Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security.

Published byMervyn Singleton Modified over 9 years ago

Similar presentations

Presentation on theme: "Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security."— Presentation transcript:

1 Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security

2 Outline  Background  Defence in Depth  Securing a network  Risk vs Reward  Predictive Intelligence  Education and awareness

3 Ontario Government  60,000 plus OPS employees  2,300 locations  27 ministries  IT  Corporate CIO, CTO, CPO  8 CIOs

4 Ontario GO-Net  94,000 emails accounts  Thousands of devices connected to the network  Cyber Security Branch  24/7 Ops Centre, forensics, IAM, risk management, security design, compliance, penetration testing, education & awareness, engagement

5 Defence In Depth Cyber Security Architecture TRAs Policies & Directives Industry Standards Security Appliances Anti- Virus Penetration Tests Operations Centre CompliancePatch Mgmt User Education Collaboration

6 How Cyber Security Is Viewed

7 How Cyber Security Should Be Viewed  Business Enabler  Partner

8 Translate to the C-Suite  Need to stop being technical  Simplify things  And…

9 Layers of Security Securing a House Architectural Standards Safety Practices Access Control Deterrent Emergency Response

10 Layers of Security Securing a Network Architectural Standards Safety Practices Access Control Deterrent Emergency Response IDS IPS

11 Risk Vs Reward  Cyber security is a business risk and must be treated just like any other business risk  Risk must be managed and balanced against potential rewards  C, I, A  Example 1  Example 2

12 Value of OPS Information Holdings Information TypeWho Cabinet confidence informationOrganized crime Budget InformationNation states Tax and health recordsHactivists Police and Justice informationOrganized crime Natural Resources (Ring of Fire)Others wanting to gain economic advantage Intellectual propertyOthers wanting to gain economic advantage

13 Predictive Intelligence  Using intelligence to predict where you will attacked next  Understand the threat  Threat = Capability + Intent  What is happening in your environment  Example 1

14 Intelligence Sources  Log files  Collaboration  Subscription and vendor services  Others?

15

16 Education and Awareness  Double edged sword  End user  Frequency  Message  Medium

17 Messaging  Offer to brief business units  Cyber Security Awareness Month

18 Weekly Themes Week 1Week 2Week 3Week 4Week 5 What is Cyber Security Cyber Security Threats Protections and Safeguards Working Together to Keep us Safe Safety Online at Home

19 Parting Thought  The CISO is a catalyst for change. We can enable business to meet their objectives while maintaining security  We are their partners

20 Questions/Discussion

21 CISOs know that to be truly secure, they must adopt a defence in depth approach to cyber security. But is this enough? This presentation will describe the components of defence in depth and then discuss what steps the CISO should consider to take their organization’s cyber security to the next level. This includes partnering with business units on risk management, predictive intelligence and an aggressive cyber security awareness program. 16/05/2015

Download ppt "Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.

Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.
Layered Security Solutions - Simplified www.SoftwareSecuritySolutions.com 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!

Layered Security Solutions - Simplified © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Welcome to New Hire Orientation Information Security

Welcome to New Hire Orientation Information Security
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.
1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.
Network security policy: best practices

Network security policy: best practices
Slide 1 City of Seattle 8 October 2004 Nine Tough Questions Bill Schrier, CTO, City of Seattle Nine Tough Questions Mayors Should Ask Their Geeks For Mayors’

Slide 1 City of Seattle 8 October 2004 Nine Tough Questions Bill Schrier, CTO, City of Seattle Nine Tough Questions Mayors Should Ask Their Geeks For Mayors’
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco ASA 5500 Series Content Security Edition License Renewal Program.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco ASA 5500 Series Content Security Edition License Renewal Program.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
Security and Privacy in Smart Communities By: Dr. Tan Hanh, Dr. Hoang Xuan Dau Posts and Telecommunications Institute of Technology (PTIT), Hanoi, Vietnam.

Security and Privacy in Smart Communities By: Dr. Tan Hanh, Dr. Hoang Xuan Dau Posts and Telecommunications Institute of Technology (PTIT), Hanoi, Vietnam.

Similar presentations

Ads by Google