Professional Documents
Culture Documents
OWASP Presentation On PRISM
OWASP Presentation On PRISM
OWASP Presentation On PRISM
GR C
Drew Williams
President, Condition Zebra, inc.
drew@conzebra.com
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
RISK
And its consequences
when left unchecked
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
This is
YOUR
ORGANIZA
TION
RIGHT
NOW
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Im not
worried.
Ive locked
away all my
assets into
this computer.
NOBODY will
find me in
here!
Hahaha!
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Inconsistent messaging
Damage to brand reputation
Introduction of malware
Identity theft
(business AND individual)
Is there a single V V M P?
Do you keep it simple?
Does everyone know it?
How do you distribute it?
Incentives for org-wide support?
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
THIS GUY . . .
How do you trust who you hire?
How do you define Policy ?
How do you access critical data?
What controls do you have in place?
How do you evaluate your business
external exposures?
What if you cant control the outcome at
all?
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
80%+
700
on FB
any product,
any service, any recruiting
effort,
Source: Statistic Brain
any campaign . . .
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
GRC Landscape
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Big Picture
Basic, essential systems, services and
resources needed for an organization,
designated population or region, to maintain
its existence.
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Traditional Definition
Resources and hard assets vital to the
security, governance, public health and
safety, economy and public confidence of a
state entity
(U.S. National Security Agency)
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Critical
Assets
Infrastructur
e
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Governance
Governance
Critical
Critical Assets
Assets
Infrastructure
Infrastructure
Risk
Risk
Management
Management
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Compliance
Compliance
Objectives
Policies / Mandates
Development Pathway
Relevance
Factoring
Governance
Governance
Do we
need to
do this?
Critical
Critical Assets
Assets
Infrastructure
Infrastructure
Risk
Risk
Management
Management
Gap Assessment
Physical Reviews
Audits
Contingency / Continuity Mgmt
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Compliance
Compliance
Internal Assessment
Technology Assurances
Business Rules
Common Criteria
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
GRC: Fail-points
Why (how) do efforts fail?
Five Key Reasons:
Redundant and inefficient processes
Inconsistent focus across the environment
(enterprise)
Its complicated!
Lack of business agility
Incomplete, reaction-based point solutions
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Its Complicated!
Adding layers of GRC initiatives creates complex, reactivebased conditions.
GRC is Distractive by its very nature
Most in-house departments focus on their sector, not GRC issues
Complexity increases inherent risk and results in processes that
are not streamlined and managed consistently
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square
Thank You
Dont forget to attend
ZEBRACON
International Risk Management Forum
August 27-29 / Berjaya Times Square
zebra-con.com for more information
Drew Williams
President, Condition Zebra, inc.
drew@conzebra.com
ZebraCon
International IT Risk Management Forum
27-29 August Berjaya Times Square