Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 (ISC) 2 Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 2008.10 Dr. Soojung shin, CISSP, Executive Vice President, Infosec, Korea.

Published byRosaline Laura Wade Modified over 8 years ago

Similar presentations

Presentation on theme: "1 (ISC) 2 Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 2008.10 Dr. Soojung shin, CISSP, Executive Vice President, Infosec, Korea."— Presentation transcript:

1 1 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 2008.10 Dr. Soojung shin, CISSP, Executive Vice President, Infosec, Korea Change in enterprise information security strategies for responding to emerging threats (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008

2 2 Presented by Shin, Soojung Contents 1. Change in the recent threats 2. Expanded Attack 3. Change in the environment 4. Change in the strategies 5. Strategies 6. Conclusions

3 3 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 1. Change in the recent threats Ability show-off Clear monetary Goal IT Infra Attack Application User, Social engineering Attacking systems of the target company directly Using a roundabout path Cyber System Customer information Past Present

4 4 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 2. Expanded Attack internet attacker Employee/partner Information… (1) System/Application attack (2) Wireless attack (3)Attack using Trusted entity Partnership Network (4) Attack Users (5) DDOS attack (6) On/Off-line Information leakage (document, USB, PC, backup…)

5 5 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 5 Past Present Passive, Sporadic response Positive, collective response Autonomously regulating environment Strengthen the government-based legal regulations 3. Change in the environment Government Customer Particular department, CIO/CSO’s agenda The whole company, CEO’s agenda Enterprise

6 6 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung PastPresent Infra-centricInformation-centric Technology-centricPeople-centric Baseline-centricRisk-centric Ad-hoc approach Process and Governance Security Security & Privacy Target Company and People Virtual Company & People 4. Change in the strategies Company-own Policy Compliance & Due Diligence

7 7 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung Threat Information Network System Application Vulnerability Asset Risk Area of interest information Dynamic 5. Strategies-(1) Information-centric

8 8 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 5. Strategies-(2) People-centric Risk Area of interest information Dynamic - Who are the core of security risk? - What are their permissions? How can the risk be reduced ? -Can the number be reduced? -Can their permission be limited? -Will the training be strengthened? - Will the technical control be strengthened? - How can spontaneity be induced? - How can audit and assessment be conducted Threat Network System Application Vulnerability

9 9 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung - Analysis & Control of the personal-information treatment process(On & Off- line) -Analysis & Control of people in accordance with the process -Analysis & Control of systems managing and protecting the personal information -Designing personal information protection management framework & architecture Transfer Use generate,collect Destroy Store Notice Collection /Use limitation Openness & Transparency Individual Participation Security Accountability Data Quality 5. Strategies-(3) Security & Privacy Management SystemProcess Identifying Purpose

10 10 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung Enterprise Asset & People (Old area) Partner company Asset and people Customer New Area -Policy, support, audit, training, certification system for the partner companies -Policy, support, training system for customers 5. Strategies-(4) Virtual Organization

11 11 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung Service Planning Service/Syste m Operation Enterprise Marketing Service/System Development - Equipping with a framework and methodology for managing information risks - Necessity of utilizing a threat-centered risk assessment methodology - Assessing only of the company’s critical assets - Making it simple - Making it a process 5. Strategies-(5) Risk-Centered

12 12 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 5. Strategies-(6) Governance & Process BOD Level Understanding the top risks Reviewing the information security programs and policies of the enterprise Information security Org. Level Executives Level Ensuring compliance, establishing R&R, performance evaluation Security planning, operating, responding to the threats Risk Assessme nt Plan Operation & Check Impleme-ntation Secure Operation Dev. & Test Design Analysis Compliance Audit Monitoring Operation SecureSDLC Mutual Feedback

13 13 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 5. Strategies- (7) Compliance & Due Diligence - Awareness and training - Store and backup Information - Security monitoring - Forensics -Compliance check and audit -Certification -Incident handling -Necessity of making preparations for lawsuit countermeasures -Incident handling -Necessity of making preparations for lawsuit countermeasures -Understanding related regulation, Law -Planning Do Plan Check

14 14 (ISC) 2 SecureAsia@Seoul Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 6.Conclusion Give highest priority to Information & People in information security Construct processes & systems for ensuring compliance with laws and regulations, and for responding to potential lawsuit Do not make the territory of information security narrow Watch the change of the threat and environment carefully, and change strategies accordingly With 2008 being the starting point, information security has become the business issue in Korea

Download ppt "1 (ISC) 2 Conference- 29-30 Oct, 2008 Presented by Shin, Soojung 2008.10 Dr. Soojung shin, CISSP, Executive Vice President, Infosec, Korea."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.

Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.

IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
CORPORATE GOVERNANCE REFORMS AND IMPLEMENTATION IN MONGOLIA 5 TH CORPORATE GOVERNANCE FORUM May 9, 2012 Ulaanbaatar, Mongolia Dr. Demir Yener Senior Corporate.

CORPORATE GOVERNANCE REFORMS AND IMPLEMENTATION IN MONGOLIA 5 TH CORPORATE GOVERNANCE FORUM May 9, 2012 Ulaanbaatar, Mongolia Dr. Demir Yener Senior Corporate.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Similar presentations

Ads by Google