1. ACHIEVING CYBER RESILIENCE:
SECURING INFORMATION SHARING
NIRAN SERIKI, C|CISO, CISM, MSC (RHUL)
SENIOR CYBER SECURITY CONSULTANT, EU INSTITUTIONS
CHIEF INFORMATION SECURITY OFFICER (CISO),
SHEKINAH INFORMATION SECURITY CONSULTANCY LTD. UNITED KINGDOM.
DISCLAIMER:
All views expressed in these slides are strictly personal and do not represent the views
of any organisation I consult for.
2. ACHIEVING CYBER RESILIENCE: SECURING
INFORMATION SHARING
•Cyber Security, Cyber Threat, Cyber Response…Yes,
Cyber Resilience!
•Cyber Resilience, the added Value
•Spell out R-E-S-I-L-I-E-N-C-E to achieve Cyber Resilience
•Partnering and sharing - how much, how long, how done?
3. CYBER SECURITY, CYBER THREAT, CYBER
RESPONSE…YES, CYBER RESILIENCE!
•The whole idea of Cyber Resilience –
•Not about achieving 100% security, which is
practically impossible.
4. CYBER RESILIENCE, THE ADDED VALUE
•Cyber Resilience is about having a robust, tested
defence and response system in place to combat
cyber attacks.
•Goal is to minimise business disruption by all
means.
5. SPELL OUT R-E-S-I-L-I-E-N-C-E TO ACHIEVE CYBER RESILIENCE
• Register or record all corporate assets (Asset Management Program). You can only
protect what you know or aware exists.
• Education in form of regular & continuous user security awareness training
• SIEM (Security Incident & Events Management) is a “great to have”, though
complex to manage.
• Incident Response Team and efficient, tested, practical response plans &
processes.
• Learn from others, share with others.
• Intrusion Detection system helps with monitoring.
• Effective Vulnerability Management System coupled with good & timely patch
management.
• New changes go through the Change Management controls & procedures.
• Continual Improvement with the CIA (Confidentiality, Integrity & Availability)
focus.
• External Dependency & proper Vendor security vetting and management.
6. PARTNERING AND SHARING - HOW MUCH, HOW
LONG, HOW DONE?
• Great challenge is not necessarily in partnering but rather in SHARING.
• We all face a common enemy! Today is my Organisation, but tomorrow
may be yours.
• Suggestions:
• Sharing based on common interests
• Sharing based on same industry sector
• Sharing based on other forms of collaboration.
• Sharing is sometimes Vendor-based – the Vendor organising a forum
for clients to come together to share valuable information that could
everyone.