1 / 21

Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security

Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security. Outline. Background Defence in Depth Securing a network Risk vs Reward Predictive Intelligence Education and awareness. Ontario Government. 60,000 plus OPS employees 2,300 locations 27 ministries IT

aurora-whitney
Download Presentation

Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security

  2. Outline • Background • Defence in Depth • Securing a network • Risk vs Reward • Predictive Intelligence • Education and awareness

  3. Ontario Government • 60,000 plus OPS employees • 2,300 locations • 27 ministries • IT • Corporate CIO, CTO, CPO • 8 CIOs

  4. Ontario GO-Net • 94,000 emails accounts • Thousands of devices connected to the network • Cyber Security Branch • 24/7 Ops Centre, forensics, IAM, risk management, security design, compliance, penetration testing, education & awareness, engagement

  5. Defence In Depth Anti- Virus Industry Standards Security Appliances Penetration Tests Cyber Security Operations Centre Policies & Directives Security Architecture Compliance TRAs Patch Mgmt User Education Collaboration

  6. How Cyber Security Is Viewed

  7. How Cyber Security Should Be Viewed • Business Enabler • Partner

  8. Translate to the C-Suite • Need to stop being technical • Simplify things • And…

  9. Securing a House Deterrent Architectural Standards Safety Practices Emergency Response Layers of Security Access Control

  10. Securing a Network IPS Deterrent Architectural Standards IDS Safety Practices Emergency Response Layers of Security Access Control

  11. Risk Vs Reward • Cyber security is a business risk and must be treated just like any other business risk • Risk must be managed and balanced against potential rewards • C, I, A • Example 1 • Example 2

  12. Value of OPS Information Holdings

  13. Predictive Intelligence • Using intelligence to predict where you will attacked next • Understand the threat • Threat = Capability + Intent • What is happening in your environment • Example 1

  14. Intelligence Sources • Log files • Collaboration • Subscription and vendor services • Others?

  15. Education and Awareness • Double edged sword • End user • Frequency • Message • Medium

  16. Messaging • Offer to brief business units • Cyber Security Awareness Month

  17. Weekly Themes What is Cyber Security Cyber Security Threats Protections and Safeguards Working Together to Keep us Safe Safety Online at Home

  18. Parting Thought • The CISO is a catalyst for change. We can enable business to meet their objectives while maintaining security • We are their partners

  19. Questions/Discussion

  20. CISOs know that to be truly secure, they must adopt a defence in depth approach to cyber security. But is this enough?  This presentation will describe the components of defence in depth and then discuss what steps the CISO should consider to take their organization’s cyber security to the next level. This includes partnering with business units on risk management, predictive intelligence and an aggressive cyber security awareness program.

More Related