Advanced persistent threats (APTs)

Architecture

    balanced controls

        definition

        detective and preventative

        detective controls

        firewalls system

        intrusion prevention systems

        security business intelligence

    business needs

    BYOD

    cloud computing

    employee productivity

    hardware-enforced security

    IT consumerization

    privacy and regulatory requirements

    security zones

        critical data and resources

        definition

        devices and application types

        PEPs

        selective zones

        trusted zones

        untrusted zones

        user’s device and location

    threat landscape

    threat management

    traditional enterprise trust model

    trust calculation

        access type

        allow access

        available controls

        business partners

        definition

        destination score

        devices and usage models

        internal and external resources

        policy decision point (PDP)

        source score

    user and data perimeters

        defenses and detective control

        protect information

        security

        traditional network security

Bring-your-own-device (BYOD)

Business benefits and risks

    baseline security

        encryption

        enhanced recovery

        hardware acceleration

        hardware-enforced

        protected environments

        security software

    building security

    context-aware experiences

    context-aware security

        business intelligence and data protection

        cloud security and context awareness

        image recognition technology

        portable devices

        sensors and analytical tools

    contextual information

    mass-production strategy

CISO

    attributes

    chief information risk officer

    foundational skills

    junk food fear

    leader

    organizations outsource

    sixth sense

    storyteller

    T-shaped individuals

    Z-shaped individual

Context-aware computing

Context-aware technology

Cybersecurity legislation

Cybersecurity Watch Survey

Emerging security capabilities

    accelerated encryption

    adidas

    business benefits and risks (see Business benefits and risks)

    business intelligence and dat

    cloud computing

    compute continuum

    context-aware computing

    context-aware security

    context-aware technology

    enterprise systems

    hardware-enforced protection

    LEGO brand

    malicious purposes

    Moore’s law

    shopper’s smartphone

    wireless NFC

Enterprise information security

External partnerships

    advantage of

    benchmarking information

    CISO

    communities

    community characteristics

    community goals

    corporate citizenship

    enabling informal exchanges

    FIRST

    information-sharing relationships

    Intel’s CISO

    legal implications, revealing security

    public-relations aspect

    regulations and standards

    security-related issues

    share security information

    technology landscape

    threat landscape

    threats and vulnerabilities information

    tiered pyramid model

“Find the Phish” game

Forum for Incident Response and Security Teams (FIRST)

Governance

    dictatorial approach

    Intel’s information risk

    IT governance archetypes

    IT policies

    MIT CISR

Health Insurance Portability and Accountability Act (HIPAA)

Information security

    balancing act

    blocking users’ access

    business enable

    businesses and organization

    business risk

    company legal

    core competencies

    dynamic and flexible

    ecosystem

    implementing wireless networks

    incorporate privacy and regulatory compliance

    Intel’s Group

    Intel’s internal team

    malware

    network boundary

    personal smartphones

    regulatory flood

    safeguarding information

    threat landscape

    traditional mission and vision

Information Sharing and Analysis Centers (ISACs)

Installing wireless networks

Intel IT Emergency Response Process (ITERP)

Intel’s information risk governance

Intel’s legal and human resources (HR) groups

Interdependent risks related, IT

Internal partnerships

    business group managers

    corporate risk management

    corporate security

    far-reaching web

    fellow travelers

    finance group

        business groups

        internal audit

        SOX

    formal/informal

    human resources

        employee communications

        employee procedures

        internal investigations

        security policy

    information security group

    ITERP

    legal

        business groups

        contracts

        data classification

        financial compliance

        intellectual property

        litigation

        privacy

    risk review boards

    standing committees

Internet-enabled car

Irrefutable Laws of Information Security

IT governance archetypes

Marketers

Massachusetts Institute of Technology Center for Information Systems Research (MIT CISR)

Moore’s law

Near field communications (NFC)

Network firewalls

Non-Intel managed systems (NIMS)

Organization’s privacy commitment

Perimeter

    Bloomberg News

    building security

    business processes

    compliant behavior

    credit analyst

    customer financial data

    Cybersecurity Watch Survey

    disk encryption on laptops

    “Find the Phish” game

    information security professionals

    IT professional

    payoff

    physical and network

    privacy protection

    publishing security-related articles

    security benefits, personal use

    self-motivated commitment

    smartphones access

    social media accounts

    technical controls

    unencrypted data

Playing War Games

Policy decision point (PDP)

Policy enforcement points (PEPs)

Product life cycle model

    commodity—source code

    critical trends

    disruptive trends

    emerging trends

    evolution of threats source

    highest-priority threats

    product manufacturing company

    security-related activity

    smartphone security threats

    sustained drivers

    threat analysis materials

Radio Frequency Identification (RFID) technology

Rapid proliferation, information and devices

Regulatory environment

Regulatory flood

    cybersecurity legislation

    e-discovery

    financial regulations

    high-tech exports

    IT capabilities

    personalization versus privacy

    protecting personal information

    scope

    storage and protection

Retail environment

Right governance structure

Risk misperception

    communication

        asymmetry of information

        building credibility

        changing risk perceptions

        laptops

        pirating software

    decision makers

    economic and psychological factors

    employees

    inevitable bias

    organization’s security posture

    risk assessment models

    security professionals

    social-media site

Roundabouts and stop signs

Sarbanes-Oxley (SOX) Act

Sarbanes-Oxley (SOX) compliance

Security professionals

Smartphones

Spearphishing

Threat landscape

    APTs

    cybercrime online

    Irrefutable Laws of Information Security

    stealthy malware

    Stuxnet creation

Threats and vulnerabilities

    Malware industry

    structured methods

        agents

        analyzing emerging threats

        blinkered security perspective

        playing war games

        product life cycle modelc (see Product life cycle model)

        risk-sensing analysis

        risk-sensing strategy

        security team

    threat landscape

        barriers

        broad-brush picture

        edge case insecurity

        obscurity

        phishing

        smartphones

    social engineering attacks

    web, attack surface

        embedded devices

        glimpse

        nontraditional devices

        security focus areas

        smartphones

    web applications

Traffic metaphor