The final layer is the management layer, which enables enterprises to integrate security with their business processes, said Phuan. Network complexity and the requirement for granular policy mean that security administrators can no longer keep up with rapidly evolving business processes. The SDP management layer addresses this challenge by providing a framework that is:
- Modular - Each administrative user is provided a policy that provides access to information and authorisation necessary to fulfill assigned roles.
- Open- Application Programming Interfaces (APIs) are used to support the automation and synchronisation of security policy administration with other business processes.
- Resilient - Having a 360 degree situational awareness will enable the organisation to fight attacks while maintaining acceptable levels of service.
"The management layer allows organisations to manage their security while monitoring what is happening within their environment," he said.
Cost of Security Breaches
In his talk, Alan Seow, Founding President of (ISC)2 Singapore Chapter, reminded the audience of the cost of security breaches and provided tips to avoid being victims of such cyber attacks.
Alan Seow, Founding President, (ISC)2 Singapore Chapter
Using the example of the data breach experienced by American retailing company Target Corporation at the end of last year, he illustrated the economic impact of breaches. According to news reports, Target's infected point-of-sales (POS) systems siphoned card information of 110 million customers from 27 November to 15 December 2013. The stolen card information was then sold in the black market for up to US$200 each. Due to this incident, Target may face a US$3.6 billion liability if found guilty of violating the Payment Card Industry (PCI) Data Security Standards, said Seow. The retailer might also face lawsuits from customers as well as banks for massive cards reissuance due to the breach, he added.
Besides financial penalties, security breaches may also damage the victim's reputation and cause stock prices to plunge, claimed Seow. On 23 April 2013, a false tweet from the hacked account of newswire Associated Press wiped US$136 billion from the S&P 500 index in about two minutes. The tweet claimed that there had been two explosions at the While House and that U.S. President Barack Obama had been injured. "While it only confused the stock market for a brief two minutes, imagine what chaos would have ensued when people are confused by rogue broadcast from hacked channels," said Seow.
Understanding the impact of security breaches, the Singapore government has embarked on a five-year National Cyber Security Masterplan 2018 to further secure Singapore's cyber environment, said Seow. The Masterplan will focus on enhancing security and resilience of critical infocomm infrastructure; promoting infocomm security awareness and adoption among end-users and businesses; and creating a vibrant cyber security ecosystem by growing the republic's pool of infocomm security experts.