Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management.

Published byDorthy Robertson Modified over 8 years ago

Similar presentations

Presentation on theme: "CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management."— Presentation transcript:

1 CYBER RESILIENCE BEST PRACTICE

2 To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management Insight from the Board on cyber risks and its impact on cyber risk management Insight and ideas for managing your cyber risks

3 Balancing opportunity and risk The risks $4.2 trillion estimated value of the internet economy in G20 economies by 2016 The opportunities 94% of businesses with 10+ employees are online 936 exabytes growth in global internet traffic from 2005-2015 13.5% to 23% projected rise in consumer purchases via the internet from 2010-2016 4.1% of GDP contributed by internet $445 billion cost of cyber-crime to the global economy per year 44 % increase in cyber incidents - 1.4 per organization per week 90% of cyber attacks succeed because of the unwitting actions of a member of staff $ 145 average cost paid for each lost or stolen file containing sensitive or confidential information

4 The Challenges…. “253 days is the average number of days it takes an organisation to realise that they have been successfully attacked.” “90% of large UK organisations had a security breach in 2014 (an increase of 81% from 2013)” “90% of all successful cyber- attacks rely on human vulnerability to succeed.” “69% of all large organisations were attacked by an unauthorised outsider in 2014 (an increase of 55% from the previous year)” “59% of UK businesses expect attacks to increase next year” 1 person can enable an attacker to compromise your systems and access your most valuable information.

5 The Challenges - common client statements “Why would anyone want to attack our organization?” “We do not know what our most critical information assets are in our organization.” “We have our networks well protected by good technology” “Our current information/cyber security training is ineffective in driving new behaviour's across the organization.” “We know we have already been attacked but do not know how best to respond and recover effectively.” “We do not know what good cyber resilience looks like for our organization”

6

7

8

9 The Challenges – the hacking process ProcessTools ReconnaissanceWhois, NSLookup, Spyfu, EDGAR, Sam Spade, Google, DNS Lookup, ARIN, Wget, Dig, Traceroute ScanningPing, Nmap, Angry IP Scanner, Netcraft, Nikto, Nessus, ike-scan, RPCDump Develop /select/deliver exploit Metasploit, Rootkit (Hacker Defender, FU, Vanquish, HE4Hook) Cover tracksLog eraser, Demon

10 The Challenges... the Cyber Crime toolbox……

11

12 The Challenges -

13 Everyone has a role to play…. The challenge The Human Factor 90% NEED TO INFLUENCE AND ENABLE POSITIVE CHANGE IN USER BEHAVIOURS

14 Insight from the Board. We need to develop a coherent cyber resilience strategy We need to know what our critical information assets are We need a cyber smart workforce and partner network We need to embed good practices across our organization We need to communicate and understand more effectively across the organization We need to understand how we will respond and recover from attack more effectively

15 Cyber Risk Management Cyber Resilience is the ability for an organisation to resist, respond and recover from incidents that will impact the information they require to do business.

16 Cyber Risk Management What does good look like?

17 Cyber Risk Management INFORMATION SECURITY ConfidentialityIntegrityAvailabilityAuthenticity People Process Technology Security Policy Regulatory Compliance Staff Awareness Program Access Control Security Audit Incident Response Encryption, PKI Firewall, IPS/IDS Antivirus

18 You need staff who are ‘risk aware’ of.: Phishing Social engineering Online safety Social media BYOD Removable data Password safety Personal information Information handling Remote and mobile working

19 Summary of business challenges KEEP VALUE OF YOUR BUSINESS, IN YOUR BUSINESS MAINTAIN REPUTATION BALANCE OPPORTUNITIES AND RISKS Need to identify and manage what good cyber resilience looks like Need to influence and enable positive change in user behaviours Need to communicate effectively during business as usual and during crisis

20 QUESTIONS AND ANSWERS?

Download ppt "CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming
1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.

1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.

Similar presentations

Ads by Google