security beyond compliance

of 16 /16
Security Beyond Compliance http://www.isaca.lk/ [email protected] This work is licensed under a Creative Commons Attribution 3.0 Unported License. Parakum Pathirana [email protected] MSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL

Author: parakum-pathirana

Post on 22-Jan-2018

122 views

Category:

Internet


1 download

Embed Size (px)

TRANSCRIPT

  1. 1. Security Beyond Compliance http://www.isaca.lk/ [email protected] This work is licensed under a Creative Commons Attribution 3.0 Unported License. Parakum Pathirana [email protected] MSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL
  2. 2. Disclaimer Im employed in the #infosec industry, however not authorized to speak on behalf of my employer/ clients Everything I say can be blamed on the voices in your head
  3. 3. My credentials 10+ years in #Infosec field Tutor, consultant/ advisor, auditor, head of InfoSec Sectors: financial, leisure, manufacturing, advertising, gov, insurance, etc. Crazy about #cycling, #infosec, #socialmedia Still learning and not an expert at anything lk.linkedin.com/pub/parakum-pathirana/2/a52/2a2/
  4. 4. Agenda The World Today ! Bangladeshi Central Bank Hack Problem? Solution?
  5. 5. The Compliance myth?
  6. 6. The World Today
  7. 7. The World Today
  8. 8. The World Today
  9. 9. The World Today
  10. 10. Recent high profile breaches
  11. 11. Bangladeshi Central Bank Hack 1. Malware/ spear-phishing 2. Partner Networks 3. Infrastructure
  12. 12. Findings from a survey done in 2008 1. Protecting reputation and brand has become a significant driver for information security. 2. Despite economic pressures, organizations continue to invest in information security. 3. International information security standards are gaining greater acceptance and adoption. 4. Many organizations still struggle to achieve a strategic view of information security. 5. Privacy is now a priority, but actions are falling short. 6. People remain the weakest link for information security. 7. Growing third-party risks are not being addressed. 8. Business continuity is still bound to information technology. 9. Most organizations are unwilling to outsource key information security activities. 10. Few companies hedge information security risks with cyber insurance.
  13. 13. Problem Statement How many have deployed Information Security solutions purely to meet the compliance requirements? - According to a survey carried out at RSA Conference in 2015, over 61% of attendees admitted that they had nearly 70% of organizations don't believe they are getting the most from their security products because they think they are either too complicated, too time consuming or they don't believe they have the right expertise
  14. 14. So, what needs to be done? Improve on Expert Knowledge User behavior Technology
  15. 15. No Compliance for Compliance sake
  16. 16. Thank you