Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Protection of Info Assets 27feb2014 PDF

    Hochgeladen von

    Christen Castillo
    16 Ansichten22 Seiten
    Protection OF INFORMATION ASSETS - Bringing it full circle 27 February 2014 - ISACA - Phoenix, AZ Presented by: Drew Porter Bishop Fox www.bishopfox.com Agenda OVERVIEW Story time Domain 5 of the CISA Areas Usually Done Correctly Areas Done Less Than Correctly Limitations Summary Questions 2 Story Time G AT H E R A RO UN D E V E RYO NE A Short Story Continued THAT IS NOT UNCOMMON A Short Story Concluded IT'S

    Originalbeschreibung:

    Originaltitel

    Protection-of-Info-Assets-27Feb2014.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Protection OF INFORMATION ASSETS - Bringing it full circle 27 February 2014 - ISACA - Phoenix, AZ Presented by: Drew Porter Bishop Fox www.bishopfox.com Agenda OVERVIEW Story time Domain 5 of the CISA Areas Usually Done Correctly Areas Done Less Than Correctly Limitations Summary Questions 2 Story Time G AT H E R A RO UN D E V E RYO NE A Short Story Continued THAT IS NOT UNCOMMON A Short Story Concluded IT'S

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    16 Ansichten22 Seiten

    Protection of Info Assets 27feb2014 PDF

    Hochgeladen von

    Christen Castillo
    Protection OF INFORMATION ASSETS - Bringing it full circle 27 February 2014 - ISACA - Phoenix, AZ Presented by: Drew Porter Bishop Fox www.bishopfox.com Agenda OVERVIEW Story time Domain 5 of the CISA Areas Usually Done Correctly Areas Done Less Than Correctly Limitations Summary Questions 2 Story Time G AT H E R A RO UN D E V E RYO NE A Short Story Continued THAT IS NOT UNCOMMON A Short Story Concluded IT'S

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 22

    Protection of Information Assets

    FROM SOMEONE WHO BREAKS INTO COMPANIES EVERY DAY


    27 February 2014 ISACA Phoenix, AZ

    Presented by:
    Drew Porter
    Bishop Fox
    www.bishopfox.com

    Agenda
    OVERVIEW
    Story time
    Domain 5 of the CISA
    Areas Usually Done Correctly
    Areas Done Less Than Correctly
    Limitations
    Summary
    Questions
    2

    Story Time
    G AT H E R A RO UN D E V E RYO NE

    A Short Story
    THAT IS NOT UNCOMMON

    A Short Story Continued


    THAT IS NOT UNCOMMON

    The Short Story Concluded


    ITS ALL FUN AND GAMES UNTIL YOU LOSE YOUR I.P.

    1. The external network was well protected


    2. Physical entry was trivial
    3. Once past the firewall, we had everything

    COMPROMISED
    6

    Protection of Information Assets


    DOMAIN 5

    Domain 5
    PROTECTION OF INFORMATION ASSETS

    Importance of
    Information Security
    Management
    Logical Access

    Domain 5
    PROTECTION OF INFORMATION ASSETS

    Network Infrastructure
    Security
    Auditing Information
    Security Management
    Framework

    Domain 5
    PROTECTION OF INFORMATION ASSETS

    Auditing Network
    Infrastructure Security
    Environmental
    Exposures and
    Controls

    10

    Domain 5
    PROTECTION OF INFORMATION ASSETS

    Physical Access
    Exposures and
    Controls
    Mobile Computing

    11

    Areas Usually Done Correctly


    A S H I F T T O A F E W PA RT S O F T H E D O M A I N

    12

    Areas Done Correctly


    PROTECTION OF INFORMATION ASSETS

    Importance of
    Information Security
    Management
    Logical Access
    Network Infrastructure
    Security*
    Auditing Network
    Infrastructure Security*
    *External Network

    13

    Areas Done Less Than Correctly


    A F E W M O RE PA RT S O F T H E D O M A I N

    14

    Areas Less Than Correct


    PROTECTION OF INFORMATION ASSETS

    Auditing Information
    Security Management
    Framework
    Environmental
    Exposures and
    Controls

    15

    Areas Less Than Correct


    PROTECTION OF INFORMATION ASSETS

    Network Infrastructure
    Security**
    Auditing Network
    Infrastructure
    Security**
    **Internal Network
    16

    Areas Less Than Correct


    PROTECTION OF INFORMATION ASSETS

    Physical Access
    Exposures and
    Controls
    Mobile Computing

    17

    Limitations
    IF IT WAS EASY, IT WOULD ALREADY BE DONE

    18

    The Real World


    IT'S NOT ALL UNICORNS AND RAINBOWS

    Budgets
    Time
    Knowledge
    Management

    19

    Summary
    BRINGING IT FULL CIRCLE

    Protection of
    Information Assets
    Areas Usually
    Done Correctly
    Areas Done Less
    Than Correctly
    Limitations
    20

    Key Highlights
    IF YOU ONLY WALK AWAY WITH THREE THINGS

    1. Each subdomain is equally important, but every


    business has their own areas on which they need to
    focus
    2. Sharing information and past lessons learned is
    necessary for our industry
    3. There will be obstacles, and they need to be
    overcome

    21

    Thank You

    Bishop Fox see for more info:


    http://www.bishopfox.com/

    22

    Das könnte Ihnen auch gefallen