A View From the Top. Mark Hughes BT Group Security Director

Transcription

1 A View From the Top Mark Hughes BT Group Security Director

2 Global Issues End to End Global Solutions = Global Coverage Standards & Technologies Threats Mergers & Acquisitions Markets Outsourcing & Supply Chain Security Regulation

3 Corporate Strategy requires confidence in our security and continuity in a changing and challenging world

4 Global Expansion 169 countries by end 2008 Adding 1 new city every 10 days 160,000 customer sites already connected Connecting 6,000 customer sites per month The broadest, biggest, richest 21 st Century Network

5 BT s Ecosystem Changing world. Aggressive Acquisition policy Increased international presence Flexible, Global sourcing De-regulation, compliance Other communications providers 109k Global Employees, around 250k participants in BT Ecosystem

6 Opportunities to enhance resilience using networked IT Social distancing remote working Agility and mobility flexibility Audio, video and web conferencing Data storage high availability services Managed online presence extra, intra and internet services

7 The Challenge What is it For whom How do we go about it What does good look like and how do we know if we are there

8 A TYPICAL DAY ON THE PUBLIC SWITCHED NETWORK CALL ATTEMPTS 2,500,000 2,000,000 1,500,000 1,000, ,

9 Customer & Product Level

10 Our own CNI now International CI

11 Helping customers thrive

12 Engineering Challenging Risks Security Environmental Business

13 Risk & Assurance Policy, Training & Awareness, Deter, Disrupt Mitigation Continuity, Recovery & Restoration Planning Incident Management & Operations Assets DATA & SYSTEMS NETWORKS PROPERTY PEOPLE SUPPLY CHAIN PRODUCTS REVIEW PREVENT PROTECT PREPARE DETECT RESPOND Lifecycle Stages

14 Security & Continuity Risk Frontier Likelihood 5 X Risk Frontier Business as Usual version of risk scenario 4 X Likely version of risk scenario 3 2 Worst credible version of risk scenario Impact

15 Security & Continuity Risk Grid Risk Appetite Likelihood 5 4 Risk zone beyond risk appetite boundary Risk zone well within risk appetite boundary (potentially over-controlled risks) Suggested risk appetite boundary Risk zone just within risk appetite ( Watch List ) Impact

16 Managing potential impact on BT CUSTOMERS CRITICAL (INTER)NATIONAL INFRASTRUCTURE People Property Providers Platforms Products Networks Systems Data Brand, Reputation & Revenue

17 Provide support to the response

18 Earthquakes - International Disaster Relief

19 What does good look like and how do we know if we are there?

20 Who defines what good or even world class looks like? Customer? (which ones Consumer / Major) Standards? Industry? CNI? EU? Our CFO? Regulators? Insurers? Auditors? Who s risk appetite?

21 Measuring & tracking achievement Risk based view of operational costs People and related costs based on calendars of commitment Link to risk model impact estimates Capital risk based investment Three year projected figures Variance to business case NPV

22 Incidents and unrecovered loss Business agreement on consequential loss/repairs/rework Crime categories aligned to generic risks Case loss allocated to known crime periods Projected in year savings for periods to year end Value Statements Fraud

23 Thank you and final thoughts