SlideShare a Scribd company logo

Journal of Business Continuity & Emergency Planning Volume 7 N.docx

Download as DOCX, PDF
C
christiandean12115

Journal of Business Continuity & Emergency Planning Volume 7 Number 2 Cyber security: A critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack Jason Mallinder and Peter Drabwell Received (in revised form): 15th July 2013 Credit Suisse, Zürich, Switzerland E-mail: [email protected] Jason Mallinder joined Credit Suisse in 1998, initially managing the Access Control team in London. During his time at the bank, he has managed a number of teams and programmes in the identity management and IT risk manage- ment areas. In July 2011, Jason moved to focus on operational risk management within the investment bank for a year, before returning to technology risk management as the EMEA regional head. Prior to joining Credit Suisse, Jason worked at Aon Risk Services for seven years and he has supported his career by achieving qualifications in both risk management and project management Peter Drabwell is a senior technology risk ana- lyst at Credit Suisse within the Risk Management division, responsible for private banking, wealth management and shared services IT clients across EMEA. Prior to joining Credit Suisse, Peter was responsible for the risk assessment of ABN AMRC/RBS IT integration, and the devel- opment of risk management strategy for mergers, acquisition and divestitures. Peter is an active member of the ISC(2) European Advisory Board and is currently President of the ISACA London Chapter. ABSTRACT Cyber threats are growing and evolving at an unprecedented rate. Consequently, it is becoming vitally important that organisations share infor- mation internally and externally before, during and after incidents they encounter so that les- sons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive infor- mation or because it may be vague or incom- plete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business conti- nuity plan should address to plan effectively for information sharing in the event of a cyber incident. Keywords: cyber, threat, incident, infor- mation security, business continuity planning, intelligence, prevention, detection, response INTRODUCTION Cyber threats are growing and evolving at an unprecedented rate.^ Rapidly evolving cyber criminal networks have already recognised the value of intelligence shar- ing and collaboration as evidenced by the growing number and sophistication of Journal of Business Continuity & Emergency Planning Vol.7 No. 2, pp. 103-111 © Henry Stewart Publications, 1749-9216 Underground forums and information exchan.

Education
1 of 26
Journal of Business Continuity & Emergency Planning Volume 7 Number 2 Cyber security: A critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack Jason Mallinder and Peter Drabwell Received (in revised form): 15th July 2013 Credit Suisse, Zürich, Switzerland E-mail: [email protected] Jason Mallinder joined Credit Suisse in 1998, initially managing the Access Control team in London. During his time at the bank, he has managed a number of teams and programmes in the identity management and IT risk manage- ment areas. In July 2011, Jason moved to focus on operational risk management within the investment bank for a year, before returning to technology risk management as the EMEA regional head. Prior to joining Credit Suisse, Jason worked at Aon Risk Services for seven years and he has supported his career by achieving qualifications in both risk management and project management Peter Drabwell is a senior technology risk ana- lyst at Credit Suisse within the Risk Management division, responsible for private banking, wealth
management and shared services IT clients across EMEA. Prior to joining Credit Suisse, Peter was responsible for the risk assessment of ABN AMRC/RBS IT integration, and the devel- opment of risk management strategy for mergers, acquisition and divestitures. Peter is an active member of the ISC(2) European Advisory Board and is currently President of the ISACA London Chapter. ABSTRACT Cyber threats are growing and evolving at an unprecedented rate. Consequently, it is becoming vitally important that organisations share infor- mation internally and externally before, during and after incidents they encounter so that les- sons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive infor- mation or because it may be vague or incom- plete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business conti- nuity plan should address to plan effectively for information sharing in the event of a cyber incident. Keywords: cyber, threat, incident, infor-
mation security, business continuity planning, intelligence, prevention, detection, response INTRODUCTION Cyber threats are growing and evolving at an unprecedented rate.^ Rapidly evolving cyber criminal networks have already recognised the value of intelligence shar- ing and collaboration as evidenced by the growing number and sophistication of Journal of Business Continuity & Emergency Planning Vol.7 No. 2, pp. 103-111 © Henry Stewart Publications, 1749-9216 Underground forums and information exchanges." Government and industry information sharing is far less advanced. While organisations are beginning to recognise the imperative for cyber infor- mation sharing, they still face the chal- lenge of balancing transparency and confidentiality. This challenge is significantly increased given the growing interconnectivity between organisations and their partners; by way of example, it is increasingly common for attackers seeking sensitive information to target an organisation's
supply chain (the attack vector being focused on a third-party vendor in order to reach the principal target). An example of such a data breach recently occurred at Bank of America, whereby attackers man- aged to successfully access employee and executive data stored through a third-party subcontractor. What is particularly inter- esting about this attack is that it was allegedly motivated by a project initiated by Bank of America to monitor publicly available information in an effort to iden- tify security threats. The increasing complexity of supply chains coupled w îth the adoption of cloud-based services places greater onus on organisations to understand where their data are and to ensure that they are man- aged appropriately, in order to prevent sup- pliers' vulnerabilities from becoming their ow n̂ . This further emphasises the impor- tance of information exchange regarding cyber incidents within a supply chain.'* Commonality between cyber land- scapes within organisations increases the appeal of exploiting shared weaknesses as malicious parties find cyber attacks that can be reused against multiple targets to be more attractive. Organisations and indus- tries with mechanisms to disseminate information about cyber-attacks rapidly not only help others to minimise the impact from such incidents but also
decrease the long-term attractiveness of themselves and their industry as targets. Despite the challenges, organisations can take steps to enable their ability to share information before during and after cyber incidents, helping organisations and industries to buud more resilient operating frameworks, while presenting themselves as less attractive targets. PRE-INCIDENT DATA MANAGEMENT Cyber incidents are increasingly expensive and prevention is better than cure. Accordingly to a recent survey by the UK Department for Business, Innovation and Skills, the average cost of the worst security breach of the year is presently in the region of/;450,000 to X;850,000 and ^35,000 to ;£65,000 for large organisa- tions (>250 staff) and small business (<50 staff), respectively.^ The report adds: 'in total, the cost to UK pic of security breaches is of the order of billions of pounds per annum — it's roughly tripled over the last year'. Information can be used to enhance the organisation's ability to manage its data and its defences efficiently and effectively. Sources of information that an organisa- tion can use as part of its incident manage- ment strategy can be varied, from independent sources of threat analysis (eg information related to tools, techniques
and resources being used by attackers to breach cyber defences) and published industry-specific trends to third-party sup- plier/vendor reports of anomalies worthy of further review.^ Given the increasing dependence on third parties and growing inter-connectiv- ity, organisations should consider adopting a more collaborative, 'partner' approach to incident management data exchange and analysis. The business operating landscape is becoming more complex to manage Mallinder and Drabwell (especially with increasing outsourced dependencies). As a consequence, the chal- lenge is to ensure that the organisation is capturing the right data and performing the correct levels of analysis. The term 'the right data' refers to information assets that assist the organisation in: • identifying entities that may be target- ing the organisation, their methods and their motivations; • identifying emerging threats by analysis of industry sector/technical/supplier data;
• identifying, where possible, best prac- tices and countermeasures to mitigate the threat. Programmes designed to promote under- standing of cyber risk, such as the Information Security Forum's Cyber Special Interest Group and the World Economic Forum's Partnering for Cyber Resilience,'' provide useful data-sharing guidance by means of a common set of shared principles that organisations and their suppliers can agree upon and w ôrk to. Small and medium enterprises increas- ingly face internal skills and resource chal- lenges to effectively identify, assess and remedy cyber security risks. Resources such as the UK's Cyber-security Framework for Business^ and IT Governance's Cyber Security Risk Assessment service^ seek to promote good practice in this area. Key questions to consider with regard to sharing cyber incident information include: • What information needs to be shared? • Where third-party vendor relationships are in scope, should formal agreements be put in place between important enti- ties in order to establish the appropriate channels of incident management com- munication?
• When should information be shared? • How will information be shared? • Which information-sharing models are in scope during the pre-incident stage or business as usual? • Has a decision-tree structure been defined to address any ad hoc data man- agement or communication issues high- lighted during an incident that require a timely response? What information needs to be shared? In the context of a service outage/emer- gency it may be that only a subset of data may be valuable to share. While it is understood that it would be impossible to anticipate all incident combinations, some preparatory investment with regard to important information requirements may save valuable time in the midst of managing an incident. By way of exam- ple, organisations should consider the consequences of information sharing and consistency of message approach. A recent online, phone and cashpoint serv- ice outage by the Royal Bank of Scotland Group led to a call for compensation by customers. One such case'̂ resulted in the bank initially offering ¿?>0 to a customer for inconvenience/embarrassment caused, which was raised to ¿IQ when he declined. News of the appeal success sub- sequently spread to social networks,
whereby thousands of like-minded cus- tomers learned of the case and pushed for their own compensation payment increases. As a consequence, the original good intention of the bank to compen- sate customers could have potentially backfired due to a lack of planning. Agreeing a consistent information-shar- ing approach ahead of the incident could have potentially saved the bank additional negative publicity while promoting a fair and equitable process for customers. In order for incident management to be effective, collaboration with important parties is essential; hence, communication and information sharing are required while being mindful of the need to know principles (particularly with regard to legal and privacy requirements). Prior consideration of these factors will save precious time in the midst of an incident. Where third-party vendor relationships are in scope, should there be formal agreements between important entities to establish the appropriate channels of incident management communication? By way of example, is there a requirement on third-party vendors to report security- related incidents and/or share specific incident data -within an agreed period and format that would prove timely and cost-
effective to the organisation? Whue organ- isations may not explicitly ensure that their third parties are subject to internal company control poHcies, there is poten- tial to imply a consistent behaviour via a formalised agreement/contractual obliga- tions. In order to maintain an acceptable level of expectation management, formal agreements should be in place to ensure that third parties have a tested and suffi- cient incident-response process including (but not limited to): • the maintenance and communication of an up-to-date incident response plan; • the definition of trigger points consti- tuting a formal reporting requirement; • incident reporting timeframes, format, communication channels and content; • the disclosure approval process should the third party need to publish security breach information to an external party; • participation in periodic drills, reviews, staff training and awareness. When should information be shared? Although this paper considers information sharing in three distinct phases (pre, mid and post-incident), organisations should consider in advance whether information
will be shared on an ongoing transfer basis (in case it is required should an incident occur) or shared only in the event of pre- defined incident triggers (ie in response to specific events)? Taking the above areas into account and by way of example, sharing intrusion attempt information could be dissemi- nated quickly to predefined parties on the basis that: • timely dissemination of intrusion attempt data provides valuable aware- ness for organisations; • such data may be shared relatively swiftly as they require less sanitisation/analysis than other data sources; • sharing attempted intrusion data does not reveal any significant detail con- cerning the reporting organisation's security posture other than its detection of the attempt (ie it does not reveal whether the reported attempt was suc- cessful). How will data be shared? All organisations should consider how^ they wul share data, before during and after incidents. This should include whether the security of transmission (ie how data will be exchanged between par- ties) and access control have been acknow^ledged in establishing the data-
sharing protocol at each stage. If there is a requirement for incident data to be preserved for post-incident investigation and/or legal requirements, consideration as to how^ such data wiU be stored and retained should be in scope. Which data-sharing channels are in scope during the pre-incldent/ business as usual stage? The effective deployment of data-sharing Mallinder and Drabwell sources and channels can enable an organ- isation to develop and enhance its cyber incident management strategies. Sharing between organisations can enable partici- pants to develop tailored strategies. Common approaches to information exchange include the following: • Pre-established forums (hub and spoke), which provide additional degrees of data analysis/provenance, correlation and source anonymity. The Warning, Advice and Reporting Point (http://www;warp.gov.uk) structure as provided by the Centre for the Protection of National Infi-astructure is an example of a structured hub and spoke model. In addition, a number of industry-specific forums exist to pro-
vide incident-related data. By way of example, the Aviation Safety Information Analysis and Sharing system^° is focused on the sharing of data fiom airlines to improve air safety. A centrally managed information hub receives information firom multiple air- lines and the Federal Aviation Administration. The resiliency of such exchanges, timeliness of content avail- ability and performance/scalability lim- itations may need to be taken into account with regard to such solutions. • 'Post to all' models, whereby organisa- tions share information directly with a pre-defined membership. Maintaining a common taxonomy and preserving integrity of information content is important to the success of such trusted partner models. • Larger organisations may engage in mul- tiple information exchanges. Where this is the case, the challenge of adopting a standard approach to information shar- ing (eg common taxonomy, automation of processing) such that incident data may be prioritised and correcdy acted upon is a potential area of focus. Has a decision-tree structure been defined to address any ad hoc data management/communication issues highlighted during an incident that require timely response?
When an incident occurs, it is understood that the organisation's management will not have made decisions covering all even- tualities. Having a pre-agreed decision structure in place prior to an incident will save an organisation significant time in the midst of managing an event. This is an important area given the growth of social media adoption, whereby organisations should review their commu- nications strategy with regard to incident management. This should be inclusive of clearance levels and escalation paths (ie who approves corporate messages to clients/external bodies?). Monitoring of social media feeds should also be consid- ered to enable organisations to effectively manage their external profile. Companies such as Digital Shadows (http://digital- shadows.com/) provide monitoring, assessment and consultancy services to help address challenges in this area. Common issues related to social media (especially in the midst of an incident) include impersonation and the prolifera- tion of misinformation. As such, organisa- tions should be mindful of the need to adopt a communication strategy that seeks to address these emerging instances. MID-INCIDENT DATA MANAGEMENT Key questions to consider with regard to sharing information during a cyber inci- dent include the following:
• What risk does data sharing pose? • Will any sensitive data be transferred outside of the pre-approved bound- aries? • Are media channels being adequately managed? What risk does data sharing pose? Organisations must aWays consider whether the risk of sharing information is outweighed by the risk of not sharing it. One example of this is highlighted in the UK government report on lessons learned fi-om the 7th July, 2005 terrorist attacks, which stated, '...in some parts of the emergency response, the requirements of the Data Protection Act were either misin- terpreted or over-zealously applied','' which in turn led to a delayed emergency response. When assessing the risk, organi- sations should consider the potential impact of data sharing to individuals and organisations and individuals' trust in the organisations that keep records about them. In relation to this area, organisations may look to ask whether the incident management objective could be equally achieved without sharing the data in scope or by providing an anonymous cut of said data.
While the case for sensitivity and safe- guarding confidentiality of data is oft:en clear, these should be w^eighed up against the benefits of information sharing, partic- ularly with regard to incident manage- ment, where timely access to such resources may significantly improve an organisation's capability to manage and even prevent attacks. This is v̂ ĥere time invested in identify- ing what types of data each organisation holds (and what is likely to be shared in the event of an incident) will pay off, resulting in a more efficient decision-making process in the event of a real incident. Will any sensitive data be transferred outside of the pre-approved boundaries? Organisations should consider guidance with regard to data protection and regula- tory compliance in line with incident management, especially with regard to potential cross-border data access and transfer positions. By way of example, for organisations based in Europe, if there is a potential requirement for incident data to be transferred outside of Europe, the 8th Principle of the Data Protection Act would need to be considered. Are media channels being adequately managed?
During an incident response when there is less time to consider issues in detail, it can be especially challenging to make judg- ments about whether specific information can be shared. Continuing to stay in touch with the media, checking whether mes- sages concerning the organisation are in line and identifying when to intervene are important pillars of an effective communi- cation strategy. An increased dependency on shared/out-sourced services and the growth of social media solutions makes the management of sensitive data an even greater consideration. A growing area of importance for media consideration is a review of the organisation's communication strategy to ensure a consistent approach. Monitoring of media sources to gather intelligence as w êll as placing a focus on controlling the formal messages disseminated via media channels (identifying any false reporting, which in itself can lead to incident esca- lation, while preserving the timeliness, accuracy and authenticity of communica- tion'" is a important factor to bear in mind. The growing adoption of social media channels makes the above set of consider- ations a more challenging one given the complexity of the landscape, instantaneous broadcast and global reach capabilities. An
important consideration is that of public trust levels. Levels of public unease and media attention naturally increase in the event of an incident. How organisations manage their communication strategy and Maiiinder and Drabweil harness media channels will have a consid- erable impact on this area. POST-INCIDENT DATA MANAGEMENT Key questions to consider with regard to sharing information after an incident include the following: • Have any data/information sharing mechanisms or channels established during the incident been restored to ensure that no subsequent data are being exchanged if it is no longer nec- essary to do so? • Have appropriate controls been applied to safeguard incident data? • What checks should be put in place to ensure that data sharing is meeting its defined objectives with regard to inci- dent management? • Has a post-incident 'lessons learned' review been carried out and have inci- dent plans been updated where neces-
sary to improve data management preparedness for future incidents? Have any data/information sharing mechanisms or channels been restored? It is important to consider recovery and restoration of data, access control and com- munication channels (eg where contin- gency channels were established for incident management purposes). All organ- isations should question whether these have been restored post incident to ensure that no subsequent data are being exchanged when there is no further requirement to do so. This would include tbe recovery and restoration of in-field incident kit, such as laptops, data drives, etc. Have appropriate controls been applied to safeguard incident data? Evidence may need to be retained, not only for post-incident review/investiga- tion but also in light of any in scope legal requirements, whereby data may need to be preserved until all legal actions have been completed. Incident data, which may initially appear insignificant, may subsequently become more important (eg if an attacker is able to use knowledge gathered in one attack to perform a more severe attack later) and evidence from the frrst attack may be important to explaining how the
second attack was accomplished. What checks should be put in place to ensure that data sharing is meeting its defined objectives with regard to incident management? Both the organisation's operating model and risk landscape are constantly evolving. Hence, it is good practice to periodically monitor the effectiveness of any data- sharing strategy to ensure that the essential objectives of effective incident manage- ment are being met. Such a review could be part of a continuous improvement pro- gramme and address specific items such as whether it is still appropriate to share spe- cific data and is tbere an appropriate bal- ance between the sharing requirement and the risk? Organisations should not underestimate the value of a post-incident 'lessons learned' review being carried out, inclu- sive of pre-incident plans being updated wbere necessary to improve data manage- ment preparedness for future incidents. Such reviews should ideally tie back into the organisation's policies and standards, plus training and awareness activities. Post-incident data sharing initiatives to consider may also include the following: • providing training on information han- dling to stakeholders to manage consis- tency of approach;
• creating a cyclical review mechanism to measure the effectiveness of tbe organi- sation's incident data management model, review changes in the regula- tory/operating environments and iden- tify opportunities to refine; developing and communicating policy and guidance on information sharing and sensitivity to ensure compliance with regulatory requirements and objectives. CONCLUSION Given the evolving nature of attack vec- tors (a path or means by which an attacker can attempt to gain access to unauthorised network assets or the mechanisms through which organisations can be attacked) com- bined with the growing complexity of organisational dependency, an effective information-sharing strategy is not a one- size-fits-all approach. In many cases, a hybrid (best in class) approach may be appropriate to promote an agile informa- tion exchange solution. Organisations seeking to set the right balance between information sharing and access control in the context of incident management should seek to apply propor- tionate levels of control over data sources, content and collection methods while
respecting applicable regulatory and policy requirements on data use.''^ In order to manage this objective more effectively, organisations should consider their respective data-sharing strategies as a uve model. As attack vectors, business models and third-party dependencies evolve, there is a need for organisations to continually manage their incident man- agement plans to ensure that they align to their operating environment and continue to remain effective as a result. The areas discussed in this paper pro- vide a common set of considerations for organisations to review w^hen drafting and/or enhancing their respective incident management plans in order to more effec- tively achieve a sensible balance between information sharing and control. REFERENCES (1) Department for Business, Innovation and Skills/PWC (2013) 'Information Security Breaches Survey — Technical Report', available at: https: / /www. gov. uk/government/ uploads/system/uploads/attachment_ data/file/191670/bis-13-pl84-2013- information-security-breaches-survey- technical-report.pdf (accessed 16th July, 2013).
(2) Marinos, L. and Sfakianakis, A. (2013) 'ENISA Threat Landscape — Responding to the Evolving Threat Environment', available at: http://www.enisa.europa.eu/activities/ risk-management/evolving-threat- environment/ENISA_Threat_Landscape (accessed 16th July, 2013). (3) Integrity Research Associates (2013) 'Anonymous Hacks ClearForest', available at: http://www.integrity- research.com/cms/2013/03/05/ anonymous-hacks-clearforest/ (accessed 16th July, 2013). (4) Information Security Forum (2012) 'Securing the Supply Chain', (5) Centre for the Protection of National Infrastructure (2013) 'Critical security controls for cyber defence — in depth', available at: http://www.cpni.gov.uk/ advice/cyber/Critical-controls/in- depth/ (accessed 16th July, 2013). (6) World Economic Forum (2012) 'Partnering For Cyber Resilience: Risk and Responsibility in a Hyperconnected World — Principles and Guidelines', available at: http://rww3.weforum.org/ docs/WEF_IT_PartneringCyber Resilience_Guidelines_2012.pdf (accessed 16th July, 2013). (7) CESG (2012) '10 Steps to Cyber
Security — Executive Companion', available at: http://www.bis.gov.uk/ assets/BISCore/business-sectors/docs/ 0-9/12-1120-10-steps-to-cyber- Mallinder and Drabwell security-executive.pdf (accessed 16th July, 2013). (8) IT Governance (2013) 'New service helps UK SMEs implement government's cyber risk guidance', available at: http://www.it governance.co.uk/media/press- releases/new-service-helps-uk-smes- implement-government%E2%80%99s- c.aspx (accessed 16th July, 2013). (9) BBC Business News (2013) 'RBS to compensate customers after accounts disrupted', available at: http : / /www.bbc. co. uk/news/business- 21694704 (accessed 16th July, 2013). (10) Mitre Corporation (2012) 'Cyber Information-Sharing Models. An Overview', available at: http://www. mitre.org/work/cybersecurity/pdf/cyber _info_sharing.pdf (accessed 16th July, 2013). (11) HM Government (2007) 'Data Protection and Sharing — Guidance for Emergency
Planners and Responders', available at: https://www.gov.uk/government/ uploads/system^/uploads/attachment_data /file/60970/dataprotection.pdf (accessed 16th July, 2013). (12) KPMG (2012) 'The Social Banker - Social Media Lessons from Banking Insiders', available at: http : / /www. kpmg. com/Global/en/ IssuesAndlnsights/ArticlesPublications/ social-banker/Documents/social-media- Iessons-from-banking-insidersv3.pdf (accessed 16th July, 2013). (13) The White House -Washington (2012) 'National Strategy for Information Sharing and Safeguarding', available at: http://vww. whitehouse.gov/sites/ default/files/docs/2012sharingstrategy_ 1.pdf (accessed 16th July, 2013). Copyright of Journal of Business Continuity & Emergency Planning is the property of Henry Stewart Publications LLP and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.
Journal of Business Continuity & Emergency Planning Volume 7 N.docx

Recommended

Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperMarco Essomba
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?CIO Academy Asia Community
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Hewlett Packard Enterprise Business Value Exchange
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4Meg Weber
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 

Recommended

Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperMarco Essomba
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?CIO Academy Asia Community
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Hewlett Packard Enterprise Business Value Exchange
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4Meg Weber
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDIPaul Elliott
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of CybersecurityTheWiltonBainGroup
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber riskaakash malhotra
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeNishantSisodiya
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiBiznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiebuc
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounAlleneMcclendon878
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docxchristiandean12115
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docxchristiandean12115
 

More Related Content

Similar to Journal of Business Continuity & Emergency Planning Volume 7 N.docx

How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber riskaakash malhotra
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeNishantSisodiya
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiBiznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiebuc
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounAlleneMcclendon878
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 

Similar to Journal of Business Continuity & Emergency Planning Volume 7 N.docx (20)

How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDI
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiBiznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspekti
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of Accoun
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 

More from christiandean12115

100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docxchristiandean12115
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docxchristiandean12115
 
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docxchristiandean12115
 
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docxchristiandean12115
 
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docxchristiandean12115
 
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docxchristiandean12115
 
10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docx10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docxchristiandean12115
 
10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docx10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docxchristiandean12115
 
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docxchristiandean12115
 
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docxchristiandean12115
 
10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docx10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docxchristiandean12115
 
10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docx10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docxchristiandean12115
 
10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docx10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docxchristiandean12115
 
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docxchristiandean12115
 
10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docx10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docxchristiandean12115
 
10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docx10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docxchristiandean12115
 
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docxchristiandean12115
 
10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docx10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docxchristiandean12115
 
10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docx10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docxchristiandean12115
 

More from christiandean12115 (20)

100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
 
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
 
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
 
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
 
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
 
10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docx10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docx
 
10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docx10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docx
 
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
 
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
 
10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docx10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docx
 
10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docx10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docx
 
10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docx10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docx
 
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
 
10 Most Common Err.docx
10 Most Common Err.docx10 Most Common Err.docx
10 Most Common Err.docx
 
10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docx10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docx
 
10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docx10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docx
 
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
 
10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docx10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docx
 
10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docx10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docx
 

Recently uploaded

Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

Journal of Business Continuity & Emergency Planning Volume 7 N.docx

  • 1. Journal of Business Continuity & Emergency Planning Volume 7 Number 2 Cyber security: A critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack Jason Mallinder and Peter Drabwell Received (in revised form): 15th July 2013 Credit Suisse, Zürich, Switzerland E-mail: [email protected] Jason Mallinder joined Credit Suisse in 1998, initially managing the Access Control team in London. During his time at the bank, he has managed a number of teams and programmes in the identity management and IT risk manage- ment areas. In July 2011, Jason moved to focus on operational risk management within the investment bank for a year, before returning to technology risk management as the EMEA regional head. Prior to joining Credit Suisse, Jason worked at Aon Risk Services for seven years and he has supported his career by achieving qualifications in both risk management and project management Peter Drabwell is a senior technology risk ana- lyst at Credit Suisse within the Risk Management division, responsible for private banking, wealth
  • 2. management and shared services IT clients across EMEA. Prior to joining Credit Suisse, Peter was responsible for the risk assessment of ABN AMRC/RBS IT integration, and the devel- opment of risk management strategy for mergers, acquisition and divestitures. Peter is an active member of the ISC(2) European Advisory Board and is currently President of the ISACA London Chapter. ABSTRACT Cyber threats are growing and evolving at an unprecedented rate. Consequently, it is becoming vitally important that organisations share infor- mation internally and externally before, during and after incidents they encounter so that les- sons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive infor- mation or because it may be vague or incom- plete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business conti- nuity plan should address to plan effectively for information sharing in the event of a cyber incident. Keywords: cyber, threat, incident, infor-
  • 3. mation security, business continuity planning, intelligence, prevention, detection, response INTRODUCTION Cyber threats are growing and evolving at an unprecedented rate.^ Rapidly evolving cyber criminal networks have already recognised the value of intelligence shar- ing and collaboration as evidenced by the growing number and sophistication of Journal of Business Continuity & Emergency Planning Vol.7 No. 2, pp. 103-111 © Henry Stewart Publications, 1749-9216 Underground forums and information exchanges." Government and industry information sharing is far less advanced. While organisations are beginning to recognise the imperative for cyber infor- mation sharing, they still face the chal- lenge of balancing transparency and confidentiality. This challenge is significantly increased given the growing interconnectivity between organisations and their partners; by way of example, it is increasingly common for attackers seeking sensitive information to target an organisation's
  • 4. supply chain (the attack vector being focused on a third-party vendor in order to reach the principal target). An example of such a data breach recently occurred at Bank of America, whereby attackers man- aged to successfully access employee and executive data stored through a third-party subcontractor. What is particularly inter- esting about this attack is that it was allegedly motivated by a project initiated by Bank of America to monitor publicly available information in an effort to iden- tify security threats. The increasing complexity of supply chains coupled w îth the adoption of cloud-based services places greater onus on organisations to understand where their data are and to ensure that they are man- aged appropriately, in order to prevent sup- pliers' vulnerabilities from becoming their ow n̂ . This further emphasises the impor- tance of information exchange regarding cyber incidents within a supply chain.'* Commonality between cyber land- scapes within organisations increases the appeal of exploiting shared weaknesses as malicious parties find cyber attacks that can be reused against multiple targets to be more attractive. Organisations and indus- tries with mechanisms to disseminate information about cyber-attacks rapidly not only help others to minimise the impact from such incidents but also
  • 5. decrease the long-term attractiveness of themselves and their industry as targets. Despite the challenges, organisations can take steps to enable their ability to share information before during and after cyber incidents, helping organisations and industries to buud more resilient operating frameworks, while presenting themselves as less attractive targets. PRE-INCIDENT DATA MANAGEMENT Cyber incidents are increasingly expensive and prevention is better than cure. Accordingly to a recent survey by the UK Department for Business, Innovation and Skills, the average cost of the worst security breach of the year is presently in the region of/;450,000 to X;850,000 and ^35,000 to ;£65,000 for large organisa- tions (>250 staff) and small business (<50 staff), respectively.^ The report adds: 'in total, the cost to UK pic of security breaches is of the order of billions of pounds per annum — it's roughly tripled over the last year'. Information can be used to enhance the organisation's ability to manage its data and its defences efficiently and effectively. Sources of information that an organisa- tion can use as part of its incident manage- ment strategy can be varied, from independent sources of threat analysis (eg information related to tools, techniques
  • 6. and resources being used by attackers to breach cyber defences) and published industry-specific trends to third-party sup- plier/vendor reports of anomalies worthy of further review.^ Given the increasing dependence on third parties and growing inter-connectiv- ity, organisations should consider adopting a more collaborative, 'partner' approach to incident management data exchange and analysis. The business operating landscape is becoming more complex to manage Mallinder and Drabwell (especially with increasing outsourced dependencies). As a consequence, the chal- lenge is to ensure that the organisation is capturing the right data and performing the correct levels of analysis. The term 'the right data' refers to information assets that assist the organisation in: • identifying entities that may be target- ing the organisation, their methods and their motivations; • identifying emerging threats by analysis of industry sector/technical/supplier data;
  • 7. • identifying, where possible, best prac- tices and countermeasures to mitigate the threat. Programmes designed to promote under- standing of cyber risk, such as the Information Security Forum's Cyber Special Interest Group and the World Economic Forum's Partnering for Cyber Resilience,'' provide useful data-sharing guidance by means of a common set of shared principles that organisations and their suppliers can agree upon and w ôrk to. Small and medium enterprises increas- ingly face internal skills and resource chal- lenges to effectively identify, assess and remedy cyber security risks. Resources such as the UK's Cyber-security Framework for Business^ and IT Governance's Cyber Security Risk Assessment service^ seek to promote good practice in this area. Key questions to consider with regard to sharing cyber incident information include: • What information needs to be shared? • Where third-party vendor relationships are in scope, should formal agreements be put in place between important enti- ties in order to establish the appropriate channels of incident management com- munication?
  • 8. • When should information be shared? • How will information be shared? • Which information-sharing models are in scope during the pre-incident stage or business as usual? • Has a decision-tree structure been defined to address any ad hoc data man- agement or communication issues high- lighted during an incident that require a timely response? What information needs to be shared? In the context of a service outage/emer- gency it may be that only a subset of data may be valuable to share. While it is understood that it would be impossible to anticipate all incident combinations, some preparatory investment with regard to important information requirements may save valuable time in the midst of managing an incident. By way of exam- ple, organisations should consider the consequences of information sharing and consistency of message approach. A recent online, phone and cashpoint serv- ice outage by the Royal Bank of Scotland Group led to a call for compensation by customers. One such case'̂ resulted in the bank initially offering ¿?>0 to a customer for inconvenience/embarrassment caused, which was raised to ¿IQ when he declined. News of the appeal success sub- sequently spread to social networks,
  • 9. whereby thousands of like-minded cus- tomers learned of the case and pushed for their own compensation payment increases. As a consequence, the original good intention of the bank to compen- sate customers could have potentially backfired due to a lack of planning. Agreeing a consistent information-shar- ing approach ahead of the incident could have potentially saved the bank additional negative publicity while promoting a fair and equitable process for customers. In order for incident management to be effective, collaboration with important parties is essential; hence, communication and information sharing are required while being mindful of the need to know principles (particularly with regard to legal and privacy requirements). Prior consideration of these factors will save precious time in the midst of an incident. Where third-party vendor relationships are in scope, should there be formal agreements between important entities to establish the appropriate channels of incident management communication? By way of example, is there a requirement on third-party vendors to report security- related incidents and/or share specific incident data -within an agreed period and format that would prove timely and cost-
  • 10. effective to the organisation? Whue organ- isations may not explicitly ensure that their third parties are subject to internal company control poHcies, there is poten- tial to imply a consistent behaviour via a formalised agreement/contractual obliga- tions. In order to maintain an acceptable level of expectation management, formal agreements should be in place to ensure that third parties have a tested and suffi- cient incident-response process including (but not limited to): • the maintenance and communication of an up-to-date incident response plan; • the definition of trigger points consti- tuting a formal reporting requirement; • incident reporting timeframes, format, communication channels and content; • the disclosure approval process should the third party need to publish security breach information to an external party; • participation in periodic drills, reviews, staff training and awareness. When should information be shared? Although this paper considers information sharing in three distinct phases (pre, mid and post-incident), organisations should consider in advance whether information
  • 11. will be shared on an ongoing transfer basis (in case it is required should an incident occur) or shared only in the event of pre- defined incident triggers (ie in response to specific events)? Taking the above areas into account and by way of example, sharing intrusion attempt information could be dissemi- nated quickly to predefined parties on the basis that: • timely dissemination of intrusion attempt data provides valuable aware- ness for organisations; • such data may be shared relatively swiftly as they require less sanitisation/analysis than other data sources; • sharing attempted intrusion data does not reveal any significant detail con- cerning the reporting organisation's security posture other than its detection of the attempt (ie it does not reveal whether the reported attempt was suc- cessful). How will data be shared? All organisations should consider how^ they wul share data, before during and after incidents. This should include whether the security of transmission (ie how data will be exchanged between par- ties) and access control have been acknow^ledged in establishing the data-
  • 12. sharing protocol at each stage. If there is a requirement for incident data to be preserved for post-incident investigation and/or legal requirements, consideration as to how^ such data wiU be stored and retained should be in scope. Which data-sharing channels are in scope during the pre-incldent/ business as usual stage? The effective deployment of data-sharing Mallinder and Drabwell sources and channels can enable an organ- isation to develop and enhance its cyber incident management strategies. Sharing between organisations can enable partici- pants to develop tailored strategies. Common approaches to information exchange include the following: • Pre-established forums (hub and spoke), which provide additional degrees of data analysis/provenance, correlation and source anonymity. The Warning, Advice and Reporting Point (http://www;warp.gov.uk) structure as provided by the Centre for the Protection of National Infi-astructure is an example of a structured hub and spoke model. In addition, a number of industry-specific forums exist to pro-
  • 13. vide incident-related data. By way of example, the Aviation Safety Information Analysis and Sharing system^° is focused on the sharing of data fiom airlines to improve air safety. A centrally managed information hub receives information firom multiple air- lines and the Federal Aviation Administration. The resiliency of such exchanges, timeliness of content avail- ability and performance/scalability lim- itations may need to be taken into account with regard to such solutions. • 'Post to all' models, whereby organisa- tions share information directly with a pre-defined membership. Maintaining a common taxonomy and preserving integrity of information content is important to the success of such trusted partner models. • Larger organisations may engage in mul- tiple information exchanges. Where this is the case, the challenge of adopting a standard approach to information shar- ing (eg common taxonomy, automation of processing) such that incident data may be prioritised and correcdy acted upon is a potential area of focus. Has a decision-tree structure been defined to address any ad hoc data management/communication issues highlighted during an incident that require timely response?
  • 14. When an incident occurs, it is understood that the organisation's management will not have made decisions covering all even- tualities. Having a pre-agreed decision structure in place prior to an incident will save an organisation significant time in the midst of managing an event. This is an important area given the growth of social media adoption, whereby organisations should review their commu- nications strategy with regard to incident management. This should be inclusive of clearance levels and escalation paths (ie who approves corporate messages to clients/external bodies?). Monitoring of social media feeds should also be consid- ered to enable organisations to effectively manage their external profile. Companies such as Digital Shadows (http://digital- shadows.com/) provide monitoring, assessment and consultancy services to help address challenges in this area. Common issues related to social media (especially in the midst of an incident) include impersonation and the prolifera- tion of misinformation. As such, organisa- tions should be mindful of the need to adopt a communication strategy that seeks to address these emerging instances. MID-INCIDENT DATA MANAGEMENT Key questions to consider with regard to sharing information during a cyber inci- dent include the following:
  • 15. • What risk does data sharing pose? • Will any sensitive data be transferred outside of the pre-approved bound- aries? • Are media channels being adequately managed? What risk does data sharing pose? Organisations must aWays consider whether the risk of sharing information is outweighed by the risk of not sharing it. One example of this is highlighted in the UK government report on lessons learned fi-om the 7th July, 2005 terrorist attacks, which stated, '...in some parts of the emergency response, the requirements of the Data Protection Act were either misin- terpreted or over-zealously applied','' which in turn led to a delayed emergency response. When assessing the risk, organi- sations should consider the potential impact of data sharing to individuals and organisations and individuals' trust in the organisations that keep records about them. In relation to this area, organisations may look to ask whether the incident management objective could be equally achieved without sharing the data in scope or by providing an anonymous cut of said data.
  • 16. While the case for sensitivity and safe- guarding confidentiality of data is oft:en clear, these should be w^eighed up against the benefits of information sharing, partic- ularly with regard to incident manage- ment, where timely access to such resources may significantly improve an organisation's capability to manage and even prevent attacks. This is v̂ ĥere time invested in identify- ing what types of data each organisation holds (and what is likely to be shared in the event of an incident) will pay off, resulting in a more efficient decision-making process in the event of a real incident. Will any sensitive data be transferred outside of the pre-approved boundaries? Organisations should consider guidance with regard to data protection and regula- tory compliance in line with incident management, especially with regard to potential cross-border data access and transfer positions. By way of example, for organisations based in Europe, if there is a potential requirement for incident data to be transferred outside of Europe, the 8th Principle of the Data Protection Act would need to be considered. Are media channels being adequately managed?
  • 17. During an incident response when there is less time to consider issues in detail, it can be especially challenging to make judg- ments about whether specific information can be shared. Continuing to stay in touch with the media, checking whether mes- sages concerning the organisation are in line and identifying when to intervene are important pillars of an effective communi- cation strategy. An increased dependency on shared/out-sourced services and the growth of social media solutions makes the management of sensitive data an even greater consideration. A growing area of importance for media consideration is a review of the organisation's communication strategy to ensure a consistent approach. Monitoring of media sources to gather intelligence as w êll as placing a focus on controlling the formal messages disseminated via media channels (identifying any false reporting, which in itself can lead to incident esca- lation, while preserving the timeliness, accuracy and authenticity of communica- tion'" is a important factor to bear in mind. The growing adoption of social media channels makes the above set of consider- ations a more challenging one given the complexity of the landscape, instantaneous broadcast and global reach capabilities. An
  • 18. important consideration is that of public trust levels. Levels of public unease and media attention naturally increase in the event of an incident. How organisations manage their communication strategy and Maiiinder and Drabweil harness media channels will have a consid- erable impact on this area. POST-INCIDENT DATA MANAGEMENT Key questions to consider with regard to sharing information after an incident include the following: • Have any data/information sharing mechanisms or channels established during the incident been restored to ensure that no subsequent data are being exchanged if it is no longer nec- essary to do so? • Have appropriate controls been applied to safeguard incident data? • What checks should be put in place to ensure that data sharing is meeting its defined objectives with regard to inci- dent management? • Has a post-incident 'lessons learned' review been carried out and have inci- dent plans been updated where neces-
  • 19. sary to improve data management preparedness for future incidents? Have any data/information sharing mechanisms or channels been restored? It is important to consider recovery and restoration of data, access control and com- munication channels (eg where contin- gency channels were established for incident management purposes). All organ- isations should question whether these have been restored post incident to ensure that no subsequent data are being exchanged when there is no further requirement to do so. This would include tbe recovery and restoration of in-field incident kit, such as laptops, data drives, etc. Have appropriate controls been applied to safeguard incident data? Evidence may need to be retained, not only for post-incident review/investiga- tion but also in light of any in scope legal requirements, whereby data may need to be preserved until all legal actions have been completed. Incident data, which may initially appear insignificant, may subsequently become more important (eg if an attacker is able to use knowledge gathered in one attack to perform a more severe attack later) and evidence from the frrst attack may be important to explaining how the
  • 20. second attack was accomplished. What checks should be put in place to ensure that data sharing is meeting its defined objectives with regard to incident management? Both the organisation's operating model and risk landscape are constantly evolving. Hence, it is good practice to periodically monitor the effectiveness of any data- sharing strategy to ensure that the essential objectives of effective incident manage- ment are being met. Such a review could be part of a continuous improvement pro- gramme and address specific items such as whether it is still appropriate to share spe- cific data and is tbere an appropriate bal- ance between the sharing requirement and the risk? Organisations should not underestimate the value of a post-incident 'lessons learned' review being carried out, inclu- sive of pre-incident plans being updated wbere necessary to improve data manage- ment preparedness for future incidents. Such reviews should ideally tie back into the organisation's policies and standards, plus training and awareness activities. Post-incident data sharing initiatives to consider may also include the following: • providing training on information han- dling to stakeholders to manage consis- tency of approach;
  • 21. • creating a cyclical review mechanism to measure the effectiveness of tbe organi- sation's incident data management model, review changes in the regula- tory/operating environments and iden- tify opportunities to refine; developing and communicating policy and guidance on information sharing and sensitivity to ensure compliance with regulatory requirements and objectives. CONCLUSION Given the evolving nature of attack vec- tors (a path or means by which an attacker can attempt to gain access to unauthorised network assets or the mechanisms through which organisations can be attacked) com- bined with the growing complexity of organisational dependency, an effective information-sharing strategy is not a one- size-fits-all approach. In many cases, a hybrid (best in class) approach may be appropriate to promote an agile informa- tion exchange solution. Organisations seeking to set the right balance between information sharing and access control in the context of incident management should seek to apply propor- tionate levels of control over data sources, content and collection methods while
  • 22. respecting applicable regulatory and policy requirements on data use.''^ In order to manage this objective more effectively, organisations should consider their respective data-sharing strategies as a uve model. As attack vectors, business models and third-party dependencies evolve, there is a need for organisations to continually manage their incident man- agement plans to ensure that they align to their operating environment and continue to remain effective as a result. The areas discussed in this paper pro- vide a common set of considerations for organisations to review w^hen drafting and/or enhancing their respective incident management plans in order to more effec- tively achieve a sensible balance between information sharing and control. REFERENCES (1) Department for Business, Innovation and Skills/PWC (2013) 'Information Security Breaches Survey — Technical Report', available at: https: / /www. gov. uk/government/ uploads/system/uploads/attachment_ data/file/191670/bis-13-pl84-2013- information-security-breaches-survey- technical-report.pdf (accessed 16th July, 2013).
  • 23. (2) Marinos, L. and Sfakianakis, A. (2013) 'ENISA Threat Landscape — Responding to the Evolving Threat Environment', available at: http://www.enisa.europa.eu/activities/ risk-management/evolving-threat- environment/ENISA_Threat_Landscape (accessed 16th July, 2013). (3) Integrity Research Associates (2013) 'Anonymous Hacks ClearForest', available at: http://www.integrity- research.com/cms/2013/03/05/ anonymous-hacks-clearforest/ (accessed 16th July, 2013). (4) Information Security Forum (2012) 'Securing the Supply Chain', (5) Centre for the Protection of National Infrastructure (2013) 'Critical security controls for cyber defence — in depth', available at: http://www.cpni.gov.uk/ advice/cyber/Critical-controls/in- depth/ (accessed 16th July, 2013). (6) World Economic Forum (2012) 'Partnering For Cyber Resilience: Risk and Responsibility in a Hyperconnected World — Principles and Guidelines', available at: http://rww3.weforum.org/ docs/WEF_IT_PartneringCyber Resilience_Guidelines_2012.pdf (accessed 16th July, 2013). (7) CESG (2012) '10 Steps to Cyber
  • 24. Security — Executive Companion', available at: http://www.bis.gov.uk/ assets/BISCore/business-sectors/docs/ 0-9/12-1120-10-steps-to-cyber- Mallinder and Drabwell security-executive.pdf (accessed 16th July, 2013). (8) IT Governance (2013) 'New service helps UK SMEs implement government's cyber risk guidance', available at: http://www.it governance.co.uk/media/press- releases/new-service-helps-uk-smes- implement-government%E2%80%99s- c.aspx (accessed 16th July, 2013). (9) BBC Business News (2013) 'RBS to compensate customers after accounts disrupted', available at: http : / /www.bbc. co. uk/news/business- 21694704 (accessed 16th July, 2013). (10) Mitre Corporation (2012) 'Cyber Information-Sharing Models. An Overview', available at: http://www. mitre.org/work/cybersecurity/pdf/cyber _info_sharing.pdf (accessed 16th July, 2013). (11) HM Government (2007) 'Data Protection and Sharing — Guidance for Emergency
  • 25. Planners and Responders', available at: https://www.gov.uk/government/ uploads/system^/uploads/attachment_data /file/60970/dataprotection.pdf (accessed 16th July, 2013). (12) KPMG (2012) 'The Social Banker - Social Media Lessons from Banking Insiders', available at: http : / /www. kpmg. com/Global/en/ IssuesAndlnsights/ArticlesPublications/ social-banker/Documents/social-media- Iessons-from-banking-insidersv3.pdf (accessed 16th July, 2013). (13) The White House -Washington (2012) 'National Strategy for Information Sharing and Safeguarding', available at: http://vww. whitehouse.gov/sites/ default/files/docs/2012sharingstrategy_ 1.pdf (accessed 16th July, 2013). Copyright of Journal of Business Continuity & Emergency Planning is the property of Henry Stewart Publications LLP and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.