1 / 18

Managing Risk in a Digital World

Managing Risk in a Digital World. Alex Coco CISSP. RSA Systems Engineer. 37 Years of industry leadership. Adi S hamir. Ron R ivest. Leonard A dleman. 2019. 1982. 37 Years of industry leadership. Governance, risk and compliance. Behavior-based web fraud detection.

saniya
Télécharger la présentation

Managing Risk in a Digital World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Risk in a Digital World Alex Coco CISSP RSA Systems Engineer

  2. 37 Years of industry leadership Adi Shamir Ron Rivest Leonard Adleman

  3. 2019 1982 37 Years of industry leadership Governance, risk and compliance Behavior-based web fraud detection Identity lifecycle management Smart card Identity federation Security orchestration & automation Certificate authority User and entity behavioral analytics File encryption Digital certificates Encrypted email Key management Intrusion detection Multifactor authentication Database encryption Identity & access management Digital signatures Endpoint malware detection Biometrics Deep packet inspection Transaction monitoring Knowledge-based authentication Data loss prevention Incident response Web-based single sign-on Site-to-user authentication Token-less authentication Transaction-level authorization Security information & event management Public-key cryptography NOT ALL OF THESE LEGACY SOLUTIONS ARE CURRENTLY AVAILABLE FOR SALE

  4. Digital transformation

  5. MODERNIZATION MALICE MANDATES APPS USERS DEVICES PHISHING BREACH MALWARE PCI GDPR DFARS Organizations are taking their business online; Cloud and mobile change the game Increasingly sophisticated and more frequent Transitioning from simple guidance to rigid security with a modern, global infrastructure DIGITAL TRANSFORMATION CHALLENGES CONTINUE TO GROW

  6. OF CHANGE SPEED OF IMPACT OF BUSINESS COMPLEXITY OF THREATS OF OPPORTUNITY AMPLIFICATION OF RISK

  7. DIGITAL RISK is the greatest facet of risk that businesses face… HIGH DIGITAL RISK MEDIUM RISK LOW TRADITIONAL BUSINESS RISK DIGITALADOPTION

  8. RISK …that requires a NEW PERSPECTIVE RISK DIGITALADOPTION RISK IT SECURITY RISK MANAGEMENT

  9. CEO / BOARD ? ? ? • ENABLE INNOVATION & AGILITY • BUILD TRUST • DEFEND the ECOSYSTEM • ENSURE RESILIENCY MODERNIZATION MALICE MANDATES IT SECURITY RISK MANAGEMENT

  10. CEO / BOARD ? ? ? DIGITAL RISK VISIBILITY INSIGHTS ACTIONS IT SECURITY RISK MANAGEMENT

  11. PROTECT YOUR DIGITAL FUTURE with a unified approach to advanced security operations & integrated risk management RSA Archer Suite Proven Integrated Risk Management RSA NetWitness Platform Evolved SIEM & Advanced Threat Defense • These graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from RSA. • Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology user to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

  12. SECURE USER ACCESS & PREVENT FRAUD in today’s digitally connected, multi-cloud, omni-channel world PROTECT YOUR DIGITAL FUTURE with a unified approach to advanced security operations & integrated risk management 50M+ 1B Identities Consumers RSA Fraud & Risk Intelligence Suite Omni-Channel Fraud Prevention RSA Archer Suite Proven Integrated Risk Management RSA NetWitness Platform Evolved SIEM & Advanced Threat Defense RSA SecurID Suite Secure AccessTransformed

  13. SECURE USER ACCESS & PREVENT FRAUD in today’s digitally connected, multi-cloud, omni-channel world CREATE A TAILORED PLAYBOOK to assess, quantify and mature your Digital Risk program over time PROTECT YOUR DIGITAL FUTURE with a unified approach to advanced security operations & integrated risk management 30K+ Customers RSA Fraud & Risk Intelligence Suite Omni-Channel Fraud Prevention RSA Risk Frameworks Roadmaps & Strategy for Digital Risk Maturity RSA Archer Suite Proven Integrated Risk Management RSA Risk & Cybersecurity Practice Expert Consulting Services RSA NetWitness Platform Evolved SIEM & Advanced Threat Defense RSA SecurID Suite Secure AccessTransformed

  14. The RSA Risk Frameworks Building Maturity in Four Key Areas MATURITY MULTI-CLOUD TRANSFORMATION RISK CYBER INCIDENT RISK THIRD-PARTY RISK DYNAMIC WORKFORCE RISK

  15. The RSA Risk Frameworks Cyber-Incident Risk Framework ANALYZE CONTAIN ERADICATE RECOVER PREPARE DETECT POST-INCIDENT HANDLING Risk and Dwell Time Reduction Actions Adapt and optimize operational IT and Security Dwell Time Awareness Remediate and Prevention Lessons Learned and adapt to Reduce Risk Prepare for Breach to Reduce Risk of Breach and Breach Impact Impact Analysis MATURITY LEFT OF BREACH (PRE-BREACH) PREPAREDNESS BREACH RISK REDUCTION (BREACH DEFLECTION) BREACH AND INITIAL INCIDENT RESPONSE BREACH REMEDIATION RIGHT OF BREACH (POST BREACH) ADAPTATION

  16. The RSA Risk Frameworks Cyber-Incident Risk Framework ANALYZE CONTAIN ERADICATE RECOVER PREPARE DETECT POST-INCIDENT HANDLING Risk and Dwell Time Reduction Actions Adapt and optimize operational IT and Security Dwell Time Awareness Remediate and Prevention Lessons Learned and adapt to Reduce Risk 19.1 out of 20 Operational effectiveness to understand impact and impacted systems and effectively remediate breaches with automated assistance from technology MATURITY QUALIFICATION Overall Score: 50.4 out of 100 11.4 out of 20 MATURITY Limited testing of enterprise breach risk tolerance (system specific) and limited follow-through to adapt to threats, process, IT and security operational issues to reduce risk of a breach and optimize Incident Response (IR) to reduce impact 8.5 out of 20 Minimal ability to identify breaches with no ability to measure impact. Ad hoc response capabilities. 5.7 out of 20 5.7 out of 20 No follow-up post breach to improve capabilities on pre-breach based on GAP and learnings from breach. Minimal cybersecurity awareness and poor preparation to respond to breach LEFT OF BREACH (PRE-BREACH) PREPAREDNESS BREACH RISK REDUCTION (BREACH DEFLECTION) BREACH AND INITIAL INCIDENT RESPONSE BREACH REMEDIATION RIGHT OF BREACH (POST BREACH) ADAPTATION

  17. WHO WHAT known fraud is this user or device associated with? is the user? WHAT can they access? IS what they are doing ok? HOW WHY do you take threats into account? should I care? Is there a risk to my business?

More Related