The cybersecurity environment is complex and can be confusing even to experts. The Cyber Defense Matrix is a model that simplifies this landscape, enabling us to navigate it more easily and clearly communicate our plans to others. This presentation will explain the Matrix and how it can be used to build, manage, and operate a security program. By organizing technologies, skillsets, and processes against the Matrix, we can understand the problems we need to solve, what gaps exist, and what options are available to close those gaps.

Splunk's unique data analysis technology creates an AI brain designed specifically for enterprises, using machine learning algorithms to analyze past attack patterns, predict possible risks in the future, and provide defense suggestions. For example, it monitors employee activities and data access logs for potential internal threats. If data access suddenly increases or legitimate users use sensitive data, or even when data is sent in large quantities outside, the Splunk AI brain will alert to prevent potential data leaks or theft, and automatically respond to security events through Splunk SOAR.

This session will introduce how Splunk's AI brain can combat internal and external cybersecurity attacks and prevent data leakage.

Cyber security risks may arise from various cyber-attacks. Managing these cyber security risks involves the development of policies, procedures, and controls. CISOs (Chief Information Security Officers) are responsible for identifying, protecting, detecting, responding to, and recovering these risks. Those activities help ensure that the organization's systems and data are secure.

This speech discusses the philosophy of knowing employees and the necessary skills to implement information security governance from the CISO perspective. CISOs must develop an incident response plan outlining the proper procedures for a security breach or incident. That includes identifying, collecting, examining, analyzing, and preserving the evidence. They should ensure that the organization complies with financial regulatory requirements. CISOs further work closely with other leaders in the organization to ensure that security, convenience, and resiliency are top priorities. 

In conclusion, CISOs must have a comprehensive understanding of cyber security risks and the ability to develop and implement effective strategies. They must also be able to lead incident response efforts to manage or mitigate these risks effectively and efficiently.

During digital transformation, the traditional information operation center is no longer enough to support enterprises (especially in the area of information security), so the concept of Security Operation Center (SOC) is released according to the needs of information security incident response and information Security-related laws and regulations. Recently, companies have established relevant units or entrusted service providers to assist in related tasks based on regulatory compliance or supply chain needs. However, the results often take more work to quantify with the establishment of units or the outsourcing of functions. What should be required of the team or the service providers will make it even more difficult for companies that already need more information security workforce. Through an appropriate framework, it may be possible for enterprises to understand what tasks the information security operation center should complete and how to achieve them. Guidelines shape the hard-to-understand words and sentences written in black and white on the specification into more specific tasks that can be implemented. With the measurement of maturity, you can understand the blueprint for future development so that SOC can become a critical gear for enterprise information security capabilities to improve the organization's information security capabilities.

The presentation explains how the FAIR framework quantifies information risk by defining its five core elements. It overcomes existing risk assessment limitations and provides accurate evaluations. The evaluation process is detailed along with key points and execution procedures. Practical case studies demonstrate the framework's application to enterprise risk management, enhancing understanding and capabilities. The goal is to improve enterprise security and competitiveness.