SlideShare a Scribd company logo

Advanced Cybersecurity Risk Management: How to successfully address your Cyber-threats?

Download as PPTX, PDF
PECB
PECB

Main points covered: • Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat • Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses • Resetting roles and responsibilities regarding cyber security within organizations • Developing empirical, cost-effective cyber risk assessments to meet the evolving threat Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on. Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8

Education
1 of 46
1
• Understanding the inverted economics of cyber security and the incentives for cyber crime – how bad are things? (really bad) • Understanding the Inefficiencies of traditional cyber risk assessment and risk management – why we are not making more progress? • Becoming Digitally structured -- Resetting the roles and responsibilities regarding cyber security in the organization • Developing empirical, economics based cyber risk assessment techniques – what you need to be providing to the board What We Will Cover Today 2
Cyber Crime: The numbers • Costs of cyber criminal activity vary between hundreds of billions to a trillion dollars a year or more – between 1-2% Global GDP • One major ISP reports it sees 80 billion malicious scans a day • 300 million new malicious viruses are created every day • There were 4.8 billion records lost due to data breaches in 2016 • There are 4000 Ransomware attacks every day • We spend $200,000 per minute on regulations and audits-- costs projected to go up 2X by 2020 & several hundred times by 2030 3
4 “Cyber criminals are technologically as sophisticated as the most advanced IT companies and like them have moved quickly to adopt AI, cloud, software- as a service (cybercrime-as-a service) and encryption.” Symantec 2018 Cyber Crime Report How Good Are the Bad Guys?
Put Succinctly….. “Cybercrime is relentless, undiminished and unlikely to stop. It’s just too easy, rewarding and the chances of getting caught are far too low. Cyber crime also leads on a risk to payoff rate. It is a low risk crime with high profits. A smart cyber criminal can easily make millions without fear of being caught.” McAfee 2018 Cyber Crime Report 5
What is the Real Problem? • Marcus Aurelius: Of each thing demand to know what is its essence • The essence of the cyber security problem ? • Selfish Companies? • Bad Technology? • Is it the economy? • The essence of the cyber security problem is that we have an inherently insecure system guarding incredibly valuable data 6
Is it the Technology or the Incentives? “We find that misplaced incentives are as important as technical design…security failure is caused as least as often by bad incentives as by bad technological design” Anderson and Moore “The Economics of Information Security” 7
Why Don’t We have Better Tech? • We don’t teach secure coding? – because we don’t want to pay for security. • Personally, we really can’t be bothered (seriously) • Government’s point fingers but they are to blame too? • Maybe technological success has come too fast for us to manage it 8
Digital innovation is profitable … and risky • “Firms are increasingly competing at different points in the value chain to take advantage of unmet customer needs, less efficient structures, high capital usage and attractive returns. These changes can bring enormous benefits including improved customer experience, greater efficiency & new value creators. HOWEVER, tech driven innovations are expanding the amount of cyber risk and enabling more sophisticated attacks.” World Economic Forum Report on Cyber Security 2018 9
Historically, Tech Innovation is good for business – bad for Security • VOIP • Cloud computing • BYOD • International supply chains • You can increase the security of these technologies and practices but it comes at a cost – you are looking for a balance between profitability and security – How do you find it? 10
• Offence: Attacks are cheap • Offence: Attacks are easy to launch • Offence: Profits from attacks are enormous • Offence: GREAT business model (“resell” same service) • Defense: Perimeter to defend is unlimited • Defense: Is compromised – hard to show ROI • Defense: Usually a generation behind the attacker • Defense: Prosecution is difficult and rare Cyber Economic Equation: Incentives Favors Attackers 11
The Systems are hard to defend “The military’s computer networks can be compromised by low to middling skilled attacks. Military systems do not have a sufficiently robust security posture to repel sustained attacks. The development of advanced cyber techniques makes it likely that a determined adversary can acquire a foothold in most DOD systems and be in a position to degrade DOD missions when and if they choose.” Pentagon Annual Report. 12
Digital economics are not obvious “Economists have long known that liability should be assigned to the entity that can manage risk. Yet everywhere we look we see online risk allocated poorly…people who connect their machines to risky places do not bear full consequences of their actions. And developers are not compensated for costly efforts to strengthen their code” Anderson and Moore “Economics of Information Security” 13
Won’t the Market Self-Correct? No. • Target up 40% six months after breach • Sony up 30% six months after breach • Home Depot (65 million accounts)---20% increase • JP Morgan stock price stable at first then up 7 % • Sears (Kmart) initially down 18%-- then up 34% • E-bay initially down 6%, then up 15% • On average after initial dip stocks rebound and are up 7% following incidents. 14
The real cyber challenge is the economics “The challenge in cyber security is not that best practices need to be developed, but instead lies in communicating these best practices, demonstrating the value in implementing them and encouraging individuals and organizations to adopt them.” The Information Systems Audit and Control Association (ISACA)- March 2011 15
We Need to put Cyber Risk in Economic terms to manage it • “Overall, cost was most frequently cited as “the biggest obstacle to ensuring the security of critical networks.” -- PWC • “Making the business case for cyber security remains a major challenge, because management often does not understand either the scale of the threat or the requirements for a solutions.” -- McAfee • “The number one barrier is the security folks who haven’t been able to communicate the urgency well enough and they haven’t actually been able to persuade the decision makers of the reality of the threat in business terms.” -- CSIS 16
Traditional vs Leading Edge Cyber Risk Management. • Checking boxes --- the more you check the more mature you are and hence the more secure, right? • Which unchecked box do we focus on? • How much risk reduction do we get from checking one box over the other? • What’s the difference between yellow and green? (3 and 4?) … garbage in … garbage out • We need prioritization, cost based, empirical 17
Problems with Traditional Cyber Risk Assessment • People (even “experts”) have different meanings for terms like “likely” “probable” “unlikely” “extremely unlikely” • Things like heat maps imply certainty but can’t tell you: • How much money you will lose ? • How probable the scenario is ? • What is the adequate risk reduction cost ? 18
Problems with Traditional Cyber Risk Assessment – It doesn’t work “There is not a single study indicating that the use of such methods actually reduces risk.” Doug Hubbard How to Measure Anything in Cyber Security 19
Start at the beginning: What is a Risk? • Insiders? • Supply Chain? • Mobile Technology? 20
How much risk is there? A little None A lot 21
A little None A lot How much risk is there? 22
How much risk is there? A little None A lot 23
What Is Risk • Risk is best conceptualized as a quantity. It is a measure of future loss from a given scenario representing how much money an organization might lose from a given scenario over time 24
25
NACD Handbook Approach to Cyber • Guidelines from the NACD advise that Boards should view cyber-risks from an enterprise-wide standpoint and understand the potential legal impacts. They should discuss cybersecurity risks and preparedness with management, and consider cyber threats in the context of the organization’s overall tolerance for risk. -- PWC 2016 Global Information Security Survey 26
Boards are now using the NACD Handbook • Boards appear to be listening to this advice. This year we saw a double-digit uptick in Board participation in most aspects of information security. Deepening Board involvement has improved cybersecurity practices in numerous ways. As more Boards participate in cybersecurity budget discussions, we saw a 24% boost in security spending. -- PWC 2016 Global Information Security Survey 27
NACD Yields Actual Security Improvements • Notable outcomes cited by survey respondents include identification of key risks, fostering an organizational culture of security and better alignment of cybersecurity with overall risk management and business goals. Perhaps more than anything, Board participation opened the lines of communication between the cybersecurity function and top executives and directors -- PWC 2016 Global Information Security Survey 28
Orgs Endorsing Cyber Risk Handbooks Globally • US Department of Homeland Security • US Department of Justice • German Government Cyber Security Divisions (BSI) • Organization of American States • National Association of Corporate Directors • European Confederation of Director Associations • Japanese Federation of Businesses • International Auditing Association 29
NACD Principles • Cyber is not an IT issue • Bds need to understand their unique legal obligations • Bds need to access adequate cyber security expertise • MANAGEMENT needs to provide a cyber security framework (tech and structural) • MANAGEMENT must do risk assessment 30
Economics Discussion between Management and Board • Principle #4 Management needs to provide Board with a Framework for enterprise wide cyber risk • Management be structured for enterprise wide enterprise wide cyber risk assessments (not just IT) • Principle #5 Management must provide board with analysis of risks to avoid, accept, mitigate or transfer via insurance. • Management present the board with an economics based cyber risk assessment tying cyber risk to the business 31
NACD P 4 Having a Framework Hygiene & Cost Effective Hygiene • Basic Models – NIST - ISO - PCIS • Restricting User installation of applications (whitelisting) • Ensuring operational systems is patched with current updates • Ensuring software applications have current updates • Restricting administrative privileges 32
NACD P 4: Having a Management Framework for the Digital Age • Traditional view of board involvement in cyber security • NACD approach • Developing Cyber policy from the top down • Industrial Age structures don’t fit the digital age issues – like cyber • Cyber Security is “just like” legal and finance 33
Principle 4: Knowledge & Skills for Cyber Risk Management • Critical thinking • Understanding of probability • Training in calibrated estimation • Comfort with numbers • Familiarity decision methods • Familiarity with the business • Proper Cyber Risk Management uses a systematic, ideally empirical, enterprise wide risk assessment and management framework 34
Principle 4. Management must provide a Framework 35
ANSI-ISA Program • Recommends an enterprise wide cyber risk team that meets regularly and has its own budget • CFO strategies • HR strategies • Legal/compliance strategies • Operations/technology strategies • Communications strategies • Risk Management/insurance strategies 36
Three Lines of Cyber Defense --- (3LoD) • Line 1 – operates the business, owns the risk designs and implements operations • Line 2 – defines policy statements & defines RM framework. provides a credible challenge to the first line & responsible for evaluating risk exposure for board to determine risk appetite • Line 3 – commonly internal audit responsible for independent evaluation of the first and second lines 37
The first line of defense • Provide through exam—is the business doing enough? (not one size fits all). Each business line defines the cyber risk they face & weave cyber risk and self assessment into fraud, crisis management and resiliency process. • Business lines need to actively monitor existing and future exposures, vuls threats and assess what impact cber risk has on new tech deployment, client relationships, and business strategies 38
The second line of defense • Should be walled off as a separate independent function. Manages enterprise cyber risk appetite and RM framework within overall enterprise risk –challenges the first line. Determines how to appropriately measure cyber risk and integrates into a risk tolerance statement for the firm • Focus of first and second tiers needs to be on effectively managing risk – not regulatory compliance – although can integrate compliance 39
Third Line of defense • Provides independent objective assessment of firms process across lines one and two with focus on operational effectiveness and efficiency. Traditionally I audit relied on frameworks (NIST) but firms will likely need to develop their own to adapt to enhanced threats • IA perform assessments validate tech infrastructure and third party risks, do independent Pen testing and must stay abreast of threat intel 40
Principle 5 Principle in Modern Cyber Risk Management • Focus not on attacks but impacts • Clear terms, better scoping, no bogus math • Place cyber events in quantitative economic terms • Prioritize cyber risk to the business • Do you need to keep spending on this ____? • Are these risks, really risks, or just innovations? • A new – better – direction for Govt. and Industry -- See Hubbard, FAIR, X-Analytics Models 41
Basic Cyber Risk Assessment Economics Methodology • Using best available data make probabilistic assessment of possible scenarios – looking for accuracy not precision • Focus on scenarios that are probable and have enough expected loss to matter • Calculate best case, worst case, most likely case and what degree of loss is acceptable (risk appetite) • Determine investment required to mitigate to an acceptable level • Option: run multiple scenarios (Monte Carlo simulations) 42
Government Industry Collaboration • We are all on the same side • Is blaming the Victims the right strategy? • Calls for Accountability go both ways – we need more than accountability , we need collaboration • Government and Industry – Legitimately --Assess Cyber Risk Differently from an Economic perspective • Traditional Models and Assumptions Wont Work • The History of the Social Contract 43
The Cyber Security Social Contract • Rethink Industry and Government Roles and Responsibilities • Create Market Incentives to rebalance the economic incentives for cyber security • This will take a lot of work, can it be done? 44
ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events
THANK YOU ? lclinton@isalliance.org linkedin.com/in/larry-clinton-20237b4 https://isalliance.org

Recommended

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 

Recommended

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
EC-Council
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
Starttech Ventures
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 

More Related Content

What's hot

Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
EC-Council
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 

What's hot (20)

Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 

Similar to Advanced Cybersecurity Risk Management: How to successfully address your Cyber-threats?

4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
Starttech Ventures
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Jay Kesan
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
CIONET
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
RambilashTudu
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
Phil Huggins FBCS CITP
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Treating Security Like a Product
Treating Security Like a ProductTreating Security Like a Product
Treating Security Like a Product
VMware Tanzu
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
fmi_igf
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
Edinburgh Napier University
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
Understanding the black hat hacker eco system
Understanding the black hat hacker eco systemUnderstanding the black hat hacker eco system
Understanding the black hat hacker eco system
David Sweigert
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
David Sweigert
 
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
CSO_Presentations
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
Lydia Shepherd
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
SurfWatch Labs
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Don Grauel
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
CBIZ, Inc.
 

Similar to Advanced Cybersecurity Risk Management: How to successfully address your Cyber-threats? (20)

4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Treating Security Like a Product
Treating Security Like a ProductTreating Security Like a Product
Treating Security Like a Product
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Understanding the black hat hacker eco system
Understanding the black hat hacker eco systemUnderstanding the black hat hacker eco system
Understanding the black hat hacker eco system
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 

More from PECB

ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
PECB
 

More from PECB (20)

ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
taiba qazi
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
IreneSebastianRueco1
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
NelTorrente
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Assignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docxAssignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docx
ArianaBusciglio
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
What is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptxWhat is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptx
christianmathematics
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
Aficamten in HCM (SEQUOIA HCM TRIAL 2024)
Aficamten in HCM (SEQUOIA HCM TRIAL 2024)Aficamten in HCM (SEQUOIA HCM TRIAL 2024)
Aficamten in HCM (SEQUOIA HCM TRIAL 2024)
Ashish Kohli
 

Recently uploaded (20)

ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Assignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docxAssignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docx
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
What is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptxWhat is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptx
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
Aficamten in HCM (SEQUOIA HCM TRIAL 2024)
Aficamten in HCM (SEQUOIA HCM TRIAL 2024)Aficamten in HCM (SEQUOIA HCM TRIAL 2024)
Aficamten in HCM (SEQUOIA HCM TRIAL 2024)
 

Advanced Cybersecurity Risk Management: How to successfully address your Cyber-threats?

  • 1. 1
  • 2. • Understanding the inverted economics of cyber security and the incentives for cyber crime – how bad are things? (really bad) • Understanding the Inefficiencies of traditional cyber risk assessment and risk management – why we are not making more progress? • Becoming Digitally structured -- Resetting the roles and responsibilities regarding cyber security in the organization • Developing empirical, economics based cyber risk assessment techniques – what you need to be providing to the board What We Will Cover Today 2
  • 3. Cyber Crime: The numbers • Costs of cyber criminal activity vary between hundreds of billions to a trillion dollars a year or more – between 1-2% Global GDP • One major ISP reports it sees 80 billion malicious scans a day • 300 million new malicious viruses are created every day • There were 4.8 billion records lost due to data breaches in 2016 • There are 4000 Ransomware attacks every day • We spend $200,000 per minute on regulations and audits-- costs projected to go up 2X by 2020 & several hundred times by 2030 3
  • 4. 4 “Cyber criminals are technologically as sophisticated as the most advanced IT companies and like them have moved quickly to adopt AI, cloud, software- as a service (cybercrime-as-a service) and encryption.” Symantec 2018 Cyber Crime Report How Good Are the Bad Guys?
  • 5. Put Succinctly….. “Cybercrime is relentless, undiminished and unlikely to stop. It’s just too easy, rewarding and the chances of getting caught are far too low. Cyber crime also leads on a risk to payoff rate. It is a low risk crime with high profits. A smart cyber criminal can easily make millions without fear of being caught.” McAfee 2018 Cyber Crime Report 5
  • 6. What is the Real Problem? • Marcus Aurelius: Of each thing demand to know what is its essence • The essence of the cyber security problem ? • Selfish Companies? • Bad Technology? • Is it the economy? • The essence of the cyber security problem is that we have an inherently insecure system guarding incredibly valuable data 6
  • 7. Is it the Technology or the Incentives? “We find that misplaced incentives are as important as technical design…security failure is caused as least as often by bad incentives as by bad technological design” Anderson and Moore “The Economics of Information Security” 7
  • 8. Why Don’t We have Better Tech? • We don’t teach secure coding? – because we don’t want to pay for security. • Personally, we really can’t be bothered (seriously) • Government’s point fingers but they are to blame too? • Maybe technological success has come too fast for us to manage it 8
  • 9. Digital innovation is profitable … and risky • “Firms are increasingly competing at different points in the value chain to take advantage of unmet customer needs, less efficient structures, high capital usage and attractive returns. These changes can bring enormous benefits including improved customer experience, greater efficiency & new value creators. HOWEVER, tech driven innovations are expanding the amount of cyber risk and enabling more sophisticated attacks.” World Economic Forum Report on Cyber Security 2018 9
  • 10. Historically, Tech Innovation is good for business – bad for Security • VOIP • Cloud computing • BYOD • International supply chains • You can increase the security of these technologies and practices but it comes at a cost – you are looking for a balance between profitability and security – How do you find it? 10
  • 11. • Offence: Attacks are cheap • Offence: Attacks are easy to launch • Offence: Profits from attacks are enormous • Offence: GREAT business model (“resell” same service) • Defense: Perimeter to defend is unlimited • Defense: Is compromised – hard to show ROI • Defense: Usually a generation behind the attacker • Defense: Prosecution is difficult and rare Cyber Economic Equation: Incentives Favors Attackers 11
  • 12. The Systems are hard to defend “The military’s computer networks can be compromised by low to middling skilled attacks. Military systems do not have a sufficiently robust security posture to repel sustained attacks. The development of advanced cyber techniques makes it likely that a determined adversary can acquire a foothold in most DOD systems and be in a position to degrade DOD missions when and if they choose.” Pentagon Annual Report. 12
  • 13. Digital economics are not obvious “Economists have long known that liability should be assigned to the entity that can manage risk. Yet everywhere we look we see online risk allocated poorly…people who connect their machines to risky places do not bear full consequences of their actions. And developers are not compensated for costly efforts to strengthen their code” Anderson and Moore “Economics of Information Security” 13
  • 14. Won’t the Market Self-Correct? No. • Target up 40% six months after breach • Sony up 30% six months after breach • Home Depot (65 million accounts)---20% increase • JP Morgan stock price stable at first then up 7 % • Sears (Kmart) initially down 18%-- then up 34% • E-bay initially down 6%, then up 15% • On average after initial dip stocks rebound and are up 7% following incidents. 14
  • 15. The real cyber challenge is the economics “The challenge in cyber security is not that best practices need to be developed, but instead lies in communicating these best practices, demonstrating the value in implementing them and encouraging individuals and organizations to adopt them.” The Information Systems Audit and Control Association (ISACA)- March 2011 15
  • 16. We Need to put Cyber Risk in Economic terms to manage it • “Overall, cost was most frequently cited as “the biggest obstacle to ensuring the security of critical networks.” -- PWC • “Making the business case for cyber security remains a major challenge, because management often does not understand either the scale of the threat or the requirements for a solutions.” -- McAfee • “The number one barrier is the security folks who haven’t been able to communicate the urgency well enough and they haven’t actually been able to persuade the decision makers of the reality of the threat in business terms.” -- CSIS 16
  • 17. Traditional vs Leading Edge Cyber Risk Management. • Checking boxes --- the more you check the more mature you are and hence the more secure, right? • Which unchecked box do we focus on? • How much risk reduction do we get from checking one box over the other? • What’s the difference between yellow and green? (3 and 4?) … garbage in … garbage out • We need prioritization, cost based, empirical 17
  • 18. Problems with Traditional Cyber Risk Assessment • People (even “experts”) have different meanings for terms like “likely” “probable” “unlikely” “extremely unlikely” • Things like heat maps imply certainty but can’t tell you: • How much money you will lose ? • How probable the scenario is ? • What is the adequate risk reduction cost ? 18
  • 19. Problems with Traditional Cyber Risk Assessment – It doesn’t work “There is not a single study indicating that the use of such methods actually reduces risk.” Doug Hubbard How to Measure Anything in Cyber Security 19
  • 20. Start at the beginning: What is a Risk? • Insiders? • Supply Chain? • Mobile Technology? 20
  • 21. How much risk is there? A little None A lot 21
  • 22. A little None A lot How much risk is there? 22
  • 23. How much risk is there? A little None A lot 23
  • 24. What Is Risk • Risk is best conceptualized as a quantity. It is a measure of future loss from a given scenario representing how much money an organization might lose from a given scenario over time 24
  • 25. 25
  • 26. NACD Handbook Approach to Cyber • Guidelines from the NACD advise that Boards should view cyber-risks from an enterprise-wide standpoint and understand the potential legal impacts. They should discuss cybersecurity risks and preparedness with management, and consider cyber threats in the context of the organization’s overall tolerance for risk. -- PWC 2016 Global Information Security Survey 26
  • 27. Boards are now using the NACD Handbook • Boards appear to be listening to this advice. This year we saw a double-digit uptick in Board participation in most aspects of information security. Deepening Board involvement has improved cybersecurity practices in numerous ways. As more Boards participate in cybersecurity budget discussions, we saw a 24% boost in security spending. -- PWC 2016 Global Information Security Survey 27
  • 28. NACD Yields Actual Security Improvements • Notable outcomes cited by survey respondents include identification of key risks, fostering an organizational culture of security and better alignment of cybersecurity with overall risk management and business goals. Perhaps more than anything, Board participation opened the lines of communication between the cybersecurity function and top executives and directors -- PWC 2016 Global Information Security Survey 28
  • 29. Orgs Endorsing Cyber Risk Handbooks Globally • US Department of Homeland Security • US Department of Justice • German Government Cyber Security Divisions (BSI) • Organization of American States • National Association of Corporate Directors • European Confederation of Director Associations • Japanese Federation of Businesses • International Auditing Association 29
  • 30. NACD Principles • Cyber is not an IT issue • Bds need to understand their unique legal obligations • Bds need to access adequate cyber security expertise • MANAGEMENT needs to provide a cyber security framework (tech and structural) • MANAGEMENT must do risk assessment 30
  • 31. Economics Discussion between Management and Board • Principle #4 Management needs to provide Board with a Framework for enterprise wide cyber risk • Management be structured for enterprise wide enterprise wide cyber risk assessments (not just IT) • Principle #5 Management must provide board with analysis of risks to avoid, accept, mitigate or transfer via insurance. • Management present the board with an economics based cyber risk assessment tying cyber risk to the business 31
  • 32. NACD P 4 Having a Framework Hygiene & Cost Effective Hygiene • Basic Models – NIST - ISO - PCIS • Restricting User installation of applications (whitelisting) • Ensuring operational systems is patched with current updates • Ensuring software applications have current updates • Restricting administrative privileges 32
  • 33. NACD P 4: Having a Management Framework for the Digital Age • Traditional view of board involvement in cyber security • NACD approach • Developing Cyber policy from the top down • Industrial Age structures don’t fit the digital age issues – like cyber • Cyber Security is “just like” legal and finance 33
  • 34. Principle 4: Knowledge & Skills for Cyber Risk Management • Critical thinking • Understanding of probability • Training in calibrated estimation • Comfort with numbers • Familiarity decision methods • Familiarity with the business • Proper Cyber Risk Management uses a systematic, ideally empirical, enterprise wide risk assessment and management framework 34
  • 35. Principle 4. Management must provide a Framework 35
  • 36. ANSI-ISA Program • Recommends an enterprise wide cyber risk team that meets regularly and has its own budget • CFO strategies • HR strategies • Legal/compliance strategies • Operations/technology strategies • Communications strategies • Risk Management/insurance strategies 36
  • 37. Three Lines of Cyber Defense --- (3LoD) • Line 1 – operates the business, owns the risk designs and implements operations • Line 2 – defines policy statements & defines RM framework. provides a credible challenge to the first line & responsible for evaluating risk exposure for board to determine risk appetite • Line 3 – commonly internal audit responsible for independent evaluation of the first and second lines 37
  • 38. The first line of defense • Provide through exam—is the business doing enough? (not one size fits all). Each business line defines the cyber risk they face & weave cyber risk and self assessment into fraud, crisis management and resiliency process. • Business lines need to actively monitor existing and future exposures, vuls threats and assess what impact cber risk has on new tech deployment, client relationships, and business strategies 38
  • 39. The second line of defense • Should be walled off as a separate independent function. Manages enterprise cyber risk appetite and RM framework within overall enterprise risk –challenges the first line. Determines how to appropriately measure cyber risk and integrates into a risk tolerance statement for the firm • Focus of first and second tiers needs to be on effectively managing risk – not regulatory compliance – although can integrate compliance 39
  • 40. Third Line of defense • Provides independent objective assessment of firms process across lines one and two with focus on operational effectiveness and efficiency. Traditionally I audit relied on frameworks (NIST) but firms will likely need to develop their own to adapt to enhanced threats • IA perform assessments validate tech infrastructure and third party risks, do independent Pen testing and must stay abreast of threat intel 40
  • 41. Principle 5 Principle in Modern Cyber Risk Management • Focus not on attacks but impacts • Clear terms, better scoping, no bogus math • Place cyber events in quantitative economic terms • Prioritize cyber risk to the business • Do you need to keep spending on this ____? • Are these risks, really risks, or just innovations? • A new – better – direction for Govt. and Industry -- See Hubbard, FAIR, X-Analytics Models 41
  • 42. Basic Cyber Risk Assessment Economics Methodology • Using best available data make probabilistic assessment of possible scenarios – looking for accuracy not precision • Focus on scenarios that are probable and have enough expected loss to matter • Calculate best case, worst case, most likely case and what degree of loss is acceptable (risk appetite) • Determine investment required to mitigate to an acceptable level • Option: run multiple scenarios (Monte Carlo simulations) 42
  • 43. Government Industry Collaboration • We are all on the same side • Is blaming the Victims the right strategy? • Calls for Accountability go both ways – we need more than accountability , we need collaboration • Government and Industry – Legitimately --Assess Cyber Risk Differently from an Economic perspective • Traditional Models and Assumptions Wont Work • The History of the Social Contract 43
  • 44. The Cyber Security Social Contract • Rethink Industry and Government Roles and Responsibilities • Create Market Incentives to rebalance the economic incentives for cyber security • This will take a lot of work, can it be done? 44
  • 45. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events

Editor's Notes

  1. Global Voices Campaign – July 24, 2019
  2. Imagine you have a tire so bald, you can barely tell if there was ever any tread there.
  3. Imagine you have a tire so bald, you can barely tell if there was ever any tread there.