Академический Документы
Профессиональный Документы
Культура Документы
Tudor Damian
IT Solutions Specialist
CEH, Hyper-V MVP
tudy.tel
PLATINUM
GOLD
SILVER
PARTNERS
• Sources:
Community Conference for IT Professionals @ITCAMPRO #ITCAMP15
Image source: coolrisk.com / Artist: Michael Mittag
IT RISK OVERVIEW
Sources: Center for Media, Data and Society (CMDS) / Verizon / UK Government, Department for Business, Innovation and Skills (BIS)
Days, 8%
Weeks, 16%
Months, 62%
BOTNETS 76%
MALWARE 97%
Ponemon Institute 2011 Cost of Data Breach Study: United States European Commission-Justice, Data Protection Ponemon Institute True Cost of Compliance Report
Verizon 2012 Data Breach Investigations Report Ponemon Institute Second Annual Benchmark Study on Patient Thomson Reuters State of Regulatory Reform 2012
Sources: Reuters, http://reut.rs/zzrcec
Symantec Internal Threat Report 17
Privacy and Data Security
ISACA 2011 Top Business/Technology Issues Survey
eWeek, http://www.eweek.com/c/a/IT-Infrastructure/Unplanned-IT-
Downtime-
WIRED, http://www.wired.com/threatlevel/2012/05/flame/all/1 Symantec 2012 SMB Disaster Preparedness Survey Can-Cost-5K-Per-Minute-Report-549007/
Ponemon Institute 2011 Cost of Data Breach Study: United States European Commission-Justice, Data Protection Ponemon Institute True Cost of Compliance Report
Verizon 2012 Data Breach Investigations Report Ponemon Institute Second Annual Benchmark Study on Patient Thomson Reuters State of Regulatory Reform 2012
Sources: Reuters, http://reut.rs/zzrcec
Symantec Internal Threat Report 17
Privacy and Data Security
ISACA 2011 Top Business/Technology Issues Survey
eWeek, http://www.eweek.com/c/a/IT-Infrastructure/Unplanned-IT-
Downtime-
WIRED, http://www.wired.com/threatlevel/2012/05/flame/all/1 Symantec 2012 SMB Disaster Preparedness Survey Can-Cost-5K-Per-Minute-Report-549007/
www.isaca.org/cobit
Business Process
Compliance and
Enterprise Risk
Management
Risk Control
Committee
Functions
Business
Owner
Board
Audit
CRO
CEO
CFO
CIO
HR
Key activities / Roles
RISK GOVERNANCE
• Risk Evaluation
– Collect Data
– Analyze Risk
– Maintain Risk Profile
• Risk Response
– Articulate Risk
– Manage Risk
– React to Events
RISK EVALUATION
RISK RESPONSE
Reduce Understand
Maintain IT can resist to
unauthorized vulnerabilities
reputation an attack
access and threats
SUMMARY
Q&A
Tudor Damian
IT Solutions Specialist
CEH, Hyper-V MVP
tudy.tel