24

Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all
Page 2: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

2 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Security To Do List

Sean DucaVice President, Regional Chief Security Officer Asia Pacific

Page 3: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

3 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 4: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

THE ECONOMICS OF CYBER ATTACKS

4 | © 2017, Palo Alto Networks. Confidential and Proprietary.

THE ECONOMICS OF CYBERATTACKS

Economics Favor Attackers Failure of Status Quo

Page 5: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

PREDICTIONS FOR 2017

5 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Page 6: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all
Page 7: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all
Page 8: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all
Page 9: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all
Page 10: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

CHECKLIST FOR SUCCESS

10 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Page 11: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

• Where is all our sensitive data?

• Many organisations struggle to answer this question and that leads to misappropriation of resources in the form of security controls being used broadly across the entire organisation, resulting in increased cost to acquire and utilize.

• Risk and cost reduction necessitates knowing where sensitive data resides and strategically applying the appreciate controls.

11 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Page 12: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

• Who amongst our employees has access to our sensitive data?

• Simply knowing who has access to a document or file server stops short of understanding what they have access to.

12 | © 2017, Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

Page 13: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

• What is the nature of the information that makes it sensitive?

• Are we protecting the information that is of most value to us or are we only covering the basics of PII or other regulatory mandated data types?

• Successful CISOs will include company-confidential, proprietary trade secrets and intellectual property as part of their security strategy.

13 | © 2017, Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

Page 14: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

• When has the sensitive data most recently been audited for obsolescence, necessity, access control, and governance (ownership)?

• Not all information needs to be kept indefinitely, and for information that does, are we auditing its use and access? Shrinking the sensitive data footprint of an organisation can reduce cost.

14 | © 2017, Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

Page 15: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

• How likely is it to be leaked, if we were hacked?

• Measuring the risk associated with keeping sensitive data will propel successful CISOs by allowing them to implement technologies and processes that will both reduce the risk and reduce the cost associated with protecting sensitive data.

15 | © 2017 Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

Page 16: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

UNDERSTANDING THE ATTACKER

16 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Page 17: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

THE ACTORS MOTIVATION

17 | © 2017 Palo Alto Networks. Confidential and Proprietary.

Espionage

Insider Threat

Cyber Crime

Cyber Warfare

Cyber Terrorism

Cyber Mischief

Cyber Hacktivism

Page 18: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

WHAT IS TOLERATED BY THE BUSINESS ?

18 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Remote Unlikely Possible Likely Almost Certarin

Likelihood

Very Low

Low

Significant

Serious

Material

Imp

act

Page 19: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

HOW MANY PEOPLE WILL SOLVE THE PROBLEM ?

19 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Page 20: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

EXECUTING ON PREVENTION MATTERS

20 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Page 21: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

COMBINING PUROPOSE-BUILT METHODS TO PREVENT

21 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Collision

Avoidance

System

Safety Glass

Traction Control

System

Side Impact Bars

Airbags

Crumple

Zone

Page 22: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

PREVENTING ATTACKS

22

Automatically turn unknown threats to knownAutomation must be used in order to get leverage

Page 23: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all

FLIPPING THE ECONOMICS OF CYBER ATTACKS

23 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Flip the Economics

NUMBER OF

SUCCESSFUL

ATTACKS

COST OF

LAUNCHING

A SUCCESSFUL

ATTACK

Secure Enterprise

Page 24: Security To Do List - Cuvix Informationcuvix.co.kr/etnews/CIOSummit2017/General1_CIO_Summit_2017.pdf · YOUR CHECKLIST FOR SUCCESS: -WHO, WHAT, WHERE, WHEN & HOW • Where is all