Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Agenda
1. What are the Digital Security Challenges?
2. Who is being impacted?
3. Why (Digital Security Risks)?
4. How to mitigate Digital Security Risks?
What is Digital Business?
Common Digital Platforms
Digital Platforms Are the Focal Point for Integrating Ecosystems of People, Business and Things
What is Digital Security?
Digital Security
Cyber Security
Information Security
IT Security
Physical Security
IoT Security
OT Security
Smart Grid Security
Network PerimeterDisappearing
Digital Security is the evolution of Cyber Security or The scope of Cyber Security is evolving into Digital Security
2016 Major Cyber Attacks
Source: http://www.darkreading.com/cloud/biggest-attacks-of-2016-(so-far) Source: http://thehackernews.com/2016/09/ddos-attack-iot.html
Source: http://www.welivesecurity.com/2016/12/30/biggest-security-incidents-2016/ Source: http://www.computerweekly.com/news/
Source: http://www.hackmageddon.com/ Source: https://www.hackread.com/russian-malware-found-in-vermont-utilitys-laptops/
All I see is chaos – Where do I start?
Malware Protection
Workload Protection
Threat Sharing Intrusion Prevention
Systems
Incident and Threat
Management
Data Access Control
Network Visibility
Log flow and Data Analysis
Sandboxing Virtual Patching
Digital Forensics
Transaction Protection
Vulnerability Management
Anomaly Detection
Application Scanning
Anti-Malware
Endpoint Protection
Access Management
Access Management
Cloud Access Security Broker
Firewalls
Identity Management
Data Monitoring
Fraud Protection
Device Management
IP reputation
Indicators of Compromise
Malware Protection
Security Disciplines impacted by Digital Security
Infrastructure Security
Network Security
IAM Security
Application Security
Data and Information
Security
SOC Security
Cloud Security
Endpoint Security
Mobile Security
Threat Intelligence
Threat and Vulnerability Management
Public Key Infrastructure
Cyber Security
Digital Security
Digital Security
Dig
ita
l S
ec
uri
ty
Dig
ital S
ec
urity
Agenda
1. What are the Digital Security Challenges?
2. Who is being impacted?
3. Why (Digital Security Risks)?
4. How to mitigate Digital Security Risks?
Who is going to be impacted?•10 HYPER-DISRUPTIVE BUSINESS MODELS
1. The Subscription Model (Netflix, Dollar Shave Club, Apple Music) Disrupts through “lock-in” by taking a product or service that is traditionally purchased on an ad hoc basis, and locking-in repeat custom by charging a subscription fee for continued access to the product/service
2. The Freemium Model (Spotify, LinkedIn, Dropbox) Disrupts through digital sampling, where users pay for a basic service or product with their data or ‘eyeballs’, rather than money, and then charging to upgrade to the full offer. Works where marginal cost for extra units and distribution are lower than advertising revenue or the sale of personal data
3. The Free Model (Google, Facebook) Disrupts with an ‘if-you’re-not-paying-for-the-product-you-are-the-product’ model that involves selling personal data or ‘advertising eyeballs’ harvested by offering consumers a ‘free’ product or service that captures their data/attention
4. The Marketplace Model (eBay, iTunes, App Store, Uber, AirBnB) Disrupts with the provision of a digital marketplace that brings together buyers and sellers directly, in return for a transaction or placement fee or commission
5. The Access-over-Ownership Model (Zipcar, Peerbuy, AirBnB) Disrupts by providing temporary access to goods and services traditionally only available through purchase. Includes ‘Sharing Economy’ disruptors, which takes a commission from people monetising their assets (home, car, capital) by lending them to ‘borrowers’
Who is being impacted?
•10 HYPER-DISRUPTIVE BUSINESS MODELS
6. The Hypermarket Model (Amazon, Apple) Disrupts by ‘brand bombing’ using sheer market power and scale to crush competition, often by selling below cost price
7. The Experience Model (Tesla, Apple) Disrupts by providing a superior experience, for which people are prepared to pay
8. The Pyramid Model (Amazon, Microsoft, Dropbox) Disrupts by recruiting an army of resellers and affiliates who are often paid on a commission-only model
9. The On-Demand Model (Uber, Operator, Taskrabbit) Disrupts by monetising time and selling instant-access at a premium. Includes taking a commission from people with money but no time who pay for goods and services delivered or fulfilled by people with time but no money
10. The Ecosystem Model (Apple, Google) Disrupts by selling an interlocking and interdependent suite of products and services that increase in value as more are purchased. Creates consumer dependency.
Source: http://digitalintelligencetoday.com/the-10-business-models-of-digital-disruption-and-how-to-respond-to-them/
Agenda
1. What are the Digital Security Challenges?
2. Who is being impacted?
3. Why (Digital Security Risks)?
4. How to mitigate Digital Security Risks?
Why - Digital Security Risks?Internet of Things
Source: http://inobeta.net/tag/digital-divide/
Why - Digital Security Risks?Smart Grid
Source: http://www.smartgrids.eu/News_2014_and_before
Why - Digital Security Risks?Smart City
Source: http://in.nec.com/en_IN/blog/smart-cities-shaping-indias-future.html
Why - Digital Security Risks?Smart World
Why - Digital Security Risks?
Digital Security
Confidentiality
Integrity
Cyb
er R
esilie
nce
Critical Success Factors
Confidentiality
Digital Resilience
AvailabilityIntegrity
Digital ResilienceDigital Resilience is to maintain the entity´s ability to deliver
the intended outcome continuously at all times. This means even when regular delivery mechanisms have failed, such as during a crisis and after a security breach. The concept also includes the ability to restore regular delivery mechanisms after such events as well as the ability to continuously change or modify these delivery mechanisms if needed in the face of new risks. .
AvailabilityInformation systems and the content they
contain should be available for appropriate use. The failure of an important system, or even a data center, should not cause long-term outage. Redundancy in storage, processing, and network paths can be used in conjunction with business continuity and disaster recovery (DR) procedures to maintain appropriate availability levels.
ConfidentialityPrevent intentional or unintentional
unauthorized or inappropriate disclosure of information.
IntegritySecurity technologies and processes should
prevent unauthorized or inappropriate modification of information and processes, and ensure that information or IT systems—such as structured databases, operating system software, or websites that have many critical and inter-related objects—maintain internal consistency and correctness. Where possible, information should be kept externally consistent with the real-world situations it represents.
Agenda
1. What are the Digital Security Challenges?
2. Who is being impacted?
3. Why (Digital Security Risks)?
4. How to mitigate Digital Security Risks?
Enterprise Security Architecture
Enterprise Security Architecture
Contextual Layer (Business)
Conceptual Layer (Requirements)
Logical Layer (Services)
Physical Layer (Technique)
Component Layer (Business)
Risk Management and SABSA Matrix
Assets (What)
Motivational (Why)
Process (How) People (Who) Location (Where)
Time (When)
Conceptual Business Decisions
Business Risk Business Processes
Business Governance
Business Geography
Business Time Dependence
Contextual Business Knowledge & Risk
Strategy
Risk Management Objectives
Strategies for Process
Assurance
Roles and Responsibilitie
s
Domain Framework
Time ManagementFramework
Logical Information Assets
Risk Management Process Maps Entity and Trust
Domain Maps Calendar & Schedule
Physical Data Assets Management Practices
ManagementProcess
Performance Management
Domain Maps TimeManagement
Component ICT Components Risk Management Tools & Standards
Process Tools and Standards
Performance Management
Tools and Standards
Domain Maps Tools and Standards
Step Timing & Sequencing
Tools
Operational Service Delivery Management
Operational Risk Management
Delivery Management
Performance Management
Domain Environment
Management Schedule
Assets at Risk
Factors affecting Risk
Control / Enablement Objectives and Targets
Risk Management
Process
Risks
Risk Treatment and Control / Enablement Solution
SABSA Risk & Opportunity Model
Architectural Risk Approach
Enterprise Security Architecture - Approaches
Data Sovereignty
Data Protection
Provider Trust
Management
Business Continuity
Management
Risk Management
Cloud Security
Enterprise Security Architecture - Approaches
–Bring Your Own Identity (BYOID)
Security Risk? or Business Advantage?
What is the Business Value?
Is it part of the Corporate Strategy? Loss of Control vs Cost
Enterprise Security Architecture - Approaches
Source: Gartner 2016
Enterprise Security Architecture - Approaches
Digital Security
Cloud Services
Bimodal Services
Digital Disruptors
IoT
Green ITBYOD CYOD
BYOIDBig Data