Be Ready for What’s Next

INFORMATION SECURITY RISKS

Business Requires Change

From the Boardroom:

• Higher Profitability

• Higher Efficiency

• Increased Agility

• Greater Productivity

• More Competitiveness

IT Responds to Business Needs

Striving to Enable the Business

Virtualization

Cloud Computing

and Social Media

Mobility and

Consumerization

Increasing Complexity

Exposure to Malware

The Growing Malware Threat

17 Million increase in samples in only 9 months

2,000,000

1,000,000

3,000,000

5,000,000

4,000,000

1999 2001 2003 2005 2007 2009 2011

Signatures

Today’s Real Challenges

The High Cost of Inadequate Protection

91% Experienced at least 1 IT security intrusion

61% Have experienced viruses, worms, spyware and other malware

2011 Kaspersky Lab – Survey on Global IT Security Risks

#1 Social Networking is seen as the biggest threat to IT Security

70% State their IT staff is under-resourced

Whose IT risks?

Building IT Risk Management

DESIGN

MONITOR & REVIEW

IMP

RO

VE

IMP

LEM

ENT

Risk Structure

• Roles& Responsibilities

• Reporting structure

• Governance

Risk Strategy

• Risk appetite

• Risk philosophy

Risk Protocols• Policy

• Procedures manual

• Guidance notes

• Tools

Risk Process• Establish the context

• Risk assessment

•Identification

•Analysis

•Evaluation

•Monitor &Review

Security

Superior, Intelligent Protection

Always Ahead of New Threats

Significantly Reducing Business Risks

Comprehensive ManagementImproving Business Efficiency

and & ProductivityEnhancing IT Flexibility

Elegant Architecture

Fully Integrated from the Ground Up

Best of Breed

Anti-Malware

Technology

Kaspersky Security

Network

Firewall

System

Watcher

Application

Control

Device

Control

Web

Control

Survey of IT (Mongolia)

• Daily over 80% of all personal emails in Mongolian internet environment is spam.

• 369 internet pages from public and private sector were attacked by hackers in 2010.

• 35% of all hardware damages such as hard drive, power supply and other peripherals were caused by electrical instability.

• 36% of all entities does not use any antivirus software, 50% don not use firewall protection.

Survey of IT (Mongolia)

• About 7% do not use any anti network attacking system. Vast majority of public organizations do not have any information on information security threats.

• 96% of all entities do not have any type of insurance on networking hard wares, servers, computers and other peripherals.

• 75% of all surveyed entities does not have any system to check security holes in their information system, 40% does not have designated server room.

• 90% of all surveyed entities does not have any licensed software.

Try the Complete Kaspersky ExperienceDeeper Protection

Comprehensive Manageability

World-Class Support

Thank You!

Methodology IT risk management

• CORAS - Construct a platform for Risk Analysis

of Security Critical Systems

• OCTAVE - Operationally Critical Threat, Asset

and Vulnerability Evaluation

• CRAMM - CCTA Risk Analysis and Management

Method (Central Computer and

Telecommunications Agency of UK)

• COBIT - Control Objectives for Information and

Related Technologies

IT Standards

• CobiT 4.1 «Control Objectives for Information

and related Technology»

• ISO/IEC 27001:2005 «Information technology -

Security techniques - Information security

management systems – Requirements»

• ISO/IEC 27001:2006 «Information Security

Management System»

• ISO/IEC 20000 - the first international standard

for IT service management

IT Governance

• IT Governance is a part of Corporate governance. An effective IT governance us a subset discipline of Corporate Governance.

• IT governance is the term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction of the entity. How IT is applied will have an immense impact on whether the entity will attain its vision, mission or strategic goals.