Penman also updated the forum on the latest changes to the MAS Technology Risk Management Guidelines, highlighting the major changes including data centre protection and control, mobile banking and payments security, and combating of cyber threats.
Tan Ching Song, Technical Sales, Security Division, IBM Asia Pacific, shared with the audience how they could protect their organisations against targeted attacks, insider fraud, and unauthorised configuration changes.
He beckoned attendees to start developing security intelligence capabilities that let them stay ahead of the threat by having a realtime view of their security posture and adjusting it to changing risk and threat levels.
Tan cautioned that there was no magic security technology that could provide perfect security, hence organisationsshould choose wisely the protective technology adopted to defend their critical assets. People and Processes must be in the forefront, augmented by advanced intelligence and security analytics.
Tan described a compliance and security management timeline that began with the discovery of a "Vulnerability", up till an actual "Exploit", and the subsequent "Remediation" activities after the exploit.
"The pre-exploit phase between the Vulnerability and the Exploit critical points should include prediction/prevention activities that include risk management, compliance management, vulnerability management and configuration management," Tan explained.
"The post-exploit phase between the Exploit and Remediation critical points would include reaction/remediation tools such as SIEM, network/user anomaly detection and log management," he added.
Tan outlined a five-step Proactive Risk Management approach that included the management of visibility, incidents, configurations, vulnerabilities and risk. He also shared some security intelligence use cases with the audience.
One such example was the continuous monitoring of all activities that are correlated in real-time, to derive security intelligence that will provide visibility to unauthorised or anomalous activities.
"Virtualisation is God's greatest gift to data centres. Virtualisation is great but it changes everything about security," mused Rohit Nagarajan, Strategy & Business Development Lead, Security Systems, IBM Growth Markets.
Nagarajan noted that embracing new technologies such as virtualisation, cloud and mobile computing, is an important aspect of how organisations stayed competitive.
However, he cautioned that the same technologies that could accelerate efficiencies could also pose new security challenges. Hence organisations must stay ahead of the evolving threat landscape even as they leverage the innovations made possible by these emerging technology.
Nagarajan discussed the pertinent security considerations when adopting cloud-based solutions. He said that CIOs are planning to move to the cloud because "cloud solutions accelerate the delivery of new business value and fundamentally change the economics of IT".
Nagarajan opined that cloud computing was much more than converting CAPEX to OPEX. Cloud computing was here to stay because of its elasticity and nimbleness. However, it also demanded a praradigm shift in security because cloud computing tested the limits of security operations and infrastructure.
Sign up for CIO Asia eNewsletters.