security beyond compliance
of 16 /16
Embed Size (px)
- 1. Security Beyond Compliance http://www.isaca.lk/ [email protected] This work is licensed under a Creative Commons Attribution 3.0 Unported License. Parakum Pathirana [email protected] MSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL
- 2. Disclaimer Im employed in the #infosec industry, however not authorized to speak on behalf of my employer/ clients Everything I say can be blamed on the voices in your head
- 3. My credentials 10+ years in #Infosec field Tutor, consultant/ advisor, auditor, head of InfoSec Sectors: financial, leisure, manufacturing, advertising, gov, insurance, etc. Crazy about #cycling, #infosec, #socialmedia Still learning and not an expert at anything lk.linkedin.com/pub/parakum-pathirana/2/a52/2a2/
- 4. Agenda The World Today ! Bangladeshi Central Bank Hack Problem? Solution?
- 5. The Compliance myth?
- 6. The World Today
- 7. The World Today
- 8. The World Today
- 9. The World Today
- 10. Recent high profile breaches
- 11. Bangladeshi Central Bank Hack 1. Malware/ spear-phishing 2. Partner Networks 3. Infrastructure
- 12. Findings from a survey done in 2008 1. Protecting reputation and brand has become a significant driver for information security. 2. Despite economic pressures, organizations continue to invest in information security. 3. International information security standards are gaining greater acceptance and adoption. 4. Many organizations still struggle to achieve a strategic view of information security. 5. Privacy is now a priority, but actions are falling short. 6. People remain the weakest link for information security. 7. Growing third-party risks are not being addressed. 8. Business continuity is still bound to information technology. 9. Most organizations are unwilling to outsource key information security activities. 10. Few companies hedge information security risks with cyber insurance.
- 13. Problem Statement How many have deployed Information Security solutions purely to meet the compliance requirements? - According to a survey carried out at RSA Conference in 2015, over 61% of attendees admitted that they had nearly 70% of organizations don't believe they are getting the most from their security products because they think they are either too complicated, too time consuming or they don't believe they have the right expertise
- 14. So, what needs to be done? Improve on Expert Knowledge User behavior Technology
- 15. No Compliance for Compliance sake
- 16. Thank you