CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
IT Security Challenges In Higher Education Steve Schuster Cornell University.
©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Information Security Issues at Casinos and eGaming
1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.
PCI: As complicated as it sounds? Gerry Lawrence CTO
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Joseph Ferracin Director IT Security Solutions Managing Security.
Dell Connected Security Solutions Simplify & unify.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Orphaned Servers and Broken Processes 2007 Security Professionals Conference April 12, 2007.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.
Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Managed Security Vikas Khanduri CCIE#13516,CCSP,CCDP,CCNP,MCSE.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Network Security & Accounting
Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.
INFORMATION SECURITY AWARENESS Whose Job is it Anyway? Ron Freedman Ron Freedman Vice President VCampus Corporation Scott Wright Scott WrightPresident.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.
Security Mindset Lesson Introduction Why is cyber security important?
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Regional Telecommunications Workshop on FMRANS 2015 Presentation.
Regional Cyber Crime Unit
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
Proactive Incident Response
Cybersecurity as a Business Differentiator
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Cybersecurity - What’s Next? June 2017
Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.
Current ‘Hot Topics’ in Information Security Governance Auditing
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Information Security: Risk Management or Business Enablement?
I have many checklists: how do I get started with cyber security?
Risks & Reality Cyber Security Risks & Reality
Andy Hall – Cyber & Tech INSURANCE Specialist
Securing the Threats of Tomorrow, Today.
Keeping your data, money & reputation safe
Cybercrime and Canadian Businesses
Presentation transcript:

CYBER RESILIENCE BEST PRACTICE

To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management Insight from the Board on cyber risks and its impact on cyber risk management Insight and ideas for managing your cyber risks

Balancing opportunity and risk The risks $4.2 trillion estimated value of the internet economy in G20 economies by 2016 The opportunities 94% of businesses with 10+ employees are online 936 exabytes growth in global internet traffic from % to 23% projected rise in consumer purchases via the internet from % of GDP contributed by internet $445 billion cost of cyber-crime to the global economy per year 44 % increase in cyber incidents per organization per week 90% of cyber attacks succeed because of the unwitting actions of a member of staff $ 145 average cost paid for each lost or stolen file containing sensitive or confidential information

The Challenges…. “253 days is the average number of days it takes an organisation to realise that they have been successfully attacked.” “90% of large UK organisations had a security breach in 2014 (an increase of 81% from 2013)” “90% of all successful cyber- attacks rely on human vulnerability to succeed.” “69% of all large organisations were attacked by an unauthorised outsider in 2014 (an increase of 55% from the previous year)” “59% of UK businesses expect attacks to increase next year” 1 person can enable an attacker to compromise your systems and access your most valuable information.

The Challenges - common client statements “Why would anyone want to attack our organization?” “We do not know what our most critical information assets are in our organization.” “We have our networks well protected by good technology” “Our current information/cyber security training is ineffective in driving new behaviour's across the organization.” “We know we have already been attacked but do not know how best to respond and recover effectively.” “We do not know what good cyber resilience looks like for our organization”

The Challenges – the hacking process ProcessTools ReconnaissanceWhois, NSLookup, Spyfu, EDGAR, Sam Spade, Google, DNS Lookup, ARIN, Wget, Dig, Traceroute ScanningPing, Nmap, Angry IP Scanner, Netcraft, Nikto, Nessus, ike-scan, RPCDump Develop /select/deliver exploit Metasploit, Rootkit (Hacker Defender, FU, Vanquish, HE4Hook) Cover tracksLog eraser, Demon

The Challenges... the Cyber Crime toolbox……

The Challenges -

Everyone has a role to play…. The challenge The Human Factor 90% NEED TO INFLUENCE AND ENABLE POSITIVE CHANGE IN USER BEHAVIOURS

Insight from the Board. We need to develop a coherent cyber resilience strategy We need to know what our critical information assets are We need a cyber smart workforce and partner network We need to embed good practices across our organization We need to communicate and understand more effectively across the organization We need to understand how we will respond and recover from attack more effectively

Cyber Risk Management Cyber Resilience is the ability for an organisation to resist, respond and recover from incidents that will impact the information they require to do business.

Cyber Risk Management What does good look like?

Cyber Risk Management INFORMATION SECURITY ConfidentialityIntegrityAvailabilityAuthenticity People Process Technology Security Policy Regulatory Compliance Staff Awareness Program Access Control Security Audit Incident Response Encryption, PKI Firewall, IPS/IDS Antivirus

You need staff who are ‘risk aware’ of.: Phishing Social engineering Online safety Social media BYOD Removable data Password safety Personal information Information handling Remote and mobile working

Summary of business challenges KEEP VALUE OF YOUR BUSINESS, IN YOUR BUSINESS MAINTAIN REPUTATION BALANCE OPPORTUNITIES AND RISKS Need to identify and manage what good cyber resilience looks like Need to influence and enable positive change in user behaviours Need to communicate effectively during business as usual and during crisis

QUESTIONS AND ANSWERS?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.