![Page 1: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/1.jpg)
How vulnerable are you
to cyber attack?
![Page 2: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/2.jpg)
Cybersecurity threats
• Cyber-criminals
• Malware
• Phishers
• Spammers
• Negligent staff
• Hackers
• Unethical employees misusing/misconfiguring security functions
• Unauthorized access, modification, disclosure of information
• Nations attacking critical information infrastructures
• Technical advances that can render encryption algorithms obsolete
![Page 3: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/3.jpg)
Cyberattacks are
DIFFICULT to execute.
Lessons learned so far
![Page 4: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/4.jpg)
Governments do have
the resources/skills to conduct
cyberattacks.
Lessons learned so far
![Page 5: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/5.jpg)
Cyberwarfare is
"the fifth domain of
warfare“
![Page 6: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/6.jpg)
“Cyberspace is a new domain in warfare which has
become just as critical to military operations as
land, sea, air and space.”
![Page 7: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/7.jpg)
“Actions to penetrate computers or networks for the
purposes of causing damage or disruption.”
![Page 8: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/8.jpg)
Information warfare is
“using & managing IT in
the pursuit of a
competitive advantage
over an opponent“
![Page 9: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/9.jpg)
Cyberattacks are a real, clear and present danger to organisations & government
agencies.
Lessons learned so far
![Page 10: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/10.jpg)
“It’s possible that hackers have gotten into
administrative computer systems of utility
companies, but says those aren’t linked to the
equipment controlling the grid, at least not in
developed countries.
I have never heard that the grid itself has been
hacked.”
Howardt Schmidt, Cyber-Security Coordinator of the US
![Page 11: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/11.jpg)
Targeted organizations are unprepared.
Lessons learned so far
![Page 12: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/12.jpg)
Security professionals are at risk.
Lessons learned so far
![Page 13: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/13.jpg)
Risk always exists! (whether or not it is
detected / recognised by the organisation).
![Page 14: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/14.jpg)
Impact of an attack on the business
![Page 15: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/15.jpg)
Corporate governance : ERM = COSO
Support from Board of Directors & Executive Management
Cyberattack mitigating strategies
![Page 16: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/16.jpg)
Managing risks appropriately
Cyberattack mitigating strategies
![Page 17: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/17.jpg)
Policies & Standards
Cyberattack mitigating strategies
![Page 18: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/18.jpg)
Cyberattack mitigating strategies
Project Management
![Page 19: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/19.jpg)
Cyberattack mitigating strategies
Supply Chain Management
![Page 20: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/20.jpg)
Cyberattack mitigating strategies
EDUCATION!
![Page 21: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/21.jpg)
Providing proper funding
Cyberattack mitigating strategies
![Page 22: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/22.jpg)
Providing proper resources
Cyberattack mitigating strategies
![Page 23: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/23.jpg)
Measuring performance
Cyberattack mitigating strategies
![Page 24: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/24.jpg)
Review / Audit
Cyberattack mitigating strategies
![Page 25: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/25.jpg)
Incident/Crisis Management
Cyberattack mitigating strategies
![Page 26: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/26.jpg)
Governance Objectives
Information Criteria • Effectiveness • Efficiency • Confidentiality • Integrity • Availability • Compliance • Reliability
IT RESOURCES • Applications • Information • Infrastructure • People
Business Objectives
MONITOR &
EVALUATE
PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine technological direction PO4 Define the IT processes, organisation and relationships
PO5 Manage the IT investment PO6 Communicate mgt aims & direction PO7 Manage IT human resources
PO8 Manage quality PO9 Assess and manage IT risks PO10 Manage projects
AI1 Identify automated solutions
AI2 Acquire & maintain application software
AI3 Acquire & maintain IT infrastructure AI4 Enable operation and use
AI5 Procure IT resources
AI6 Manage changes
AI7 Install & accredit solutions and changes
ME1 Monitor & evaluate IT performance ME2 Monitor & evaluate internal control
ME3 Ensure compliance with external requirements ME4 Provide IT governance
DS1 Define & manage service levels
DS2 Manage third-party services DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure systems security DS6 Identify & allocate costs
DS7 Educate & train users DS8 Manage service desk and incidents DS9 Manage the configuration DS10 Manage problems DS11 Manage data DS12 Manage the physical environment DS13 Manage operations
PLAN &
ORGANISE
ACQUIRE &
IMPLEMENT
DELIVER &
SUPPORT
![Page 27: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/27.jpg)
![Page 28: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/28.jpg)
Information Security Management
![Page 29: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/29.jpg)
“I don’t care how many millions of dollars you
spend on security technology. If you don’t have
people trained properly, I’m going to get in if I
want to get in.”
Susie Thunder, Cyberpunk
![Page 30: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/30.jpg)
![Page 31: Valuendo cyberwar and security (jan 2012) handout](https://reader033.vdocuments.us/reader033/viewer/2022052522/546c3f9baf795962298b4f3c/html5/thumbnails/31.jpg)
Marc Vael CISA, CISM, CISSP, CGEIT, ITIL Service Manager, Prince2
Director Knowledge Board
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows
IL 60008 USA
http://www.isaca.org/security
http://www.linkedin.com/in/marcvael
http://twitter.com/marcvael
Contact information