Cyber Resilience. Think18. Felicity March IBM Corporation

Similar documents
Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Cyber Resiliency. Felicity March. May 2018

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

Building a Resilient Security Posture for Effective Breach Prevention

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Why you should adopt the NIST Cybersecurity Framework

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Reinvent Your 2013 Security Management Strategy

MITIGATE CYBER ATTACK RISK

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Background FAST FACTS

THE POWER OF TECH-SAVVY BOARDS:

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

The Third Annual Study on the Cyber Resilient Organization

Table of Contents. Sample

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Cyber Resilience - Protecting your Business 1

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Disaster Recovery and Business Continuity Planning (Mile2)

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

CYBERSECURITY RESILIENCE

ALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT

Cyber Security Program

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Heavy Vehicle Cyber Security Bulletin

RSA NetWitness Suite Respond in Minutes, Not Months

Cyber Security & Homeland Security:

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Continuity of Business

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Copyright 2016 EMC Corporation. All rights reserved.

locuz.com SOC Services

RSA Advanced Cyber Defence Summit

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Emerging Issues: Cybersecurity. Directors College 2015

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Improving Cybersecurity through the use of the Cybersecurity Framework

Business continuity management and cyber resiliency

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Cybersecurity and the Board of Directors

NCSF Foundation Certification

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Forensics and Active Protection

The Cyber Resilient Organisation in the United Kingdom: Learning to Thrive against Threats

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

TSC Business Continuity & Disaster Recovery Session

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Cyber Threat Landscape April 2013

Principles of Protection: Cybersecurity Data Protection. 11/01/2017 Julia Breaux William Sellers

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

ENISA EU Threat Landscape

Nebraska CERT Conference

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Business Continuity Planning

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

NEN The Education Network

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

SOLUTION BRIEF Virtual CISO

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

The State of Cybersecurity and Digital Trust 2016

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

The Resilient Incident Response Platform

Cyber Hygiene: A Baseline Set of Practices

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Implementing Executive Order and Presidential Policy Directive 21

Are we breached? Deloitte's Cyber Threat Hunting

Critical Infrastructure Partnership

How To Build or Buy An Integrated Security Stack

Gujarat Forensic Sciences University

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

What Does the Future Look Like for Business Continuity Professionals?

Applying Mitigation. to Build Resilient Communities

Transcription:

Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation

Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack Cyber Resilience needs an end to end approach that brings together critical areas to ensure organisations continue to function during cyber attacks and cyber outages. Cyber Security Cyber security is designed to protect systems, networks and data from cyber crimes. Effective cyber security reduces the risk of a cyber attack and protects organisations from the deliberate exploitation of their assets. Business Continuity Business continuity provides the capability to resume operations when an event causes a service disruption. Plans for business continuity address natural catastrophes, accidents and deliberate physical attacks; but now they must also support resumption of operations following cyber attack disruptions.

As a result of these new attacks board leaders have ranked cyberattacks in the top 5 of Global Risks at the World Economic Forum in Davos, Switzerland, in 2018 Global Risks that have a macro- impact across sectors. Boards across the globe need to consider how key business parameters will be influenced by these risks in view of mitigations implemented. In terms of preparedness, Cyberattacks presents a significant opportunity to de-risk the business. However a coherent strategy and understanding of underlying issues is lacking, as the impact is not fully understood at the Board Level. Business Impact 4.8-15% * Stock Value Erosion post Cyberattack / Data Breach Source: World Economic Forum, 2018 Source: Cyber Value Connection Source:

The Cyber Resilient Organisation Stance on Cyber Resilience Only 43% improved in past 12 months Barriers to Cyber Resilience Lack of investment 60% Inability to hire skills 56% Lack of Visibility into assets 46% Lack of end user training 31% Lack of training and cert for IT staff 28% Silo and Turf issues 24% Lack of Information governance practices 22% Lack of Board reporting 17% Lack of C Level Buy in 15% Business Owner Who has overall responsibility for directing an organizations efforts to ensure a high level of cyber resilience? CIO 23% BU Leader 22% CISO 14% NO ONE PERSON 11% BC Manager 8% CRO 7% CEO 7% CTO 6% 4 2018 IBM Corporation

Cyber resilience is a team sport Identify your risks Identify key assets, systems and data Assess your cyber resiliency readiness, process and posture Define a roadmap and action plan to build or improve your cyber resilience plan (*) Recover normal operations Orchestrate and automate your recovery workflow Rebuild mission-critical business applications Restore data from back up Prioritize network resources to speed recovery Respond with a Plan Response planning and orchestration Engage cyber incident responders leveraging threat intelligence to repel the attackers Remediate the attack damage by restoring systems and closing vulnerabilities Recover Respond Identify Detect Protect Protect your assets against attacks by discovering vulnerabilities before they are exploited Awareness and Training Access Control Discover and patch systems Automatically fix vulnerabilities Zero Trust as a guiding principle of your network policy Detect threat activity with advanced analytics See attacks across the enterprise Investigate active threats from inside and outside the enterprise Cognitive analysis and automation https://www.nist.gov/cyberframework National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity

Cyber Resilience combines multiple IT disciplines Cyber Resiliency Organization Dimensions Technology Environment IT Risk Organisational Management Information Security Management Resilience Data Security IT Risk Management Information Protection Threat & Vulnerability Management Business Continuity Management Network Security Business Continuity Management Policy & Governance IT Service Continuity Management Cyber Resiliency Program Asset Management Identity & Access Management Change & Config Management Event & Incident Response IT Service Continuity Management Collaboration & Communication Disaster Recovery Management Partner Eco System Training & Awareness

Cyber Resiliency Assessment 7

Do you have one defined Leader that is responsible for Switch over & Fail Over? Does your CISO work hand in hand with your Disaster Recovery Manager and Business Continuity Manager? Does your Backup Strategy include Point in Time copies, Air gapped & WORM storage, forensic analysis and continuous switch over testing? Does your Disaster Recovery Plan get tested regularly that includes your supply chain? Do you run your production environment from your DR environment on a regular basis? Is Resilience at the core of your architectural design principles? 8

Thank You FelicityMarch@UK.IBM.COM 9 2018 IBM Corporation

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback