SlideShare a Scribd company logo

Blue Ocean IT Security

Download as PPT, PDF
Jonathan Sinclair
Jonathan Sinclair

An attempt to suggest some ways to break to IT security cycle of doing what we keep doing, which appears to be wrong.

Technology
1 of 17
Jonathan Sinclair BLUE OCEAN IT Security
Sub headline AGENDAAGENDA •Inspiration •Direction •3 Pillars •Patching •Resiliance •Automation
• Inspired from Haroon Meer’s BlackHat Europe 2015 keynote where he made the following observations – An upcoming security apocalypse is on the horizon – There is a crisis of confidence – “For the thousands your organization spends on security, you can't protect the one guy who is most valuable to you. Worse yet, would you even know if he was popped?”* * http://blog.thinkst.com/2011/03/our-upcoming-security-apocalypse.html Sub headline AGENDABLUE OCEAN IT Security Inspiration
• The issues facing the IT security field haven’t changed in the last 15 years • “Draining the swamp” issue leads to misdirection concerning the root-cause of the problem • A perspective/cultural shift needs to take place concerning the approach Sub headline AGENDABLUE OCEAN IT Security Direction
Patching / Updates (Upgrades) When did we allow this bahviour to become the ‘norm’ and ‘expected’? 3 pillars BLUE OCEAN STRATEGY Resiliance What happened to load balancing/fail over? Automation Have all engineers been swollowed by the Tech firms?
Your own footer Your Logo Patching / Updates (Upgrades) Sub headline AGENDABLUE OCEAN STRATEGY
• Why is patching accepted? – A legacy left over from the hardware days • Since the days of paper tape and punch cards, physical patching was accepted • It was then translated into the software world • Designed principally as a mitigating action for unreliable hardware – Hardware resiliance has improved, while software resiliance has stagnated and in some cases deteriorated Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
• Do we accept this for microwaves, digital watches or other consumer goods? – You buy an item and don’t expect it to break within 2 months. – Consumer rights acts exist to protect customers against such situations (ratified through law) • T&C’s conveniently provide a ‘get-out-of-jail- free’ card with a no opt-out option. – ‘Our way, or the high way’ Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
• An open door – This mechanism allows 3rd parties access to our systems at a privileged level – It’s provided the perfect back-dooring model which everyone accepts (incl. the IT security community) Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
• The excuse: – Software engineering is hard and you will never develop a bug free system • The response: – So what?: • Which bugs really cripple systems operationally, when they’ve been correctly engineered? • An answer: – Cleanroom software engineering (Harlan Mills) • e.g. Avionics, mission critical systems etc. Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
Your own footer Your Logo Resiliance Sub headline AGENDABLUE OCEAN STRATEGY
• Build in resilience to your networks – When did it become acceptable to forget principles of load balancing and fail-over? • e.g. banking site down for the weekend due to maintenance – Wasn’t the Cloud supposed to be a solution to this problem? Sub headline AGENDABLUE OCEAN IT Security Resiliance
• Network segmentation and zoning – Identify the threat – Lock down/Contain the threat – Purge the threat Sub headline AGENDABLUE OCEAN IT Security Resiliance
• Honeypots – Where did they go? – Technological resilience out of the box • Monitoring and containment also for free • Risk based approach – Understand your assets and compartmentalise them accordingly Sub headline AGENDABLUE OCEAN IT Security Resiliance
Your own footer Your Logo Automation Sub headline AGENDABLUE OCEAN STRATEGY
• Strong engineering principles must be adhered to • Develop strong developer governance around SSDLC – Integrate mandatory security gating into the SDLC • Internal talent retention – Holistic work flow automation – Internal employees often better positioned to take birds-eye view to build-out process automation Sub headline AGENDABLUE OCEAN IT Security Automation
• Ensure security controls are automatically checked/reported – Without this, security will be by-passed • Process automation critical – Excel must be replaced with dynamic reporting. Static data analytics cripples agility – Remove the human Sub headline AGENDABLUE OCEAN IT Security Automation

Recommended

Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrowJonathan Sinclair
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Tom King
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability ManagementVicky Ames
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 

Recommended

Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrowJonathan Sinclair
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Tom King
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability ManagementVicky Ames
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Skybox Security
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseLumension
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementJim Piechocki
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
 
Software Vulnerability management
Software Vulnerability management Software Vulnerability management
Software Vulnerability management Kishor Datta Gupta
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneWatering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 
Jmeter
JmeterJmeter
Jmeterprabakaranbrick
 
Semana del 18 al 22 de mayo
Semana del 18 al 22 de mayoSemana del 18 al 22 de mayo
Semana del 18 al 22 de mayoMaría Torrejón
 

More Related Content

What's hot

Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Skybox Security
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseLumension
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementJim Piechocki
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
 
Software Vulnerability management
Software Vulnerability management Software Vulnerability management
Software Vulnerability management Kishor Datta Gupta
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneWatering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 

What's hot (20)

Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability Management
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
 
Software Vulnerability management
Software Vulnerability management Software Vulnerability management
Software Vulnerability management
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneWatering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
 

Viewers also liked

Semana del 18 al 22 de mayo
Semana del 18 al 22 de mayoSemana del 18 al 22 de mayo
Semana del 18 al 22 de mayoMaría Torrejón
 
Nap expo 2015 session 1 AC
Nap expo 2015 session 1 ACNap expo 2015 session 1 AC
Nap expo 2015 session 1 ACNAP Events
 
Ps good audience
Ps good audiencePs good audience
Ps good audiencehmfowler
 
Solvency ii News September 2012
Solvency ii News September 2012Solvency ii News September 2012
Solvency ii News September 2012Compliance LLC
 
September 2008
September 2008September 2008
September 2008linioti
 
BvDEP & Credit Management
BvDEP & Credit Management BvDEP & Credit Management
BvDEP & Credit Management fhommersen
 
Vi Nguyen's Waves of Grace Presentation
Vi Nguyen's Waves of Grace PresentationVi Nguyen's Waves of Grace Presentation
Vi Nguyen's Waves of Grace Presentationvi_was_here
 
Multi user performance on mc cdma single relay cooperative system by distribu...
Multi user performance on mc cdma single relay cooperative system by distribu...Multi user performance on mc cdma single relay cooperative system by distribu...
Multi user performance on mc cdma single relay cooperative system by distribu...IJCNCJournal
 
A Letter To The Prime Minister
A Letter To The Prime MinisterA Letter To The Prime Minister
A Letter To The Prime Minister18minus
 
Oil Sludge Treatment Plants
Oil Sludge Treatment PlantsOil Sludge Treatment Plants
Oil Sludge Treatment PlantsEugene Temnov
 
Why and How A Retired Psychology Professor Became An Historian of Chinese in ...
Why and How A Retired Psychology Professor Became An Historian of Chinese in ...Why and How A Retired Psychology Professor Became An Historian of Chinese in ...
Why and How A Retired Psychology Professor Became An Historian of Chinese in ...John Jung
 
Tcvb2 marco gomes_wireless
Tcvb2 marco gomes_wirelessTcvb2 marco gomes_wireless
Tcvb2 marco gomes_wirelessMarco Gomes
 

Viewers also liked (18)

Jmeter
JmeterJmeter
Jmeter
 
Semana del 18 al 22 de mayo
Semana del 18 al 22 de mayoSemana del 18 al 22 de mayo
Semana del 18 al 22 de mayo
 
Nap expo 2015 session 1 AC
Nap expo 2015 session 1 ACNap expo 2015 session 1 AC
Nap expo 2015 session 1 AC
 
Ps good audience
Ps good audiencePs good audience
Ps good audience
 
Solvency ii News September 2012
Solvency ii News September 2012Solvency ii News September 2012
Solvency ii News September 2012
 
September 2008
September 2008September 2008
September 2008
 
BvDEP & Credit Management
BvDEP & Credit Management BvDEP & Credit Management
BvDEP & Credit Management
 
Intranet solution for small businesses
Intranet solution for small businessesIntranet solution for small businesses
Intranet solution for small businesses
 
Vi Nguyen's Waves of Grace Presentation
Vi Nguyen's Waves of Grace PresentationVi Nguyen's Waves of Grace Presentation
Vi Nguyen's Waves of Grace Presentation
 
Multi user performance on mc cdma single relay cooperative system by distribu...
Multi user performance on mc cdma single relay cooperative system by distribu...Multi user performance on mc cdma single relay cooperative system by distribu...
Multi user performance on mc cdma single relay cooperative system by distribu...
 
A Letter To The Prime Minister
A Letter To The Prime MinisterA Letter To The Prime Minister
A Letter To The Prime Minister
 
Зарничка
ЗарничкаЗарничка
Зарничка
 
Oil Sludge Treatment Plants
Oil Sludge Treatment PlantsOil Sludge Treatment Plants
Oil Sludge Treatment Plants
 
Why and How A Retired Psychology Professor Became An Historian of Chinese in ...
Why and How A Retired Psychology Professor Became An Historian of Chinese in ...Why and How A Retired Psychology Professor Became An Historian of Chinese in ...
Why and How A Retired Psychology Professor Became An Historian of Chinese in ...
 
Sam xinh xinh
Sam xinh xinhSam xinh xinh
Sam xinh xinh
 
Tcvb2 marco gomes_wireless
Tcvb2 marco gomes_wirelessTcvb2 marco gomes_wireless
Tcvb2 marco gomes_wireless
 
SAK:n luottamusmieskysely 2007
SAK:n luottamusmieskysely 2007SAK:n luottamusmieskysely 2007
SAK:n luottamusmieskysely 2007
 
Portafolio de evidencias
Portafolio de evidenciasPortafolio de evidencias
Portafolio de evidencias
 

Similar to Blue Ocean IT Security

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecurityAndy Bochman
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
 
Chaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsChaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsC4Media
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)Michael Diamant
 
Migrating to cloud-native_app_architectures_pivotal
Migrating to cloud-native_app_architectures_pivotalMigrating to cloud-native_app_architectures_pivotal
Migrating to cloud-native_app_architectures_pivotalkkdlavak3
 
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)Tim Kirby
 
Migrating_to_Cloud-Native_App_Architectures_Pivotal
Migrating_to_Cloud-Native_App_Architectures_PivotalMigrating_to_Cloud-Native_App_Architectures_Pivotal
Migrating_to_Cloud-Native_App_Architectures_PivotalEstevan McCalley
 
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)Dean Bruckman
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Deliverydevopsdaysaustin
 
SharePoint Saturday Netherlands 2019 - Citizen dev. and the admin
SharePoint Saturday Netherlands 2019 - Citizen dev. and the adminSharePoint Saturday Netherlands 2019 - Citizen dev. and the admin
SharePoint Saturday Netherlands 2019 - Citizen dev. and the adminAlbert Hoitingh
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testingCu Nguyen
 

Similar to Blue Ocean IT Security (20)

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
 
Chaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient SystemsChaos Engineering: Why the World Needs More Resilient Systems
Chaos Engineering: Why the World Needs More Resilient Systems
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)
 
Migrating to cloud-native_app_architectures_pivotal
Migrating to cloud-native_app_architectures_pivotalMigrating to cloud-native_app_architectures_pivotal
Migrating to cloud-native_app_architectures_pivotal
 
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
 
Migrating_to_Cloud-Native_App_Architectures_Pivotal
Migrating_to_Cloud-Native_App_Architectures_PivotalMigrating_to_Cloud-Native_App_Architectures_Pivotal
Migrating_to_Cloud-Native_App_Architectures_Pivotal
 
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
Migrating_to_Cloud-Native_App_Architectures_Pivotal (2)
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
 
SharePoint Saturday Netherlands 2019 - Citizen dev. and the admin
SharePoint Saturday Netherlands 2019 - Citizen dev. and the adminSharePoint Saturday Netherlands 2019 - Citizen dev. and the admin
SharePoint Saturday Netherlands 2019 - Citizen dev. and the admin
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testing
 

More from Jonathan Sinclair

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Jonathan Sinclair
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or lessJonathan Sinclair
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon usJonathan Sinclair
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability uncheckedJonathan Sinclair
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingJonathan Sinclair
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012Jonathan Sinclair
 

More from Jonathan Sinclair (10)

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or less
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon us
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereof
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability unchecked
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not working
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012
 
Breach analysis slideshare
Breach analysis slideshareBreach analysis slideshare
Breach analysis slideshare
 

Recently uploaded

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Blue Ocean IT Security

  • 3. • Inspired from Haroon Meer’s BlackHat Europe 2015 keynote where he made the following observations – An upcoming security apocalypse is on the horizon – There is a crisis of confidence – “For the thousands your organization spends on security, you can't protect the one guy who is most valuable to you. Worse yet, would you even know if he was popped?”* * http://blog.thinkst.com/2011/03/our-upcoming-security-apocalypse.html Sub headline AGENDABLUE OCEAN IT Security Inspiration
  • 4. • The issues facing the IT security field haven’t changed in the last 15 years • “Draining the swamp” issue leads to misdirection concerning the root-cause of the problem • A perspective/cultural shift needs to take place concerning the approach Sub headline AGENDABLUE OCEAN IT Security Direction
  • 5. Patching / Updates (Upgrades) When did we allow this bahviour to become the ‘norm’ and ‘expected’? 3 pillars BLUE OCEAN STRATEGY Resiliance What happened to load balancing/fail over? Automation Have all engineers been swollowed by the Tech firms?
  • 6. Your own footer Your Logo Patching / Updates (Upgrades) Sub headline AGENDABLUE OCEAN STRATEGY
  • 7. • Why is patching accepted? – A legacy left over from the hardware days • Since the days of paper tape and punch cards, physical patching was accepted • It was then translated into the software world • Designed principally as a mitigating action for unreliable hardware – Hardware resiliance has improved, while software resiliance has stagnated and in some cases deteriorated Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
  • 8. • Do we accept this for microwaves, digital watches or other consumer goods? – You buy an item and don’t expect it to break within 2 months. – Consumer rights acts exist to protect customers against such situations (ratified through law) • T&C’s conveniently provide a ‘get-out-of-jail- free’ card with a no opt-out option. – ‘Our way, or the high way’ Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
  • 9. • An open door – This mechanism allows 3rd parties access to our systems at a privileged level – It’s provided the perfect back-dooring model which everyone accepts (incl. the IT security community) Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
  • 10. • The excuse: – Software engineering is hard and you will never develop a bug free system • The response: – So what?: • Which bugs really cripple systems operationally, when they’ve been correctly engineered? • An answer: – Cleanroom software engineering (Harlan Mills) • e.g. Avionics, mission critical systems etc. Sub headline AGENDABLUE OCEAN IT Security Patching / Updates (Upgrades)
  • 11. Your own footer Your Logo Resiliance Sub headline AGENDABLUE OCEAN STRATEGY
  • 12. • Build in resilience to your networks – When did it become acceptable to forget principles of load balancing and fail-over? • e.g. banking site down for the weekend due to maintenance – Wasn’t the Cloud supposed to be a solution to this problem? Sub headline AGENDABLUE OCEAN IT Security Resiliance
  • 13. • Network segmentation and zoning – Identify the threat – Lock down/Contain the threat – Purge the threat Sub headline AGENDABLUE OCEAN IT Security Resiliance
  • 14. • Honeypots – Where did they go? – Technological resilience out of the box • Monitoring and containment also for free • Risk based approach – Understand your assets and compartmentalise them accordingly Sub headline AGENDABLUE OCEAN IT Security Resiliance
  • 15. Your own footer Your Logo Automation Sub headline AGENDABLUE OCEAN STRATEGY
  • 16. • Strong engineering principles must be adhered to • Develop strong developer governance around SSDLC – Integrate mandatory security gating into the SDLC • Internal talent retention – Holistic work flow automation – Internal employees often better positioned to take birds-eye view to build-out process automation Sub headline AGENDABLUE OCEAN IT Security Automation
  • 17. • Ensure security controls are automatically checked/reported – Without this, security will be by-passed • Process automation critical – Excel must be replaced with dynamic reporting. Static data analytics cripples agility – Remove the human Sub headline AGENDABLUE OCEAN IT Security Automation