Contenu connexe Similaire à Introduction to Cyber Resilience (20) Introduction to Cyber Resilience1. Cyber Resilience for Dummies
Leading the way in cyber security
Since 1989
Peter Wood
Chief Executive Officer
First Base Technologies LLP
(with apologies to John Wiley & Sons)
2. Founder and Chief Executive - First Base Technologies LLP
• Engineer, IT and information security professional since 1969
• Fellow of the BCS
• Chartered IT Professional
• CISSP
• Member of the Institute of Information Security Professionals
• 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group
• Senior Member of the Information Systems Security Association (ISSA)
• Member of the BCS Information Risk Management and Assurance Group
• Founder of white-hats.co.uk
• Member of ACM, IEEE, Institute of Directors , Mensa
Peter Wood
Leading the way in cyber security
Since 1989
3. Managed Services Compliance Testing
Cyber Readiness
Penetration Testing
Threat and Risk Cyber Awareness
Leading the way in cyber security
Since 1989
4. What is Cyber Resilience?
Leading the way in cyber security
Since 1989
5. Slide 5 © First Base Technologies 2017
Wikipedia’s definition
Cyber Resilience refers to an entity's ability to continuously deliver
the intended outcome despite adverse cyber events
Cyber Resilience is an evolving perspective that is rapidly gaining
recognition
The concept essentially brings the areas of information security,
business continuity and (organisational) resilience together
https://en.wikipedia.org/wiki/Cyber_Resilience
6. Slide 6 © First Base Technologies 2017
Information Security Forum’s guidance
Organisations should develop a business plan to exploit
cyberspace that identifies threats, considers the limitations of IT
and information security, and develops cyber resilience
Cyberspace is critical to most organisations today; disconnecting
is not an option
By implementing the ISF Cyber Resilience Framework
organisations can develop cyber resilience and be better able to
withstand impacts from evolving cyber threats. Only then can
organisations safely realise the benefits of cyberspace.
7. Slide 7 © First Base Technologies 2017
Symantec’s guidance
Cyber Resilience is about the management not the elimination of risk
Not only is eliminating risk impossible, but it impedes agility; an
environment with an acceptable level of risk supports innovation
Knowledge is power; cyber resilient organisations recognise that
security needs to go beyond systems, software or IT departments to
include raising the security IQ of all employees and improved
organisational processes
https://www.symantec.com/page.jsp?id=cyber-resilience
9. Slide 9 © First Base Technologies 2017
There is no silver bullet
Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
11. Slide 11 © First Base Technologies 2017
We have to be strategic
13. Slide 13 © First Base Technologies 2017
Cyber Resilience Strategy
A Cyber Resilience Strategy will permit you to withstand negative
impacts due to known, predictable, unknown, unpredictable,
uncertain and unexpected threats from activities in cyberspace
The ideal situation is one where you minimise the cost of controls,
responses and other cyber resilience activities, relative to the
spend needed to minimise the cost of negative impacts from
activities in cyberspace
Cyber security is a key element of being resilient, but you must
recognise that it goes far beyond just technical measures,
embracing people, processes, and technology
14. Slide 14 © First Base Technologies 2017
Key Issues
• Cyber Resilience requires recognition that you must prepare
now to deal with severe impacts from cyber threats that cannot
be predicted or prevented
• Cyber Resilience requires very high levels of partnering and
collaboration, including external collaboration (with ISPs,
intelligence agencies, industry groups, security analysts,
customers and supply chains), and internal collaboration
throughout the organisation
• Cyber Resilience requires you to have the agility to prevent,
detect and respond quickly and effectively, not just to
incidents, but also to the consequences of the incidents
15. Slide 15 © First Base Technologies 2017
Some Specifics - 1
• Good governance, including leadership, devolved decision-
making and appropriate escalation
• Nimble IT and information security responses, such as the
ability to increase capacity, or shut down, isolate or load
balance systems
• Up-to-date and well tested public relations policies, with key
issues decided in advance (such as the organisational stance
on issues, planned responses and media releases)
• Crisis preparedness: updated plans that have been rehearsed
and tested with real life simulations
16. Slide 16 © First Base Technologies 2017
Some Specifics - 2
• Human relations responses, such as dealing with inappropriate
use of social media, carelessness and criminal acts by insiders
• Investigative and forensic capability, to investigate and
conclude on what happened and have the evidence to prove it
• The ability to share information with ISPs, security analysts and
intelligence agencies
• Legal responses, to use the legal system to mitigate threats or
actions such as knowing how to shut down attacking servers
17. Slide 17 © First Base Technologies 2017
ISF Framework Model
18. Slide 18 © First Base Technologies 2017
Symantec’s Five Pillars
Prepare /
Identify
Protect Detect Respond Recover
19. Slide 19 © First Base Technologies 2017
Prepare / Identify
To successfully face and overcome an attack, you must thoroughly
understand your organisation’s security and risk posture.
This means painstakingly identifying your vital information,
conducting an assessment that includes all known security
vulnerabilities, and establishing a baseline which you will compare
with your peers.
Prepare /
Identify
Protect Detect Respond Recover
20. Slide 20 © First Base Technologies 2017
Prepare / Identify
· Improve visibility and understand your information and systems,
through asset and network discovery and mapping
· Understand your cyber risk posture through assessments and
simulations
· Identify and remediate vulnerabilities in your IT organization, including
your supply chain, where many cyber criminals seed attacks
· Map assets to vendor relationships
· Build awareness of the external threat landscape and understand how
to recognise if you are being targeted through comprehensive global
threat intelligence, correlation, and analysis capabilities
· Make users cyber-aware through regular and on-going education on
best practices and risky behaviour
· Ensure appropriate backup and recovery strategies are in place
21. Slide 21 © First Base Technologies 2017
Protect
The second pillar is about implementing safeguards to limit or
contain the impact of an attack or breach.
Your goal is to protect your infrastructure and data from malicious
attack and accidental exposure.
All three areas - people, processes, and technology - are
important to your protection.
Prepare /
Identify
Protect Detect Respond Recover
22. Slide 22 © First Base Technologies 2017
Protect
· Assess existing defences in the context of advanced threats and plan
improvements as necessary
· Conduct advanced penetration tests against Internet-facing services,
mobile endpoints and key internal systems
· Conduct penetration tests of mobile access and teleworking systems
· Evaluate and implement attack detection solutions across the
organisation
· Engage with line managers to ensure staff comply with security policies
· Evaluate technical monitoring systems to detect policy breaches
· Protect and govern information assets over their lifecycle, including
protecting from data loss or illegal access
23. Slide 23 © First Base Technologies 2017
Detect
The Detect pillar focuses on developing activities to rapidly
identify an attack or a breach, assess the systems that may be
affected, and ensure a timely response.
To effectively minimise any damage, you must have the necessary
detection and response policies, processes, and technologies in
place.
Prepare /
Identify
Protect Detect Respond Recover
24. Slide 24 © First Base Technologies 2017
Detect
· Develop systems and processes to identify attacks, assess affected
systems and ensure a timely response
· Implement network monitoring systems and correlate security events
with external threats
· Conduct regular reviews of detection and response strategies
· Evaluate third-party security monitoring, advanced threat protection
and incident response management services
· Plan how to resource the correlation of security intelligence with the IT
infrastructure to detect and remediate a potential issue before it
spreads
25. Slide 25 © First Base Technologies 2017
Respond
The Respond pillar addresses activities that accelerate
remediation and contain the impact of an attack once detected.
Whilst there are many solutions and services available to help,
much of what is needed involves people and processes internal to
your business.
Prepare /
Identify
Protect Detect Respond Recover
26. Slide 26 © First Base Technologies 2017
Respond
· Plan and implement a Computer Security Incident Response Team and
define roles and responsibilities
· Manage risk by measuring and tracking your cyber resilience,
including how well systems were protected during an attack
· Create a plan: outline how you intend to respond to cyber incidents
· Determine how response processes and procedures will be maintained
and tested
· Co-ordinate communications response activities, and understand how
analysis and mitigation activities will be performed
· Devise a system where ensures lessons learned are incorporated into
future response activities
27. Slide 27 © First Base Technologies 2017
Recover
This stage involves developing systems and plans to restore data
and services after an attack.
Even if you respond quickly to a cyber breach, there may be
consequences for people, processes and systems. An effective
recovery depends on a clear and thorough recovery plan.
Prepare /
Identify
Protect Detect Respond Recover
28. Slide 28 © First Base Technologies 2017
Recover
· Develop and implement systems and plans to restore any data and
services that may have been impacted during a cyber attack
· Ensure that your disaster recovery plans cover major cyber attacks as
well as system failures and natural disasters
· Consider cyber attack scenarios:
· Ransomware attacks
· Website hijack
· Remote access compromise
· Network-level infection
· Business Email Compromise
29. Slide 29 © First Base Technologies 2017
Getting started
30. Managed Services Compliance Testing
Cyber Readiness
Penetration Testing
Threat and Risk Cyber Awareness
Leading the way in cyber security
Since 1989