MCGlobalTech presentation to manufacturing sector executives on managing cybersecurity risks by implementing an enterprise information security management program.

1. 1
Mission Critical Global
Technology Group
(MCGlobalTech)
Managing Security
Risks in Manufacturing

2. 2
Manufacturing Threat Landscape Increasing
• Symantec reports that manufacturing was the most
targeted sector in 2012, accounting for 24% of all targeted
attacks. ermined; and (iv) monitor risk on an ongoing
basis.

3. 3
Manufacturing Threat Landscape Increasing
• Symantec’s Internet Security Report 2013 reports that
manufacturing was the most targeted sector in 2012,
accounting for 24% of all targeted attacks.
• Verizon’s 2014 Data Breach Investigations Report
identified Manufacturing as one of the most victimized
industries by hackers, with companies of all sizes equally
targeted.
• National Association of Manufacturers estimate that
$239.9 billion in revenue has been lost to cyber-piracy
over the past 10 years.

4. 4
Manufacturing and Cyber Espionage

5. 5
Frequency of Security Incidents

6. 6
Proactive Approach to Addressing Risks
Implementing an Enterprise Risk Management Program
allows Manufacturers to:
1. Understand the threat facing their organizations
2. Understand their business and technical environments relative
the threat
3. Identify and asses weakness that exists in defenses around
critical business assets including information, systems and
people
4. Proactively mitigate the risk to business operations, reputation
and profits

7. 7
Enterprise Risk Management Program
Enterprise Risk Management is a:
• Comprehensive process that requires organizations to: (i)
frame risk (i.e., establish the context for risk-based
decisions); (ii) assess risk; (iii) respond to risk once
determined; and (iv) monitor risk on an ongoing basis.
Underlying Principles:
• Every entity, whether for-profit or not, exists to realize
value for its stakeholders.
• Value is created, preserved, or eroded by management
decisions in all activities, from setting strategy to operating
the enterprise day-to-day.

8. 8
Risk Management Levels
• Organization Level
– Governance:
• Senior Leadership responsible for an organization’s mission
ensuring that the risks are managed appropriately and the
resources are used responsibly
– Risk Management Strategy
• Strategic-level decisions and considerations on how senior
leaders/executives are to manage information security risk to
organizational operations, assets and individuals

9. 9
Risk Management Levels
• Mission/Business Process Level
– Identify and establish risk-aware mission/business
processes
– The understanding of Senior Leadership on:
• Types of threats sources and events
• Potential adverse impacts/consequences
• Resilience of information technology to a compromise
– Key output: Risk Response Strategy

10. 10
Risk Management Levels
• Information Systems Level
– Risk Management incorporated in all system life
cycles, including procurement and disposal
– Risk Management activities reflect organization’s risk
management strategy and addresses any risk related
to cost, schedule and performance requirements for
individual information systems.
– Key output: Risk Management Reports

11. 11
Additional Fundamental Components
• Trust and Trustworthiness
– Establishing trust among organizations
– Trustworthiness of information systems
• Organizational Culture
– Values, beliefs, and norms that influence behavior
• Relationship Among Key Risk Concepts
– Governance, Risk Tolerance, and Trust

12. 12
MCGlobalTech EISM Program

13. 13
Questions

14. 14
Contact Us
Mission Critical Global Technology Group
1776 I Street, NW
Washington, District of Columbia 20006
Phone: 571-249-3932
Email: Info@mcglobaltech.com
William McBorrough Morris Cody
Managing Principal Managing Principal
wjm4@mcglobaltech.com mcody@mcglobaltech.com