hot topics for 2010
DESCRIPTION
Presentation by Brian Honan at the January 2010 meeting of the Irish Information Security Forum on some of the topics that information security professionals should consider for the coming yearTRANSCRIPT
IISF Chapter Meetingp g
What’s Hot In InfosecWhat s Hot In Infosec For
2010
28/01/2010 1Copyright © BH IT Consulting Ltd www.bhconsulting.ie
2010 – So Far0 0 So a
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 228/01/2010
Reported Issuesepo ted ssues
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 328/01/2010
Infosec Certaintiesosec Ce ta t es
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 428/01/2010
Why Improve Incident Response?y p p
5Copyright © BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
Establish Teamstab s ea
Information Security Operations Human
Resources Legal Public Relations
Facilities Management
6Copyright © BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
Infosec Challengesosec C a e ges
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 728/01/2010
Economic Factorsco o c acto s
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 828/01/2010
Budget Cutsudget Cuts
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 928/01/2010
Increased Compliancec eased Co p a ce
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 1028/01/2010
Typical IT Securityyp ca Secu ty
1111Copyright © BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
Controls Will be BypassedCo t o s be ypassed
12Copyright © BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
Dealing With The Futureea g t e utu e
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 1328/01/2010
ISO 27001 Can Helpp
Recognisable Standardg
Independent
Global
14Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
What is ISO 27001?
An INFORMATION Security StandardPhysical and ElectronicPhysical and Electronic
It is NOT a Computer Security St d dStandard
15Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
Risk Management ProcessRisk Management Process
Measuring Program Effectiveness
44 Assessing Risk11
Implementing Controls
32 Conducting
Decision Support2
16Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
What ISO 27001 is NotWhat ISO 27001 is Not
Limited to information technology Limited to information technology
A security checklist
An insurance policy against security breaches
An audit method
A risk analysis methody
17Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
Cloud Security AllianceC oud Secu ty a ce
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 1828/01/2010
Cloud Security AllianceC oud Secu ty a ce
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 1928/01/2010
Cloud Security AllianceC oud Secu ty a ce
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 2028/01/2010
Cloud Security AllianceC oud Secu ty a ce
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 2128/01/2010
Cloud Security AllianceCloud Security Alliance
Promote common level of understandingPromote common level of understandingPromote independent research. pLaunch awareness campaigns. Create consensus lists of issuesGuidance for cloud security assuranceGuidance for cloud security assurance
www.cloudsecurityalliance.org
22Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie28/01/2010
Questions ?Quest o s
www.twitter.com/brianhonanwww.bhconsulting.ie/securitywatch
Tel : +353 – 1 - 4404065
Copyright © 2008 BH IT Consulting Ltd www.bhconsulting.ie 23
Tel : +353 – 1 - 4404065
28/01/2010