Disrupts by ‘brand bombing’ using sheer market power and scale to crush competition, often by selling below cost price

7. The Experience Model (Tesla, Apple) Disrupts by providing a superior experience, for which people are prepared to pay

8. The Pyramid Model (Amazon, Microsoft, Dropbox) Disrupts by recruiting an army of resellers and affiliates who are often paid on a commission-only model

9. The On-Demand Model (Uber, Operator, Taskrabbit) Disrupts by monetising time and selling instant-access at a premium. Includes taking a commission from people with money but no time who pay for goods and services delivered or fulfilled by people with time but no money

10. The Ecosystem Model (Apple, Google) Disrupts by selling an interlocking and interdependent suite of products and services that increase in value as more are purchased. Creates consumer dependency.

Source: http://digitalintelligencetoday.com/the-10-business-models-of-digital-disruption-and-how-to-respond-to-them/

Agenda

1. What are the Digital Security Challenges?

2. Who is being impacted?

3. Why (Digital Security Risks)?

4. How to mitigate Digital Security Risks?

Why - Digital Security Risks?Internet of Things

Source: http://inobeta.net/tag/digital-divide/

Why - Digital Security Risks?Smart Grid

Source: http://www.smartgrids.eu/News_2014_and_before

Why - Digital Security Risks?Smart City

Source: http://in.nec.com/en_IN/blog/smart-cities-shaping-indias-future.html

Why - Digital Security Risks?Smart World

Why - Digital Security Risks?

Digital Security

Confidentiality

Integrity

Cyb

er R

esilie

nce

Critical Success Factors

Confidentiality

Digital Resilience

AvailabilityIntegrity

Digital ResilienceDigital Resilience is to maintain the entity´s ability to deliver

the intended outcome continuously at all times. This means even when regular delivery mechanisms have failed, such as during a crisis and after a security breach. The concept also includes the ability to restore regular delivery mechanisms after such events as well as the ability to continuously change or modify these delivery mechanisms if needed in the face of new risks. .

AvailabilityInformation systems and the content they

contain should be available for appropriate use. The failure of an important system, or even a data center, should not cause long-term outage. Redundancy in storage, processing, and network paths can be used in conjunction with business continuity and disaster recovery (DR) procedures to maintain appropriate availability levels.

ConfidentialityPrevent intentional or unintentional

unauthorized or inappropriate disclosure of information.

IntegritySecurity technologies and processes should

prevent unauthorized or inappropriate modification of information and processes, and ensure that information or IT systems—such as structured databases, operating system software, or websites that have many critical and inter-related objects—maintain internal consistency and correctness. Where possible, information should be kept externally consistent with the real-world situations it represents.

Agenda

1. What are the Digital Security Challenges?

2. Who is being impacted?

3. Why (Digital Security Risks)?

4. How to mitigate Digital Security Risks?

Enterprise Security Architecture

Enterprise Security Architecture

Contextual Layer (Business)

Conceptual Layer (Requirements)

Logical Layer (Services)

Physical Layer (Technique)

Component Layer (Business)

Risk Management and SABSA Matrix

Assets (What)

Motivational (Why)

Process (How) People (Who) Location (Where)

Time (When)

Conceptual Business Decisions

Business Risk Business Processes

Business Governance

Business Geography

Business Time Dependence

Contextual Business Knowledge & Risk

Strategy

Risk Management Objectives

Strategies for Process

Assurance

Roles and Responsibilitie

s

Domain Framework

Time ManagementFramework

Logical Information Assets

Risk Management Process Maps Entity and Trust

Domain Maps Calendar & Schedule

Physical Data Assets Management Practices

ManagementProcess

Performance Management

Domain Maps TimeManagement

Component ICT Components Risk Management Tools & Standards

Process Tools and Standards

Performance Management

Tools and Standards

Domain Maps Tools and Standards

Step Timing & Sequencing

Tools

Operational Service Delivery Management

Operational Risk Management

Delivery Management

Performance Management

Domain Environment

Management Schedule

Assets at Risk

Factors affecting Risk

Control / Enablement Objectives and Targets

Risk Management

Process

Risks

Risk Treatment and Control / Enablement Solution

SABSA Risk & Opportunity Model

Architectural Risk Approach

Enterprise Security Architecture - Approaches

Data Sovereignty

Data Protection

Provider Trust

Management

Business Continuity

Management

Risk Management

Cloud Security

Enterprise Security Architecture - Approaches

–Bring Your Own Identity (BYOID)

Security Risk? or Business Advantage?

What is the Business Value?

Is it part of the Corporate Strategy? Loss of Control vs Cost

Enterprise Security Architecture - Approaches

Source: Gartner 2016

Enterprise Security Architecture - Approaches

Digital Security

Cloud Services

Bimodal Services

Digital Disruptors

IoT

Green ITBYOD CYOD

BYOIDBig Data