Cyber risk resilience
|
|
- Martha Brown
- 6 years ago
- Views:
Transcription
1 Cyber risk resilience A consistent approach for a consistently major risk Sara Walton Standards Market Development (Risk, Resilience, Governance) 12 Sept 2017 Copyright 2017 BSI. All rights reserved 1
2 Cyber security the challenge 2 2
3 Resilience: Organizational resilience is the ability of an organization to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper. BS 65000, Guidance on Organizational Resilience Copyright 2017 BSI. All rights reserved 3
4 Cyber security isn t just about technology: more than anything, it s about you Copyright 2017 BSI. All rights reserved 4
5 Copyright 2017 BSI. All rights reserved 5
6 The human dimension Copyright 2017 BSI. All rights reserved 6
7 General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) Comes into force May 2018 Note the accountability principle requires organizations to prove compliance Sanctions up to the greater of 4% of annual turnover or 20m Copyright 2017 BSI. All rights reserved 7
8 General Data Protection Regulation Compliance: establish leadership; map personal data; analyze processes for compliance; establish risks and approach to them; communicate with and train staff (and business networks); monitor, review etc IE implement consistent best practices to influence culture and practice Copyright 2017 BSI. All rights reserved 8
9 Standards are made by people for people. BSI as the UK National Standards Body publishes 2,500 and withdraws over 1,000 standards per annum. This maintains a coherent, consistent body of knowledge for industry, government and the public. Our role is to be an independent facilitator for industry experts. 95% of British Standards published each year are international and European. For BSI, standards are a consensus of what good looks like. Copyright 2017 BSI. All rights reserved 9
10 The international and European standards bodies ISO (International Organization for Standardization) 164 National Standards Body members globally ISO CASCO (ISO committee on conformity assessment) IEC (International Electrotechnical Commission) 80 members (National Committees) and 80 affiliates globally ITU (International Telecommunications Union) Agency of the UN. Members are national governments and industry (BSI supports DCMS) CEN (European Committee for Standardization) CENELEC (European Committee for Electrotechnical Standardization) CEN & CENELEC have 33 member countries (EU 28, EFTA 3, FYROM and Turkey). 24 countries including the UK have common members of both CEN and CENELEC. ETSI (European Telecommunications Standards Institute) Industry, government and NSB members Copyright 2017 BSI. All rights reserved.
11 Information Resilience - PAS PAS 555:2013 Cyber security risk. Governance and management. Specification PAS 754:2014 Software Trustworthiness. Governance and management. Specification PAS :2015 Specification for securityminded building information modelling, digital built environments and smart asset management PAS in development. Smart Cities Specification for establishing and implementing a security minded approach 11
12 Information resilience: British Standards BS Information security risk management (Q3 2017) BS Cyber risk and resilience Guide (2017) BS Information classification, marking and handling Specification (published in March 2017) BS Data Protection Specification for a personal information management system (published in March 2017) Copyright 2017 BSI. All rights reserved 12
13 BS Cyber risk & resilience - Setting the framework BSI Standard makers 2016 Establishing context A clear strategy with your business objectives clearly stated. Should include all the internal & external uncertainties across the organization. Risk Identification Risk identification process that comprehensively connects the cyber environment and business objectives so that they are identified, whether or not they are under the influence of the firm. Risk Analysis Risk Evaluation Risk Treatment Develop a clear financial and operational understanding of the possible effects of the risks identified and quantify in a relevant business context. Assess likelihood and apply a risk ranking. Identify the Risk Owner Describe the control & assess its effectiveness Test & review the control Specify the risk treatment agreed - Document the treatment plan Assign to appropriate owner - Set completion or review timetable Document expected change to the risk identified 2017 Page 13
14 Summary Consistency Organization context risks, best practice Technical & human solutions Cyber-aware culture Copyright 2017 BSI. All rights reserved 14
15 Thank you. Sara Walton Market Development Manager (Risk, resilience)
16 Appendix Additional information slides
17 UK experts participate in 95% of international standards committees, UK hosts 200 international committees including all the major business standards. Copyright 2017 BSI. All rights reserved 17
18 BSI is the UK national standards body and is responsible for all national, regional and international standards used in the UK and for maintaining the infrastructure for UK experts to participate in all relevant organizations All ENs and most international (ISO, IEC) standards are adopted as BS and conflicting standards withdrawn. All BSI work must meet the 3 fundamental WTO principles: full stakeholder engagement open public consultation and Consensus. National standards work alongside other codes and industry best practice, etc International Standards (ISO, IEC) British national adoption of European standards (BS ENs) and/or ISO/IEC British standards (BS) and sponsored standards (BSI PAS) Private and consortia standards, corporate technical specifications, professional codes & guidance Copyright 2017 BSI. All rights reserved.
19 BSI Group structure Policy, Engagement UK National Standards Body Assessment and Certification Compliance support Standards Market Development, Committee management Information Solutions Sales, Membership, ICT Platforms Training Advisory Services Copyright 2016 BSI. All rights reserved.
20 NSB strategic engagement Business CBI, IoD, FSB, Digital Catapult, Future Cities Catapult, Transport Systems Catapult, High Value Manufacturing Catapult, Energy Systems Catapult Academia Cambridge, Edinburgh, ICL Strathclyde, Surrey, UCL Industry Stakeholders Central Government BIS, Cabinet Office, UKTI, FCO, No. 10, Innovate UK, MOD, DCMS, IPO, Research Councils Government Regional Government Scotland, Wales Regulators Finance (FCA) Health (CQC, DoH, HSE) Food (FSA, Elliott Review) Professions techuk, BCS, ICE, IET, Royal Colleges, CSFC Copyright 2016 BSI. All rights reserved. TUC, NGOs Public Consumers CPISAC, IEHF Charities RNIB, Alzheimer s Society Authorities Trading Standards Institute, SCOTTS
21 The standards development cycle idea Feedback and new proposals Representative stakeholder group Drafting Publish and support Consensus Review comments Public consultation Copyright 2016 BSI. All rights reserved.
22 UK cyber security breaches survey Continuing trends online: Since 2016, the proportion of businesses with websites (85%) or social media pages (59%) has risen (by 8 and 9% respectively), as has the use of cloud services (from 49% to 59%). Steady trend of cyber security improvement: Three-quarters (74%) of UK businesses say that cyber security is high priority for their senior management. Three in ten (31%) say it is very high priority. Majority of businesses (67%) have spent money on their cyber security, and this again tends to be higher among medium firms (87%) and large firms (91%) But 46% of UK businesses identified at least one cyber security breach or attack in the last year. Rising to two-thirds among medium firms (66%) and large firms (68%). Average business identified 998 breaches last year. Average business faces costs of 1,570 as a result of these breaches. Much higher for the average large firm, at 19,600. Average medium firm ( 3,070) and micro and small firms ( 1,380) also incur sizeable costs. Copyright 2017 BSI. All rights reserved 22 statistics/cyber-security-breachessurvey-2017
23 National Cyber Security Strategy Vision: the UK is secure and resilient to cyber threats; prosperous and confident in the digital world HMG investing 1.9 billion over five years in defending HMG systems and infrastructure, deterring adversaries, and developing a whole-society capability from the biggest companies to the individual citizen. Three prongs defend, deter and develop Selected intentions: National Cyber Security Centre Organisations in the UK to manage cyber risk backed by regulation and incentives Technology products and services to have cyber security designed into them HMG (and HMG suppliers) meets and drives development of appropriate standards publications/national-cybersecurity-strategy-2016-to-2021 Copyright 2016 BSI. All rights reserved. 23
24 Information Security ISO/IEC standards (27k series) Source: ISO/IEC 27000:
25 Relevant future SC27 standards Title Est date Stage ISO/IEC Guidelines for privacy impact assessment 2017 Publish soon ISO/IEC Code of practice for personally identifiable information protection 2017 FDIS ISO/IEC Competence requirements for information security management systems professionals ISO/IEC Guidelines for information security management systems auditing (revision) ISO/IEC Guidelines for the assessment of information security controls (revision) ISO/IEC Enhancement to ISO/IEC for privacy management Requirements Copyright 2017 BSI. All rights reserved /8 DIS / FDIS 2017/8 DIS / FDIS 2017/8 DIS / FDIS 2019/2020 AWI ISO/IEC Guidelines for online privacy notices and consent 2020? AWI
26 Development areas for standardization Cyber Security Big Data Internet of Things Blockchain/DLT Artificial Intelligence VR/AR Copyright 2017 BSI. All rights reserved
UK-led international standards for BIM
UK-led international standards for BIM Kieran Parkinson Digital Transformation Standards Manager Built Environment Copyright 2018 BSI. All rights reserved 27/11/2018 1 BSI Group structure Policy, Engagement
More informationCEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
More informationAbout BSI & Brexit. Presentation by: Asghar Ashrafi BSI Retired Employee : Oct 2016
About BSI & Brexit Presentation by: Asghar Ashrafi BSI Retired Employee : 1979 2014 Oct 2016 1 An introduction to BSI Copyright 2016 BSI. All rights reserved. 2 Contents Who is BSI? Our end-to-end solutions
More informationAUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS
AUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS May 2018 BSI Standards 020 8996 7261 Alex.Price@BSIgroup.com Copyright 2012 BSI. All rights reserved.
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationIntroduction to Standards Development
Introduction to Standards Development David Fatscher, Head of Market Development 10 th July 2013 Copyright 2012 BSI. All rights reserved. 7/11/2013 BSI Standards the UK s National Standards Body 2 Total
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationFriedrich Smaxwil CEN President. CEN European Committee for Standardization
Friedrich Smaxwil CEN President CEN European Committee for Standardization www.cen.eu www.cencenelec.eu Friedrich Smaxwil, CEN President 1. Standards & standardization 2. CEN s role in European Standardization
More informationInformation Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community
Information Security Management Systems Standards ISO/IEC 27001 Global Opportunity for the Business Community Prof. Edward (Ted) Humphreys IPA Global Symposium 2013 23 rd May 2013, Tokyo, Japan CyberSecurity
More informationFostering Competitiveness, Growth and Jobs. Wrocław, Poland, 15 October 2014
e-skills Fostering Competitiveness, Growth and Jobs Wrocław, Poland, 15 October 2014 The e-skills Pyramid e-leaders e-leadership skills): these correspond to the capabilities needed to exploit opportunities
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationDiscussion on MS contribution to the WP2018
Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationStandards to support digital transformation
Standards to support digital transformation Scott Steedman CBE Director of Standards 18 May 2017 Copyright 2017 BSI. All rights reserved 1 Standards to support digital transformation Knowledge Solutions
More informationFuture-Proof Security & Privacy in IoT
All rights reserved, Arthur s Legal B.V. Future-Proof Security & Privacy in IoT From State of Play, To State of The Art Arthur van der Wees, LLM Managing Director Arthur s Legal, the global tech-by-design
More informationThe ISO/TMB Smart Cities Strategic Advisory Group (S_Cities SAG)
The ISO/TMB Smart Cities Strategic Advisory Group (S_Cities SAG) Chairman: Graham Colclough Secretary: Francesco Dadaglio ITU Forum: Sustainable smart cities: from vision to reality 13 October 2014 Quick
More informationERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford
Cybersecurity is a EU strategic priority DG CONNECT* > The Digital Single Market strategy aims to open up digital opportunities for people and business and enhance Europe's position as a world leader in
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationRegulating Cyber: the UK s plans for the NIS Directive
Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon
More informationIoT and Privacy by Design
IoT and Privacy by Design A recap on previous presentation More recent work on GDPR, NIS Cyber Security, and the Human Right to Privacy The design process for consumer goods and services 2 current examples
More informationSECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives
SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016 2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY
More informationCall for Expressions of Interest
Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationU.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan
U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationHorizon 2020 Security
Horizon 2020 Security Best Practices for Security Proposal Writing Armand Nachef Coordinator of the French Security NCP Consortium, CEA armand.nachef@cea.fr KEY MESSAGES FOR PUTTING TOGETHER A HORIZON
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationResponse to the Security of Network and Information Systems Public Consultation Compiled on behalf of the UK Computing Research Committee, UKCRC.
Response to the Security of Network and Information Systems Public Consultation Compiled on behalf of the UK Computing Research Committee, UKCRC. Coordinated by: Chris Johnson Professor and Head of Computing
More informationEnhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert
Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert European Union Agency For Network And Information Security Securing Europe s Information
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationData Security Standards
Data Security Standards Overall guide The bigger picture of where the standards fit in 2018 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a
More informationBSI Group supporting digital transformation in the Built Environment
BSI Group supporting digital transformation in the Built Environment Rob Hine 1 08/02/2018 BSI Group structure Policy, Engagement National Standards Body Assessment and Certification Compliance support
More informationBSI BIM Solutions. Copyright 2016 BSI. All rights reserved.
BSI BIM Solutions Copyright 2016 BSI. All rights reserved. 1 BSI Group Policy, Engagement National Standards Body Assessment and Certification Compliance support Standards Information Solutions Training
More informationITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles
ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability Session 2: Conformity Assessment Principles 12-16 October 2015 Beijing, China Keith Mainwaring ITU Expert Agenda 1. Context
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationWHO-ITU National ehealth Strategy Toolkit
WHO-ITU National ehealth Strategy Toolkit Context and need for a National Strategy A landscape of isolated islands of small scale applications unable to effectively communicate and to share information
More informationEN 50600, EU COC, EMAS AND EUROPEAN DATA CENTRE ENERGY EFFICIENCY MANAGEMENT
PRINT COVER EN 50600, EU COC, EMAS AND EUROPEAN DATA CENTRE ENERGY EFFICIENCY MANAGEMENT Mark Acton - CBRE Data Centre Solutions May 2018 EUROPEAN DATA CENTRE STANDARDS Genuine Standards are important
More informationCOMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document
EUROPEAN COMMISSION Strasbourg, 7.2.2013 SWD(2013) 31 final COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document Proposal for a Directive of the European
More informationDigital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria
Digital Healthcare Yordan Iliev Director R&D Healthcare Regional Cybersecurity Forum, 29-30 November 2016, Grand Hotel Sofia, Bulgaria AGENDA Introduction Security challenges in healthcare IT Change ahead
More informationNSAI s ICT standardization participation and consultation system and operation as ETSI/NSO. Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC
NSAI s ICT standardization participation and consultation system and operation as ETSI/NSO Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC Telecommunication standards a key component for business development
More informationEnhancing the cyber security &
Enhancing the cyber security & resilience of transport infrastructure in Europe European Union Agency for Network and Information Security Securing Europe s Information society 2 Positioning ENISA activities
More informationNIS Directive : Call for Proposals
National Cyber Security Centre, in Collaboration with the Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS) Summary NIS Directive : Call for Proposals Closing date: Friday
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More information,000+ What is the BCI Corporate Partnership? What are the benefits of becoming a Corporate Partner? Levels of Partnership
www.thebci.org 1 What is the? The enables organizations to work more closely with the BCI to help raise the profile of the discipline, and to promote the highest standards of professional competence in
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationENISA Cooperation in the EU / NIS Directive
ENISA Cooperation in the EU / NIS Directive Paulo Empadinhas Head of Administration & Stakeholders Relations IT STAR Milan, Italy 28 th October 2016 European Union Agency for Network and Information Security
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationBusiness Model for Global Platform for Big Data for Official Statistics in support of the 2030 Agenda for Sustainable Development
Business Model for Global Platform for Big Data for Official Statistics in support of the 2030 Agenda for Sustainable Development Introduction This note sets out a business model for a Global Platform
More informationConformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant
Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Standardization Bureau (TSB) Consultant Moscow, 9-11 november 2011 Contents The benefits of conformity assessment Conformity
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationThe UK s National Cyber Security Strategy
The UK s National Cyber Security Strategy 2016 2021 Vision for 2021: The UK is secure and resilient to cyber threats, prosperous and confident in the digital world 1 National Cyber Security Strategy 2016
More informationAsset Management conference 2016
Asset Management conference 2016 The changing face of Asset Management 27 September 2016 2016 Grant Thornton Ireland. All rights reserved Cyber security 27 September 2016 Mike Harris Partner Grant Thornton
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationBuild confidence in the cloud Best practice frameworks for cloud security
Build confidence in the cloud Best practice frameworks for cloud security Cloud services are rapidly growing and becoming more of a focus for business. It s predicted that more than $1 trillion in IT spending
More informationThe emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18
The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 European Union Agency for Network and Information Security
More informationRegional Development Forum For the Arab States(RDF-ARB) 2018
Regional Development Forum For the Arab States(RDF-ARB) 2018 ICT4SDGs: Towards the implementation of WTDC17 outcomes Algiers, Algeria 12, 13 February 2018 Background Concept Note In the framework of the
More informationEuropean Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards
European Standards- preparation, approval and role of CEN Deputy Director - Standards 1 European Standarization why?, 2010-10-14 CEN-CENELEC 2010 2 What standards do enhance the safety of products allow
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More information13967/16 MK/mj 1 DG D 2B
Council of the European Union Brussels, 4 November 2016 (OR. en) 13967/16 'I/A' ITEM NOTE From: To: General Secretariat of the Council No. prev. doc.: 11911/3/16 REV 3 No. Cion doc.: 11013/16 Subject:
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Second edition 2012-12-01 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l'information Techniques
More informationLa certificazione ISO27001
13 August 2010 La certificazione ISO27001 Driver di crescita e caso di successo di una PMI italiana LUIGI BRUSAMOLINO CISM, CRISC Managing Director Southern EMEA - BSI NICOLA MASSERONI Responsabile GRC
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationThe European System of Standardization in the Globalized Economy. AFSEC General Assembly Johannesburg, 10 August 2010
The European System of Standardization in the Globalized Economy AFSEC General Assembly Johannesburg, 10 August 2010 How far should standardization go? 200 9 CEN all right 2s Who s doing what? standardization
More informationCYBER INSURANCE: MANAGING THE RISK
CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt
More informationEconomic and Social Council
United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization
More informationArchitecture and Standards Development Lifecycle
Architecture and Standards Development Lifecycle Architecture and Standards Branch Author: Architecture and Standards Branch Date Created: April 2, 2008 Last Update: July 22, 2008 Version: 1.0 ~ This Page
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationControl System Security for Social Infrastructure
277 Hitachi Review Vol. 63 (201), No. 5 Featured Articles Control System Security for Social Infrastructure Toshihiko Nakano, Ph.D. Katsuhito Shimizu Tsutomu Yamada Tadashi Kaji, Dr. Info. OVERVIEW: The
More informationGDPR COMPLIANCE REPORT
2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.
More informationfalanx Cyber ISO 27001: How and why your organisation should get certified
falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management
More informationTHE CYBER SECURITY ENVIRONMENT IN LITHUANIA
Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More informationIn Accountable IoT We Trust
In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationStandardization of Knowledge and Skills for IT Security
Standardization of Knowledge and Skills for IT Security Milan Friday, October 28th 2016 Veronica Salsano Overview Standardization in general Legislation Technical foundations Actors Current situation Security
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationFrom the E-readiness Assessment and Analysis to an Action Plan and Policies Recommendations. Gabriel Accascina
From the E-readiness Assessment and Analysis to an Action Plan and Policies Recommendations Gabriel Accascina gabriel@it4dev.net Contents The E-readiness Assessment (ERA) process and analysis The components
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationGovernance and Compliance Learning from the Private Sector. David Coverdale
Governance and Compliance Learning from the Private Sector David Coverdale Governance Challenges The Patient Journey CQC Business Continuity Policy QoF Data GDPR LHA2 GRC Training Risk IG BIA Resilience
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationIoT and Privacy by Design
IoT and Privacy by Design Consumer privacy = security plus privacy control Consumer products legal and practical It s engineering you need engineering practices Addressing key policy issues use of standards
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More information