you're breached: information risk analysis for today's threat landscape
DESCRIPTION
If you would like a copy of the slide in the form of a self-playing PowerPoint Show, please contact [email protected] IT security executives have used information risk analysis for decades. From basic objectives such as ensuring critically sensitive data gets protection commensurate with its value, to more sophisticated uses such as determining when certain risks can be accepted, these risk management frameworks help align security with the business. Changes in the "threat landscape", which includes the technical operating environment, the motivation and capability of threats, and even business context can have dramatic implications on the application of analysis techniques. And in information technology, from BYOD, to cloud, to mobile, to state-sponsored actors; plenty has changed in the last 3 years alone. This webinar will review the conceptual underpinnings of information risk analysis that remain widely used today. We will then examine important changes in the threat landscape over the last few years and assess their impact on risk assessment and its application in risk management. Finally, we will offer recommendations for how, in light of these changes, organizations should think differently about risk and as a result, their security program as a whole. Our featured speakers for this timely webinar will be: - Bill Campbell, CISSP, Director at i-fact@nalysis, former security executive at MITRE, Union Bank, Symantec and Fidelity Investments. - Ted Julian, Chief Marketing Officer, Co3 Systems. Serial security and compliance entrepreneur.TRANSCRIPT
Page 2
You’re Breached:Information Risk Analysis
for Today’s Threat Landscape
Bill Campbell, CISSPTed Julian
Page 3
Today’s Speakers
Ted Julian, Chief Marketing Officer, Co3 SystemsTed is a serial entrepreneur who has launched four companies during his ~20 years in the security / compliance industry.
Bill Campbell, CISSP, Director at i-fact@nalysisBill has managed IT operations, software development and security functions at several companies including Fidelity Investments, Symantec, and Union Bank. He is a graduate of the United States Naval Academy. He is also one of the longest-serving members of the (ISC)2 Ethics Committee. i-fact@nalysis is a full service corporate investigations firm with global presence to support international compliance, due diligence, background and fraud investigations.
Page 4
SSA
E 16
TYP
E II
CER
TIFI
ED
HO
STIN
G F
AC
ILIT
Y
DA
SHB
OA
RD
S &
REP
OR
TIN
G
Co3’s Incident Response Management Platform
Automated EscalationAccelerate response by easily creating incidents from the systems you already have
Email Web Form Trouble Ticketing Entry Wizard SIM
Streamlined Creation + CollaborationCreate IR plans instantly based on regulations, best practices, and standard operating procedure. Collaborate on plan execution across multiple functions
IR Plan
Marketing
Legal/ComplianceIT
HR
Industry Best Practices
Organizational Best Practices
Privacy Breach Requirements
Industry Standard Frameworks
RegulatoryRequirements
Intelligent CorrelationDetermine related incidents automatically to identify broader, concerted attacks
Integrated IntelligenceGain valuable threat intelligence instantly from multiple intelligence feeds
Accelerated MitigationSpeed results by easily outputting outcomes to your management platforms
SIMTrouble Ticketing GRC
Page 5
What we will cover today
• The threat landscape: past and present
• Basic information risk analysis… plus some additional pertinent detail
• Combining these two ideas, and why it matters
Page 6
Request the Slide Show
Because this presentation makes heavy use of animations and graphics, it is not suitable as “presentation notes”. The slides become unreadable in printed form, and in the format used by slideshare.net.
We apologize for the inconvenience. If you would like a copy of the slide in the form of a self-playing PowerPoint Show, please contact us.
One Alewife Center, Suite 450Cambridge, MA 02140 PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“Co3…defines what software packages for privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and very well designed.”
PONEMON INSTITUTE
“One of the hottest products at RSA…”NETWORK WORLD – FEBRUARY 2013
Bill Campbell, [email protected]