World Continuity Congress conference on 7th October 2015 at Pullman Putrajaya Lakeside by BCM Institute

2. Cyber Resilience – Strengthening
Cybersecurity Posture & Preparedness
Philip Victor
Head of Market Development (APAC), (ISC)2
pvictor@isc2.org

4. The Threat Landscape in SE Asia
• Enterprises in Asia spent about $230 billion in
2014 to deal with issues caused by malware
deliberately loaded onto pirated software,
according to IDC and the National
University of Singapore.
– Of $230 billion: $59 billion to deal with security
issues
– $170 billion for data breaches

5. C-suite Attitude towards Security
A survey released in Nov 2014 by Vanson Bourne, sponsored by BT Global, reveals
that the wrong attitude about security, starting at the top and trickling downwards, is
putting organizations at serious risks.
Uptake of BYOD (Bring Your Own Device) and COPE (Corporately Owned
Personally-Enabled) devices at workplace

6. Strengthening Cyber Resilience
• Understand the security
architecture
• Access the environment
• Risk assessment
• Understand the business
• Monitor the environment
• Qualified, certified security
personnel

7. Understand Security Architecture
• Use of appropriate
technologies to
provide/protect
architecture
• Protect your
network
• Content inspection

8. Assess the Environment
• Risk Assessment
• Continuous Vulnerability
Assessment

9. Risk Assessment
Understand internal
(on premise) vs. use
of cloud solutions.

10. Understand Your Business

11. Monitor

12. People

13. People
• User Education/Awareness
• Qualified, Certified Security Personnel
• Ethics

14. DoD 8570 Approved Baseline
Certifications

15. DoD 8140
DoD 8140 model which is based on the U.S. National Institute of Standard and Technology
(NIST) National Initiative for Cybersecurity Education (NICE) standard

16. USA’s National Initiative for Cybersecurity
Education (NICE)
Cybersecurity Workforce Framework

17. Federal Information Security Management Act
CAP Domains:
• Risk Management Framework (RMF)
• Categorization of Information Systems
• Selection of Security Controls
• Security Control Implementation
• Security Control Assessment
• Information System Authorization
• Monitoring of Security Controls

18. Executive Order 13636
Cybersecurity Framework

19. NICCS Portal

20. NICF Framework in Singapore
• The National Infocomm Competency Framework
(NICF) developed by Infocomm Development
Authority of Singapore (iDA) and Singapore
Workforce Development Agency (WDA)
• The NICF Overview Map is a snapshot of the
Infocomm sector
• Serves as a reference for career progression and
corresponding training pathways leading to NICF
qualifications.
• Similar to DoD 8140 model

21. National Infocomm Competency
Framework Map
You can go to the interactive map to learn more
http://www.nicf.sg/NicfOverview/InteractiveMap.aspx

22. Infocomm Security
• Involves in
protecting
hardware,
software,
network and
services of an
organization
against
unauthorized
access,
modification,
destruction, or
disclosure

23. Global Academic Program
Education
Research
Outreach

24. Information security
professionals must be
highly adaptable in
learning and applying
new skills, technologies,
and procedures.
Critical Times Demand Critical Skills

25. Thank You
Philip Victor
Head of Market Development (APAC), (ISC)2
pvictor@isc2.org