SlideShare une entreprise Scribd logo
1  sur  25
Télécharger pour lire hors ligne
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 1
Mark Chaplin
Information Security Forum
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 2
Agenda
1. About the Information Security Forum
2. Context – Business operations
3. Drivers for cyber security
4. Cyber threat landscape
5. Cyber security challenges
6. The role of cyber risk management
7. Cyber security programme – Key ingredients
8. Building a cyber security programme
9. Remaining business and risk focused
10. Getting started – 5 takeaways
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 3
We are an international association of over 480 leading global organisations
(Fortune 500/Forbes 2000), which...
• addresses key issues in information risk management through research and collaboration
• develops practical tools and guidance
• remains a fully independent, not-for-profit organisation driven by its Members
• promotes networking within its Membership.
Our Members include over 99 international banks and financial institutions
T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y
A N D I N F O R M AT I O N R I S K M A N A G E M E N T
About the Information Security Forum (ISF)
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 4
ISF services help business leaders and information security
practitioners to address business issues across the enterprise
What are the issues faced by:
• Board Members
• Chief Information Security Officers
• Information Security Managers
• Business Managers
• IT Managers and Technical Staff
• Internal and External Auditors
• IT Service Providers
• Procurement and Vendor Management Teams
• Understanding cyber risk as a key component of the business
strategy
• Mounting volumes of critical and sensitive information
• Increasing economic, legal and regulatory pressures
• Greater focus on privacy and data protection
• Increased dependency on the supply chain
• Need to be agile and competitive
• Changing culture of end users
• Increased use of diverse technology
• Business impact of incidents
• Emerging and changing threats
• Globalisation and cyber security
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 5
Context – Business operations
• Strategy
• Commerce
• Products and services
• Supply chain
• Workforce
• Location and premises
• Power and telecommunications
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 6
Drivers – Board expectations
1. Preparedness for a crisis
2. Situational awareness
3. Basic cyber protection measures
4. Resilience
5. Proven and effective risk
management
6. Good practice in security
governance
7. Assurance
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 7
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 8
Technology
• Legacy to emerging
• Information technology to operational technology
• Cloud / Virtualisation
• Artificial intelligence / Quantum computing
• Blockchain / Internet of Things
Every second
• 4,193 Skype calls
• 81GB of Internet traffic
• 78,000 Google searches
• 81,000 YouTube videos viewed
• 2,851,735 emails sent
Drivers - Information and technology
https://www.internetlivestats.com
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 9
The Wall Street Journal, The Guardian Weekly, China Daily, The Straits Times, UCL European Institute, The Washington Post
Drivers - Information and technology
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 10
Cyber threat landscape
www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
2009 2019
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 11
World’s Biggest Data Breaches & Hacks
InformationIsBeautiful.net using data from Identity Theft Resource Center and DataBreaches.net
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 12
Cyber threat landscape
New York Times, Wired Magazine, Reuters, Foreignpolicy.com, BBC, The Independent, The Telegraph, The Washington Post, The Huffington Post, The Guardian Nigeria, Arab News, Energy Voice
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 13
Profit-driven attacks
FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 14
Major financially-motivated breaches
Privacy Rights Clearinghouse Data Breaches
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 15
Tangible loss from cyber attacks
FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 16
Cyber security challenges
• Poor terminology
• Insufficient quality/validate
risk data
• Focus on assessment not
management
• Lack of integration with
business risk management
• Inadequate tooling
• Difficulties interpreting
data, communicating risk
and making key business
decisions
• Measurement of the wrong
data points
• Limited to no assurance of
risk management
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 17
• Reduce uncertainty
• Quantify risk in terms of
clear probability and
magnitude
• Inform decision making
• Prioritise actions
• Improve/direct spending
• Manage expectations
• Prevent bad things from
happening
• Achieve perfect (100%) security
• Reduce loss to zero
• Demonstrate compliance
• Support a subjective need
• Make people feel comfortable
• Identify scapegoats
The role of cyber risk management
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 18
Cyber risk management objectives
1. Reduce the frequency of
successful cyber threat events
2. Reduce the financial loss of
cyber loss events
©2018 Information Security Forum Limited
How to Build a Successful Cyber Security Program 19
Cyber security programme – Key ingredients
• Governance
• Management
• Methodology
• Architecture / Control framework
• Tooling
• Measurement and analysis
• Visualisation / Communication
• Decision support and action
• Assurance and improvement
• Supply chain
• Resilience
• Asset management
• Business process mapping
• Event management and metrics
• Threat and vulnerability
management
• Audit/assessments
• Incident management
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 20
Benefits of applying a business and risk-based
approach
1. More consistent use of risk management language with key decision-makers
2. Greater understanding of the threat landscape and corresponding losses
3. Justified confidence in the adequacy of the methodology
4. Effective use of risk appetite (aversion / tolerance)
5. Integration with broader risk management disciplines and practices
6. Continuous evaluation and improvement
7. Target spending, reduce exposure and minimise waste
8. Improve decision-making with cost-benefit analysis
9. Reduce subjectivity and increase objectivity
10. Accurately measure, aggregate and quantify cyber risk
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 21
Remaining business and risk focused
Objectives
Approach
Purpose
People
Activity
Communication
Measurement
CEO and
Leadership Team
CISO and
Security Function
©2019 Information Security Forum Limited
How to Build a Successful Cyber Security Program 22
Getting started – 5 take-aways
1. Test and update cyber incident / crisis management capabilities
2. Improve basic cyber protection
3. Establish cyber situational awareness
4. Focus on reducing the frequency of adverse cyber events and
the subsequent financial loss, when they occur
5. Provide continuous assurance of cyber risk mitigation
How to Build a Successful Cybersecurity Program?
ISO/IEC 27032
Training Courses
• ISO/IEC 27032 Introduction
1 Day Course
• ISO/IEC 27032 Foundation
2 Days Course
• ISO/IEC 27032 Lead Cybersecurity
Manager
5 Days Course
Exam and certification fees are included in the training price.
www.pecb.com/en/education-and-certification-for-individuals/iso-iec-
27032
www.pecb.com/events
THANK YOU
?
mark.chaplin@securityforum.org linkedin.com/in/markchaplin

Contenu connexe

Tendances

Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 

Tendances (20)

Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 

Similaire à How to Build a Successful Cybersecurity Program?

Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceLeonardo
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsWynyard Group
 
wkshp26mar19_presentation.pdf
wkshp26mar19_presentation.pdfwkshp26mar19_presentation.pdf
wkshp26mar19_presentation.pdfMeirZushnov1
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Pierre Audoin Consultants
 
How to Centre your PCI Programme Around your Business Objective - SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud How to Centre your PCI Programme Around your Business Objective - SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud SureCloud
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondNandita Nityanandam
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy ProgramSamir Pawaskar
 

Similaire à How to Build a Successful Cybersecurity Program? (20)

Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain Assurance
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teams
 
wkshp26mar19_presentation.pdf
wkshp26mar19_presentation.pdfwkshp26mar19_presentation.pdf
wkshp26mar19_presentation.pdf
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
 
How to Centre your PCI Programme Around your Business Objective - SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud How to Centre your PCI Programme Around your Business Objective - SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy Program
 

Plus de PECB

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 

Plus de PECB (20)

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 

Dernier

Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsEugene Lysak
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17Celine George
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.raviapr7
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxraviapr7
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapitolTechU
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17Celine George
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxSaurabhParmar42
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice documentXsasf Sfdfasd
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 

Dernier (20)

Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George Wells
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptx
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptx
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptx
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice document
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 

How to Build a Successful Cybersecurity Program?

  • 1. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 1 Mark Chaplin Information Security Forum
  • 2. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 2 Agenda 1. About the Information Security Forum 2. Context – Business operations 3. Drivers for cyber security 4. Cyber threat landscape 5. Cyber security challenges 6. The role of cyber risk management 7. Cyber security programme – Key ingredients 8. Building a cyber security programme 9. Remaining business and risk focused 10. Getting started – 5 takeaways
  • 3. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 3 We are an international association of over 480 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. Our Members include over 99 international banks and financial institutions T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the Information Security Forum (ISF)
  • 4. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 4 ISF services help business leaders and information security practitioners to address business issues across the enterprise What are the issues faced by: • Board Members • Chief Information Security Officers • Information Security Managers • Business Managers • IT Managers and Technical Staff • Internal and External Auditors • IT Service Providers • Procurement and Vendor Management Teams • Understanding cyber risk as a key component of the business strategy • Mounting volumes of critical and sensitive information • Increasing economic, legal and regulatory pressures • Greater focus on privacy and data protection • Increased dependency on the supply chain • Need to be agile and competitive • Changing culture of end users • Increased use of diverse technology • Business impact of incidents • Emerging and changing threats • Globalisation and cyber security
  • 5. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 5 Context – Business operations • Strategy • Commerce • Products and services • Supply chain • Workforce • Location and premises • Power and telecommunications
  • 6. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 6 Drivers – Board expectations 1. Preparedness for a crisis 2. Situational awareness 3. Basic cyber protection measures 4. Resilience 5. Proven and effective risk management 6. Good practice in security governance 7. Assurance
  • 7. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 7
  • 8. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 8 Technology • Legacy to emerging • Information technology to operational technology • Cloud / Virtualisation • Artificial intelligence / Quantum computing • Blockchain / Internet of Things Every second • 4,193 Skype calls • 81GB of Internet traffic • 78,000 Google searches • 81,000 YouTube videos viewed • 2,851,735 emails sent Drivers - Information and technology https://www.internetlivestats.com
  • 9. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 9 The Wall Street Journal, The Guardian Weekly, China Daily, The Straits Times, UCL European Institute, The Washington Post Drivers - Information and technology
  • 10. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 10 Cyber threat landscape www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 2009 2019
  • 11. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 11 World’s Biggest Data Breaches & Hacks InformationIsBeautiful.net using data from Identity Theft Resource Center and DataBreaches.net
  • 12. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 12 Cyber threat landscape New York Times, Wired Magazine, Reuters, Foreignpolicy.com, BBC, The Independent, The Telegraph, The Washington Post, The Huffington Post, The Guardian Nigeria, Arab News, Energy Voice
  • 13. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 13 Profit-driven attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
  • 14. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 14 Major financially-motivated breaches Privacy Rights Clearinghouse Data Breaches
  • 15. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 15 Tangible loss from cyber attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
  • 16. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 16 Cyber security challenges • Poor terminology • Insufficient quality/validate risk data • Focus on assessment not management • Lack of integration with business risk management • Inadequate tooling • Difficulties interpreting data, communicating risk and making key business decisions • Measurement of the wrong data points • Limited to no assurance of risk management
  • 17. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 17 • Reduce uncertainty • Quantify risk in terms of clear probability and magnitude • Inform decision making • Prioritise actions • Improve/direct spending • Manage expectations • Prevent bad things from happening • Achieve perfect (100%) security • Reduce loss to zero • Demonstrate compliance • Support a subjective need • Make people feel comfortable • Identify scapegoats The role of cyber risk management
  • 18. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 18 Cyber risk management objectives 1. Reduce the frequency of successful cyber threat events 2. Reduce the financial loss of cyber loss events
  • 19. ©2018 Information Security Forum Limited How to Build a Successful Cyber Security Program 19 Cyber security programme – Key ingredients • Governance • Management • Methodology • Architecture / Control framework • Tooling • Measurement and analysis • Visualisation / Communication • Decision support and action • Assurance and improvement • Supply chain • Resilience • Asset management • Business process mapping • Event management and metrics • Threat and vulnerability management • Audit/assessments • Incident management
  • 20. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 20 Benefits of applying a business and risk-based approach 1. More consistent use of risk management language with key decision-makers 2. Greater understanding of the threat landscape and corresponding losses 3. Justified confidence in the adequacy of the methodology 4. Effective use of risk appetite (aversion / tolerance) 5. Integration with broader risk management disciplines and practices 6. Continuous evaluation and improvement 7. Target spending, reduce exposure and minimise waste 8. Improve decision-making with cost-benefit analysis 9. Reduce subjectivity and increase objectivity 10. Accurately measure, aggregate and quantify cyber risk
  • 21. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 21 Remaining business and risk focused Objectives Approach Purpose People Activity Communication Measurement CEO and Leadership Team CISO and Security Function
  • 22. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 22 Getting started – 5 take-aways 1. Test and update cyber incident / crisis management capabilities 2. Improve basic cyber protection 3. Establish cyber situational awareness 4. Focus on reducing the frequency of adverse cyber events and the subsequent financial loss, when they occur 5. Provide continuous assurance of cyber risk mitigation
  • 24. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec- 27032 www.pecb.com/events

Notes de l'éditeur

  1. 3