Change, Controls & Risk

Transcription

1 Change, Controls & Risk Compliance Monitoring and Risk Scoring Challenges and Rewards

2 The purpose of this presentation: 1 To Think of Continually Changing Dependencies 2 To Think of Continually Changing Exposures to Risk 3 To Support for Our Database Tool for the Continual Management of Risk

3 The Changing Cyber Security Threat You cannot stop change internally or hacker s resolve, but you can continually mitigate the damages, costs and liabilities.

4 Dependencies in Organizations For each layer within your business, you will need to define dependencies: - Hierarchical dependencies - Peer to peer dependencies Each connection has its own compliance requirement. Each connection has its own exposure to risk!

5 Continuous Monitoring of Exposures to Risk 1 Continuous Monitoring of Configuration Management 2 Continuous Vulnerability Management 3 Continuous Log and Event Management

6 The Utility Approach Threatalytics! Threatalytics is a software product that allows users to track the value and security characteristics of their assets within the context of security assessments and threat and risk analyses.

7 How is Threatalytics Different? Our Approach: builds on asset modelling allows user to choose security methodology integrates chosen industry standards each asset is reviewed for individual threats and vulnerabilities gives an executive overview provides ample customization

8 What It Looks Like? assets are the basic building blocks of the security assessment each asset is reviewed for individual threats and vulnerabilities relationships to other assets are defined and assessed favours a bottom-up, holistic approach

9 What Does It Do? Utility Software is loaded with standards Ongoing standards and references are imported and accessed as required Facilitates a more thorough and comprehensive referencing process Approach favours modeling assets at organizational levels to be used in different applications highlighting relationships between assets Adds another dimension to the control and assessment of the whole organization continuously

10 Why? Allow users to customize methodology Monitors Changing metrics Continually mitigate potential impacts with downloadable referencing Adjust response and recovery guides

11 How Threatalytics Can Support Continuous Monitoring - Capability to pull information from a variety of sources; - Including data consolidation with Security Information and Event Management (SIEM) tools and dashboard products; - Support for open specifications such as the Security Content Automation Protocol (SCAP); - Designed for interoperability with other products such as help desk, inventory management, configuration management, and incident response solutions; - Capability to support compliance with, and traceability to, applicable federal laws, executive orders, directives, policies, regulations, standards, and guidelines; and - Reporting applications with the ability to tailor output and drill down from high-level, aggregate metrics to system-level metrics.

12 Your Sector is Targeted Finance & Insurance Manufacturing Information & Communication Retail & Wholesale Health & Social Services And the type of threats, vulnerabilities and impacts are specific to your sector

13 What's In It For Me? Real-time overview reporting (dashboards) Visual top-down compliance continuity status The pause that refreshes Contact: Ted Johnson, CRISC, CISSP You can also find us at:

14 Our Services Circumference Provides Services in Security Cyber Security Support IRP development Qualified resources Forensic analysis Mobility Mobile App Development Application Business Intelligence Managed Services Integration System Integration SharePoint Web Portal Application integration SOA