1 Page 1 Cyber Security Defenses Key Goals for Successful Cyber Security Page 2 Cyber Security Defenses Key Goals for Successful Cyber Security Awareness: Recognizing the security chasm Budget: Building support People: Gathering the team Impact: Long term sustainability
15
Embed
Cyber Security Defenses - SEL Home | Schweitzer ... · The following cyber risk management process is a life cycle that should be conducted on a periodic basis Page 28 Benefits to
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Page 1
Cyber Security Defenses
Key Goals for Successful Cyber Security
Page 2
Cyber Security Defenses Key Goals for Successful Cyber Security
Awareness: Recognizing the security chasm
Budget: Building support
People: Gathering the team
Impact: Long term sustainability
2
Page 3
The security chasm
Page 4
The security chasm
3
Page 5
The security chasm
The chasm
Page 6
The security chasm - formed from below
Ops
CSO
Inc.
Resp < Breach investigation Patch management >
Focused on
Threat & vulnerability
mitigation
Office of the CSO (Intra-CSO)
Techno-operations
Techno-babble
CEO GC BOD
CFO CRO
COO
4
Page 7
The security chasm - formed from above
CEO GC BOD
CFO CRO
COO
IT and security phobia
Focus on traditional
business, financial
and operational
risks
Office of the CEO (Inter-CXO)
CIO
Page 8
The impact of the security chasm
Ops
CEO GC BOD
CFO CRO
COO
CISO
Inc.
Resp
The chasm
CIO
< Breach investigation
Office of the CEO (Inter-CXO)
Office of the CISO (Intra-CISO)
Patch management >
Focused on
Threat & vulnerability
mitigation
Focus on traditional
business, financial
and operational
risks
Inadequate
standard of care
Inadequate
level of
protection
5
Page 9
Building Support
Page 10
Global cybercrime economy: opportunistic threat
Implant Root kit
developer
$10K+
for zero day
$500+ $10K+
for zero day
Exploit
developer
Exploit
pack
$1K+
Wizard
$1,000+
Botnet
vendor
$100 per
1000 infections
Recruiter, 100s of
mules/week
Drop
man
Account
buyer Affiliate
Bot-master ID thief Endpoint
exploiters
~4% of bank
customers
Victims
Retain 10%
Secondary
$50
Forger Cashier, mule
bank broker
Keep
10%
Keep
50%
Bulk accounts
$50 per $5K.
Mico
transfers
ATM
Back office
developer
Rogue ware
developer
Payment
system
developer
specialization, innovation, reuse,
bid/purchase exchanges
6
Page 11
Business risk as a function on cyber threat
Cybercrime
Industrial espionage
Hacktivism
Cyber warfare
Cyber terrorism
Attacker degree of capability
Bu
sin
ess r
isk
Higher
likelihood
Lower
likelihood
Higher
likelihood
Lower
likelihood
Medium
likelihood
Very asset type specific
Increasing less separation
between an attacker and its
motives – the community
cooperates to leverage
each others skills, methods
and technology
Low Medium High
Page 12
Attacks target business information of global energy companies
Sources: Global Energy Cyberattacks: “Night Dragon” by McAfee Foundstone Professional Services and McAfee Labs, February 10, 2011
► Targeted cyber attacks against global oil, energy, and