View
332
Download
0
Embed Size (px)
Citation preview
Be Ready for What’s Next
INFORMATION SECURITY RISKS
Business Requires Change
From the Boardroom:
• Higher Profitability
• Higher Efficiency
• Increased Agility
• Greater Productivity
• More Competitiveness
IT Responds to Business Needs
Striving to Enable the Business
Virtualization
Cloud Computing
and Social Media
Mobility and
Consumerization
Increasing Complexity
Exposure to Malware
The Growing Malware Threat
17 Million increase in samples in only 9 months
2,000,000
1,000,000
3,000,000
5,000,000
4,000,000
1999 2001 2003 2005 2007 2009 2011
Signatures
Today’s Real Challenges
The High Cost of Inadequate Protection
91% Experienced at least 1 IT security intrusion
61% Have experienced viruses, worms, spyware and other malware
2011 Kaspersky Lab – Survey on Global IT Security Risks
#1 Social Networking is seen as the biggest threat to IT Security
70% State their IT staff is under-resourced
Whose IT risks?
Building IT Risk Management
DESIGN
MONITOR & REVIEW
IMP
RO
VE
IMP
LEM
ENT
Risk Structure
• Roles& Responsibilities
• Reporting structure
• Governance
Risk Strategy
• Risk appetite
• Risk philosophy
Risk Protocols• Policy
• Procedures manual
• Guidance notes
• Tools
Risk Process• Establish the context
• Risk assessment
•Identification
•Analysis
•Evaluation
•Monitor &Review
Security
Superior, Intelligent Protection
Always Ahead of New Threats
Significantly Reducing Business Risks
Comprehensive ManagementImproving Business Efficiency
and & ProductivityEnhancing IT Flexibility
Elegant Architecture
Fully Integrated from the Ground Up
Best of Breed
Anti-Malware
Technology
Kaspersky Security
Network
Firewall
System
Watcher
Application
Control
Device
Control
Web
Control
Survey of IT (Mongolia)
• Daily over 80% of all personal emails in Mongolian internet environment is spam.
• 369 internet pages from public and private sector were attacked by hackers in 2010.
• 35% of all hardware damages such as hard drive, power supply and other peripherals were caused by electrical instability.
• 36% of all entities does not use any antivirus software, 50% don not use firewall protection.
Survey of IT (Mongolia)
• About 7% do not use any anti network attacking system. Vast majority of public organizations do not have any information on information security threats.
• 96% of all entities do not have any type of insurance on networking hard wares, servers, computers and other peripherals.
• 75% of all surveyed entities does not have any system to check security holes in their information system, 40% does not have designated server room.
• 90% of all surveyed entities does not have any licensed software.
Try the Complete Kaspersky ExperienceDeeper Protection
Comprehensive Manageability
World-Class Support
Thank You!
Methodology IT risk management
• CORAS - Construct a platform for Risk Analysis
of Security Critical Systems
• OCTAVE - Operationally Critical Threat, Asset
and Vulnerability Evaluation
• CRAMM - CCTA Risk Analysis and Management
Method (Central Computer and
Telecommunications Agency of UK)
• COBIT - Control Objectives for Information and
Related Technologies
IT Standards
• CobiT 4.1 «Control Objectives for Information
and related Technology»
• ISO/IEC 27001:2005 «Information technology -
Security techniques - Information security
management systems – Requirements»
• ISO/IEC 27001:2006 «Information Security
Management System»
• ISO/IEC 20000 - the first international standard
for IT service management
IT Governance
• IT Governance is a part of Corporate governance. An effective IT governance us a subset discipline of Corporate Governance.
• IT governance is the term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction of the entity. How IT is applied will have an immense impact on whether the entity will attain its vision, mission or strategic goals.