Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A view on cyber security

1,463 views

Published on

A view on cyber security: Commenting on the UK government’s “ten steps to cyber security” advice (http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1120-10-steps-to-cyber-security-executive). Presentation to students at the University College of London studying for MSc in Human Computer Interaction (sociotechnical systems and the future of work, soft systems methodology).

Published in: Technology
  • Be the first to comment

  • Be the first to like this

A view on cyber security

  1. 1. A view on cyber securityCommenting on the UK government’s “ten steps to cyber security” advicehttp://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1120-10-steps-to-cyber-security-executive Image source: Ministry of Defence: http://www.flickr.com/photos/defenceimages/6892189807/
  2. 2. @markwilsonitImage © John Cassidy Headshots/Mark Wilson. All rights Reserved
  3. 3. Last year it was BYOD… Image source: CA Technologies: http://www.flickr.com/photos/cainc/6690581435/
  4. 4. “Cyber”“Cyberspace”“Cyber security” Image source: Ministry of Defence: http://www.flickr.com/photos/defenceimages/6892189807/
  5. 5. Cybermen? Image source: BBC: http://www.bbc.co.uk/doctorwho/classic/gallery/cybermen/6t_12.shtml
  6. 6. People switch off Image source: Andrew Huff: http://www.flickr.com/photos/deadhorse/367716072/
  7. 7. Not just the CIO’s problem Image source: The_Warfield: http://www.flickr.com/photos/the_warfield/4992455554/
  8. 8. 10 steps Image source: Seite-3: http://www.flickr.com/photos/seite-3/437418799/
  9. 9. Home and mobile working Home and mobile working “Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.” Image source: Simon Collison: http://www.flickr.com/photos/collylogic/5739130295/
  10. 10. User education and awarenessUser education and awareness“Produce user security policiescovering acceptable use of theorganisation’s systems. Establish astaff training programme. Maintainuser awareness of the cyber risks.” Image source: Kaptain Kobold: http://www.flickr.com/photos/kaptainkobold/5181464194/
  11. 11. Incident Management Incident Management “Establish an incident management response and disaster recovery capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.” Image source: kenjonbro: http://www.flickr.com/photos/kenjonbro/6289681274/
  12. 12. Information Risk Management Management Information Risk Regime Regime “Establish an effective governance structure and determine your risk appetite – just like you would for any other risk. Maintain the Board’s engagement with the cyber risk. Produce supporting information risk management policies.” Image source: Aidan Morgan: http://www.flickr.com/photos/aidanmorgan/5589187752/
  13. 13. Managing User PrivilegesManaging user privileges“Establish account managementprocesses and limit the number ofprivileged accounts. Limit userprivileges monitor user activity.Control access to activity and auditlogs.” Image source: Angus Kingston: http://www.flickr.com/photos/kingo/4051530414/
  14. 14. Removable Media Controls Removable Media Controls “Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to corporate system.” Image source: Thana Thaweeskulchai: http://www.flickr.com/photos/sparkieblues/3971234819/
  15. 15. MonitoringMonitoring“Establish a monitoring strategy andproduce supporting policies.Continuously monitor all ICT systemsand networks. Analyse logs forunusual activity that could indicatean attack.” Image source: Bun Lovin’ Criminal: http://www.flickr.com/photos/myxi/4129235610/
  16. 16. Secure Configuration Secure configuration “Apply security patches and ensure that the secure configuration of all ICT systems is maintained. Create a system inventory and define a baseline build for all ICT devices.” Image source: brunotto: http://www.flickr.com/photos/brunauto/4359223723/
  17. 17. Malware Protection Malware Protection “Produce relevant policy and establish anti-malware defences that are applicable and relevant to all business areas. Scan for malware across the organisation.” Image source: Martin Cathrae: http://www.flickr.com/photos/suckamc/271222157/
  18. 18. Network SecurityNetwork Security“Protect your networks againstexternal and internal attack. Managethe network perimeter. Filter outunauthorised access and maliciouscontent. Monitor and test securitycontrols.” Image source: photosteve101: http://www.flickr.com/photos/42931449@N07/6088751332/
  19. 19. In summaryImage source: UK Government: http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1120-10-steps-to-cyber-security-executive
  20. 20. © 2013, Mark Wilson. Some rights reserved. C This work is licensed under a Creative Commons Licence.For further details, please visit http://creativecommons.org/licenses/by-nc-nd/2.0/uk/ cbnd

×