SlideShare ist ein Scribd-Unternehmen logo

Vikram Andem RSA conference 2015 - Trusted Computing Group

I
IT Strategy Group

Vikram Andem, Senior Manager, United Airlines, Trusted Computing Group, RSA® Conference 2015. A model for effectively managing IT Security Risk Management

Technologie
1 von 4
Downloaden Sie, um offline zu lesen
Page 1 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group Vikram Andem Senior Manager United Airlines An approach for effective Enterprise IT Security Risk Management Harvard University Stanford University MIT Blockchain Cryptography Security Enterprise Architecture
Page 2 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group Authentication Access Control Authorization Cryptography Logging & Monitoring Controls Layers High-Risk Confidential Confidential Internal Public Confidentiality Critical Trusted Reliable Untrusted Integrity Availability Gap Gap Gap Gap Gap Gap Gap TIER 1 TIER 2A TIER 2B TIER 3 TIER 4 TIER 2B TIER 3 TIER 4 Gap Gap Gap Gap Gap Gap Gap AUTHN AUTHZ LOG AC CRYPTO TIER 1 TIER 2A TIER 2B TIER 3 TIER 4 TIER 2B TIER 3 TIER 4 + Data Asset A on Tier 3 Authentication Authorization Logging & Monito ring Access Control Cryptography Network Layer Application Layer Data Layer OS Layer Gap Profile Min Max Control Gap Optimal Current Does not satisfy Partially satisfies Satisfies Tier 1 Tier 2 Tier 3 Tier 4 100% MUST Uptime (24/7) Mission Critical (2A) Business Critical (2B) Desirable Discretionary
Page 3 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group NW App Data OS T2b T3 T4 T2a T1 IT Asset B NW App Data OS T2b T3 T4 T2a T1 IT Asset C NW App Data OS T2b T3 T4 T2a T1 IT Asset A Authentication Logging & Monitor Cryptography Authorization Access Control NW App Data OS T2b T3 T4 T2a T1 IT Asset E NW App Data OS T2b T3 T4 T2a T1 IT Asset D Visual representation of IT Security gaps at a time snap during routine IT Security Administration
Page 4 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group = + Low Risks Medium Risks High Risks 2nd 1st 4th ... nth ... 3rd 5th 6th Ideal scenario if all gaps and findings are satisfied

Empfohlen

NESA on Steroids
NESA on SteroidsNESA on Steroids
NESA on SteroidsPaladionNetworks01
 
How to beat ransomware
How to beat ransomwareHow to beat ransomware
How to beat ransomwarePaladionNetworks01
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat Security Conference
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat Security Conference
 
Understanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSUnderstanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSNetpluz Asia Pte Ltd
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Black energy pushing the country to darkness
Black energy pushing the country to darknessBlack energy pushing the country to darkness
Black energy pushing the country to darknessPaladionNetworks01
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 

Empfohlen

NESA on Steroids
NESA on SteroidsNESA on Steroids
NESA on SteroidsPaladionNetworks01
 
How to beat ransomware
How to beat ransomwareHow to beat ransomware
How to beat ransomwarePaladionNetworks01
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat Security Conference
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat Security Conference
 
Understanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSUnderstanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSNetpluz Asia Pte Ltd
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Black energy pushing the country to darkness
Black energy pushing the country to darknessBlack energy pushing the country to darkness
Black energy pushing the country to darknessPaladionNetworks01
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto ProgramJorge Sebastiao
 
Watering hole attacks detect the undetectable
Watering hole attacks detect the undetectableWatering hole attacks detect the undetectable
Watering hole attacks detect the undetectablePaladionNetworks01
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat Security Conference
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
CSS Trivia
CSS TriviaCSS Trivia
CSS TriviaAlert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the CloudAlert Logic
 
R u hacked
R u hackedR u hacked
R u hackedSumedt Jitpukdebodin
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOpsAlert Logic
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile worldPaladionNetworks01
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataCloudflare
 
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...Sergey Lystsev
 
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudCloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudMarkAnnati
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersCloudflare
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS Cristian Garcia G.
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Robert Brandel
 

Weitere ähnliche Inhalte

Was ist angesagt?

National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto ProgramJorge Sebastiao
 
Watering hole attacks detect the undetectable
Watering hole attacks detect the undetectableWatering hole attacks detect the undetectable
Watering hole attacks detect the undetectablePaladionNetworks01
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat Security Conference
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the CloudAlert Logic
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOpsAlert Logic
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile worldPaladionNetworks01
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataCloudflare
 
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...Sergey Lystsev
 
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudCloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudMarkAnnati
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersCloudflare
 

Was ist angesagt? (20)

National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto Program
 
Watering hole attacks detect the undetectable
Watering hole attacks detect the undetectableWatering hole attacks detect the undetectable
Watering hole attacks detect the undetectable
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
CSS Trivia
CSS TriviaCSS Trivia
CSS Trivia
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
R u hacked
R u hackedR u hacked
R u hacked
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOps
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...
 
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudCloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 

Ähnlich wie Vikram Andem RSA conference 2015 - Trusted Computing Group

DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS Cristian Garcia G.
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Robert Brandel
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
Building Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustBuilding Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustMahesh Patil
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modelingkeyuradmin
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformJohn Pollack
 
How to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap NetworksHow to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap NetworksSecret Double Octopus
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseJim Porell
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
 
MITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfMITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfAisyiFree
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Enterprise Management Associates
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 

Ähnlich wie Vikram Andem RSA conference 2015 - Trusted Computing Group (20)

DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
Building Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustBuilding Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero Trust
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modeling
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
 
How to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap NetworksHow to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap Networks
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics
 
System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An Enterprise
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System Hack
 
Generación V de ciberataques
Generación V de ciberataquesGeneración V de ciberataques
Generación V de ciberataques
 
MITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfMITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdf
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 

Mehr von IT Strategy Group

11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 aIT Strategy Group
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015IT Strategy Group
 
Strategic information systems planning
Strategic information systems planningStrategic information systems planning
Strategic information systems planningIT Strategy Group
 
Management summary presentation
Management summary presentationManagement summary presentation
Management summary presentationIT Strategy Group
 
Jehyuk jang and heung no lee ieee double spend
Jehyuk jang and heung no lee ieee double spendJehyuk jang and heung no lee ieee double spend
Jehyuk jang and heung no lee ieee double spendIT Strategy Group
 
Jehyuk jang and heung no lee double spend
Jehyuk jang and heung no lee double spendJehyuk jang and heung no lee double spend
Jehyuk jang and heung no lee double spendIT Strategy Group
 
Huashan chen, marcus pendleton, laurent njilla, and shouhuai xu
Huashan chen, marcus pendleton, laurent njilla, and shouhuai xuHuashan chen, marcus pendleton, laurent njilla, and shouhuai xu
Huashan chen, marcus pendleton, laurent njilla, and shouhuai xuIT Strategy Group
 
Delloite custodian whitepaper
Delloite custodian whitepaperDelloite custodian whitepaper
Delloite custodian whitepaperIT Strategy Group
 
David shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainDavid shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainIT Strategy Group
 
Rui zhang and rui xue, georgia tech
Rui zhang and rui xue, georgia techRui zhang and rui xue, georgia tech
Rui zhang and rui xue, georgia techIT Strategy Group
 
Sarwar sayeed , hector marco gisbert, tom caira ieee
Sarwar sayeed , hector marco gisbert, tom caira ieeeSarwar sayeed , hector marco gisbert, tom caira ieee
Sarwar sayeed , hector marco gisbert, tom caira ieeeIT Strategy Group
 

Mehr von IT Strategy Group (20)

11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a
 
Spc cyber security strategy
Spc cyber security strategySpc cyber security strategy
Spc cyber security strategy
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
 
Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015Cybersecurity strategy-brief-to-itc final-17_apr2015
Cybersecurity strategy-brief-to-itc final-17_apr2015
 
Todcouncil proposed pi_gppt
Todcouncil proposed pi_gpptTodcouncil proposed pi_gppt
Todcouncil proposed pi_gppt
 
David sm14 inppt01
David sm14 inppt01David sm14 inppt01
David sm14 inppt01
 
Strategic information systems planning
Strategic information systems planningStrategic information systems planning
Strategic information systems planning
 
Kirksey kirk
Kirksey kirkKirksey kirk
Kirksey kirk
 
Management summary presentation
Management summary presentationManagement summary presentation
Management summary presentation
 
Jehyuk jang and heung no lee ieee double spend
Jehyuk jang and heung no lee ieee double spendJehyuk jang and heung no lee ieee double spend
Jehyuk jang and heung no lee ieee double spend
 
Jehyuk jang and heung no lee double spend
Jehyuk jang and heung no lee double spendJehyuk jang and heung no lee double spend
Jehyuk jang and heung no lee double spend
 
Jae hyung lee mit
Jae hyung lee mitJae hyung lee mit
Jae hyung lee mit
 
Huashan chen, marcus pendleton, laurent njilla, and shouhuai xu
Huashan chen, marcus pendleton, laurent njilla, and shouhuai xuHuashan chen, marcus pendleton, laurent njilla, and shouhuai xu
Huashan chen, marcus pendleton, laurent njilla, and shouhuai xu
 
Emily rutland blockchain
Emily rutland blockchainEmily rutland blockchain
Emily rutland blockchain
 
Donn felker etehreum
Donn felker etehreumDonn felker etehreum
Donn felker etehreum
 
Delloite custodian whitepaper
Delloite custodian whitepaperDelloite custodian whitepaper
Delloite custodian whitepaper
 
David shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainDavid shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchain
 
Rui zhang and rui xue, georgia tech
Rui zhang and rui xue, georgia techRui zhang and rui xue, georgia tech
Rui zhang and rui xue, georgia tech
 
Sarwar sayeed , hector marco gisbert, tom caira ieee
Sarwar sayeed , hector marco gisbert, tom caira ieeeSarwar sayeed , hector marco gisbert, tom caira ieee
Sarwar sayeed , hector marco gisbert, tom caira ieee
 
Nist.ir.8202
Nist.ir.8202Nist.ir.8202
Nist.ir.8202
 

Kürzlich hochgeladen

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Kürzlich hochgeladen (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Vikram Andem RSA conference 2015 - Trusted Computing Group

  • 1. Page 1 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group Vikram Andem Senior Manager United Airlines An approach for effective Enterprise IT Security Risk Management Harvard University Stanford University MIT Blockchain Cryptography Security Enterprise Architecture
  • 2. Page 2 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group Authentication Access Control Authorization Cryptography Logging & Monitoring Controls Layers High-Risk Confidential Confidential Internal Public Confidentiality Critical Trusted Reliable Untrusted Integrity Availability Gap Gap Gap Gap Gap Gap Gap TIER 1 TIER 2A TIER 2B TIER 3 TIER 4 TIER 2B TIER 3 TIER 4 Gap Gap Gap Gap Gap Gap Gap AUTHN AUTHZ LOG AC CRYPTO TIER 1 TIER 2A TIER 2B TIER 3 TIER 4 TIER 2B TIER 3 TIER 4 + Data Asset A on Tier 3 Authentication Authorization Logging & Monito ring Access Control Cryptography Network Layer Application Layer Data Layer OS Layer Gap Profile Min Max Control Gap Optimal Current Does not satisfy Partially satisfies Satisfies Tier 1 Tier 2 Tier 3 Tier 4 100% MUST Uptime (24/7) Mission Critical (2A) Business Critical (2B) Desirable Discretionary
  • 3. Page 3 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group NW App Data OS T2b T3 T4 T2a T1 IT Asset B NW App Data OS T2b T3 T4 T2a T1 IT Asset C NW App Data OS T2b T3 T4 T2a T1 IT Asset A Authentication Logging & Monitor Cryptography Authorization Access Control NW App Data OS T2b T3 T4 T2a T1 IT Asset E NW App Data OS T2b T3 T4 T2a T1 IT Asset D Visual representation of IT Security gaps at a time snap during routine IT Security Administration
  • 4. Page 4 Author: Vikram Andem RSA® Conference 2015 : Trusted Computing Group = + Low Risks Medium Risks High Risks 2nd 1st 4th ... nth ... 3rd 5th 6th Ideal scenario if all gaps and findings are satisfied