*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Transcription

1

2 Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

3

4 Chapter 3. Framework Implementation Relationship of the COBIT 5 Goals Cascade to the CSF Step 1: Prioritize and Scope Step 2: Orient, and Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment, Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan Action Plan Review Life Cycle Management NIST-Cybersecurity-Framework.aspx *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

5 Mark E.S. Bernard CyberSecurity Courses: White label Foundation Course: Subscription Mentorship Practitioner Course: *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

6 Mark E.S. Bernard, CRISC, CGEIT, CISA, CISM, CISSP, PM, ISO Lead Auditor, SABSA-F2 Information Security, Privacy, Governance,Risk Management, Compliance Consultant *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

7

8

9

10 Link; CyberSecurity Infographic. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

11 CyberSecurity Defined The Enterprise s Cyber Security Management System encompasses Governance, Risk Management, Internal Audit, Quality Management, Continuous Improvement, Incident Management, Vulnerability Management, Active Monitoring, Cryptographic Management, Identity and Access Management, Procurement and Supply Chain Management to be established to drive the CyberSecurity Program the brings value to the organization, resilience, and sustainable. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

12

13 Key takeaways from this research include: Cyber crimes are costly. We found that the average annualized cost of cyber crime for 234 organizations in our study is $7.2 million per year, with a range of $375,387 to $58 million. This represents an increase in cost of 30 percent from the consolidated global results of last year s cyber cost study. Cyber attacks have become common occurrences. The companies in our study experienced 343 successful attacks per week and 1.4 successful attacks per company per week.1 This represents an increase of 20 percent from last year s successful attack experience. Last year s study reported 262 successful attacks on average per week. The most costly cyber crimes are those caused by malicious insiders, denial of service and webbased attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions. Credits - October 2013 Ponemon Institute Research Report *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

14 Credits Cost of Data Breach Study: Global Analysis *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

15 Source: Credits Cost of Data Breach Study: Global Analysis *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

16 Source: Credits RedSocks 2015 Quarterly Report *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

17 Source: Link; *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

18 Source: FIPP Act clause 74 Financial penalties, ZERO! Source; BC Information and Privacy Commissionaire *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

19 Source: 3.7 Million Records worth $50.00 per on Black Market. Credit Report costs $ per record *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

20 Source: Link; *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

21 Source: Link; *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

22 The Most Significant Threats Link; *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

23 The Most Common Vulnerabilities Link; *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

24

25 DETECT *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

26 NIST /UK CyberSecurity Executive Overview Foundation Knowledge /Comprehension Practitioner Implementation /Maintenance Professional Design /Architecture ISO/IEC ITIL ISO/IEC 27001/2 ITIL EA - FEMA TOGAF Java ISO/IEC 9001 ISO/IEC ISO/IEC 9001 ISO/IEC CISSP CISM OSI ISO/IEC SIRT ISO/IEC SIRT GIAC CISA DBA ISO/IEC ISO ISO/IEC ISO CGEIT CRISC System Admin BS COSO ERM BS COSO ERM SABSA CISCO Programmer COBiT NIST COBiT NIST IBM SAP API RMCP HTRA Industry Standards RMCP HTRA PMP/Prince2 ORACLE TCP/IP ARC Buy In Blooms 1-2, Knowledge & Comprehension Blooms 3-4, Application & Analysis Blooms 5-6, Synthesis & Evaluation Work-stream Leaders Managers /PM Subject Matter Experts Notes: other considerations Accounting skills, communications, skills & competencies, procurement, strategic planning, etc *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

27 The knowledge transfer process will establish a link between our instructional objectives and your knowledge deliverables. During the knowledge transfer process we will improve three predominant skills, they are as follows: Cognitive; intellectual outcomes; Psychomotor; new physical skills; and Affective; attitudes, values, beliefs. Step 1 Step 2 Step 3 Step 4 Knowledge Comprehension Application Analysis *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

28

29

30 Defense Industrial Base Emergency Services Commercial Facilities Communications Critical Manufacturing Chemical Dams Energy Financial Services Food and Agriculture Government Facilities Healthcare and Public Health Information Technology Nuclear Reactors, Materials, and Waste Transportation Systems Water and Wastewater Systems *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

31

32

33 The NIST CyberSecurity Foundation course comprises the following Processes. Identify: Business Environment, Governance, Risk Management Strategy, Risk Assessment, Asset Management Protect : Access Control, Awareness Training, Data Security, Information Protection Processes and Procedures, Maintenance, Protective Technology Detect: Anomalies and events, Security Continuous Monitoring, Detection Processes. Respond: Response Planning, Communications, Analysis, Mitigation, Improvements. Recover: Recovery Planning, Improvements, Communications. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51 NIST CyberSecurity Framework Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience ISO Information Security Management System ITIL Service Management ISO 9001 Quality Management Systems RCMP HTRA Harmonized Threat Risk Assessment COSO Enterprise Risk Management Integrated Framework Carnegie Mellon CSIRT (Computer Security Incident Response Team) COBIT5 Control Objectives for Information and Related Technology ISO Risk Management Principles and Guidelines ISO Information Technology Service Management Concepts and Terminology ISO Governance Corporate Governance of Information Technology ISO Environmental Management Systems ISO Occupational Health and Safety ISO Requirements for a Food Safety Management System ISO Asset Management and Supply Chain ISO Supply Chain Security Management Standard Carnegie Mellon Defence-in-Depth: Foundations for Secure and Resilient IT Enterprises Carnegie Mellon Software Development Life Cycle BS Business Continuity *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

52 For more information contact /skype; *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***