SlideShare une entreprise Scribd logo

Introduction to Cyber Resilience

Peter Wood
Peter Wood

This document discusses cyber resilience and provides guidance on developing a cyber resilience strategy. It defines cyber resilience as an organization's ability to continue operations despite adverse cyber events. The document recommends that organizations implement the five pillars of cyber resilience: prepare/identify, protect, detect, respond, and recover. For each pillar, it provides examples of specific activities organizations can undertake such as conducting risk assessments, implementing security controls, establishing incident response plans, and developing disaster recovery processes. The overall message is that cyber resilience requires a strategic, comprehensive approach across people, processes, and technologies to withstand various cyber threats.

Internet
1  sur  31
Télécharger pour lire hors ligne
Cyber Resilience for Dummies Leading the way in cyber security Since 1989 Peter Wood Chief Executive Officer First Base Technologies LLP (with apologies to John Wiley & Sons)
Founder and Chief Executive - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS • Chartered IT Professional • CISSP • Member of the Institute of Information Security Professionals • 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group • Senior Member of the Information Systems Security Association (ISSA) • Member of the BCS Information Risk Management and Assurance Group • Founder of white-hats.co.uk • Member of ACM, IEEE, Institute of Directors , Mensa Peter Wood Leading the way in cyber security Since 1989
Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
What is Cyber Resilience? Leading the way in cyber security Since 1989
Slide 5 © First Base Technologies 2017 Wikipedia’s definition Cyber Resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events Cyber Resilience is an evolving perspective that is rapidly gaining recognition The concept essentially brings the areas of information security, business continuity and (organisational) resilience together https://en.wikipedia.org/wiki/Cyber_Resilience
Slide 6 © First Base Technologies 2017 Information Security Forum’s guidance Organisations should develop a business plan to exploit cyberspace that identifies threats, considers the limitations of IT and information security, and develops cyber resilience Cyberspace is critical to most organisations today; disconnecting is not an option By implementing the ISF Cyber Resilience Framework organisations can develop cyber resilience and be better able to withstand impacts from evolving cyber threats. Only then can organisations safely realise the benefits of cyberspace.
Slide 7 © First Base Technologies 2017 Symantec’s guidance Cyber Resilience is about the management not the elimination of risk Not only is eliminating risk impossible, but it impedes agility; an environment with an acceptable level of risk supports innovation Knowledge is power; cyber resilient organisations recognise that security needs to go beyond systems, software or IT departments to include raising the security IQ of all employees and improved organisational processes https://www.symantec.com/page.jsp?id=cyber-resilience
Why Cyber Resilience? Leading the way in cyber security Since 1989
Slide 9 © First Base Technologies 2017 There is no silver bullet Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
Slide 10 © First Base Technologies 2017
Slide 11 © First Base Technologies 2017 We have to be strategic
A Cyber Resilience Strategy Leading the way in cyber security Since 1989
Slide 13 © First Base Technologies 2017 Cyber Resilience Strategy A Cyber Resilience Strategy will permit you to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace The ideal situation is one where you minimise the cost of controls, responses and other cyber resilience activities, relative to the spend needed to minimise the cost of negative impacts from activities in cyberspace Cyber security is a key element of being resilient, but you must recognise that it goes far beyond just technical measures, embracing people, processes, and technology
Slide 14 © First Base Technologies 2017 Key Issues • Cyber Resilience requires recognition that you must prepare now to deal with severe impacts from cyber threats that cannot be predicted or prevented • Cyber Resilience requires very high levels of partnering and collaboration, including external collaboration (with ISPs, intelligence agencies, industry groups, security analysts, customers and supply chains), and internal collaboration throughout the organisation • Cyber Resilience requires you to have the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents
Slide 15 © First Base Technologies 2017 Some Specifics - 1 • Good governance, including leadership, devolved decision- making and appropriate escalation • Nimble IT and information security responses, such as the ability to increase capacity, or shut down, isolate or load balance systems • Up-to-date and well tested public relations policies, with key issues decided in advance (such as the organisational stance on issues, planned responses and media releases) • Crisis preparedness: updated plans that have been rehearsed and tested with real life simulations
Slide 16 © First Base Technologies 2017 Some Specifics - 2 • Human relations responses, such as dealing with inappropriate use of social media, carelessness and criminal acts by insiders • Investigative and forensic capability, to investigate and conclude on what happened and have the evidence to prove it • The ability to share information with ISPs, security analysts and intelligence agencies • Legal responses, to use the legal system to mitigate threats or actions such as knowing how to shut down attacking servers
Slide 17 © First Base Technologies 2017 ISF Framework Model
Slide 18 © First Base Technologies 2017 Symantec’s Five Pillars Prepare / Identify Protect Detect Respond Recover
Slide 19 © First Base Technologies 2017 Prepare / Identify To successfully face and overcome an attack, you must thoroughly understand your organisation’s security and risk posture. This means painstakingly identifying your vital information, conducting an assessment that includes all known security vulnerabilities, and establishing a baseline which you will compare with your peers. Prepare / Identify Protect Detect Respond Recover
Slide 20 © First Base Technologies 2017 Prepare / Identify · Improve visibility and understand your information and systems, through asset and network discovery and mapping · Understand your cyber risk posture through assessments and simulations · Identify and remediate vulnerabilities in your IT organization, including your supply chain, where many cyber criminals seed attacks · Map assets to vendor relationships · Build awareness of the external threat landscape and understand how to recognise if you are being targeted through comprehensive global threat intelligence, correlation, and analysis capabilities · Make users cyber-aware through regular and on-going education on best practices and risky behaviour · Ensure appropriate backup and recovery strategies are in place
Slide 21 © First Base Technologies 2017 Protect The second pillar is about implementing safeguards to limit or contain the impact of an attack or breach. Your goal is to protect your infrastructure and data from malicious attack and accidental exposure. All three areas - people, processes, and technology - are important to your protection. Prepare / Identify Protect Detect Respond Recover
Slide 22 © First Base Technologies 2017 Protect · Assess existing defences in the context of advanced threats and plan improvements as necessary · Conduct advanced penetration tests against Internet-facing services, mobile endpoints and key internal systems · Conduct penetration tests of mobile access and teleworking systems · Evaluate and implement attack detection solutions across the organisation · Engage with line managers to ensure staff comply with security policies · Evaluate technical monitoring systems to detect policy breaches · Protect and govern information assets over their lifecycle, including protecting from data loss or illegal access
Slide 23 © First Base Technologies 2017 Detect The Detect pillar focuses on developing activities to rapidly identify an attack or a breach, assess the systems that may be affected, and ensure a timely response. To effectively minimise any damage, you must have the necessary detection and response policies, processes, and technologies in place. Prepare / Identify Protect Detect Respond Recover
Slide 24 © First Base Technologies 2017 Detect · Develop systems and processes to identify attacks, assess affected systems and ensure a timely response · Implement network monitoring systems and correlate security events with external threats · Conduct regular reviews of detection and response strategies · Evaluate third-party security monitoring, advanced threat protection and incident response management services · Plan how to resource the correlation of security intelligence with the IT infrastructure to detect and remediate a potential issue before it spreads
Slide 25 © First Base Technologies 2017 Respond The Respond pillar addresses activities that accelerate remediation and contain the impact of an attack once detected. Whilst there are many solutions and services available to help, much of what is needed involves people and processes internal to your business. Prepare / Identify Protect Detect Respond Recover
Slide 26 © First Base Technologies 2017 Respond · Plan and implement a Computer Security Incident Response Team and define roles and responsibilities · Manage risk by measuring and tracking your cyber resilience, including how well systems were protected during an attack · Create a plan: outline how you intend to respond to cyber incidents · Determine how response processes and procedures will be maintained and tested · Co-ordinate communications response activities, and understand how analysis and mitigation activities will be performed · Devise a system where ensures lessons learned are incorporated into future response activities
Slide 27 © First Base Technologies 2017 Recover This stage involves developing systems and plans to restore data and services after an attack. Even if you respond quickly to a cyber breach, there may be consequences for people, processes and systems. An effective recovery depends on a clear and thorough recovery plan. Prepare / Identify Protect Detect Respond Recover
Slide 28 © First Base Technologies 2017 Recover · Develop and implement systems and plans to restore any data and services that may have been impacted during a cyber attack · Ensure that your disaster recovery plans cover major cyber attacks as well as system failures and natural disasters · Consider cyber attack scenarios: · Ransomware attacks · Website hijack · Remote access compromise · Network-level infection · Business Email Compromise
Slide 29 © First Base Technologies 2017 Getting started
Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
peter@firstbase.co.uk http://firstbase.co.uk twitter: @FBTechies Thank you! Peter Wood Chief Executive Officer First Base Technologies LLP Leading the way in cyber security Since 1989

Recommandé

Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 

Recommandé

Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic View
Cisco Canada
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
BeyondTrust
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
BCM Institute
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
yoroflowproduct
 

Contenu connexe

Tendances

Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic View
Cisco Canada
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

Tendances (20)

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic View
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 

Similaire à Introduction to Cyber Resilience

Similaire à Introduction to Cyber Resilience (20)

The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
Cybersecurity.pdf
Cybersecurity.pdfCybersecurity.pdf
Cybersecurity.pdf
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
CCA study group
CCA study groupCCA study group
CCA study group
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
 

Plus de Peter Wood

Plus de Peter Wood (20)

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 

Dernier

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 

Dernier (20)

20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 

Introduction to Cyber Resilience

  • 1. Cyber Resilience for Dummies Leading the way in cyber security Since 1989 Peter Wood Chief Executive Officer First Base Technologies LLP (with apologies to John Wiley & Sons)
  • 2. Founder and Chief Executive - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS • Chartered IT Professional • CISSP • Member of the Institute of Information Security Professionals • 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group • Senior Member of the Information Systems Security Association (ISSA) • Member of the BCS Information Risk Management and Assurance Group • Founder of white-hats.co.uk • Member of ACM, IEEE, Institute of Directors , Mensa Peter Wood Leading the way in cyber security Since 1989
  • 3. Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
  • 4. What is Cyber Resilience? Leading the way in cyber security Since 1989
  • 5. Slide 5 © First Base Technologies 2017 Wikipedia’s definition Cyber Resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events Cyber Resilience is an evolving perspective that is rapidly gaining recognition The concept essentially brings the areas of information security, business continuity and (organisational) resilience together https://en.wikipedia.org/wiki/Cyber_Resilience
  • 6. Slide 6 © First Base Technologies 2017 Information Security Forum’s guidance Organisations should develop a business plan to exploit cyberspace that identifies threats, considers the limitations of IT and information security, and develops cyber resilience Cyberspace is critical to most organisations today; disconnecting is not an option By implementing the ISF Cyber Resilience Framework organisations can develop cyber resilience and be better able to withstand impacts from evolving cyber threats. Only then can organisations safely realise the benefits of cyberspace.
  • 7. Slide 7 © First Base Technologies 2017 Symantec’s guidance Cyber Resilience is about the management not the elimination of risk Not only is eliminating risk impossible, but it impedes agility; an environment with an acceptable level of risk supports innovation Knowledge is power; cyber resilient organisations recognise that security needs to go beyond systems, software or IT departments to include raising the security IQ of all employees and improved organisational processes https://www.symantec.com/page.jsp?id=cyber-resilience
  • 8. Why Cyber Resilience? Leading the way in cyber security Since 1989
  • 9. Slide 9 © First Base Technologies 2017 There is no silver bullet Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
  • 10. Slide 10 © First Base Technologies 2017
  • 11. Slide 11 © First Base Technologies 2017 We have to be strategic
  • 12. A Cyber Resilience Strategy Leading the way in cyber security Since 1989
  • 13. Slide 13 © First Base Technologies 2017 Cyber Resilience Strategy A Cyber Resilience Strategy will permit you to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace The ideal situation is one where you minimise the cost of controls, responses and other cyber resilience activities, relative to the spend needed to minimise the cost of negative impacts from activities in cyberspace Cyber security is a key element of being resilient, but you must recognise that it goes far beyond just technical measures, embracing people, processes, and technology
  • 14. Slide 14 © First Base Technologies 2017 Key Issues • Cyber Resilience requires recognition that you must prepare now to deal with severe impacts from cyber threats that cannot be predicted or prevented • Cyber Resilience requires very high levels of partnering and collaboration, including external collaboration (with ISPs, intelligence agencies, industry groups, security analysts, customers and supply chains), and internal collaboration throughout the organisation • Cyber Resilience requires you to have the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents
  • 15. Slide 15 © First Base Technologies 2017 Some Specifics - 1 • Good governance, including leadership, devolved decision- making and appropriate escalation • Nimble IT and information security responses, such as the ability to increase capacity, or shut down, isolate or load balance systems • Up-to-date and well tested public relations policies, with key issues decided in advance (such as the organisational stance on issues, planned responses and media releases) • Crisis preparedness: updated plans that have been rehearsed and tested with real life simulations
  • 16. Slide 16 © First Base Technologies 2017 Some Specifics - 2 • Human relations responses, such as dealing with inappropriate use of social media, carelessness and criminal acts by insiders • Investigative and forensic capability, to investigate and conclude on what happened and have the evidence to prove it • The ability to share information with ISPs, security analysts and intelligence agencies • Legal responses, to use the legal system to mitigate threats or actions such as knowing how to shut down attacking servers
  • 17. Slide 17 © First Base Technologies 2017 ISF Framework Model
  • 18. Slide 18 © First Base Technologies 2017 Symantec’s Five Pillars Prepare / Identify Protect Detect Respond Recover
  • 19. Slide 19 © First Base Technologies 2017 Prepare / Identify To successfully face and overcome an attack, you must thoroughly understand your organisation’s security and risk posture. This means painstakingly identifying your vital information, conducting an assessment that includes all known security vulnerabilities, and establishing a baseline which you will compare with your peers. Prepare / Identify Protect Detect Respond Recover
  • 20. Slide 20 © First Base Technologies 2017 Prepare / Identify · Improve visibility and understand your information and systems, through asset and network discovery and mapping · Understand your cyber risk posture through assessments and simulations · Identify and remediate vulnerabilities in your IT organization, including your supply chain, where many cyber criminals seed attacks · Map assets to vendor relationships · Build awareness of the external threat landscape and understand how to recognise if you are being targeted through comprehensive global threat intelligence, correlation, and analysis capabilities · Make users cyber-aware through regular and on-going education on best practices and risky behaviour · Ensure appropriate backup and recovery strategies are in place
  • 21. Slide 21 © First Base Technologies 2017 Protect The second pillar is about implementing safeguards to limit or contain the impact of an attack or breach. Your goal is to protect your infrastructure and data from malicious attack and accidental exposure. All three areas - people, processes, and technology - are important to your protection. Prepare / Identify Protect Detect Respond Recover
  • 22. Slide 22 © First Base Technologies 2017 Protect · Assess existing defences in the context of advanced threats and plan improvements as necessary · Conduct advanced penetration tests against Internet-facing services, mobile endpoints and key internal systems · Conduct penetration tests of mobile access and teleworking systems · Evaluate and implement attack detection solutions across the organisation · Engage with line managers to ensure staff comply with security policies · Evaluate technical monitoring systems to detect policy breaches · Protect and govern information assets over their lifecycle, including protecting from data loss or illegal access
  • 23. Slide 23 © First Base Technologies 2017 Detect The Detect pillar focuses on developing activities to rapidly identify an attack or a breach, assess the systems that may be affected, and ensure a timely response. To effectively minimise any damage, you must have the necessary detection and response policies, processes, and technologies in place. Prepare / Identify Protect Detect Respond Recover
  • 24. Slide 24 © First Base Technologies 2017 Detect · Develop systems and processes to identify attacks, assess affected systems and ensure a timely response · Implement network monitoring systems and correlate security events with external threats · Conduct regular reviews of detection and response strategies · Evaluate third-party security monitoring, advanced threat protection and incident response management services · Plan how to resource the correlation of security intelligence with the IT infrastructure to detect and remediate a potential issue before it spreads
  • 25. Slide 25 © First Base Technologies 2017 Respond The Respond pillar addresses activities that accelerate remediation and contain the impact of an attack once detected. Whilst there are many solutions and services available to help, much of what is needed involves people and processes internal to your business. Prepare / Identify Protect Detect Respond Recover
  • 26. Slide 26 © First Base Technologies 2017 Respond · Plan and implement a Computer Security Incident Response Team and define roles and responsibilities · Manage risk by measuring and tracking your cyber resilience, including how well systems were protected during an attack · Create a plan: outline how you intend to respond to cyber incidents · Determine how response processes and procedures will be maintained and tested · Co-ordinate communications response activities, and understand how analysis and mitigation activities will be performed · Devise a system where ensures lessons learned are incorporated into future response activities
  • 27. Slide 27 © First Base Technologies 2017 Recover This stage involves developing systems and plans to restore data and services after an attack. Even if you respond quickly to a cyber breach, there may be consequences for people, processes and systems. An effective recovery depends on a clear and thorough recovery plan. Prepare / Identify Protect Detect Respond Recover
  • 28. Slide 28 © First Base Technologies 2017 Recover · Develop and implement systems and plans to restore any data and services that may have been impacted during a cyber attack · Ensure that your disaster recovery plans cover major cyber attacks as well as system failures and natural disasters · Consider cyber attack scenarios: · Ransomware attacks · Website hijack · Remote access compromise · Network-level infection · Business Email Compromise
  • 29. Slide 29 © First Base Technologies 2017 Getting started
  • 30. Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
  • 31. peter@firstbase.co.uk http://firstbase.co.uk twitter: @FBTechies Thank you! Peter Wood Chief Executive Officer First Base Technologies LLP Leading the way in cyber security Since 1989