董事會與高階主管於 資安治理應有之哲學性思考 The philosophical thinking on information security governance of the board and senior executives. 黃信智 HSIN-CHIH HUANG, EC-Council Certified Incident Handler (ECIH) 全球試題命題委員
Statement & Disclaimer • In order to be accurate and strive for the authentication of the source of the data, some texts or images of the material are presented in the original language. • Should the content provided in this course involves concepts, methods, tools, etc. related to hacking techniques or cyber attacks, it is intended to be used for course lecturing, knowledge transfer, or security deployment. Should the information receiving party conducts network attacks or hacking in this way, they shall bear their own legal responsibility and have nothing to do with the lecturer and the service unit of the lecturer. • The subject of historical cases mentioned in this session may be de-identified with “organization” or other pronoun, which may refer to public sector, private sector, NGO, or NPO.
PERSPECTIVE FROM WARFARE
If you take cyber as a part of warfare • It’s a new territory with “potential”. • It’s a new battlefield, and you may be besieged. • It becomes a political tool. • Should establish the defense unit and intelligence unit. • Even need a more aggressive one to fight. • Should know espionage is ubiquitous. • It may need sovereignty. • To fight, or not to fight? • To fight back, or not to fight back? • Defense, defense, and defense • Dominance, dominance, and dominance
PERSPECTIVE FROM MULTI-DIMENSION
Triad of Info Sec integrity
When you think on a dot, line or plane
The reality is a multi-dimension
So you may omit a holistic view • National development issue • Culture aspect • Industry discrepancy • The timeframe • Religious issue • Industrial espionage • Your “neighbor”
PERSPECTIVE FROM HISTORY
Historical cases • Georgia from 2008 to 2020 • Revenge operation / insider • Stock price from 140 to 100 ( >28%) • Stock price plunged 5% • M&A from 2015 to 2020 • Senior managements step down • Leaving information system unused for tunneling. • And finally, history repeats itself. • After GDPR, there will be some sort of “pan -states security regulation ” with high possibility. And it’s not a matter of why, it’s a matter of time.
PERSPECTIVE FROM ABSTRACTION
• Who am I ? • Why am I here ? • What am I doing? • What should I do ? • What’s the next ? • Where am I going ? • Which way am I taking ?
Recommend
More recommend
