New Paradigm of IT Risk: Where Do You Stand?
-
Upload
rahul-neel-mani -
Category
Technology
-
view
191 -
download
0
Transcript of New Paradigm of IT Risk: Where Do You Stand?
New paradigm of IT Risk –Where do you stand?
Narayan NeelakantanAssociate Vice-PresidentHead IT Risk and Compliance & CISONational Stock Exchange Of India
The Views expressed in this presentation are those of the presenter and do not necessarily reflect the views of National Stock Exchange
NSE at a Glance• NSE is the nerve center of the Indian Economy• NSE is the largest exchange in the world in terms of equity
trade volumes• Today’s operational requirements of Exchange• Real Time Online trading• Availability of Information• Full Transparency• Nation Wide Reach• Guaranteed Settlement Cycles
• IT enabled
Reliability ChallengeNSE Today• Nationwide Reach via High Resiliency High
Bandwidth and Secure Backbone Infrastructure• 6,000+ connections (Both Terrestrial and Satellite)• 1,500+ Locations• 1,000+ Members• 2,20,000+ Terminals• Processing close to One Billion transactions every
day• COLO – Colocation for High Frequency Trading
Digital business trends
*Source: www.wearesocial.sg
• Average cost of a data breach has reached whopping $3.79 million
• In the past five years, data breaches have cost companies & individuals nearly $150 billion
• 34.2% of user computers were subjected to at least one web attack over last year.
• More than 30% of attacks to organizations last year were driven by internal employees
• 1510+ DDoS attacks reported on Akamai routed networks alone, in Q3 2015
• India stands first in a list of countries where DDoS originates and cybercriminals can get DDoS attacks on hire for Rs. 300 for a three-minute assault.
• More than 4 Financial Institutions faced DDoS in last 6 months in India.
IT Risk Trends
Increased Attack Surface
Network/Storage/Database
Application Weakness
User Privilege
Top Fast Growing Threats
MOBILEWARESPEAR PHISHING
INTERNET OF THINGS SECURITY
RANSOMWARE
CLOUD SECURITY
HACKTIVISM
New Paradigm Requires Differential Approach
Business Value Of Risk
*Source: The Gartner Strategic Risk Evaluation Approach for Digital Business
Organizations must shift focus from Technology to Business Information Governance
Strategic Risk Evaluation Approach
*Source: The Gartner Strategic Risk Evaluation Approach for Digital Business
• Security needs to possess an end-to-end property, else security breaches are possible at the interfaces
• Baseline security controls for entire ecosystem• More stringent controls and countermeasures for
business critical systems• Safeguarding information from point of origin to
point of destination in a communication system.
End-To-End IT Security
End-To-End IT Security
Governance Risk &
Compliance
IT Policies & Metrics
Support to Security IT Audits
Regulatory Compliance
Audits
Third Party Risk Assessments
Business Continuity
Management
Training & Awareness
Systems Security
Threat Modeling
Security Architecture
Social Engineering
Vulnerability Assessment &
Mgmt
Penetration Tests
Secure SDLC
Identity & Access
Management
Access Management Life
Cycle
Entitlement Reviews
IDM Platform Implementation
Privilege Identity Management
Security Operations
Cyber Security Command Center
Data Protection
IDS/IPS/Firewall Monitoring
Anomaly Detection
Security Intelligence
Forensics
Cloud Security
Business Assessment
Architecture Design
Security Testing & Validation
Assessing Compliance
Requirements
• Strategic alignment with business
• Security as a business enabler and differentiator
• IT GRC and cyber security must work in unison
• End to End Security
• Integrated Situational Awareness
Summary
QUESTIONS?