Threat management – shifting from vulnerabilities to risk management

As a long time veteran of RSA, Robert Griffins has worked across the world, with his most recent posting being in Zurich. He is the strategy architect for RSA in Europe.  He is the director of a major project in Europe, funded by the EU, as part of its security project.

In the RSA conference opening keynote , Art Coviello noted that standards are critical in in how countries manage their threat/response balance.

"Within the standards community there are three very important initiatives. One are the technical standards. They attempt to increase interoperability and make systems work together better. Key management is part of that. Crypto is part of that'" Griffins said.

"Equally important are the standards that deal with the framework of security as a whole. Some, like the ISO 27000 standard establish models for how tools work together. Given the complexity of systems and the threats we face it's extremely important to have those frameworks"

Griffins contends, though, that the most important are standards about we understand and respond to the risks that we face. He notes that there have been some important developments in that area. In particular, risk management has moved away from looking at specific vulnerabilities towards looking at which assets are at risk.

This approach is in response to the attack models and sophistication that are being seen today. Given ever expanding threat surfaces created by increasingly open systems, BYOD and cloud-based solutions, it's simply not possible too know how or where a malicious party will launch an attack.

The models RSA is investigating has been used in operational fault isolation for many years but its application in security is new.

Griffins suggests that this model is much like what happens on the power system. "If a transmission line is cut, does it matter whether that was done by lightning or by the falling of a pylon? The issue is that it was cut. "

The focus isn't on how the line was cut but on identifying the fault, rectifying and taking remedial action so that the same fault doesn't recur.

The more secure cloud?
Although many people see cloud-based solutions as being inherently less secure than internally hosted systems, Griffins pointed to instances where cloud-based infrastructure was a more secure solution.
"When I was producing a demo system for a show, it was much safer for me to take that software, which required access by some major competitors, and to stand it up on Amazon Web Services rather than to try to stand it up inside on our own servers. We would have had to open up ports. In that case cloud was a much more secure solution as we didn’t have to expose any of our assets," he said.

Griffins said there are some critical questions that need to be asked before placing anything in the cloud. "What are you trusting? What are the mechanisms in place to secure it? How much of that can you trust? What kind of oversight do you have? These are the critical questions."

Anthony Caruana travelled to RSA Conference as a guest of RSA

Join the CSO newsletter!

Error: Please check your email address.

Tags Vulnerabilities#rsa2014ISO 27000cloud-based solutionsthreat managementrsa conference 2014risk@RSACCloudBYODstandards

More about Amazon Web ServicesAmazon Web ServicesEUISORSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place