digital risk is operational risk
DESCRIPTION
Digital Risk is Operational Risk. Art Coviello, Jr. Chairman, RSA The Security Division of EMC . Nov. 1, 2013. FEAR. MADAME MARIE CURIE. UNDERSTANDING. AWARENESS. ≠. PERSPECTIVE. THE ATTACK SURFACE. THE THREAT ENVIRONMENT. EVOLUTION OF SECURITY MODELS. BILLIONS OF USERS. - PowerPoint PPT PresentationTRANSCRIPT
1© Copyright 2013 EMC Corporation. All rights reserved.
Digital Risk is Operational RiskArt Coviello, Jr. Chairman, RSAThe Security Division of EMC
Click icon to add picture
Nov. 1, 2013
FEAR
3© Copyright 2011 EMC Corporation. All rights reserved.
MADAMEMARIE CURIE
≠UNDERSTANDINGAWARENESS
• THE THREAT ENVIRONMENT
• THE ATTACK SURFACE
PERSPECTIVE
• EVOLUTION OF SECURITY MODELS
6© Copyright 2013 EMC Corporation. All rights reserved.
Mainframe, Mini ComputerTerminals
LAN/Internet Client/ServerPC
Cloud Big Data SocialMobile Devices
1ST PLATFORM
2ND PLATFORM
3RD PLATFORM
MILLIONS OF USERS
THOUSANDS/TENS OF THOUSANDS
OF APPS
HUNDREDS OF MILLIONS OF USERS
TENS/HUNDREDS OF THOUSANDS
OF APPS
BILLIONSOF USERS
MILLIONS/BILLIONSOF APPS
Source: IDC, 2012
2010
1990
1970
7© Copyright 2013 EMC Corporation. All rights reserved.
2007 20202013
Attack Surface
Social Media
Focus onmonetizing
Total Commercialization of social media:
absence of privacyMySpace
8© Copyright 2013 EMC Corporation. All rights reserved.
2007 20202013
Attack Surface
Apps
Web Front Ended apps
There’s an “app” for that
Big Data Apps Everywhere!
9© Copyright 2013 EMC Corporation. All rights reserved.
2007 20202013Digital Content
ZETTABYTE¼
ZETTABYTES2
ZETTABYTES40-60?
Attack Surface
10© Copyright 2013 EMC Corporation. All rights reserved.
Attack Surface
2007 20202013Devices
Smartphones
Mobile Ubiquity smartphone/tablet
Not just PCsNot justmobile devices
Internetof things
11© Copyright 2013 EMC Corporation. All rights reserved.
Invertedno real perimeter in age of
mobility and cloud
Porousnumerous portals, web
based ERP and CRM
Attack Surface
2007 20202013Perimeter
Virtualno control over physical
infrastructure
12© Copyright 2013 EMC Corporation. All rights reserved.
TIME 2007 2013
ATTACK METHODS
Method
Worms/Viruses
SimpleDDoS
PhishingPharming
APTsMulti-Stage
HackerCollaboration
DisruptiveAttacks
2020
DestructiveAttacks
IntrusiveAttacks
AdvancedDDoS
SophisticatedMobileAttacks
The Unknown??
DIGITALRISK
BUSINESS
KNOWLEDGE
15© Copyright 2013 EMC Corporation. All rights reserved.
Perimeter-based Static Controls Siloed Management
System
HistoricalReactive Intelligence Driven
Risk-based Dynamic/Agile Controls Contextual/Interactive
Management System
Security Models
New
KNOWNUNUNKNOWNS
17© Copyright 2013 EMC Corporation. All rights reserved.
Management Controls
Intelligence Driven Model
Risk & Compliance Management Today
Risk & Compliance Management in the Future
Visibility CollaborationAutomation AccountabilityEfficiency
Integrating GRC Across the Organization
Enterprise RiskIT Business
• IT Audit• Availability (DR)• IT Security Risk• Security Operations
• 3rd Party Risk• Policy & Controls• Business Continuity• Incident & Response
• Regulatory Risk• Operational Risk• Corporate Governance• Audit & Compliance
Common Foundation
CIO/CISO
Board & CXOs LOB / Functional Executive
Practitioner
21© Copyright 2013 EMC Corporation. All rights reserved.
Trust in theDigital World