SlideShare ist ein Scribd-Unternehmen logo
1 von 107
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Enterprise Security and the
CFO
Five things you need to know
Rafal Los, Principal – Strategic Security Services HP ES
June 5th, 2013
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Enterprise Security is a
boardroom topic.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
“Enterprise Security” in
transition
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
From a ‘blunt tech
instrument’..
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
..to a strategic business asset.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
CFOs aren’t the enemy
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
I know a little about this-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
From SMB to Fortune 50
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
CFOs should understand
security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
CFOs should support security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
But…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Security poses a challenge
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
of breaches
are reported
by a 3rd party94%
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
average time to detect
breach
416days
2012 January February March April May June July August September October November December 2013 January February
March April
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
71%
Since 2010, time to resolve an attack has grown
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
Arming the CFO for reality
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
First-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
A breach event is imminent
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
<uncomfortable silence>
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
This is an uncomfortable
reality
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Many have tried to be ‘secure’
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
All eventually fail.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23
$64,000.00 question: Why?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24
Every new ‘thing’ …
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25
..can pose a threat
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26
..can contain a vulnerability
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27
This isn’t a solvable
problem…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28
..detection is not perfect
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
..compromises must be made
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
..risk can never be eliminated.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
Humans will always be a
weakness
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
You can not demand ‘secure’.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33
Second-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34
Prevention is producing
diminishing returns
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35
75% budget on network
security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36
84% breaches at application
level
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37
This should tell us something
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38
WhathappensWHENyou’re
breached
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39
Re-assess security budget
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40
What to focus on now?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41
Detection of malice, or attack
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42
Find the attacker within,
earlier
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43
Understand the attack, sooner
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44
Response to an incident
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45
More than just technology!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46
Legal, PR, marketing –
response
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47
“What do you do then?”
Hint: Panic is not an
option.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48
Processes need to be built
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.49
People need to be trained
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.50
Mock scenarios must be run
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.51
Yes, technology is needed
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.52
Efficiency of response is
critical
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.53
Detected, Responded, now..
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.54
Service recovery/restoration
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.55
Restore business processes
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.56
Bring back critical systems
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.57
BUT – they have to be ‘fixed’
first
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.58
( Lots of costs hidden here )
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.59
Spend $ here before it
happens
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.60
Spend $$$ here after the fact
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.61
The bottom line:
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.62
Spend more on preparedness
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.63
Third-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.64
Technology alone isn’t a
solution
aka “boxes don’t stop attackers”
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.65
Don’t forget the people!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.66
The general cycle of products-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.67
1. Architect a solution
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.68
2. Purchase the solution
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.69
3. Install the solution
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.70
4. Done?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.71
This is where the real work
starts
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.72
Have you integrated?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.73
Have you operationalized?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.74
How do you respond to red
lights?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.75
Fourth-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.76
Bigger budget may mean less
effective security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.77
How is that possible?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.78
More stuff = better security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.79
Right?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.80
Not if you don’t operationalize
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.81
Simple example-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.82
An analyst has finite
capability
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.83
If 1 analyst can do 1 task
effectively
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.84
They can do 2 tasks less
effectively
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.85
..and 5 tasks poorly.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.86
Gets worse from there down.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.87
But this is what enterprises
ask!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.88
Howisyourenterprisemost
effective?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.89
Technology should enable
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.90
Technology should adapt to
people
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.91
NOT people adapting to
technology
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.92
Fifth-
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.93
You, Hackers motivated
similarly
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.94
Hackers want it.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.95
You try to spend it wisely.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.96
This gives us insight!
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.97
So how do you win?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.98
Increase the attacker’s costs
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.99
Play their game, on your
terms.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.100
As the CFO you have a
responsibility
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.101
Empower your security
organization
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.102
Provide strategic financial
guidance
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.103
Not just $pending capital.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.104
Talk to me for more
information…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.105
HP can help you fight smarter.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.106
. Rafal Los
Principal, Strategic Security Services
HP Enterprise Security Services
Member “HP Cloud Advisors”
http://h18004.www1.hp.com/products/solutions/cloud_advisors/index.html
Cloud Security Alliance
OWASP (Open Web Application Security Project)
10+ year Information Security industry veteran
Security generalist to Business Security Leader
Blogger, speaker
Email: Rafal@HP.com
Phone: +1 (404) 606-6056
Skype: Wh1t3Rabbit
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you

Weitere ähnliche Inhalte

Was ist angesagt?

Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo PivotalOpenSourceHub
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
How Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysHow Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysSpark Summit
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France Splunk
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...www.securitysystems.best
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real WorldBrooks Garrett
 

Was ist angesagt? (10)

Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
How Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysHow Spark is Making an Impact at Goldman Sachs by Vincent Saulys
How Spark is Making an Impact at Goldman Sachs by Vincent Saulys
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...Business continuity strategy to combat coronavirus (covid 19) - innova global...
Business continuity strategy to combat coronavirus (covid 19) - innova global...
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real World
 

Andere mochten auch

Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
Presentación en inglés
Presentación en inglésPresentación en inglés
Presentación en inglésrockerhmk
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationRafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterpriseRafal Los
 
"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to Practice"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to PracticeNidal Bitar
 

Andere mochten auch (6)

Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
Presentación en inglés
Presentación en inglésPresentación en inglés
Presentación en inglés
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to Practice"Translating Strategy to Measureable Actions... from PowerPoint to Practice
"Translating Strategy to Measureable Actions... from PowerPoint to Practice
 

Ähnlich wie 5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013

Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
 
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Enterprise Italia
 
Mobile thinking
Mobile thinkingMobile thinking
Mobile thinkingYael Keren
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security programCloudBees
 
20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era Digital20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era DigitalAMETIC
 
Software Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsSoftware Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsIT-oLogy
 
Humanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case StudyHumanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case StudyGlassdoor
 
HP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid CloudHP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid CloudMelissa Luongo
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)Copaco Nederland
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleENSIBS
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation finalShirlie23
 
Linked in for the channel
Linked in for the channelLinked in for the channel
Linked in for the channelcoxjon
 
Vmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no buildsVmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no buildsRussell Acton
 
Professional incident response
Professional incident responseProfessional incident response
Professional incident responseBrooks Garrett
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedMatthew Farina
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynoteMassTLC
 

Ähnlich wie 5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013 (20)

Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
 
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...
 
Mobile thinking
Mobile thinkingMobile thinking
Mobile thinking
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security program
 
20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era Digital20/20: el nuevo estilo en la Era Digital
20/20: el nuevo estilo en la Era Digital
 
Software Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce JenkinsSoftware Security Assurance - Bruce Jenkins
Software Security Assurance - Bruce Jenkins
 
איך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימר
איך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימראיך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימר
איך יוצרים חוויית משתמש מנצחת בעולם ה-Big Data - עודד קלימר
 
Humanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case StudyHumanizing the Talent Acquisition Lifestyle: HP Case Study
Humanizing the Talent Acquisition Lifestyle: HP Case Study
 
HP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid CloudHP: Delivering on the Promise of Hybrid Cloud
HP: Delivering on the Promise of Hybrid Cloud
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
 
Digital government presentation final
Digital government presentation finalDigital government presentation final
Digital government presentation final
 
Services Innovations for Cities
Services Innovations for CitiesServices Innovations for Cities
Services Innovations for Cities
 
Linked in for the channel
Linked in for the channelLinked in for the channel
Linked in for the channel
 
Vmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no buildsVmware cio event barcelona 2014 - no builds
Vmware cio event barcelona 2014 - no builds
 
Professional incident response
Professional incident responseProfessional incident response
Professional incident response
 
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEn
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involved
 
Les 7 péchés agiles
Les 7 péchés agilesLes 7 péchés agiles
Les 7 péchés agiles
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
 

Mehr von Rafal Los

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security MetricsRafal Los
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Rafal Los
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsRafal Los
 
SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!Rafal Los
 
A Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 TalkA Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 TalkRafal Los
 
Creating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web ApplicationsCreating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web ApplicationsRafal Los
 
Total Browser Pwnag3 V1.0 Public
Total Browser Pwnag3   V1.0 PublicTotal Browser Pwnag3   V1.0 Public
Total Browser Pwnag3 V1.0 PublicRafal Los
 

Mehr von Rafal Los (19)

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
 
SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!
 
A Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 TalkA Laugh RIAt -- OWASP 2009 Web 2.0 Talk
A Laugh RIAt -- OWASP 2009 Web 2.0 Talk
 
Creating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web ApplicationsCreating Practical Security Test-Cases for Web Applications
Creating Practical Security Test-Cases for Web Applications
 
Total Browser Pwnag3 V1.0 Public
Total Browser Pwnag3   V1.0 PublicTotal Browser Pwnag3   V1.0 Public
Total Browser Pwnag3 V1.0 Public
 

Kürzlich hochgeladen

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 

Kürzlich hochgeladen (20)

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013

  • 1. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Enterprise Security and the CFO Five things you need to know Rafal Los, Principal – Strategic Security Services HP ES June 5th, 2013
  • 2. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 Enterprise Security is a boardroom topic.
  • 3. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 “Enterprise Security” in transition
  • 4. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 From a ‘blunt tech instrument’..
  • 5. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 ..to a strategic business asset.
  • 6. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 CFOs aren’t the enemy
  • 7. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 I know a little about this-
  • 8. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 From SMB to Fortune 50
  • 9. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 CFOs should understand security
  • 10. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 CFOs should support security
  • 11. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 But…
  • 12. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 Security poses a challenge
  • 13. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 of breaches are reported by a 3rd party94%
  • 14. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 average time to detect breach 416days 2012 January February March April May June July August September October November December 2013 January February March April
  • 15. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 71% Since 2010, time to resolve an attack has grown
  • 16. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Arming the CFO for reality
  • 17. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 First-
  • 18. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 A breach event is imminent
  • 19. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 <uncomfortable silence>
  • 20. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 This is an uncomfortable reality
  • 21. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 Many have tried to be ‘secure’
  • 22. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 All eventually fail.
  • 23. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 $64,000.00 question: Why?
  • 24. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 Every new ‘thing’ …
  • 25. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 ..can pose a threat
  • 26. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 ..can contain a vulnerability
  • 27. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 This isn’t a solvable problem…
  • 28. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 ..detection is not perfect
  • 29. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29 ..compromises must be made
  • 30. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30 ..risk can never be eliminated.
  • 31. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31 Humans will always be a weakness
  • 32. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32 You can not demand ‘secure’.
  • 33. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33 Second-
  • 34. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34 Prevention is producing diminishing returns
  • 35. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35 75% budget on network security
  • 36. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36 84% breaches at application level
  • 37. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37 This should tell us something
  • 38. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38 WhathappensWHENyou’re breached
  • 39. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39 Re-assess security budget
  • 40. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40 What to focus on now?
  • 41. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41 Detection of malice, or attack
  • 42. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42 Find the attacker within, earlier
  • 43. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43 Understand the attack, sooner
  • 44. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44 Response to an incident
  • 45. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45 More than just technology!
  • 46. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46 Legal, PR, marketing – response
  • 47. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47 “What do you do then?” Hint: Panic is not an option.
  • 48. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48 Processes need to be built
  • 49. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.49 People need to be trained
  • 50. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.50 Mock scenarios must be run
  • 51. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.51 Yes, technology is needed
  • 52. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.52 Efficiency of response is critical
  • 53. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.53 Detected, Responded, now..
  • 54. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.54 Service recovery/restoration
  • 55. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.55 Restore business processes
  • 56. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.56 Bring back critical systems
  • 57. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.57 BUT – they have to be ‘fixed’ first
  • 58. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.58 ( Lots of costs hidden here )
  • 59. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.59 Spend $ here before it happens
  • 60. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.60 Spend $$$ here after the fact
  • 61. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.61 The bottom line:
  • 62. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.62 Spend more on preparedness
  • 63. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.63 Third-
  • 64. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.64 Technology alone isn’t a solution aka “boxes don’t stop attackers”
  • 65. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.65 Don’t forget the people!
  • 66. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.66 The general cycle of products-
  • 67. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.67 1. Architect a solution
  • 68. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.68 2. Purchase the solution
  • 69. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.69 3. Install the solution
  • 70. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.70 4. Done?
  • 71. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.71 This is where the real work starts
  • 72. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.72 Have you integrated?
  • 73. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.73 Have you operationalized?
  • 74. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.74 How do you respond to red lights?
  • 75. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.75 Fourth-
  • 76. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.76 Bigger budget may mean less effective security
  • 77. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.77 How is that possible?
  • 78. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.78 More stuff = better security
  • 79. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.79 Right?
  • 80. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.80 Not if you don’t operationalize
  • 81. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.81 Simple example-
  • 82. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.82 An analyst has finite capability
  • 83. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.83 If 1 analyst can do 1 task effectively
  • 84. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.84 They can do 2 tasks less effectively
  • 85. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.85 ..and 5 tasks poorly.
  • 86. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.86 Gets worse from there down.
  • 87. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.87 But this is what enterprises ask!
  • 88. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.88 Howisyourenterprisemost effective?
  • 89. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.89 Technology should enable
  • 90. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.90 Technology should adapt to people
  • 91. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.91 NOT people adapting to technology
  • 92. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.92 Fifth-
  • 93. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.93 You, Hackers motivated similarly
  • 94. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.94 Hackers want it.
  • 95. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.95 You try to spend it wisely.
  • 96. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.96 This gives us insight!
  • 97. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.97 So how do you win?
  • 98. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.98 Increase the attacker’s costs
  • 99. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.99 Play their game, on your terms.
  • 100. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.100 As the CFO you have a responsibility
  • 101. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.101 Empower your security organization
  • 102. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.102 Provide strategic financial guidance
  • 103. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.103 Not just $pending capital.
  • 104. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.104 Talk to me for more information…
  • 105. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.105 HP can help you fight smarter.
  • 106. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.106 . Rafal Los Principal, Strategic Security Services HP Enterprise Security Services Member “HP Cloud Advisors” http://h18004.www1.hp.com/products/solutions/cloud_advisors/index.html Cloud Security Alliance OWASP (Open Web Application Security Project) 10+ year Information Security industry veteran Security generalist to Business Security Leader Blogger, speaker Email: Rafal@HP.com Phone: +1 (404) 606-6056 Skype: Wh1t3Rabbit
  • 107. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you