SlideShare a Scribd company logo

Cyber Crime Simulation Game - incl quick overview of ISO 27001

PECB
PECB

This document provides an overview of Business As Usual (BAU), an Australian consulting firm that specializes in business continuity, disaster recovery, risk management, and information security services. BAU works with organizations across multiple industries and geographic regions to help them achieve certifications like ISO 27001. The document introduces BAU's managing director, Rinske Geerlings, and describes some of the training and consulting services offered, like gap assessments, implementation support, and certification preparation. It also advertises upcoming public training courses on standards like ISO 27001.

Education
1 of 36
Cyber Crime Simulation Game incl quick overview of ISO 27001 Ms Rinske Geerlings MD, Business As Usual (Australia)
2 Business As Usual (BAU) snapshot • Constantly implementing Business Continuity, Disaster Recovery, Service Continuity, Security and Risk Management with medium & large organisations across industries • Geographical dispersion: Projects in Australia, New Zealand, Asia, Pacific, East Africa, Latin America and Europe • ISO 22301 / ISO 27001 / ISO 28000 / ISO 31000 public and in-house training (PECB Gold training partner) • All work and documentation is done in an easy-to-use and engaging way, whilst in accordance with international standards (incl. ISO, COBIT DSS4, ITIL SCM, APRA SPS/CPS 232, Bank Negara Malaysia, MAS, EAC, SS540 etc)
3 Some of our clients
4 • Gap analysis/‘health check’ • Consultancy/implementation • Executive management briefing • Process/framework implementation • Test/exercise facilitation • Training (in-house/public) incl ISO examination Australia wide – Malaysia – Singapore – Philippines – Thailand – East Africa – Europe Latin America – New Zealand – Papua New Guinea – United Arab Emirates Our service offering
5 Rinske Geerlings, Founder, Managing Director & Principal Consultant at BAU • MSc (Engineering) • Accredited consultant & trainer (ISO 22301 Master / ISO 31000 Lead Risk Manager / ISO 27001 Master) • CBCP by Disaster Recovery Institute (DRI) International • MBCI (Business Continuity Institute) and RMIA member • ITIL (IT Infrastructure Library) Master and COBIT certified • Participant in AllFinance in the lead-up to APRA’s BCM standard (2005) • Presented at 100+ BCM, Risk and Security related seminars/conferences • 20+ years of consulting experience globally • Awarded Alumnus of the Year 2012 (Delft, Netherlands) • Awarded Business Woman of the Year 2010-2013 (BPW, global NGO with UN consultative status) • Awarded Risk Consultant of the Year 2017 (Australasia) by RMIA Who am I?
6 Are you in… • Financial Services (banking, insurance)? • Local/State/Federal Government, or emergency services? • (Health) care? • Technology or utility sectors? • Retail, manufacturing or transport? • Media? • Consultancy? • Other? What about you?
7
8
9 0 points: “Yikes! We’d struggle...” 1 point: “We’d be in a state of flux, looking for some pieces to the puzzle, but we’ll be fine” 2 points: “We’re sweet! We’ve tested the plan, we know our roles, we’re ready with our media response... Bring it on” Your answer… be honest!
10 World Economic Forum 2017 Global risks of highest concern
11 Global risks of highest concern World Economic Forum 2017
12
13 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) ISO 27001 - Will it break or make you?
14 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) • Not just regarding electronic information ISO 27001 - Will it break or make you?
15 ISO 27001 – Security Controls (Annex A)
16 Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 ISO 27001: Certification training
17 Cyber Crime Simulation Game
18 • Form teams & team captains and complete basic information • Facilitator reveals the scenario • Teams send each other various ‘challenge cards’ (incl. a ‘Joker card’ – available from 2nd round onwards) • Complete each challenge card & ask sender for acceptance: signature & score • Dispute? Facilitator to mediate. • Winner is the team with the highest number of points • Discussion: Conclusions & wrap-up Game structure & Flow
19 Team Captains Who knows a little bit about any of the above? Teams & Captains Team I – Top Health Care’s Senior Management Team II – Top Health Care’s IT and Security specialists (internal & external) Team III – Patient’s Association (lobby group) Team IV – Gov’t Department of Health & Human Services (regulator) Team V – The Media (journalists, bloggers)
20 Complete for your team the standard questions (steps 1 and 2) using sheets provided Basic team information
21 The scenario Phones have been ringing off the hook since this morning, at the 14-hospital and health services group ‘Top Health Care’. Hundreds of patients have been reporting to have received improper/suspicious emails from Top Health Care. Some patients reported the receipt of fictitious offers for discounted health services from Top Health Care, and the email showing their own personal data. Others are reporting the receipt of an email with an attachment listing personal details of 1000s of fellow patients, including name, email address, employment information and protected health information.
22 How realistic is that?
23
24 1. Ask one of the teams around you to give you your first challenge! Note: this cannot be a Joker card in the first round. 2. Fill in your challenge response in the response form provided. 3. Ask challenger for acceptance and a score (must be min 6 to move on) Note: Challenger must actually have further answers/details in mind, in order to be able to reject the response. 4. Dispute? Facilitator to mediate between Team Captains before next challenge can be requested. 5. Ask another team for your next challenge and keep going around the room. Note: You must complete at least one challenge from each team around you… but you can still be smart about picking your challengers! Let the game begin! But first: familiarise yourself with the challenge cards. Next:
25 Conclusions & wrap-up
26 What was the BCP? The manual work- around?
27 Best practice wheel of holistic BCM
28 BCP-on-a-Page
29 BCP-on-a-Page
30 BCP activation toolkit
31 • Dynamic BCM framework > prevent ‘collecting dust on the shelf’ • Consequence-based planning > keep it simple • Caters for fatigue/unavailability of staff • ‘Top down’ approach based on time-critical processes… we don’t need to continue everything to maintain our reputation • Strong focus on communication/notification planning, incl. ‘pull communication’ • Colour-coded, matrix style documentation (incl. ‘BCP on a page’) • Hyperlink/utilise what is already there > don’t duplicate • Toolkit approach to BCP activation > easy to find what we need ‘on the spot’ (e.g. the 1-minute assessment tool) • Optimally use agreed manual workarounds to reduce cost • Overall: Prioritisation focus (being selective to reduce workload) Key differences with traditional approach
32 Any manual work-arounds available?
33 Potential flow-on effects: Implementing a recovery solution shouldn’t bring about a new crisis! Consider ‘recovery risks’
34 ISO 27001 ISO 22301 ISO 31000 COBIT 5 Information Security (IS) Business Continuity Planning (BCP) yes yes Risk Management (RM) IT Governance (ITG)
35 Next ISO Certification Training Courses Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Special prize draw for November! Message me on LinkedIn your reason to receive a free pass and you may be the winner!
36 LinkedIn: Rinske Geerlings More info: www.businessasusual.net.au rinske@businessasusual.net.au Stay in touch

Recommended

Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliancePECB
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...PECB
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 

Recommended

Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliancePECB
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...PECB
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachPECB
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...PECB
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security AspectsPECB
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotectionFileOM
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrityAxon Lawyers
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernancePECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Presention-slides.pdf
Presention-slides.pdfPresention-slides.pdf
Presention-slides.pdfHseAqib
 
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...IIBA_Latvia_Chapter
 

More Related Content

What's hot

Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachPECB
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...PECB
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security AspectsPECB
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotectionFileOM
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrityAxon Lawyers
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernancePECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 

What's hot (20)

Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services Sector
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotection
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 

Similar to Cyber Crime Simulation Game - incl quick overview of ISO 27001

Presention-slides.pdf
Presention-slides.pdfPresention-slides.pdf
Presention-slides.pdfHseAqib
 
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...IIBA_Latvia_Chapter
 
Personalisation of Social Care Pit Stop
Personalisation of Social Care Pit StopPersonalisation of Social Care Pit Stop
Personalisation of Social Care Pit StopDigital Catapult
 
Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...CORE Consulting
 
Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...Eddie Vidal
 
Digital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking eventDigital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking eventInnovation Agency
 
Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Alvin Integrated Services [AIS]
 
Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014Kineo
 
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...Alvin Integrated Services [AIS]
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditPECB
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209suelb
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
QMS Simplified in its very basic context
QMS Simplified in its very basic contextQMS Simplified in its very basic context
QMS Simplified in its very basic contextButchEnalpe
 
Ants and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainAnts and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainPriyanka Aash
 

Similar to Cyber Crime Simulation Game - incl quick overview of ISO 27001 (20)

Presention-slides.pdf
Presention-slides.pdfPresention-slides.pdf
Presention-slides.pdf
 
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
 
Personalisation of Social Care Pit Stop
Personalisation of Social Care Pit StopPersonalisation of Social Care Pit Stop
Personalisation of Social Care Pit Stop
 
Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...
 
Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...
 
Digital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking eventDigital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking event
 
class1 MBA
class1 MBAclass1 MBA
class1 MBA
 
Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?
 
Managing benefits from projects - the NHS way
Managing benefits from projects - the NHS wayManaging benefits from projects - the NHS way
Managing benefits from projects - the NHS way
 
Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014
 
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
 
Leadership through Resilience
Leadership through ResilienceLeadership through Resilience
Leadership through Resilience
 
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
 
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective audit
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
QMS Simplified in its very basic context
QMS Simplified in its very basic contextQMS Simplified in its very basic context
QMS Simplified in its very basic context
 
Ants and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainAnts and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul Rain
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 

Recently uploaded (20)

Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 

Cyber Crime Simulation Game - incl quick overview of ISO 27001

  • 1. Cyber Crime Simulation Game incl quick overview of ISO 27001 Ms Rinske Geerlings MD, Business As Usual (Australia)
  • 2. 2 Business As Usual (BAU) snapshot • Constantly implementing Business Continuity, Disaster Recovery, Service Continuity, Security and Risk Management with medium & large organisations across industries • Geographical dispersion: Projects in Australia, New Zealand, Asia, Pacific, East Africa, Latin America and Europe • ISO 22301 / ISO 27001 / ISO 28000 / ISO 31000 public and in-house training (PECB Gold training partner) • All work and documentation is done in an easy-to-use and engaging way, whilst in accordance with international standards (incl. ISO, COBIT DSS4, ITIL SCM, APRA SPS/CPS 232, Bank Negara Malaysia, MAS, EAC, SS540 etc)
  • 3. 3 Some of our clients
  • 4. 4 • Gap analysis/‘health check’ • Consultancy/implementation • Executive management briefing • Process/framework implementation • Test/exercise facilitation • Training (in-house/public) incl ISO examination Australia wide – Malaysia – Singapore – Philippines – Thailand – East Africa – Europe Latin America – New Zealand – Papua New Guinea – United Arab Emirates Our service offering
  • 5. 5 Rinske Geerlings, Founder, Managing Director & Principal Consultant at BAU • MSc (Engineering) • Accredited consultant & trainer (ISO 22301 Master / ISO 31000 Lead Risk Manager / ISO 27001 Master) • CBCP by Disaster Recovery Institute (DRI) International • MBCI (Business Continuity Institute) and RMIA member • ITIL (IT Infrastructure Library) Master and COBIT certified • Participant in AllFinance in the lead-up to APRA’s BCM standard (2005) • Presented at 100+ BCM, Risk and Security related seminars/conferences • 20+ years of consulting experience globally • Awarded Alumnus of the Year 2012 (Delft, Netherlands) • Awarded Business Woman of the Year 2010-2013 (BPW, global NGO with UN consultative status) • Awarded Risk Consultant of the Year 2017 (Australasia) by RMIA Who am I?
  • 6. 6 Are you in… • Financial Services (banking, insurance)? • Local/State/Federal Government, or emergency services? • (Health) care? • Technology or utility sectors? • Retail, manufacturing or transport? • Media? • Consultancy? • Other? What about you?
  • 7. 7
  • 8. 8
  • 9. 9 0 points: “Yikes! We’d struggle...” 1 point: “We’d be in a state of flux, looking for some pieces to the puzzle, but we’ll be fine” 2 points: “We’re sweet! We’ve tested the plan, we know our roles, we’re ready with our media response... Bring it on” Your answer… be honest!
  • 10. 10 World Economic Forum 2017 Global risks of highest concern
  • 11. 11 Global risks of highest concern World Economic Forum 2017
  • 12. 12
  • 13. 13 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) ISO 27001 - Will it break or make you?
  • 14. 14 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) • Not just regarding electronic information ISO 27001 - Will it break or make you?
  • 15. 15 ISO 27001 – Security Controls (Annex A)
  • 16. 16 Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 ISO 27001: Certification training
  • 18. 18 • Form teams & team captains and complete basic information • Facilitator reveals the scenario • Teams send each other various ‘challenge cards’ (incl. a ‘Joker card’ – available from 2nd round onwards) • Complete each challenge card & ask sender for acceptance: signature & score • Dispute? Facilitator to mediate. • Winner is the team with the highest number of points • Discussion: Conclusions & wrap-up Game structure & Flow
  • 19. 19 Team Captains Who knows a little bit about any of the above? Teams & Captains Team I – Top Health Care’s Senior Management Team II – Top Health Care’s IT and Security specialists (internal & external) Team III – Patient’s Association (lobby group) Team IV – Gov’t Department of Health & Human Services (regulator) Team V – The Media (journalists, bloggers)
  • 20. 20 Complete for your team the standard questions (steps 1 and 2) using sheets provided Basic team information
  • 21. 21 The scenario Phones have been ringing off the hook since this morning, at the 14-hospital and health services group ‘Top Health Care’. Hundreds of patients have been reporting to have received improper/suspicious emails from Top Health Care. Some patients reported the receipt of fictitious offers for discounted health services from Top Health Care, and the email showing their own personal data. Others are reporting the receipt of an email with an attachment listing personal details of 1000s of fellow patients, including name, email address, employment information and protected health information.
  • 23. 23
  • 24. 24 1. Ask one of the teams around you to give you your first challenge! Note: this cannot be a Joker card in the first round. 2. Fill in your challenge response in the response form provided. 3. Ask challenger for acceptance and a score (must be min 6 to move on) Note: Challenger must actually have further answers/details in mind, in order to be able to reject the response. 4. Dispute? Facilitator to mediate between Team Captains before next challenge can be requested. 5. Ask another team for your next challenge and keep going around the room. Note: You must complete at least one challenge from each team around you… but you can still be smart about picking your challengers! Let the game begin! But first: familiarise yourself with the challenge cards. Next:
  • 26. 26 What was the BCP? The manual work- around?
  • 27. 27 Best practice wheel of holistic BCM
  • 31. 31 • Dynamic BCM framework > prevent ‘collecting dust on the shelf’ • Consequence-based planning > keep it simple • Caters for fatigue/unavailability of staff • ‘Top down’ approach based on time-critical processes… we don’t need to continue everything to maintain our reputation • Strong focus on communication/notification planning, incl. ‘pull communication’ • Colour-coded, matrix style documentation (incl. ‘BCP on a page’) • Hyperlink/utilise what is already there > don’t duplicate • Toolkit approach to BCP activation > easy to find what we need ‘on the spot’ (e.g. the 1-minute assessment tool) • Optimally use agreed manual workarounds to reduce cost • Overall: Prioritisation focus (being selective to reduce workload) Key differences with traditional approach
  • 33. 33 Potential flow-on effects: Implementing a recovery solution shouldn’t bring about a new crisis! Consider ‘recovery risks’
  • 34. 34 ISO 27001 ISO 22301 ISO 31000 COBIT 5 Information Security (IS) Business Continuity Planning (BCP) yes yes Risk Management (RM) IT Governance (ITG)
  • 35. 35 Next ISO Certification Training Courses Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Special prize draw for November! Message me on LinkedIn your reason to receive a free pass and you may be the winner!