Outline
BackgroundDefence in DepthSecuring a networkRisk vs RewardPredictive IntelligenceEducation and awareness
Ontario Government
60,000 plus OPS employees 2,300 locations 27 ministries IT
Corporate CIO, CTO, CPO 8 CIOs
Ontario GO-Net
94,000 emails accounts Thousands of devices connected to
the network Cyber Security Branch
24/7 Ops Centre, forensics, IAM, risk management, security design, compliance, penetration testing, education & awareness, engagement
Defence In Depth
CyberSecurity
SecurityArchitecture
TRAs
Policies &Directives
IndustryStandards
SecurityAppliances
Anti-Virus
PenetrationTests
OperationsCentre
Compliance
PatchMgmt
UserEducation
Collaboration
Layers of Security
Securing a House
ArchitecturalStandards
Safety Practices
Access Control
Deterrent
EmergencyResponse
Layers of Security
Securing a Network
ArchitecturalStandards
Safety Practices
Access Control
Deterrent
EmergencyResponse
IDS
IPS
Risk Vs Reward
Cyber security is a business risk and must be treated just like any other business risk
Risk must be managed and balanced against potential rewards
C, I, A Example 1 Example 2
Value of OPS Information Holdings
Information Type Who
Cabinet confidence information Organized crime
Budget Information Nation states
Tax and health records Hactivists
Police and Justice information Organized crime
Natural Resources (Ring of Fire) Others wanting to gain economic advantage
Intellectual property Others wanting to gain economic advantage
Predictive Intelligence
Using intelligence to predict where you will attacked next
Understand the threat Threat = Capability + Intent
What is happening in your environment Example 1
Weekly Themes
What is Cyber
Security
Cyber Security Threats
Protections and
Safeguards
Working Together to Keep us Safe
Safety Online at
Home
Parting Thought
The CISO is a catalyst for change. We can enable business to meet their objectives while maintaining security
We are their partners
CISOs know that to be truly secure, they must adopt a defence in depth approach to cyber security. But is this enough? This presentation will describe the components of defence in depth and then discuss what steps the CISO should consider to take their organization’s cyber security to the next level. This includes partnering with business units on risk management, predictive intelligence and an aggressive cyber security awareness program.
23-04-19