Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

4 b. thomas whipp presentation

6. Mär 2012
0 gefällt mir 479 Aufrufe
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
Sensible defence
Sensible defence
Wird geladen in …3
×

Hier ansehen

2B - Business IT Investment Risks - Richard Moulds
CFG
Custom WordPress Content Options
Dee Teal
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
CFG
3A – DATA PROTECTION: ADVICE
CFG
2A Computers: The fraudsters friend?
CFG
VR Voice Special Edition #1
Cool Blue Company, LLC
National geographic
Iván Anero Terradillos
1E - Property Management - Christine Janaway & Jon Wright
CFG
1 von 20 Anzeige

4 b. thomas whipp presentation

6. Mär 2012
0 gefällt mir 479 Aufrufe

Herunterladen, um offline zu lesen

Wirtschaft & Finanzen Business Technologie
Wirtschaft & Finanzen Business Technologie
Anzeige

Empfohlen

Sensible defence
Koen Maris
326 Aufrufe
14 Folien
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Skybox Security
624 Aufrufe
23 Folien
Enabling Embedded Business Continuity
Mustafa KILIC
1.1k Aufrufe
33 Folien
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
462 Aufrufe
24 Folien
Data Protection Top Ten Concerns
healthcareisi
278 Aufrufe
18 Folien
Healthcare Risk Analytics Power Of Knowledge Us Captive
paulmarshall
255 Aufrufe
4 Folien
State of on call report 2014
Todd Vernon
474 Aufrufe
18 Folien
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Ahmed Al Enizi
3.5k Aufrufe
19 Folien
Anzeige

Weitere Verwandte Inhalte

Andere mochten auch (20)

2B - Business IT Investment Risks - Richard Moulds
CFG
576 Aufrufe
Custom WordPress Content Options
Dee Teal
1k Aufrufe
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
CFG
588 Aufrufe
3A – DATA PROTECTION: ADVICE
CFG
746 Aufrufe
2A Computers: The fraudsters friend?
CFG
248 Aufrufe
VR Voice Special Edition #1
Cool Blue Company, LLC
460 Aufrufe
National geographic
Iván Anero Terradillos
333 Aufrufe
1E - Property Management - Christine Janaway & Jon Wright
CFG
423 Aufrufe
Wp maintenance and Security
Dee Teal
956 Aufrufe
2 a mark hallam
CFG
549 Aufrufe
2B Maggie's Cloud Infrastructure
CFG
167 Aufrufe
Mergers and Collaborations, Philip Kirkpatrick, Bates Wells and Braithwaite a...
CFG
359 Aufrufe
The Future of Financial Reporting for Charities, Don Bawtree, BDO
CFG
415 Aufrufe
PDF Update on Tax and Gift Aid Kate Sayer, Sayer Vincent
CFG
524 Aufrufe
1 a tina and philip
CFG
224 Aufrufe
3 b. iain pritchard & laura dawson
CFG
582 Aufrufe
1A - The Cloud: Was it manna from heaven or just a tin of rice pudding? Roger...
CFG
623 Aufrufe
Day 1 CLASS START UP ALL LEVELS SPANISH
Elizabeth Techman
2.3k Aufrufe
3B – GOVERNANCE DISCLOSURES: BEST PRACTICE
CFG
671 Aufrufe
3E - FD as a leader on risk compliance and governance - Simon Hopkins
CFG
837 Aufrufe
2B - Business IT Investment Risks - Richard Moulds
CFG
576 Aufrufe
17 Folien
Custom WordPress Content Options
Dee Teal
1k Aufrufe
11 Folien
3D – CHOOSING YOUR ACCOUNTING SOFTWARE PROVIDER
CFG
588 Aufrufe
20 Folien
3A – DATA PROTECTION: ADVICE
CFG
746 Aufrufe
50 Folien
2A Computers: The fraudsters friend?
CFG
248 Aufrufe
10 Folien
VR Voice Special Edition #1
Cool Blue Company, LLC
460 Aufrufe
20 Folien

Ähnlich wie 4 b. thomas whipp presentation (20)

Enterprise security management II
zapp0
338 Aufrufe
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
1.7k Aufrufe
Risk bridges business and security
M. Isaiah McGowan
309 Aufrufe
Secure360 on Risk
Alexander Hutton
807 Aufrufe
Enterprise incident response 2017
zapp0
694 Aufrufe
Relating Risk to Vulnerability
Resolver Inc.
871 Aufrufe
Anton Chuvakin on What is NOT Working in Security 2004
Anton Chuvakin
698 Aufrufe
Amateur Hour: Why APTs Are The Least Of Your Worries
Ed Bellis
910 Aufrufe
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
1k Aufrufe
Gainful Information Security 2012 services
Cade Zvavanjanja
1.2k Aufrufe
Information Security Cost Effective Managed Services
Jorge Sebastiao
1.6k Aufrufe
12 Top Talks from the 2017 R-CISC Summit
Tripwire
2.2k Aufrufe
Strategic Leadership for Managing Evolving Cybersecurity Risks
Matthew Rosenquist
3.9k Aufrufe
Crash Course: Managing Cyber Risk Using Quantitative Analysis
"Apolonio \"Apps\"" Garcia
238 Aufrufe
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cyber Solutions
389 Aufrufe
EESS Day 1 - Justin Ludcke
NSW Environment and Planning
517 Aufrufe
A model for reducing information security risks due to human error
Anup Narayanan
1.5k Aufrufe
Stefan Savage Cyber Cafe
Amy Lenzo
1.4k Aufrufe
Conversations oneffectiveit management
Computer Aid, Inc
267 Aufrufe
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
1.6k Aufrufe
Enterprise security management II
zapp0
338 Aufrufe
16 Folien
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
1.7k Aufrufe
41 Folien
Risk bridges business and security
M. Isaiah McGowan
309 Aufrufe
26 Folien
Secure360 on Risk
Alexander Hutton
807 Aufrufe
87 Folien
Enterprise incident response 2017
zapp0
694 Aufrufe
23 Folien
Relating Risk to Vulnerability
Resolver Inc.
871 Aufrufe
42 Folien
Anzeige

Weitere von CFG (20)

WORKSHOP 2 – CHANGE MANAGEMENT
CFG
1.1k Aufrufe
4D – PERFORMANCE AND REWARDS
CFG
666 Aufrufe
3C – PAYMENT BY RESULTS
CFG
1.4k Aufrufe
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
CFG
1.9k Aufrufe
2C – SOCIAL INVESTMENT
CFG
534 Aufrufe
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
CFG
510 Aufrufe
2A – AUTO ENROLMENT: LESSONS LEARNT
CFG
549 Aufrufe
2D – BUILDING STRONGER CHARITIES THROUGH IMPROVED FINANCIAL MANAGEMENT
CFG
605 Aufrufe
1B – DASH BOARDS, BALANCED SCORECARDS AND KPIS
CFG
968 Aufrufe
1A - Handouts for CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
CFG
800 Aufrufe
1C – GROWING SUSTAINABILITY: INCREASING INCOME AND SOCIAL IMPACT: LEYF STORY ...
CFG
683 Aufrufe
1A - CHARITIES SORP 2015: WHAT YOU NEED TO KNOW
CFG
839 Aufrufe
Opening plenary – The future of the sector - Dan Corry
CFG
756 Aufrufe
Session 1B – Fraud - Collin Belcher
CFG
707 Aufrufe
4B - Is the cloud safe - Ed Zedlewski
CFG
452 Aufrufe
4A - Working remotely - Richard Craig
CFG
472 Aufrufe
3B - How to effectively engage users and managers in IT projects - Richard Co...
CFG
484 Aufrufe
1B - Outsourcing - Kevin Calder & Peter Wainman
CFG
528 Aufrufe
Opening Plenary - Prof. Nigel Shadbolt
CFG
593 Aufrufe
The real life tales of a CRM initiative - Jane Deal & Germaine Faulkner
CFG
829 Aufrufe
WORKSHOP 2 – CHANGE MANAGEMENT
CFG
1.1k Aufrufe
22 Folien
4D – PERFORMANCE AND REWARDS
CFG
666 Aufrufe
29 Folien
3C – PAYMENT BY RESULTS
CFG
1.4k Aufrufe
30 Folien
WORKSHOP 1 – TURNING STRATEGY INTO GREAT PERFORMANCE
CFG
1.9k Aufrufe
40 Folien
2C – SOCIAL INVESTMENT
CFG
534 Aufrufe
15 Folien
2B – ACCOUNTABILITY OF FINANCE PROFESSIONALS
CFG
510 Aufrufe
12 Folien

Aktuellste (20)

Fixed Vs Variable interest rate 25 year comparison
Borrow With Bonnie
7 Aufrufe
The SVB Crisis: Its Implication on India.pdf
Saugata Dastider
0 Aufrufe
_NRES_2023_January_Final_EN_.pdf
Інститут економічних досліджень та політичних консультацій
6 Aufrufe
Mastering_SAP_S_4HANA_1709_Strategies_fo.pdf
GERMANHERRERAH42
3 Aufrufe
005428058.pdf
EidTahir
0 Aufrufe
BUSINE_1.PPT
Lahiru73
2 Aufrufe
Adani V Hindenburg.pdf
Saugata Dastider
0 Aufrufe
FM-Unit 2_Long Term Investment Decision.pptx
radha91354
3 Aufrufe
RBI.pptx
DrNeerjaSharma
0 Aufrufe
PEOPLE MANAGEMENT PROJECT.pptx
harishagrawal23
4 Aufrufe
What is next for Natural Gas.pptx
paul young cpa, cga
3 Aufrufe
EM 2020 - UNIT V.pptx
ssuser0d9193
4 Aufrufe
PAK-STUDIES THE ECONOMY OF PAKISTAN..pptx
RanaHaris41
1 Aufruf
FORMAT.docx
MildredAlforque1
4 Aufrufe
Debt Watch | ICICI Prudential Mutual Fund
iciciprumf
7 Aufrufe
cryptocurrency course.pdf
Amyhasa
4 Aufrufe
export presentatiojn.pptx
RahulArora203344
1 Aufruf
#ingles.pdf
GemaCastroAndrade
5 Aufrufe
Banking Practice ppt.ppt
etebarkhmichale
2 Aufrufe
WEEK 1 Introduction.pdf
ploet
3 Aufrufe
Fixed Vs Variable interest rate 25 year comparison
Borrow With Bonnie
7 Aufrufe
3 Folien
The SVB Crisis: Its Implication on India.pdf
Saugata Dastider
0 Aufrufe
5 Folien
_NRES_2023_January_Final_EN_.pdf
Інститут економічних досліджень та політичних консультацій
6 Aufrufe
61 Folien
Mastering_SAP_S_4HANA_1709_Strategies_fo.pdf
GERMANHERRERAH42
3 Aufrufe
423 Folien
005428058.pdf
EidTahir
0 Aufrufe
15 Folien
BUSINE_1.PPT
Lahiru73
2 Aufrufe
3 Folien
Anzeige

4 b. thomas whipp presentation

  1. 1. Achieving Durable Security : Being Honest About What You Can Really Do. Thomas Whipp MSc MEng CISSP CPP CBCI Head of Risk Oval Ltd
  2. 2. Presentation Overview What are the Thinking Where are the Where are you real costs of differently risks? starting from? your strategy? about security
  3. 3. Where are you starting from?
  4. 4. Your Information? Printers Mobile Excel Phones SQL Emails Memory Sticks Scanned Images
  5. 5. Your Business Capital Will it really Who’s Value for Incident Politics Costs Vs. Displacement Prevention Detection Will it work? be spent? budget? Response Money? Revenue
  6. 6. Where are the risks?
  7. 7. Who is out there? Technical Industrial Script State Social Hacktavists Criminals Attacks Sponsored Espionage Kiddies Engineering
  8. 8. Thinking Differently About Security
  9. 9. Rational Choice Theory Evaluation of risk and return ? How much will I get ? How likely am I to be caught Uses ? How large is the punishment A good model for planned offences Typically acquisitive in nature Largely fails to explain expressive offences
  10. 10. Routine activity theory Can be used to Lack of a explain Motivated capable offender everyday type guardian crimes
  11. 11. Situational Prevention Ronald v Clarke Examples: Crimenot Near not Increasethe Reduce the 5 Main Remove Reduce Key Concerns How not why Event driven distant cause criminality provocations excuses mechanisms rewards effort risk
  12. 12. Defensible Space Oscar Newman Thinking point: Territoriality Natural Key Points (key behaviour to surveillance Image Milieu Is it worth allowing encourage) personalisation at the desktop? some
  13. 13. Displacement A key criteria used to assess physical security initiatives Putting in a control May not reduce offending May simply move it elsewhere
  14. 14. Disinhibition Key challenge Leads to Strong sense of for InfoSec anonymity significant Lack of a sense of consequence awareness but changes in also situational Disassociation behaviour from the ‘real controls world’
  15. 15. What are the real costs of your strategy?
  16. 16. Covering your bases... Spreading the costs Prevention Response Residual Detection
  17. 17. Choosing a Strategy... What are the options? Process Any option canProduct deliver an effective control if implemented properly Service Architecture
  18. 18. Risks to Strategy...
  19. 19. Choosing a Strategy... Controls and their true costs 100% 90% 80% 70% 60% Political Effort 50% Revenue Capital 40% 30% 20% 10% 0% Process Product Service Architecture
  20. 20. Tom Whipp MSc MEng CISSP CPP CBCI Head of Risk, Oval Ltd Tel: 01924 433081 Mbl: 07500 796391 Email: tom.whipp@theovalgroup.com

Hinweis der Redaktion

  • Thinking about offendingThinking about controlWhy do people behave differently online?Are we going in the wrong direction sometimes?
  • evaluation of risk and returnHow much will I getHow likely am I to be caughtHow large is the punishmentUsesA good model for planned offencesTypically acquisitive in natureLargely fails to explain expressive offences
  • A good model for "drive by" actssuitable targetmotivated offenderlack of a capable guardianCan be used to explain everyday type crimes.
  • Key ConcernsCrime not criminalityEvent drivenNear not distant causeHow not why5 main mechanismsIncrease the EffortIncrease the risksReduce the rewardsReduce provocationsRemove excusesExamples: CCTVHashing of card datalogon notice stating audit log policy

×