Enterprise Dave Gorshkov UK Trade and Investment
Upcoming SlideShare
Loading in...5

Enterprise Dave Gorshkov UK Trade and Investment






Total Views
Views on SlideShare
Embed Views



1 Embed 3

http://www.slideshare.net 3



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Enterprise Dave Gorshkov UK Trade and Investment Enterprise Dave Gorshkov UK Trade and Investment Presentation Transcript

  • Dave Gorshkov ICT Sector Champion May 2010 Enterprise and Cyber Security: Emerging Applications
  • Information Security a UK perspective UK Trade & Investment Office of Cyber Security - Vision Areas of Vulnerability - Security breech information UK opportunities – Enterprise – G-Cloud – Government ‘Apps store ‘, Security Standards - The importance of ISO 27001 Additional Information Sources UK Research
  • Who are UKTI? Government organisation managed jointly by Foreign & Commonwealth Office (FCO) & DBIS Close partnership with the MoD through the DSO. Comprises the UK government’s trade and inward investment promotion activity Close partnership with 12 regional agencies (9 RDA’s and 3 DDA’s)
  • Why the UK? Major Enterprise and Consumer markets Ideal platform for global growth 6th largest global economy Strong IT policies from government “The UK is the gateway, and most important market in Europe. If it succeeds here, it trickles elsewhere” David Yarnton, MD – Nintendo UK
  • UK Cyber Security vision VISION: Citizens, business and government can enjoy the full benefits of a safe, secure and resilient cyber space: working together, at home and overseas, to understand and address the risks, to reduce the benefits to criminals and terrorists, and to seize opportunities in cyber space to enhance the UK’s overall security and resilience.Reduce risk from the UK’s use of cyber space. Exploit opportunities in cyber space and Improve knowledge, capabilities and decision-making Dr Steven Marsh, Office of Cyber Security.
  • UK Cyber Security vision To address the UK’s cyber security challenges, the Government will: •Establish a cross-Government programme to address the following priority areas in pursuit of the UK’s strategic cyber security objectives: •Safe Secure & Resilient Systems Policy, •Doctrine, Legal & Regulatory issues Awareness & Culture Change Skills & Education Technical Capabilities & Research and Development Exploitation International Engagement Governance, Roles & Responsibilities •Work closely with the wider public sector, industry, civil liberties groups, the public and with international partners; • Set up an Office of Cyber Security (OCS) to provide strategic leadership for and coherence across Government; • Create a Cyber Security Operations Centre (CSOC)to: actively monitor the health of cyber space and co-ordinate incident response; enable better understanding of attacks against UK networks and users; provide better advice and information about the risk to business and the public.
  • Information Security Challenges Computers have evolved enormously over 50 years – They are much more user-friendly – They are connected to one another and many devices – They have become vulnerable to information leakage Yet people are still the cause of most security breaches Working in Public Places Off-shore Data Centres AnyTime, AnyPlace Increase leakage risk More Outsourcing Staff Culture Content Increase leakage risk More than awareness Environment Public Conversations People LapTop/Stick Protection Eavesdropping Damages/Losses Resilient DataCentres Secure Comms Riots, Strikes, Terrorism etc Secure eMail 6/2/10 7
  • UK Info Security – Breaches Survey 2008 Annual survey of companies by BERR – Department for Business Enterprise & Regulatory Reform Source: BERR – IS Breaches Survey 2008
  • UK Opportunities
  • UK opportunities - Enterprise Products, Software & Services UK Overview UK is the largest European market for IT products and services. The domestic market is growing faster than other major European markets as a result of: – Government investments across local and central government and healthcare - UK government spends over $26BN (USD) pa on IT services across all of its government departments and has stringent cyber security requirements – the UK’s very successful financial services market based not only in and around London but also in key insurance and banking centres such as Norwich, Swindon, Cardiff and Edinburgh – investments by major retailers such as Tesco, M&S, DSGi and Kesa as well as newer on-line retailers make the UK a key area for retail and payment related security technology.
  • UK opportunities - Enterprise Products, Software & Services UK Commercial landscape Autonomy, Capita, Logica, MiSys, Northgate, Sage, and many other indigenous UK firms operate alongside international investors from Accenture, HP and IBM to Steria and Tata Consulting Services, Infosys, Mindtree and HCL. Social & Business Networking website have attracted some 7 million UK users who already spend more time on-line than citizens of any other EU country; LinkedIn, one of the leading business social network sites, recently set up its first non-US operation in UK 2nd Life and Bebo, as well as many other International social networking sites are based in the UK. The UK is also the main centre for online media and online retailing sites making it a major area of opportunity for cyber security projects.
  • Government Cloud (G-Cloud)
  • Government Cloud (G-Cloud) 12 new data centres housing *all Government services Introduction of Government applications store ‘G-Store’ Common applications, platforms and OS Core capabilities, storage and security Consolidation of existing data storage and operational services to new centres More involvement of SME’s in provision of ‘G-Store’ apps * All government departments CIO’s (400) will transition services within next 5yrs to the G- Cloud with the exception of Defence and Intelligence service.
  • G-Cloud –Central –Regional –Local –Criminal Justice –Health –Education –Defence –Transport UK G-Cloud- 12 data centres constructed in 5 yrs
  • Technology for Government Services Investing around £17 billions pa in technology, especially to make government services more accessible, responsive and more efficient. G Cloud data centre initiative worth £3.2Bn over next 5 years Five key growth areas – Shared services to simplify supply chains – Outsourcing and off-shoring – Mobile and flexible working .GOV – Government ‘Apps store’ – The green agenda Major departments effectively outsource much of their ICT spend. – Pressure to reduce number of suppliers Top 20 suppliers account for around £12 billion (70%); long tail of over 1000 suppliers for remaining 30%
  • Technology for Enterprise Increasing use of online validation systems and capabilities for the ‘digital consumer’ and ‘digital enterprise’ client Introduction of software based 2FA and Mutual Authentication based capabilities Opportunities to improve mobile .CO.UK enterprise solutions vulnerability and security
  • Technology for Government Services Eight key sub-sectors – Central – Regional – Local – Criminal Justice – Health – Education – Defence – Transport
  • Standards, Certifications & Training BSI Global – National Standards Body CESG – National Technical Authority for Information Assurance ITGovernance – Certification & Training SANS Institute – Certification & Training etc
  • The importance of ISO 27001
  • Public sector acknowledgement of ISO27001 Managing information risk Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. In striking the right balance between sharing and protecting data. Departments and Agencies must manage business impacts and risks associated with Confidentiality, Integrity and Availability (C, I & A) of all information.The Information Assurance (IA) functions that support the protection of Government Information and Communications Technology (ICT) Systems are :- – risk management, – accreditation, – standards and compliance. The importance of IA to public service delivery has been demonstrated by the publication of National IA Strategy; this policy supports this strategy. The International Standard for Information Security Management Systems (ISO/IEC 27001) is acknowledged as good practice and this policy is aligned to that standard.
  • MANDATORY REQUIREMENT 32 MANDATORY REQUIREMENT 32 Departments and Agencies must conduct an annual technical risk assessment (using HMG IA Standard No.1) for all HMG ICT Projects and Programmes, and when there is a significant change in a risk component (Threat, Vulnerability, Impact etc.) to existing HMG ICT Systems in operation. The assessment and the risk management decisions made must be recorded in the Risk Management and Accreditation Documentation Set (RMADS), using HMG IA Standard No.2 – Risk Management and Accreditation of Information Systems. Further Guidance When handling personal data there is a further requirement to conduct a risk assessment every quarter, please refer to HMG IA Standard No.6 – Protecting Personal Data and Managing Information Risk.
  • Approaching ISO27001 certification Some of the most common questions pertaining to the 27000 series of standards relate to the certification process for ISO27001. The process starts when the organization makes the decision to embark upon the exercise. It is important to ensure management commitment and then assign project responsibilities. – An organizational top level policy can then be developed and published. – This can, and will normally, be supported by subordinate policies. The next stage is particularly critical: – Scoping defines which part(s) of the organization will be covered. Typically, it will define the location, assets and technology to be included. At this stage a risk assessment is necessary, to determine the organization's risk exposure/profile, and identify the best route to address this. The document produced will be the basis for the next stage - the management of those risks. A part of this process will be selection of appropriate controls with respect to those outlined in the standard (and ISO27002), with the justification for each decision recorded in a Statement of Applicability (SOA). The controls themselves should then be implemented as appropriate. The certification process itself can then be embarked upon via a suitable accredited third party.
  • Additional Information Sources
  • UK: Some useful networking groups Intellect – Security & Privacy group A group set up to represent the views of IT organisations operating in the security and privacy markets and to provide members with guidance around current data concerns. Intellect – Security & Resilience group The group's work includes thought leadership, policy consultation and market/business development strata, building strong relationships between the technology industry and policymakers, customers and end users across the many sectors and markets involved in security and resilience. Knowledge Transfer Network - Cyber-Security We are a single focal point for UK Cyber Security expertise, to collaboratively identify universal challenges and develop effective response, influence UK investment strategy and government policy, accelerate innovation and education, harness and promote UK capability internationally and help improve the UK security baseline. South East England Development Agency - Security Knowledge & Innovation Network Security KIN seeks to catalyse collaboration between representatives of the knowledge base and business in order to bring new innovation security solutions to market. It does this by: – Integrating and mobilising the Region's security industry – Linking regional security industry with the relevant regional knowledge base – Facilitating the Region's security industry and knowledge base to work together to develop innovative new products and services, taking advantage of UK Government, EU and other research funding opportunities
  • UK: Access to UK Networks (software) Our sophisticated business environment connects technologists, creatives, entrepreneurs, financiers, in a range of active business networks – British Computer Society – British Application Software Developers Association – Business Software Alliance – CBI – GSM Association – Institute of Chartered Accountants in England & Wales – Institute of Directors – Institution of Engineering & Technology – Intellect – Internet Service Providers Association – Knowledge Transfer Networks – Mobile Data Association – National Computing Centre – National Microelectronics Institute – Society for Information Technology Management And many regional / local organisations 6/2/10 25
  • UK Events: Information Security Key Events – IA10 - The Government IA Symposium of 2010 London, UK – IFSEC 2011 Birmingham, UK – Infosecurity 2011 London, UK
  • UK Research
  • UK Research: Information Security Key UK research groups active in information security include: – Bristol: Cryptography & Information Security Research Group – Cambridge: Computer Laboratory Security Group – Glamorgan: Information Security Research Group – Kent: Information Systems Security Research Group – London: City University: Next Generation Networks Research Group – London: Imperial: Intelligent Systems & Networks – London: Royal Holloway: Information Security Group – London: UCL Department of Computer Science: Information Security Research Group – Newcastle: Centre for Software Reliability – Nottingham: School of Computer Science & Information Technology – Oxford: Computing Laboratory – Plymouth: Information Security & Network Research Group – Southampton: School of Electronics & Computer Science – Surrey: Centre for Communications Systems Research – York: Department of Computer Science
  • Access to Collaborative R&D - ‘R’ Engineering and Physical Science Research Council (EPSRC) – Seven UK Research Councils invest around £2.8Bpa – EPSRC is principal funder for ICT R&D university academic requests funds to cover the cost of the research at the university. The project partner can make a contribution of any size, either in cash or in kind. IP negotiation is with the University 40% of EPSRC projects are collaborative projects are typically c.£300K over three years EPSRC’s current portfolio of projects can be found and searched at: http://gow.epsrc.ac.uk/GrantsPortfolio.aspx More guidance on collaborating with EPSRC can be found at: http://www.epsrc.ac.uk/Business/Funding/CollaborativeProjects.htm Strategic partnership with EPSRC on a topic of mutual interest – Typically, requires a company to offer c.£1-5M to fund university research on a topic that EPSRC is willing to match fund. 6/2/10 29
  • Access to Collaborative R&D - ‘D’ Technology Strategy Board (TSB) – Provides funded and support for industry and academic collaborations –£8 million for collaborative ICT projects – developing technologies to support better networked business –IP developed within the project is the property of the consortium –Up to 50% of company costs and 80% of academic costs funded by programme –All of company's eligible costs for the project - whether paid for by its own contribution or by this programme - attract R&D tax credits at the large company rate. EU’s FP7 programme The European Commission framework programme is the EU’s main instrument for funding research and development. The programme has R&D budget in the region of 75 billion for 2009-2015.
  • R&D Tax Credits R&D Tax Credits Who can benefit from R&D tax credits? What is considered R&D? All companies with qualifying spending A basic definition is "work to resolve scientific or over £10,000 (US$18,800) a year on R&D technological uncertainty aimed at achieving an are entitled to a deduction when advance in science or technology". Advances calculating their taxable profits of: include new or improved products, processes and – 130% of qualifying expenditure for services. large companies, Broader innovation in products, processes and – reducing the company's UK services (e.g. proprietary content, non-technical corporation tax bill accordingly, design or developing other non-technological – with no upper limit. unique selling points) is not considered R&D. As a rule of thumb, developing information or Large companies apply under the large other 'content' is not R&D, but developing the company scheme. means to deliver 'content' can be R&D. Companies can claim R&D Tax Credits for Smaller companies may qualify for 175% revenue expenditure on: of costs as a tax break Employing staff directly and actively engaged in carrying out R&D, paying a staff provider for staff Between April 2000 and April 2005 around provided to the company who are directly and 17,000 claims for R&D tax credits were actively engaged in carrying out R&D, made with around £1.3bn of support Consumable or transformable materials used claimed. directly in carrying out R&D (broadly, physical materials which are consumed in the R&D), and Power, water, fuel and computer software used directly in carrying out R&D.
  • UK Trade & Investment (UKTI)
  • UK Trade & Investment (UKTI) UKTI is the UK Government organisation that helps business locate in UK and grow internationally Our free and confidential investment services Our subsidised trade support services include: include: – Information - comparing UK & European – A Passport to Export Scheme market statistics – Overseas Market Information – Advice on talent and technology – where and Service (OMIS) how to find it – Inward and outward trade – Support to find value-adding partners in UK missions – Advice on locations - help finding sites that match your needs; practical help to set up – Overseas Exhibitions Programme your business in UK – Tailored individual company – Advice on finance – signposting routes to overseas visit programmes investment capital – One-to-one meeting events in – Advice on growth - ongoing business support UK to help you set up in UK and access new – Seminars and networking events markets from your UK base in UK – Operational insights - practical advice and information on how to optimise your UK business – Representation – feedback to UK Government 6/2/10 33
  • Contacts Dave Gorshkov ICT Sector Champion Business Group UK Trade & Investment Kingsgate House 66-74 Victoria Street London SW1E 6SW Tel: + 44 77611229872 dg@tswg.org Carrie England Inward Investment Manager UK Trade & Investment British Consulate-General Sydney Level 16, The Gateway 1 Macquarie Place Sydney NSW 2000 Australia +61 (0)2 8247 2234 carrie.england@fco.gov.uk 6/2/10 34
  • Thank You for your attention. Questions? dg@tswg.org