Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Managing Threats in a Changing World

advertisement 
Managing Threats in Changing World
John DeGroot
Lead Architect – Security, RBC
Federation of Security Professionals – October 26, 2012
Trends
• Canada’s auditor general report on
cyber-security
• Failure to pass US 2012 Cybersecurity
Act
• Cyber attack on Canadian government
in 2011
• DDOS attacks on US banks
• Many others
Evolution of Threats
Organized
Crime,
Nation States
Increasing
sophistication
and impact
Fraudsters
“Script Kiddies”,
Individuals
Number of attackers
What is changing?
• APT – Advanced Persistent Threats
 Targeted
 Highly motivated
 Well-financed
 Coordinated across attack points
 Will try multiple times using multiple
methods
• Cloud computing and mobility
increase complexity and attack
surface
Evolutionary, not revolutionary change
What is the same?
• Same bad guys
• Same motivation
Using new tools, operating in IT world,
leveraging the cloud
Where are the gaps?
• Defenses are strongly attack-oriented
 Signature-based defenses geared to
single general attacks
• Controls are strongly people-oriented
 Awareness programs, discretionary
security, application development
• Defenses often deployed in silos
• Security “bolted on”
• Defense in Depth
 Layers rather than breadth
Integrated Defense
7
Toward Integrated Defense
• Acknowledge reality
 The bad guys are already in
 Denial of service attacks will cause outages
 You will be attacked
• Understand your business
• Integrate with operational risk management
• Proactive approach to threat management
 Threat modeling and predictive analysis
 What does a coordinated attack look like?
 Prepare for attack and test your response
 Behavior analysis – good and bad
Toward Integrated Defense
• Security by design
 Embed security into processes, applications, data,
and infrastructure
 Move from discretionary to policy-driven security
 Simplify and automate
• Virtual security operations centre
 Provide complete visibility into operational
environment
 Provide useful and relevant information
 Provide effective intelligence – inside and out
 Share information and services
• Invest in people with threat management
skills
Thank You
10
Related documents
Topic 7 Security of E-Commerce
Topic 7 Security of E-Commerce
Access Control Systems
Access Control Systems
17.460 Defense Politics ... Course was about how we structure civil/mil in US. We... PREPARING FOR THE NEXT WAR
17.460 Defense Politics ... Course was about how we structure civil/mil in US. We... PREPARING FOR THE NEXT WAR
Lecture 3
Lecture 3
Defenses to criminal charges
Defenses to criminal charges
Part II Japan’s Security and Defense Policy Defense
Part II Japan’s Security and Defense Policy Defense
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
Course Introduction
Course Introduction
Information Security
Information Security
Our Drift Toward War (Delivered June 15, 1940)
Our Drift Toward War (Delivered June 15, 1940)
Risk Analysis - Information Systems and Internet Security
Risk Analysis - Information Systems and Internet Security
Joe`s notes on threat models
Joe`s notes on threat models
Download
advertisement