Presentation is loading. Please wait.

Presentation is loading. Please wait.

HSC and Cyber Security Caroline McLaughlin 22nd August 2019

Published byRichard Steinmann Modified over 5 years ago

Similar presentations

Presentation on theme: "HSC and Cyber Security Caroline McLaughlin 22nd August 2019"— Presentation transcript:

1 HSC and Cyber Security Caroline McLaughlin 22nd August 2019

2 Why do we need information security?
In order to operate effectively we need to keep our business data confidential, maintain it’s accuracy and make sure it is available for use when we need it We have legal, regulatory and corporate obligations to protect information we are responsible for Data Breaches are becoming more commonplace Malware, Phishing, Spamming, Ransomware are now big business The numbers of attacks is increasing due to their success rate We need to maintain business continuity by minimising the impact of security incidents should they occur

3 The Market The cyber crime marketplace
Global cyber crime worth £1,200,000,000,000 a year (£1.2 trillion) Top cyber criminals now earning in excess of £1,600, per annum Demand for ‘cybercrime as a service’ is 3 times greater than supply Dark web fully commercialised with eBay style marketplace and review ratings based on success rate and profitability Cyber criminals no longer require deep technical knowledge to launch an attack Any type of cyber attack now feasible with relatively modest investment

4 The Motivation How much is information worth?
Basic identity information £ 14 Credit/Debit card (including CVV number) £ 20 10 million addresses £ 110 PayPal Login (verified with balance) £ 235 Bank Login £ 700 Medical details £ (name, address, NI number, NHS number, prescription history)

5 Threat to Healthcare • UK health and care system is not being specifically targeted (NCSC) However… • High level of vulnerability • High level of time dependency So…..what do we do??

6 Background May The English NHS was affected by the worldwide Wannacry attack, while HSC NI were not affected on this occasion, it was recognised that future attacks are likely to be more sophisticated, so action needs to be taken to improve overall security in HSC NI. One year on and still none of the NHS Trusts in England have carried out any remedial work and still do not have a strategy to counter this threat HSC NI has considered this threat, and has decided to act. A key strand in HSC NI’s strategy is to move towards recognised security standards. A discovery exercise is vital to identify vulnerabilities and create a plan to remediate them to protect itself against Cyber attack. HSC also needs to assure its service provision going forward and to align itself with new legislative and regulatory requirements (NIS and GPDR)

7 The Programme Board Representatives for all HSC Organisations
Accepted the report and recommendations Agree on a Common Approach with Common solutions and Common Technologies Gap Analysis against ISO27001/NIS – HSC wide

8 ISO 27001 Gap Analysis Overview
Scope = Everything (including Medical, BMS and Security systems) Very Rough Snapshot of 114 Information Security Controls

9 Programme Key Functions
Cyber Security Programme ISMS - ISO27001 Certification/ NIS Directive Cyber Security Risk Cyber Security Strategy, Policies and Standards Cyber Security Forum (technical) Cyber Security Business Continuity Committee Submits Bids & Technical Plans Liaison with key HSC Stakeholder Representatives and external agencies Devise regional strategic direction for Cyber Security

10 Programme Key Workstreams

11 Prioritised Key Projects
Incident Management Training and User Awareness Patch Management Network Security Policy Review and Development Third Party Management

12 Cyber Training Board Members Toolkit
Two further sessions Wednesday 4th September – Craigavon Civic Centre Thursday 17th October – Leadership Centre

13 Contact Details Caroline McLaughlin Programme Manager Cyber Security
BSO ITS Tel: /

Download ppt "HSC and Cyber Security Caroline McLaughlin 22nd August 2019"

Similar presentations

STRATEGIC PLAN Session B1b. 2. The Strategic Plan: Process National working group/committee BaselineAnalysis Media campaign Presentation & promotion Action.

STRATEGIC PLAN Session B1b. 2. The Strategic Plan: Process National working group/committee BaselineAnalysis Media campaign Presentation & promotion Action.
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.

English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Police Service of Northern Ireland Detective Chief Inspector Douglas Grant MSc PSNI Cyber Crime Centre.

Police Service of Northern Ireland Detective Chief Inspector Douglas Grant MSc PSNI Cyber Crime Centre.
Key changes and transition process

Key changes and transition process
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
1 BSI British Standards ISO 14001 Awards 2008 Oswald A. Dodds, MBE Chairman, BSI Technical Committee SES/1/1 at the IEMA EMS National Forum 29 th November.

1 BSI British Standards ISO Awards 2008 Oswald A. Dodds, MBE Chairman, BSI Technical Committee SES/1/1 at the IEMA EMS National Forum 29 th November.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Www.eurosocap.org European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.

European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
The information contained in this document is confidential, for internal use only, and may not be distributed outside Ministry of Transport and Communications.

The information contained in this document is confidential, for internal use only, and may not be distributed outside Ministry of Transport and Communications.
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
© Plan Plan’s Security Framework – A Refresher. © Plan Understanding Ourselves Values - Child Rights, Impartial, Neutral, Sensitive Mandate - Child Centred,

© Plan Plan’s Security Framework – A Refresher. © Plan Understanding Ourselves Values - Child Rights, Impartial, Neutral, Sensitive Mandate - Child Centred,
Financial Times 2012-2015 Matheson is ranked in the FT’s top 10 European law firms 2015. Matheson has also been commended by the FT for corporate law,

Financial Times Matheson is ranked in the FT’s top 10 European law firms Matheson has also been commended by the FT for corporate law,
Friday 22nd April 2016 DS Chris Greatorex SEROCU

Friday 22nd April 2016 DS Chris Greatorex SEROCU
Www.enisa.europa.eu Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA.

Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Similar presentations

Ads by Google