May 2012

Presentation by: Khalid Shaikh – Practice Head for IT Security and Privacy Services

Emerging Trends in Managing

IT Security

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

2

Changing Business Needs

LightpathCustomers

DigitalSet Top

Customers

Telephone, Internet

& Third Parties

Cable ModemCustomers

Internet

Internet

VoiceNetwork

FrameRelay

Lightpath

CorporateBackbone

PublicTelephone

ThirdParties

Satellite dish

Router

Router

PBX

Satellite dish

OptimumOnline

Oracle

`

1980

Cable ModemCustomers

LightpathCustomers

Employees &Third Parties

InternetCustomers

DigitalSet Top

Customers

Internet

PublicTelephone

FrameRelay

Untrusted Backbone

Satellite dish

Satellite dish

Lightpath

Other Businessesand/or

New Businesses

OptimumOnline

ThirdParties

Internet

LightpathCustomers

DigitalSet Top

Customers

Telephone, Internet& Third Parties

Cable ModemCustomers

Internet

Internet

VoiceNetwork

Lightpath

CorporateBackbone

PublicTelephone

ThirdParties

Rainbow Media

Satellite dish

Router

Router

PBX

Satellite dish

OptimumOnline

Terminal Server

Cable

`

2000 2010 and beyond

Evolution Transformation

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

3

Emerging Technologies

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

4

Trends in IT Security Attack

TREND 1 :TREND 1 : Industrial Threats

TREND 2TREND 2 : Threats Within: Embedded Hardware

TREND 3TREND 3 : Hacktivism

TREND 4TREND 4 : Web Threats….

TREND 5TREND 5 : Mobile Threats

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

5

Recent Events

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

6

Motives of Attack

• Industrial Espionage

• Financial

• Military

• Ideological

• Politics

• Prestige

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

7

Attack Tools are Freely Available

Zeus Botnet

Spy Eye

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

8

Security Never Sleeps

• Increasing sophistications of attacks

• Protect data and information

• Keeping up-to-date with security incidents and solutions

• Keeping the IT infrastructure in compliance with the IT Security Policy of the organization

• Keeping up-to-date with the changes to legal and regulatory requirements

• Reacting effectively and timely to security violations

• Effectively managing threats to data security

• Complexity of managing a broad portfolio of security tools/solutions

• Mobile clients and unmanaged devices

• Periodically conducting security awareness trainings to users within the organization

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

9

Holistic Approach in Managing IT Security

Information Security Vision and Strategy

Information Security Management

Sen

ior

Man

agem

ent C

omm

itmen

t

Tra

inin

g an

d A

war

enes

s

Business InitiativesThreats

Enterprise Architecture Strategy Vulnerability & Risk

Assessment

Security Policy

Security Architecture and Technical Standards

Administrative and End-User Guidelines, Practices and Procedures

Enforcement

Process

Monitoring

Process

Recovery

Process

Legislation

Best/Acceptable Practice

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

10

Holistic Approach in Managing IT Security

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

11

Prediction – Persistence – Patience - Preparedness

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

12

If You Have Further Questions: Please visit us at Booth Number 8 and 9.

Powerful Insights. Proven Delivery.™

Phone: (965) – 66225122

khalid.shaikh@protivitiglobal.co

m.kw

Khalid ShaikhSenior Manager – Technology Risk Services

© 2012 Protiviti Member Firm Kuwait W.L.LPUBLIC: 4th Kuwait Info Security Conference

13