Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to Build a Successful Cybersecurity Program?

880 views

Published on

How to Build a Successful Cybersecurity Program?

Is your cybersecurity program delivering on its promise? How do you know it works? Cybersecurity programs involve a significant investment in people, technology and time, so you need to ensure they help mitigate cyber risk effectively.

The webinar covers:

• Explain why assurance is so important for managing cyber risk
• Describe the key features of a successful cybersecurity program
• Highlight the role of a cyber assurance program in overall risk management
• Present essential steps required to deliver effective cybersecurity.

Date: November 06, 2019
Recorded webinar:

Published in: Education
  • Be the first to comment

  • Be the first to like this

How to Build a Successful Cybersecurity Program?

  1. 1. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 1 Mark Chaplin Information Security Forum
  2. 2. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 2 Agenda 1. About the Information Security Forum 2. Context – Business operations 3. Drivers for cyber security 4. Cyber threat landscape 5. Cyber security challenges 6. The role of cyber risk management 7. Cyber security programme – Key ingredients 8. Building a cyber security programme 9. Remaining business and risk focused 10. Getting started – 5 takeaways
  3. 3. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 3 We are an international association of over 480 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. Our Members include over 99 international banks and financial institutions T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the Information Security Forum (ISF)
  4. 4. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 4 ISF services help business leaders and information security practitioners to address business issues across the enterprise What are the issues faced by: • Board Members • Chief Information Security Officers • Information Security Managers • Business Managers • IT Managers and Technical Staff • Internal and External Auditors • IT Service Providers • Procurement and Vendor Management Teams • Understanding cyber risk as a key component of the business strategy • Mounting volumes of critical and sensitive information • Increasing economic, legal and regulatory pressures • Greater focus on privacy and data protection • Increased dependency on the supply chain • Need to be agile and competitive • Changing culture of end users • Increased use of diverse technology • Business impact of incidents • Emerging and changing threats • Globalisation and cyber security
  5. 5. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 5 Context – Business operations • Strategy • Commerce • Products and services • Supply chain • Workforce • Location and premises • Power and telecommunications
  6. 6. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 6 Drivers – Board expectations 1. Preparedness for a crisis 2. Situational awareness 3. Basic cyber protection measures 4. Resilience 5. Proven and effective risk management 6. Good practice in security governance 7. Assurance
  7. 7. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 7
  8. 8. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 8 Technology • Legacy to emerging • Information technology to operational technology • Cloud / Virtualisation • Artificial intelligence / Quantum computing • Blockchain / Internet of Things Every second • 4,193 Skype calls • 81GB of Internet traffic • 78,000 Google searches • 81,000 YouTube videos viewed • 2,851,735 emails sent Drivers - Information and technology https://www.internetlivestats.com
  9. 9. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 9 The Wall Street Journal, The Guardian Weekly, China Daily, The Straits Times, UCL European Institute, The Washington Post Drivers - Information and technology
  10. 10. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 10 Cyber threat landscape www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 2009 2019
  11. 11. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 11 World’s Biggest Data Breaches & Hacks InformationIsBeautiful.net using data from Identity Theft Resource Center and DataBreaches.net
  12. 12. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 12 Cyber threat landscape New York Times, Wired Magazine, Reuters, Foreignpolicy.com, BBC, The Independent, The Telegraph, The Washington Post, The Huffington Post, The Guardian Nigeria, Arab News, Energy Voice
  13. 13. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 13 Profit-driven attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
  14. 14. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 14 Major financially-motivated breaches Privacy Rights Clearinghouse Data Breaches
  15. 15. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 15 Tangible loss from cyber attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
  16. 16. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 16 Cyber security challenges • Poor terminology • Insufficient quality/validate risk data • Focus on assessment not management • Lack of integration with business risk management • Inadequate tooling • Difficulties interpreting data, communicating risk and making key business decisions • Measurement of the wrong data points • Limited to no assurance of risk management
  17. 17. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 17 • Reduce uncertainty • Quantify risk in terms of clear probability and magnitude • Inform decision making • Prioritise actions • Improve/direct spending • Manage expectations • Prevent bad things from happening • Achieve perfect (100%) security • Reduce loss to zero • Demonstrate compliance • Support a subjective need • Make people feel comfortable • Identify scapegoats The role of cyber risk management
  18. 18. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 18 Cyber risk management objectives 1. Reduce the frequency of successful cyber threat events 2. Reduce the financial loss of cyber loss events
  19. 19. ©2018 Information Security Forum Limited How to Build a Successful Cyber Security Program 19 Cyber security programme – Key ingredients • Governance • Management • Methodology • Architecture / Control framework • Tooling • Measurement and analysis • Visualisation / Communication • Decision support and action • Assurance and improvement • Supply chain • Resilience • Asset management • Business process mapping • Event management and metrics • Threat and vulnerability management • Audit/assessments • Incident management
  20. 20. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 20 Benefits of applying a business and risk-based approach 1. More consistent use of risk management language with key decision-makers 2. Greater understanding of the threat landscape and corresponding losses 3. Justified confidence in the adequacy of the methodology 4. Effective use of risk appetite (aversion / tolerance) 5. Integration with broader risk management disciplines and practices 6. Continuous evaluation and improvement 7. Target spending, reduce exposure and minimise waste 8. Improve decision-making with cost-benefit analysis 9. Reduce subjectivity and increase objectivity 10. Accurately measure, aggregate and quantify cyber risk
  21. 21. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 21 Remaining business and risk focused Objectives Approach Purpose People Activity Communication Measurement CEO and Leadership Team CISO and Security Function
  22. 22. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 22 Getting started – 5 take-aways 1. Test and update cyber incident / crisis management capabilities 2. Improve basic cyber protection 3. Establish cyber situational awareness 4. Focus on reducing the frequency of adverse cyber events and the subsequent financial loss, when they occur 5. Provide continuous assurance of cyber risk mitigation
  23. 23. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec- 27032 www.pecb.com/events
  24. 24. THANK YOU ? mark.chaplin@securityforum.org linkedin.com/in/markchaplin

×