• No results found

The enemies ashore Vulnerabilities & hackers: A relationship that works

N/A
N/A
Protected

Academic year: 2021

Share "The enemies ashore Vulnerabilities & hackers: A relationship that works"

Copied!
11
0
0

Loading.... (view fulltext now)

Full text

(1)

The enemies ashore

Alexandros Charvalias, Manager

CISSP, CISA, ACDA

Assurance & Enterprise Risk Services

Vulnerabilities & hackers: A relationship

that works

(2)

©2012 Deloitte Touche Tohmatsu Limited

IT Cyber Attack Simulations

Business-Wide Cyber Attack Exercises

Sector-Wide & Supply Chain Cyber Attack Exercises Enterprise-Wide Infrastructure

& Application Protection

Global Cross-Sector Threat Intelligence Sharing

Identity-Aware Information Protection IT BC & DR

Exercises Ad Hoc Infrastructure &

Application Protection

Adaptive & Automated Security Control Updates IT Service Desk

& Whistleblowing

Security Log Collection & Ad Hoc Reporting

External & Internal Threat Intelligence Correlation

Cross-Channel Malicious Activity Detection 24x7 Technology Centric

Security Event Reporting Automated IT Asset Vulnerability Monitoring

Targeted Cross-Platform User Activity Monitoring

Tailored & Integrated Business Process Monitoring Traditional Signature-Based

Security Controls

Periodic IT Asset Vulnerability Assessments

Proactive Threat Management

Level 1

Level 2

Level 3

Level 4

Level 5

Automated Electronic Discovery & Forensics Situational Awareness of

Cyber Threats Basic Online

Brand Monitoring Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat

Intelligence Collaboration Ad-hoc Threat

Intelligence Sharing with Peers

Baiting & Counter-Threat Intelligence Criminal / Hacker

Surveillance Commercial & Open Source

Threat Intelligence Feeds

Real-time Business Risk Analytics & Decision Support Workforce / Customer

Behaviour Profiling Network & System Centric

Activity Profiling

Business Partner Cyber Security Awareness Targeted Intelligence-Based

Cyber Security Awareness General Information Security

Training & Awareness

Internal Threat Intelligence Security Event Monitoring Asset Protection Cyber Attack Preparation Training & Awareness Behavioural Analytics External Threat Intelligence Intelligence Collaboration E-Discovery & Forensics Brand Monitoring

Cyber Security Maturity Levels

Basic Network Protection

Acceptable Usage Policy

Transformation

Operational Excellence

Blissful Ignorance

Online Brand & Social Media Policing Ad Hoc System /

Malware Forensics

Cyber security maturity model

1

Media & SMEs

Consumer Business &

Life Sciences

Retail Banks & Energy

Providers

Investment Banks

Military & Defence

How effectively does your organisation prepare for, become aware of, and respond to cyber threats?

(3)

©2012 Deloitte Touche Tohmatsu Limited

Module 1: Introduction to Security and Privacy in the Cloud

Technology for Business – Threats

(4)

©2012 Deloitte Touche Tohmatsu Limited

Source: Forrester Research “Understand The State Of Data Security And Privacy: 2012 To 2013”

(5)

©2012 Deloitte Touche Tohmatsu Limited

Attacker Determination

A

t t

a

c

k

e

r

S

o

p

h

i s

t i

c

a

t i

o

n

Accidental

Discovery

Malware

Insider

Lone Hacker

/

Hobbyist

Business

Partner

‘Script kiddy’

Disgruntled

ex

-

Employee

Disgruntled

Customer

Competitor

Disgruntled

ex

-

IT

Administrator

‘Hacktivism’

Cyber

Terrorism

Hacker

Collectives

Organised Crime

State

-

sponsored

Cyber Warfare

(6)

©2012 Deloitte Touche Tohmatsu Limited

Guiding principles

Five principles should underpin Cyber Security, and promote a cohesive approach to protection from cyber threats.

5

Only when you have fully

understood your assets, the risks

that threaten them, and how these

fit into the overall threat landscape

can you determine what level of

threat maturity you need to defend

against, and where you draw the

line to focus on limiting the impact

of a successful attack.

2. Ensure close

alignment with

business goals

3. Prepare for the

worst

4. Share

intelligence

5. Instil a broad

awareness of

cyber security

1. Understand

your risk

appetite

It is not practical to prevent all

forms of cyber attack, especially

those that are particularly

sophisticated and targeted. You

should ensure you have the

organisational and technical

capability to rapidly detect and

respond to a successful attack in

order to limit its impact.

Ensure that your strategic

direction for cyber security is in

close alignment with business

goals, and the organisation’s

strategy for achieving these.

Focus effort on defending the

most strategically important parts

of the business, or those that are

being delivered in the riskiest way.

Collaborate and share

intelligence with industry,

national and international cyber

threat intelligence organisations.

By sharing intelligence with other

organisations you will be in a

position to receive the benefit of

shared wisdom.

Your security is only as strong as

the weakest link; ensure that the

risks associated with cyber

security, and the steps that your

organisation is taking to combat

these risks are understood across

the organisation, from the board

and senior management, to all

staff, partners and third parties.

(7)

©2012 Deloitte Touche Tohmatsu Limited

Vulnerabilities Exposure over Time

6

0

25

50

75

100

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

Ad hoc Assessments

Periodic Assessments

Continuous Assessments

E

x

pos

ur

e

t

o

V

ul

ne

ra

bi

li

ti

e

s

Time

Server upgrade

Patching

Audit Findings

Remediation

Assessment

Assessment

Assessment

Etc.

Assessment

Etc.

(8)

©2012 Deloitte Touche Tohmatsu Limited

Appetizers Menu

(9)

©2012 Deloitte Touche Tohmatsu Limited

Why Deloitte?

8

Our security, privacy, and risk management services are independently recognised as world leading.

Independent analyst recognition

Global footprint

Depth and breadth of skills

Expertise and experience across a range of sectors

Investment in innovation

BSI ISC2 Specialty ISACA IAPP

Over 150 trained lead system auditors Over 1,100 CISSPs

Wide range of domain specific certifications Over 2,000 certified as CISA, CISM, & CGEIT

Privacy certified practitioners Deloitte Member Firm Accreditations

“In Forrester’s 75-criteria evaluation of information security and

risk consulting service providers, we found that Deloitte led the

pack because of its maniacal customer focus and deep technical

expertise.”

Forrester Wave™: Information Security And Risk Consulting, Q3 ’10

(10)

Questions?

9

©2012 Deloitte Touche Tohmatsu Limited

Alexandros Charvalias

CISSP, CISA, ACDA

Manager

Assurance & Enterprise Risk Services

Hadjipavlou Sofianos & Cambanis S.A.

3a Fragoklissias & Granikou str. GR – 151 25 Maroussi Athens, Greece Tel: +30 210 6781 100 Mob: +30 695 1921 042 acharvalias@deloitte.gr www.deloitte.gr Member of

(11)

©2012 Deloitte Touche Tohmatsu Limited

About Deloitte

Deloitte Greece is a member of Deloitte Touche Tohmatsu Limited (DTTL), a private UK company limited by guarantee, the world’s

largest professional services firm, with approximately 182,000 people, in more than 150 countries, and annual turnover of USD 28.8

bn. (2011). Deloitte combines world-class capabilities with deep local expertise to help clients succeed. It’s tens of thousands of

professionals, are committed to becoming the standard of excellence.

In Greece, “Deloitte Hadjipavlou Sofianos & Cambanis S.A.” provides audit services, “Deloitte Business Solutions Hadjipavlou

Sofianos & Cambanis S.A.” financial advisory, tax and consulting services and “Direct Accounting Compliance & Reporting Services

SA” accounting outsourcing services. With a staff of 400 professionals and offices in Athens and Thessaloniki, Deloitte focuses on all

major industries including financial services; shipping; energy; consumer business; life sciences & health care and government

services. Deloitte clients include most of the leading private and public, commercial, financial and industrial companies.

For more information, please visit our website at

www.deloitte.gr

References

Related documents

2 If a second video display is required, use an additional DisplayPort video cable (Adder part number: VSCD17) to link DP port 2 on the rear panel of the transmitter unit with

Brilliant Energy’s payment of damages to Customer for any actionable breach by Brilliant Energy, except when excused in writing by Customer of Brilliant Energy’s electric

Spontaneous disease improvement during pregnancy is less likely in women with IBD than in women with RA and other rheumatic diseases, and many patients with IBD may require

It shows that the challenge is to make a genuine human rights risk assessment a corporate requirement – and not simply to arrive at a harmonized interpretation of the concept

Operations management and improvement in manufacturing and services The course aims at developing a strategic vision of Operations and Supply chain, and understand how Operations

The project demonstrated how solar power, with the support of innovative and sustainable technologies, can supply modern access to electricity for the activity of the school and

The model’s predictions are that the forward premium regression should account for time varying fixed effects, and, as suggested by vast empirical evidence, for

The increase in lamb birth weight produced by shearing ewes during pregnancy, described in this paper, could reduce the lamb perinatal mortality, especially in years with a low