2. David Clarke
• Created CERT on a Financial Intranet trading $3.5
Trillion a day ,CPNI Member 10 Years.
• Managed Global Managed Security Services with a
$100-$300 million Global install base 500 + Customers
with $3.4 Billion dollar Contracts.
• Created , maintained and improved regulatory and
compliance commitments including Global PCI-DSS,
ISO 27001 (10,000+ Security Devices/Systems ).
3. • Breach Legislation, IT or Legal?
• " the proposed regulation of up to 5% of
annual worldwide turnover, or €100"
4. • Information Sharing , Who,When, How
• "The ICO has imposed a monetary penalty
of £200000 on the British Pregnancy
Advice Service (BPAS) for exposing
thousands of personal"
5. • Compliance is the best protection?
• "Resistance is futile" Gartner
• "Brighton and Sussex University Hospitals NHS
Trust fined £325k after hard drives with highly-sensitive
patient data were sold on eBay, - "
6. • Best Practice or is this Compliance ?
• "The ICO can issue fines of up to
£500,000 for serious breaches of the Data
Protection Act and Privacy and Electronic
Communications Regulations." ICO
7. • Incident Response,Strategy
• "There are two kinds of big companies in the
U.S. Those who’ve been hacked by the Chinese
and those who don’t know they’ve been hacked.”
FBI
8. 4 Threats
• Internal Threat
• External Threat
• Regulatory Threat
• The Threat of “inadvertent human
error”
10. ISO 20000
Change Process
Service Introduction
Problem management
Escalation Processe
11. Security Measurement
• Measure of Compliance
• Measure of System effectiveness
• Measure of People Awareness
• Measuremnet of main Threat Vector
12.
13. 72 Hours to Report
% 5% of Worldwide
Revenue
71
14. Cyber Essentials
Boundary Control
Secure Configuration
Patch Managment
Malware Defense
Access Control
15. Each Event is 0.25 80% achievable =0.2 The Maths
Dependent Events
0.2+0.2+.2+.2=0.8
Previously 0.32
A Dramatic improvement by
using a Leveraged Strategy
21. • If you would like my worksheet matching
the strategy to cyber essentials and sans
top 20 please email me at cio@vciso.co
• Linkedin with me at
uk.linkedin/1davidclarke
• Twitter @1davidclarke