SlideShare ist ein Scribd-Unternehmen logo

Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur

Alan Yau Ti Dun
Alan Yau Ti Dun

"Like any information security processes, there should be an adequate and" "reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes." "These controls are supported by appropriate metrics and indicators for" "security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework" "and COBIT 5 for Information Security as a baseline."

Präsentationen & Vorträge
1 von 26
Downloaden Sie, um offline zu lesen
CYBERSECURITY  ASSURANCE   ALAN YAU TI DUN CISA CISM CGEIT CRISC CISSP CSXF ITIL SPECIAL INTEREST GROUP 1 ISACA MALAYSIA CHAPTER
Like any information security processes, there should be an adequate and reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes. These controls are supported by appropriate metrics and indicators for security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework and COBIT 5 for Information Security as a baseline. CYBERSECURITY  ASSURANCE   2  
CYBERSECURITY  ASSURANCE   3  <insert speaker organization logo> This session aims to bring forth the following to the delegates: •  General understanding of cyber security assurance. •  Exposure to a cyber security assurance program, which is leveraging on COBIT 5 as a baseline. •  Provide guideline in conducting cybersecurity audit
AUDITING  &  REVIEWING  CYBERSECURITY   4  
5   AUDITING  &  REVIEWING  CYBERSECURITY   •  Review is required to validate the controls are designed and operating effectively. •  Audit & review universe is distributed across all 3 lines of defense, which provides the required degree of independence needed.
6   AUDITING  &  REVIEWING  CYBERSECURITY  
7   AUDIT  UNIVERSE   •  Include all control sets, management practices and GRC provisions in force. •  Possible to be extended to 3rd parties – contract with audit rights. •  Keep within the right boundaries – !  Corporate sphere of influence vs private sphere of controls. !  Internal IT infrastructure vs external infrastructure. !  Corporate sovereignty vs legal provisions.
8   AUDIT  BOUNDARIES  
9   AUDIT  OBJECTIVES   •  Can range from high-level governance reviews to technical reviews. •  Needs to be clearly defined and concise manner. •  Consider time and effort. •  Audit objectives are best defined in line with the governance and management activities defined for cyber security. •  For complex audits, the underlying audit program may spans several years.
10   KEY  CONSIDERATIONS   •  Legal consideration •  Privacy and data protection •  Logging, data retention and archiving •  Audit data storage and archiving. Should be within the standard criteria: •  Confidentiality •  Integrity •  Availability
11   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
12   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
13   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
14   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
15   TRANSFORMING  CYBERSECURITY  –  COBIT  5   Eight  Key  Principles:   1.  Understand   the   potenAal   impact   of   cybercrime   and   warfare   on   your   enterprise.     2.  Understand  end  users,  their  cultural  values  and  their  behavior  paQerns.     3.  Clearly  state  the  business  case  for  cybersecurity  and  the  risk  appeAte  of  the   enterprise.     4.  Establish  cybersecurity  governance.     5.  Manage   cybersecurity   using   principles   and   enablers.   (The   principles   and   enablers   found   in   COBIT   5   will   help   your   organizaAon   ensure   end-­‐to-­‐end   governance  that  meets  stakeholder  needs,  covers  the  enterprise  to  end  and   provides  a  holisAc  approach,  among  other  benefits.  The  processes,  controls,   acAviAes   and   key   performance   indicators   associated   with   each   enabler   will   provide  the  enterprise  with  a  comprehensive  picture  of  cybersecurity.)   6.  Know  the  cybersecurity  assurance  universe  and  objecTves.     7.  Provide   reasonable   assurance   over   cybersecurity.   (This   includes   monitoring,   internal  reviews,  audits  and,  as  needed,  invesAgaAve  and  forensic  analysis.)   8.  Establish  and  evolve  systemic  cybersecurity.    
CYBERSECURITY  ASSURANCE     USING     16  
17   CYBERSECURITY  ASSURANCE–  COBIT  5  
18   CYBERSECURITY  ASSURANCE  –  COBIT  5   EDM01:  ENSURE  GOVERNANCE  FRAMEWORK  SETTING  AND  MAINTENANCE     Key  Areas  /  Points     1   Cyber   security   management   is   supported   by   enAty   standards,   processes   and  procedures.   2   Cyber   security   prevenAon   is   monitored   on   a   regular   basis   by   senior   management.   3   Business   and   IT   Unit   Leaders   are   trained   and   acTvely   involved   in   the   oversight  and  significant  decisions  relaAng  to  cyber  security  preparedness   and  incidents.   4   A   cyber   security   task   force   /   panel   has   been   established   and   includes   appropriate  funcAonal  members.   5   Cyber  security  risks  and  vulnerabiliTes  are  idenTfied  and  evaluated  on  a   periodic  basis.  
19   CYBERSECURITY  ASSURANCE  –  COBIT  5   EDM01:  ENSURE  GOVERNANCE  FRAMEWORK  SETTING  AND  MAINTENANCE     Other  notable  cyber  security  assurance  concepts     1   IdenAfy   and   validate   governance   model   in   terms   of   cyber   security   aYacks   (e.g.  ‘Zero  Tolerance’  vs  ‘Living  with  it’).     This  model  should  be  aligned  with  the  enTty’s  overall  risk  appeTte.   2   Determine  an  opTmal  decision  making  model  for  cyber  security.  This  may   be  disAnct  and  different  from  the  ‘ordinary’  informaAon  security  model.   3   Embed  cyber  security  transformaAon  acAviAes  that  is  driven  by  a  steering   commiQee.   These   acAviAes   should   be   included   in   the   overall   security   strategy.   4   Develop   and   foster   an   informaAon   security-­‐posiTve   culture   and   environment  within  all  business  units.   5   Integrate  cyber  security  measures  measurements  and  metrics  into  rouAne   compliance  check  mechanisms.  
20   CYBERSECURITY  ASSURANCE  –  COBIT  5   APO01:  MANAGE  THE  IT  MANAGEMENT  FRAMEWORK   Key  Areas  /  Points     1   IT  management  establishes,  maintains  and  monitors  a  secure  infrastructure   2   IT   management   receives   and   reviews   key   reports   and   analysis   of   security,   vulnerability,  intrusions  and  penetraAon  test  results.   3   IT  management  supports  the  cyber  security  task  force  and  informaAon  security   iniAaAves  
21   CYBERSECURITY  ASSURANCE  –  COBIT  5   APO01:  MANAGE  THE  IT  MANAGEMENT  FRAMEWORK   Other  notable  cyber  security  assurance  concepts     1   Define  the  expectaAons  with  regard  to  cyber  security,  including  ethics  and   culture.  The  expectaAons  should  match  the  overall  governance  model.   2     IT   General   Controls   (‘ITGC’)   should   be   tested   and   updated   regularly.   IT   General   Controls   provides   the   support   and   baseline   assurance   for   cyber   security  specific  objecAves.       3   Controls  and  objecAves  that  are  performed  by  third  parAes  should  also  be   evaluated  periodically  by  management.  
22   CYBERSECURITY  ASSURANCE  –  COBIT  5   AP003  MANAGE  ENTERPRISE  ARCHITECTURE  (ARCHITECTURE  REVIEW)  
23   CYBERSECURITY  ASSURANCE  –  COBIT  5   Security  Incident  Management   1   Policies  and  procedures  are  established  to  ensure  that  a  risk  analysis  and  asset  prioriAzaAon  is   part  of  the  evaluaAon  process   2   Asset  value  and  prioriAzaAon  are  components  of  the  incident  response  analysis   3   Incident  response  policies  and  processes  should  idenAfy  the  scope,  objecAves  and  requirements   defining  how  and  who  should  respond  to  an  incident,  what  consTtutes  an  incident,  and  the   specific  processes  for  monitoring  and  reporAng  the  incident  acAviAes.   4   An  incident  response  team  has  been  organized  with  appropriate  management,  staffing  and   senior  management  support.   5   Forensic  policies  and  procedures  should  ensure  that  documented  management  trails  are   preserved  to  permit  internal  invesTgaTons  and  support  any  legal  or  regulatory  invesTgaTons   (internal  and  external).   6   Incident  response  tools  should  be  installed,  scheduled,  monitored,  and  secured  to  avoid   unauthorised  access  to  invesAgaAon  acAviAes.   7   The  crisis  management  funcTon  is  part  of  the  cyber  security  preparedness  process.   AP013  MANAGE  SECURITY        (SECURITY  INCIDENT  MANAGEMENT)  
24   CYBERSECURITY  ASSURANCE  –  COBIT  5   AP013  MANAGE  SECURITY        (SECURITY  INCIDENT  MANAGEMENT)  
25   SUMMARY   •  Understand CyberSecurity from a holistic, organizational perspective •  Understand the approach to CyberSecurity Assurance •  Develop audit programmes by identifying risks and relevant controls •  Know how to test controls related to CyberSecurity
ALAN YAU TI DUN CISA CISM CGEIT CRISC CISSP CSXF ITIL SPECIAL INTEREST GROUP 1 ISACA MALAYSIA CHAPTER

Empfohlen

Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 

Empfohlen

Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221SALIH AHMED ISLAM
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010Donald E. Hester
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterEMC
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Stepsagiliancecommunity
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Company Profile
Company ProfileCompany Profile
Company Profile3SC World
 
2010 Asset Recovery Conference
2010 Asset Recovery Conference2010 Asset Recovery Conference
2010 Asset Recovery Conferencejoyintriago
 
Presentacion minecraft
Presentacion minecraftPresentacion minecraft
Presentacion minecraftcubesclub2015
 

Weitere ähnliche Inhalte

Was ist angesagt?

OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010Donald E. Hester
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterEMC
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Company Profile
Company ProfileCompany Profile
Company Profile3SC World
 

Was ist angesagt? (20)

OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations Center
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Steps
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Company Profile
Company ProfileCompany Profile
Company Profile
 

Andere mochten auch

2010 Asset Recovery Conference
2010 Asset Recovery Conference2010 Asset Recovery Conference
2010 Asset Recovery Conferencejoyintriago
 
Presentacion minecraft
Presentacion minecraftPresentacion minecraft
Presentacion minecraftcubesclub2015
 
Scholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVE
Scholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVEScholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVE
Scholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVEBonnie Stewart
 
Jaquelinne yoannaruizachury actividad1_2mapac.pdf
Jaquelinne yoannaruizachury actividad1_2mapac.pdfJaquelinne yoannaruizachury actividad1_2mapac.pdf
Jaquelinne yoannaruizachury actividad1_2mapac.pdfJaquelinne Ruiz
 
Proyecto 001 antonio sánchez gil españa 2014
Proyecto 001 antonio sánchez gil españa 2014Proyecto 001 antonio sánchez gil españa 2014
Proyecto 001 antonio sánchez gil españa 2014El taller del artista
 
Juan Antonio Silva Oliva_Parte 1 introducción a la mkt
Juan Antonio Silva Oliva_Parte 1 introducción a la mktJuan Antonio Silva Oliva_Parte 1 introducción a la mkt
Juan Antonio Silva Oliva_Parte 1 introducción a la mktSilva1969
 
548 558 escoliosis
548 558 escoliosis548 558 escoliosis
548 558 escoliosisPaola Petro
 
Manual de Identidade Visual do Channel 4
Manual de Identidade Visual do Channel 4Manual de Identidade Visual do Channel 4
Manual de Identidade Visual do Channel 4Beto Lima Branding
 
Taller de cripto
Taller de criptoTaller de cripto
Taller de criptoUSC
 
Redmond Student Orientation 2016
Redmond Student Orientation 2016Redmond Student Orientation 2016
Redmond Student Orientation 2016BlueRidgeAHEC
 
Informe anual 2013 de Abengoa Bioenergía
Informe anual 2013 de Abengoa BioenergíaInforme anual 2013 de Abengoa Bioenergía
Informe anual 2013 de Abengoa BioenergíaAbengoa
 
Cara membuat email yahoo indonesia
Cara membuat email yahoo indonesiaCara membuat email yahoo indonesia
Cara membuat email yahoo indonesiaSamsul Hadi
 
Sistemas operativos jesus_lopezyrobertoalmena
Sistemas operativos jesus_lopezyrobertoalmenaSistemas operativos jesus_lopezyrobertoalmena
Sistemas operativos jesus_lopezyrobertoalmenaJesús López González
 
Nikki lewis hw 420 unit 5 project
Nikki lewis hw 420 unit 5 projectNikki lewis hw 420 unit 5 project
Nikki lewis hw 420 unit 5 projectNikkiLewis5
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpjgarifuna
 
Manejo de la Acromegalia - SPE - ENDO PERU 2015
Manejo de la Acromegalia - SPE - ENDO PERU 2015Manejo de la Acromegalia - SPE - ENDO PERU 2015
Manejo de la Acromegalia - SPE - ENDO PERU 2015JOSE LUIS PAZ IBARRA
 

Andere mochten auch (20)

2010 Asset Recovery Conference
2010 Asset Recovery Conference2010 Asset Recovery Conference
2010 Asset Recovery Conference
 
Presentacion minecraft
Presentacion minecraftPresentacion minecraft
Presentacion minecraft
 
Scholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVE
Scholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVEScholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVE
Scholarly Networks: Friend or Foe or Risky Fray? ALL OF THE ABOVE
 
Jaquelinne yoannaruizachury actividad1_2mapac.pdf
Jaquelinne yoannaruizachury actividad1_2mapac.pdfJaquelinne yoannaruizachury actividad1_2mapac.pdf
Jaquelinne yoannaruizachury actividad1_2mapac.pdf
 
Proyecto 001 antonio sánchez gil españa 2014
Proyecto 001 antonio sánchez gil españa 2014Proyecto 001 antonio sánchez gil españa 2014
Proyecto 001 antonio sánchez gil españa 2014
 
Comercio
ComercioComercio
Comercio
 
Juan Antonio Silva Oliva_Parte 1 introducción a la mkt
Juan Antonio Silva Oliva_Parte 1 introducción a la mktJuan Antonio Silva Oliva_Parte 1 introducción a la mkt
Juan Antonio Silva Oliva_Parte 1 introducción a la mkt
 
548 558 escoliosis
548 558 escoliosis548 558 escoliosis
548 558 escoliosis
 
Manual de Identidade Visual do Channel 4
Manual de Identidade Visual do Channel 4Manual de Identidade Visual do Channel 4
Manual de Identidade Visual do Channel 4
 
Taller de cripto
Taller de criptoTaller de cripto
Taller de cripto
 
Redmond Student Orientation 2016
Redmond Student Orientation 2016Redmond Student Orientation 2016
Redmond Student Orientation 2016
 
Informe anual 2013 de Abengoa Bioenergía
Informe anual 2013 de Abengoa BioenergíaInforme anual 2013 de Abengoa Bioenergía
Informe anual 2013 de Abengoa Bioenergía
 
plan de trabajo para pcs
plan de trabajo para pcsplan de trabajo para pcs
plan de trabajo para pcs
 
Cara membuat email yahoo indonesia
Cara membuat email yahoo indonesiaCara membuat email yahoo indonesia
Cara membuat email yahoo indonesia
 
Delicias del gordo 1
Delicias del gordo 1Delicias del gordo 1
Delicias del gordo 1
 
Sistemas operativos jesus_lopezyrobertoalmena
Sistemas operativos jesus_lopezyrobertoalmenaSistemas operativos jesus_lopezyrobertoalmena
Sistemas operativos jesus_lopezyrobertoalmena
 
Nikki lewis hw 420 unit 5 project
Nikki lewis hw 420 unit 5 projectNikki lewis hw 420 unit 5 project
Nikki lewis hw 420 unit 5 project
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
Apresiasi
ApresiasiApresiasi
Apresiasi
 
Manejo de la Acromegalia - SPE - ENDO PERU 2015
Manejo de la Acromegalia - SPE - ENDO PERU 2015Manejo de la Acromegalia - SPE - ENDO PERU 2015
Manejo de la Acromegalia - SPE - ENDO PERU 2015
 

Ähnlich wie Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptx20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptxSuman Garai
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfAbuHanifah59
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 

Ähnlich wie Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur (20)

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
Ebsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal PresentationEbsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal Presentation
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
Info.ppt
Info.pptInfo.ppt
Info.ppt
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 
20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptx20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptx
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 

Kürzlich hochgeladen

Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Sebastiano Panichella
 
General Elections Final Press Noteas per M
General Elections Final Press Noteas per MGeneral Elections Final Press Noteas per M
General Elections Final Press Noteas per MVidyaAdsule1
 
cse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber securitycse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber securitysandeepnani2260
 
Application of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptxApplication of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptxRoquia Salam
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxogubuikealex
 
Internship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SEInternship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SESaleh Ibne Omar
 
GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024GESCO SE
 
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptxerickamwana1
 
A Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air CoolerA Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air Coolerenquirieskenstar
 
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunityDon't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunityApp Ethena
 
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxEngaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxAsifArshad8
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMCharmi13
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRachelAnnTenibroAmaz
 
proposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeegerproposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeegerkumenegertelayegrama
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRsarwankumar4524
 

Kürzlich hochgeladen (17)

Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
 
General Elections Final Press Noteas per M
General Elections Final Press Noteas per MGeneral Elections Final Press Noteas per M
General Elections Final Press Noteas per M
 
cse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber securitycse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber security
 
Application of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptxApplication of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptx
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptx
 
Internship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SEInternship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SE
 
GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024
 
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
 
A Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air CoolerA Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air Cooler
 
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunityDon't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
 
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxEngaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEM
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
 
proposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeegerproposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeeger
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
 

Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur

  • 1. CYBERSECURITY  ASSURANCE   ALAN YAU TI DUN CISA CISM CGEIT CRISC CISSP CSXF ITIL SPECIAL INTEREST GROUP 1 ISACA MALAYSIA CHAPTER
  • 2. Like any information security processes, there should be an adequate and reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes. These controls are supported by appropriate metrics and indicators for security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework and COBIT 5 for Information Security as a baseline. CYBERSECURITY  ASSURANCE   2  
  • 3. CYBERSECURITY  ASSURANCE   3  <insert speaker organization logo> This session aims to bring forth the following to the delegates: •  General understanding of cyber security assurance. •  Exposure to a cyber security assurance program, which is leveraging on COBIT 5 as a baseline. •  Provide guideline in conducting cybersecurity audit
  • 4. AUDITING  &  REVIEWING  CYBERSECURITY   4  
  • 5. 5   AUDITING  &  REVIEWING  CYBERSECURITY   •  Review is required to validate the controls are designed and operating effectively. •  Audit & review universe is distributed across all 3 lines of defense, which provides the required degree of independence needed.
  • 6. 6   AUDITING  &  REVIEWING  CYBERSECURITY  
  • 7. 7   AUDIT  UNIVERSE   •  Include all control sets, management practices and GRC provisions in force. •  Possible to be extended to 3rd parties – contract with audit rights. •  Keep within the right boundaries – !  Corporate sphere of influence vs private sphere of controls. !  Internal IT infrastructure vs external infrastructure. !  Corporate sovereignty vs legal provisions.
  • 9. 9   AUDIT  OBJECTIVES   •  Can range from high-level governance reviews to technical reviews. •  Needs to be clearly defined and concise manner. •  Consider time and effort. •  Audit objectives are best defined in line with the governance and management activities defined for cyber security. •  For complex audits, the underlying audit program may spans several years.
  • 10. 10   KEY  CONSIDERATIONS   •  Legal consideration •  Privacy and data protection •  Logging, data retention and archiving •  Audit data storage and archiving. Should be within the standard criteria: •  Confidentiality •  Integrity •  Availability
  • 11. 11   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
  • 12. 12   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
  • 13. 13   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
  • 14. 14   EXAMPLE  –  CYBERSECURITY  AUDIT  GOALS  
  • 15. 15   TRANSFORMING  CYBERSECURITY  –  COBIT  5   Eight  Key  Principles:   1.  Understand   the   potenAal   impact   of   cybercrime   and   warfare   on   your   enterprise.     2.  Understand  end  users,  their  cultural  values  and  their  behavior  paQerns.     3.  Clearly  state  the  business  case  for  cybersecurity  and  the  risk  appeAte  of  the   enterprise.     4.  Establish  cybersecurity  governance.     5.  Manage   cybersecurity   using   principles   and   enablers.   (The   principles   and   enablers   found   in   COBIT   5   will   help   your   organizaAon   ensure   end-­‐to-­‐end   governance  that  meets  stakeholder  needs,  covers  the  enterprise  to  end  and   provides  a  holisAc  approach,  among  other  benefits.  The  processes,  controls,   acAviAes   and   key   performance   indicators   associated   with   each   enabler   will   provide  the  enterprise  with  a  comprehensive  picture  of  cybersecurity.)   6.  Know  the  cybersecurity  assurance  universe  and  objecTves.     7.  Provide   reasonable   assurance   over   cybersecurity.   (This   includes   monitoring,   internal  reviews,  audits  and,  as  needed,  invesAgaAve  and  forensic  analysis.)   8.  Establish  and  evolve  systemic  cybersecurity.    
  • 16. CYBERSECURITY  ASSURANCE     USING     16  
  • 18. 18   CYBERSECURITY  ASSURANCE  –  COBIT  5   EDM01:  ENSURE  GOVERNANCE  FRAMEWORK  SETTING  AND  MAINTENANCE     Key  Areas  /  Points     1   Cyber   security   management   is   supported   by   enAty   standards,   processes   and  procedures.   2   Cyber   security   prevenAon   is   monitored   on   a   regular   basis   by   senior   management.   3   Business   and   IT   Unit   Leaders   are   trained   and   acTvely   involved   in   the   oversight  and  significant  decisions  relaAng  to  cyber  security  preparedness   and  incidents.   4   A   cyber   security   task   force   /   panel   has   been   established   and   includes   appropriate  funcAonal  members.   5   Cyber  security  risks  and  vulnerabiliTes  are  idenTfied  and  evaluated  on  a   periodic  basis.  
  • 19. 19   CYBERSECURITY  ASSURANCE  –  COBIT  5   EDM01:  ENSURE  GOVERNANCE  FRAMEWORK  SETTING  AND  MAINTENANCE     Other  notable  cyber  security  assurance  concepts     1   IdenAfy   and   validate   governance   model   in   terms   of   cyber   security   aYacks   (e.g.  ‘Zero  Tolerance’  vs  ‘Living  with  it’).     This  model  should  be  aligned  with  the  enTty’s  overall  risk  appeTte.   2   Determine  an  opTmal  decision  making  model  for  cyber  security.  This  may   be  disAnct  and  different  from  the  ‘ordinary’  informaAon  security  model.   3   Embed  cyber  security  transformaAon  acAviAes  that  is  driven  by  a  steering   commiQee.   These   acAviAes   should   be   included   in   the   overall   security   strategy.   4   Develop   and   foster   an   informaAon   security-­‐posiTve   culture   and   environment  within  all  business  units.   5   Integrate  cyber  security  measures  measurements  and  metrics  into  rouAne   compliance  check  mechanisms.  
  • 20. 20   CYBERSECURITY  ASSURANCE  –  COBIT  5   APO01:  MANAGE  THE  IT  MANAGEMENT  FRAMEWORK   Key  Areas  /  Points     1   IT  management  establishes,  maintains  and  monitors  a  secure  infrastructure   2   IT   management   receives   and   reviews   key   reports   and   analysis   of   security,   vulnerability,  intrusions  and  penetraAon  test  results.   3   IT  management  supports  the  cyber  security  task  force  and  informaAon  security   iniAaAves  
  • 21. 21   CYBERSECURITY  ASSURANCE  –  COBIT  5   APO01:  MANAGE  THE  IT  MANAGEMENT  FRAMEWORK   Other  notable  cyber  security  assurance  concepts     1   Define  the  expectaAons  with  regard  to  cyber  security,  including  ethics  and   culture.  The  expectaAons  should  match  the  overall  governance  model.   2     IT   General   Controls   (‘ITGC’)   should   be   tested   and   updated   regularly.   IT   General   Controls   provides   the   support   and   baseline   assurance   for   cyber   security  specific  objecAves.       3   Controls  and  objecAves  that  are  performed  by  third  parAes  should  also  be   evaluated  periodically  by  management.  
  • 22. 22   CYBERSECURITY  ASSURANCE  –  COBIT  5   AP003  MANAGE  ENTERPRISE  ARCHITECTURE  (ARCHITECTURE  REVIEW)  
  • 23. 23   CYBERSECURITY  ASSURANCE  –  COBIT  5   Security  Incident  Management   1   Policies  and  procedures  are  established  to  ensure  that  a  risk  analysis  and  asset  prioriAzaAon  is   part  of  the  evaluaAon  process   2   Asset  value  and  prioriAzaAon  are  components  of  the  incident  response  analysis   3   Incident  response  policies  and  processes  should  idenAfy  the  scope,  objecAves  and  requirements   defining  how  and  who  should  respond  to  an  incident,  what  consTtutes  an  incident,  and  the   specific  processes  for  monitoring  and  reporAng  the  incident  acAviAes.   4   An  incident  response  team  has  been  organized  with  appropriate  management,  staffing  and   senior  management  support.   5   Forensic  policies  and  procedures  should  ensure  that  documented  management  trails  are   preserved  to  permit  internal  invesTgaTons  and  support  any  legal  or  regulatory  invesTgaTons   (internal  and  external).   6   Incident  response  tools  should  be  installed,  scheduled,  monitored,  and  secured  to  avoid   unauthorised  access  to  invesAgaAon  acAviAes.   7   The  crisis  management  funcTon  is  part  of  the  cyber  security  preparedness  process.   AP013  MANAGE  SECURITY        (SECURITY  INCIDENT  MANAGEMENT)  
  • 24. 24   CYBERSECURITY  ASSURANCE  –  COBIT  5   AP013  MANAGE  SECURITY        (SECURITY  INCIDENT  MANAGEMENT)  
  • 25. 25   SUMMARY   •  Understand CyberSecurity from a holistic, organizational perspective •  Understand the approach to CyberSecurity Assurance •  Develop audit programmes by identifying risks and relevant controls •  Know how to test controls related to CyberSecurity
  • 26. ALAN YAU TI DUN CISA CISM CGEIT CRISC CISSP CSXF ITIL SPECIAL INTEREST GROUP 1 ISACA MALAYSIA CHAPTER