Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jeremy Hilton and Anas Tawileh. “Relevant” security Identifying critical information Identifying the risks Developing the controls Sharing control information.

Published byGarey Conley Modified over 8 years ago

Similar presentations

Presentation on theme: "Jeremy Hilton and Anas Tawileh. “Relevant” security Identifying critical information Identifying the risks Developing the controls Sharing control information."— Presentation transcript:

1 Jeremy Hilton and Anas Tawileh

2 “Relevant” security Identifying critical information Identifying the risks Developing the controls Sharing control information

3

4 Yesterday (C) Cardiff University

5 Today (C) Cardiff University

6 Tomorrow (C) Cardiff University

7 “Relevant” Security (C) Cardiff University

8

9

10 © Brian Wilson (Used with permission.)

11

12

13 Adaptive Enterprise Security (C) Cardiff University

14

15 A system operated by appropriately skilled and experienced staff, partner producers, appropriate external parties and selected suppliers to build Delicia’s presence as a major participant in the dairy commodity markets by providing an effective and unique sourcing option, product innovation and developing, marketing and delivering branded speciality and healthy living products, and ongoing commodity trading to major multiple retailers, food service organisations and food manufacturers.

16

17

18

19 Critical Information Requirements at Delicia ActivityInformation Requirements Sourcing 4Determine Effectiveness of Existing Souring OptionsInformation about Participants in the Dairy Market Knowledge about Existing Sourcing Options Definition of Effectiveness 5Decide on How to Make the Provided Sourcing Option EffectiveEvaluation of the Effectiveness of Existing Sourcing Options Partnerships 23Assess Relationships with External PartnersPartners Information 24 Decide on How to Develop Relationships with External Partners to Support the Company’s Market Presence Assessment of Customer Relations 29Assess Relationships with External PartnersPartners Information 30Identify Requirements to Meet External Partners’ RequirementsEvaluation of Existing Capabilities Branding 37Define InnovationNA 38Decide on How to Measure the Company’s Reputation as an InnovatorDefinition of Innovation 39Baseline the Company’s ReputationReputation Measurement Criteria 40Evaluate the Company’s Reputation as an InnovatorReputation Measurement Criteria

20

21

22

23

24

25

26 Managers of SMEs are busy running their company, trying to survive in a very competitive environment They rarely address anything that is not a legislative or regulatory requirement, and even then will often only comply if there is a penalty for not doing so Will avoid spending money, and time is money, training is money Rarely buy in expertise, staff left to help each other and ‘learn on the job’

27 When developing policy(rules), it is critical to consider if and how they can be implemented. For example, if the policy is that: employees who breach a security rule, say, disclose information to someone unauthorised to see it, then they will be fired

28 People generally do what they want to do, even at work. Hopefully this aligns with the organisation’s needs incentivising ; or applying suitable sanctions. May achieve short term benefit, but the change is short-lived unless fundamental change is achieved staff have a belief in the desired result

29

30 Staff need to be involved, trained and supported. Tools will be required in order to enable the desired controls on information and analysis/audit of use Accountability and responsibility of staff must be clearly defined and agreed. Tell me and I’ll forget Show me and I’ll remember Involve me and I’ll understand Old Chinese saying

31

32 Traffic Light Protocol Philosophy mapped to the Business Impact and Control Categories Developed to control information sharing between G8 countries, Business Impact levels added.

33

34 ( 34 ) How to Use the Creative Commons Licenses Creative Commons

35 A set of classifications that are flexible enough to enable to define and communicate the controls to be applied to your information May be combined with creative commons licenses Expressed in 3 different formats: Security Officer-readable Human-readable Machine readable

36 Confidentiality Authentication Use Integrity CA – Community Access RA – Restricted Access PI – Personal Information OO – Organisation Only ND – Non-Disclosure CG – Corporate Governance SD – Safe Disposal CU – Controlled Until AB – Authorised By ND – Non-Derivatives BY – Attribution cc

37 The information may be shared within the organisation, but is not to be disclosed outside Organisation Only

38 The information is restricted to members of a community; generally multi-agency Though it may change, membership of the community is controlled All members of the community agree to specific terms and conditions Community Access

39 The information contains personal information and consideration must be made before sharing the information This classification is likely to be used in conjunction with other labels such as Personal Information cc

40 The information has been received under non-disclosure The label will link to the specific terms of the NDA This classification is likely to be used in conjunction with other labels such as Non-Disclosure cc

41 Medical Record Personnel record Patent under development Published Patent Draft Annual Report Approved report prior to release Post Release cc DTG cc

42 Thank You

43 “Others inspire us, information feeds us, practice improves our performance, but we need quiet time to figure things out, to emerge with new discoveries, to unearth original answers.” - Esther Buchholz

Download ppt "Jeremy Hilton and Anas Tawileh. “Relevant” security Identifying critical information Identifying the risks Developing the controls Sharing control information."

Similar presentations

Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
Business Improvement Review Knowledge Understanding Action.

Business Improvement Review Knowledge Understanding Action.
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Develop an Information Strategy Plan

Develop an Information Strategy Plan
12 August 2004 Strategic Alignment By Maria Rojas.

12 August 2004 Strategic Alignment By Maria Rojas.
1 A risk-based approach to auditing procurement in English councils Mark Wardman Senior Manager Audit Commission 19 May 2014.

1 A risk-based approach to auditing procurement in English councils Mark Wardman Senior Manager Audit Commission 19 May 2014.
Gallup Q12 Definitions Notes to Managers

Gallup Q12 Definitions Notes to Managers
Worker Coop Friendly HR Practices Michelle Manary President Manary-Harcus Consulting

Worker Coop Friendly HR Practices Michelle Manary President Manary-Harcus Consulting
Best practice partnership models

Best practice partnership models
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
Security Controls – What Works

Security Controls – What Works
What is Strategy? (Part Two). Key Concepts Managerial Cognition Business Model Stakeholders The Balanced Scorecard.

What is Strategy? (Part Two). Key Concepts Managerial Cognition Business Model Stakeholders The Balanced Scorecard.
Chapter 2 The Path to a Successful Business. McGraw-Hill© 2004 The McGraw-Hill Companies, Inc. All rights reserved. Because Business Decision Making is.

Chapter 2 The Path to a Successful Business. McGraw-Hill© 2004 The McGraw-Hill Companies, Inc. All rights reserved. Because Business Decision Making is.
IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.

IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.
AusIndustry Martin Cebis AusIndustry – Entrepreneur Development Facilitator.

AusIndustry Martin Cebis AusIndustry – Entrepreneur Development Facilitator.
Workplace Safety and Health Program

Workplace Safety and Health Program
Taking care of our people Being good neighbours

Taking care of our people Being good neighbours
Cash transfers to emergency affected households The assessment phase.

Cash transfers to emergency affected households The assessment phase.
Chapter 2 Strategic Training

Chapter 2 Strategic Training

Similar presentations

Ads by Google