Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and...
Transcript of Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and...
![Page 1: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/1.jpg)
www.isaca.orgOPEN
Training + Information Sharing:Pillars of enhancing cybersecurity posture
Welland Chu
VP, Professional Development & Secretary
ISACA China Hong Kong Chapter
June 2018
![Page 2: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/2.jpg)
2This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Reported cyber incidents in Hong Kong
Sources: hkpc.org, legco.gov.hk 2017, Telstra.com 2017, scmp.com
Losses >HK$2.3B, growth at 25%
HK$387,400 per case
![Page 3: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/3.jpg)
3This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Cybersecurity defense needs collaboration
▌ 2018-05: Europol signed two memorandums of
understanding related to cybersecurity
cooperation
World Economic Forum (WEF)
European Union Agency for Network and
Information Security (ENISA), the European
Defence Agency (EDA), and the EU’s Computer
Emergency Response Team (CERT-EU)
▌ Focus
Cyber exercises, Education and training,
Exchange of information
Strategic and administrative matters
Technical cooperation
![Page 4: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/4.jpg)
4This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
US Department of Homeland Security Cybersecurity Strategy https://www.dhs.gov/sites/default/files/publications/DHS-Cybersecurity-Strategy_1.pdf
“Risk management”30
▌ How many mentions?
APT
+ Anti-Virus
+ Firewall
+ DLP
+ Multifactor Authentication
028
“Strategy”25
“Cybersecurity”222
“Information sharing”
Threat Reduction Consequence MitigationEnable Cybersecurity
Outcomes
Risk Identification Vulnerability Reduction
![Page 5: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/5.jpg)
5This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
HKMA’s Cybersecurity Fortification Initiative (CFI) & OGCIO
ISACA’s 5 certificates have been recognised as the pre-requisite qualifications of Assessor and Enhanced Competency Framework by HKMA
• ISACA’s Certified Information Systems Auditor (CISA);• (ISC)2’s Certified Information Systems Security Professional (CISSP);• ISACA’s Certified Information Security Manager (CISM);• ISACA’s Certified in Risk and Information Systems Control (CRISC);• ISACA Certified in the Governance of Enterprise IT (CGEIT)• ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or• China Information Technology Security Evaluation Centre’s Certified Information Security Professional - Hong Kong (CISP - HK).
Certification:
CISSP, CISA
Hong Kong Monetary Authority
Cyber Resilience
Assessment Framework
Source: www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20161221e1.pdf,
http://www.hkma.gov.hk/media/chi/doc/key-information/guidelines-and-circular/2016/20161219c1.pdf, OGCIO
![Page 6: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/6.jpg)
6This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Major challenge: Skill shortage
By 2022, there will be a shortage of 1.8 million information security workers
>50% of respondents say filling open positions takes at least three months
More than 7 in 10 respondents say their organizations are seeking strong technical skills
Source: OGCIO 2016, ISACA.org
![Page 7: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/7.jpg)
7This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
How does Public-Private-Partnership help?
Source: Thalesgroup.com
![Page 8: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/8.jpg)
8This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
About
180+ countries>45 years
135,000+members worldwide
About Welland
• Secretary, VP Professional Development at the China Hong Kong Chapter of ISACA
• 24 years experience in information security
• Business Development Director at Thales eSecurity
and myself
2,800 volunteers
![Page 9: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/9.jpg)
9This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Wealth of resource and assets on cyber security and topical subjects
http://www.isaca.org/Knowledge-
Center/Research/ResearchDeliverables/Pages/Adopting
-GDPR-Using-COBIT-5.aspx
http://www.isaca.org/Knowledge-
Center/Research/ResearchDeliverables/Pages/GDPR-
Data-Protection-Impact-Assessments.aspx
http://www.isaca.org/cyber/Documents
/CSX-General-Awareness-
Brochure_Bro_Eng_0816.pdf
https://www.isaca.org/J
ournal/Current-
Issue/Pages/default.aspx
https://www.isaca.org.hk
/web/about-us/isaca-
china-hk-chapter/
https://cmmiinstitute.com/products/cyb
ermaturity/cmmi-framework
![Page 10: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/10.jpg)
10This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Publications: State of Cybersecurity
• Does your organization
have unfilled (open)
cybersecurity/information
security positions?
• Time to fill cyber
security and information
security position
• Comparison of current
attack types to last
year's results
• Threat actors
• Active cyber defense
Source: ISACA.org
![Page 11: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/11.jpg)
11This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Encouraging knowledge & insights sharing with point system
![Page 12: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/12.jpg)
12This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Critical success factors of enhancing cybersecurity posture
Public-Private-Partnership Skillset upgrade (Individual + org)
Encouragement + Incentives Knowledge sharing platforms
![Page 13: Training + Information Sharing · • ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and Cybersecurity Nexus Practitioner certification (CSX-P); or • China Information](https://reader034.fdocuments.in/reader034/viewer/2022042317/5f05f2bf7e708231d41586f3/html5/thumbnails/13.jpg)
13This document may not be reproduced, modified adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of the author.
OPEN
Together we make the world safer
Contact: [email protected]