SlideShare a Scribd company logo

Cyber Crime Simulation Game - incl quick overview of ISO 27001

PECB
PECB

This document provides an overview of Business As Usual (BAU), an Australian consulting firm that specializes in business continuity, disaster recovery, risk management, and information security services. BAU works with organizations across multiple industries and geographic regions to help them achieve certifications like ISO 27001. The document introduces BAU's managing director, Rinske Geerlings, and describes some of the training and consulting services offered, like gap assessments, implementation support, and certification preparation. It also advertises upcoming public training courses on standards like ISO 27001.

Education
1 of 36
Cyber Crime Simulation Game incl quick overview of ISO 27001 Ms Rinske Geerlings MD, Business As Usual (Australia)
2 Business As Usual (BAU) snapshot • Constantly implementing Business Continuity, Disaster Recovery, Service Continuity, Security and Risk Management with medium & large organisations across industries • Geographical dispersion: Projects in Australia, New Zealand, Asia, Pacific, East Africa, Latin America and Europe • ISO 22301 / ISO 27001 / ISO 28000 / ISO 31000 public and in-house training (PECB Gold training partner) • All work and documentation is done in an easy-to-use and engaging way, whilst in accordance with international standards (incl. ISO, COBIT DSS4, ITIL SCM, APRA SPS/CPS 232, Bank Negara Malaysia, MAS, EAC, SS540 etc)
3 Some of our clients
4 • Gap analysis/‘health check’ • Consultancy/implementation • Executive management briefing • Process/framework implementation • Test/exercise facilitation • Training (in-house/public) incl ISO examination Australia wide – Malaysia – Singapore – Philippines – Thailand – East Africa – Europe Latin America – New Zealand – Papua New Guinea – United Arab Emirates Our service offering
5 Rinske Geerlings, Founder, Managing Director & Principal Consultant at BAU • MSc (Engineering) • Accredited consultant & trainer (ISO 22301 Master / ISO 31000 Lead Risk Manager / ISO 27001 Master) • CBCP by Disaster Recovery Institute (DRI) International • MBCI (Business Continuity Institute) and RMIA member • ITIL (IT Infrastructure Library) Master and COBIT certified • Participant in AllFinance in the lead-up to APRA’s BCM standard (2005) • Presented at 100+ BCM, Risk and Security related seminars/conferences • 20+ years of consulting experience globally • Awarded Alumnus of the Year 2012 (Delft, Netherlands) • Awarded Business Woman of the Year 2010-2013 (BPW, global NGO with UN consultative status) • Awarded Risk Consultant of the Year 2017 (Australasia) by RMIA Who am I?
6 Are you in… • Financial Services (banking, insurance)? • Local/State/Federal Government, or emergency services? • (Health) care? • Technology or utility sectors? • Retail, manufacturing or transport? • Media? • Consultancy? • Other? What about you?
7
8
9 0 points: “Yikes! We’d struggle...” 1 point: “We’d be in a state of flux, looking for some pieces to the puzzle, but we’ll be fine” 2 points: “We’re sweet! We’ve tested the plan, we know our roles, we’re ready with our media response... Bring it on” Your answer… be honest!
10 World Economic Forum 2017 Global risks of highest concern
11 Global risks of highest concern World Economic Forum 2017
12
13 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) ISO 27001 - Will it break or make you?
14 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) • Not just regarding electronic information ISO 27001 - Will it break or make you?
15 ISO 27001 – Security Controls (Annex A)
16 Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 ISO 27001: Certification training
17 Cyber Crime Simulation Game
18 • Form teams & team captains and complete basic information • Facilitator reveals the scenario • Teams send each other various ‘challenge cards’ (incl. a ‘Joker card’ – available from 2nd round onwards) • Complete each challenge card & ask sender for acceptance: signature & score • Dispute? Facilitator to mediate. • Winner is the team with the highest number of points • Discussion: Conclusions & wrap-up Game structure & Flow
19 Team Captains Who knows a little bit about any of the above? Teams & Captains Team I – Top Health Care’s Senior Management Team II – Top Health Care’s IT and Security specialists (internal & external) Team III – Patient’s Association (lobby group) Team IV – Gov’t Department of Health & Human Services (regulator) Team V – The Media (journalists, bloggers)
20 Complete for your team the standard questions (steps 1 and 2) using sheets provided Basic team information
21 The scenario Phones have been ringing off the hook since this morning, at the 14-hospital and health services group ‘Top Health Care’. Hundreds of patients have been reporting to have received improper/suspicious emails from Top Health Care. Some patients reported the receipt of fictitious offers for discounted health services from Top Health Care, and the email showing their own personal data. Others are reporting the receipt of an email with an attachment listing personal details of 1000s of fellow patients, including name, email address, employment information and protected health information.
22 How realistic is that?
23
24 1. Ask one of the teams around you to give you your first challenge! Note: this cannot be a Joker card in the first round. 2. Fill in your challenge response in the response form provided. 3. Ask challenger for acceptance and a score (must be min 6 to move on) Note: Challenger must actually have further answers/details in mind, in order to be able to reject the response. 4. Dispute? Facilitator to mediate between Team Captains before next challenge can be requested. 5. Ask another team for your next challenge and keep going around the room. Note: You must complete at least one challenge from each team around you… but you can still be smart about picking your challengers! Let the game begin! But first: familiarise yourself with the challenge cards. Next:
25 Conclusions & wrap-up
26 What was the BCP? The manual work- around?
27 Best practice wheel of holistic BCM
28 BCP-on-a-Page
29 BCP-on-a-Page
30 BCP activation toolkit
31 • Dynamic BCM framework > prevent ‘collecting dust on the shelf’ • Consequence-based planning > keep it simple • Caters for fatigue/unavailability of staff • ‘Top down’ approach based on time-critical processes… we don’t need to continue everything to maintain our reputation • Strong focus on communication/notification planning, incl. ‘pull communication’ • Colour-coded, matrix style documentation (incl. ‘BCP on a page’) • Hyperlink/utilise what is already there > don’t duplicate • Toolkit approach to BCP activation > easy to find what we need ‘on the spot’ (e.g. the 1-minute assessment tool) • Optimally use agreed manual workarounds to reduce cost • Overall: Prioritisation focus (being selective to reduce workload) Key differences with traditional approach
32 Any manual work-arounds available?
33 Potential flow-on effects: Implementing a recovery solution shouldn’t bring about a new crisis! Consider ‘recovery risks’
34 ISO 27001 ISO 22301 ISO 31000 COBIT 5 Information Security (IS) Business Continuity Planning (BCP) yes yes Risk Management (RM) IT Governance (ITG)
35 Next ISO Certification Training Courses Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Special prize draw for November! Message me on LinkedIn your reason to receive a free pass and you may be the winner!
36 LinkedIn: Rinske Geerlings More info: www.businessasusual.net.au rinske@businessasusual.net.au Stay in touch

Recommended

Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
PECB
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
PECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
PECB
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
Kroll
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
PECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliance
PECB
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 

Recommended

Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
PECB
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
PECB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
PECB
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
Kroll
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
PECB
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliance
PECB
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
Rahul Neel Mani
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
Resilient Systems
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
Kroll
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
PECB
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...
PECB
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
PECB
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotection
FileOM
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Phil Agcaoili
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
Axon Lawyers
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
PECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Presention-slides.pdf
Presention-slides.pdfPresention-slides.pdf
Presention-slides.pdf
HseAqib
 
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...IIBA_Latvia_Chapter
 

More Related Content

What's hot

Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
Rahul Neel Mani
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
Resilient Systems
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
Kroll
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
PECB
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...
PECB
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
PECB
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotection
FileOM
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Phil Agcaoili
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
Axon Lawyers
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
PECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 

What's hot (20)

Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services Sector
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotection
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 

Similar to Cyber Crime Simulation Game - incl quick overview of ISO 27001

Presention-slides.pdf
Presention-slides.pdfPresention-slides.pdf
Presention-slides.pdf
HseAqib
 
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...IIBA_Latvia_Chapter
 
Personalisation of Social Care Pit Stop
Personalisation of Social Care Pit StopPersonalisation of Social Care Pit Stop
Personalisation of Social Care Pit Stop
Digital Catapult
 
Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...
CORE Consulting
 
Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...
Eddie Vidal
 
Digital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking eventDigital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking event
Innovation Agency
 
Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?
Alvin Integrated Services [AIS]
 
Managing benefits from projects - the NHS way
Managing benefits from projects - the NHS wayManaging benefits from projects - the NHS way
Managing benefits from projects - the NHS way
Association for Project Management
 
Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014
Kineo
 
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Alvin Integrated Services [AIS]
 
Leadership through Resilience
Leadership through ResilienceLeadership through Resilience
Leadership through Resilience
Continuity and Resilience
 
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
PPMA - Public Sector People Managers' Association
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective audit
PECB
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
FRSecure
 
Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209
suelb
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
QMS Simplified in its very basic context
QMS Simplified in its very basic contextQMS Simplified in its very basic context
QMS Simplified in its very basic context
ButchEnalpe
 
Ants and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainAnts and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul Rain
Priyanka Aash
 

Similar to Cyber Crime Simulation Game - incl quick overview of ISO 27001 (20)

Presention-slides.pdf
Presention-slides.pdfPresention-slides.pdf
Presention-slides.pdf
 
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
'Helping Stakeholders to Take a Step Back and Avoid the "Solution Illusion"',...
 
Personalisation of Social Care Pit Stop
Personalisation of Social Care Pit StopPersonalisation of Social Care Pit Stop
Personalisation of Social Care Pit Stop
 
Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...Crisis Communications, Social Media and Notification Systems Webinar - Core C...
Crisis Communications, Social Media and Notification Systems Webinar - Core C...
 
Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...Transformation Transparency and Accountability - A case study on changing the...
Transformation Transparency and Accountability - A case study on changing the...
 
Digital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking eventDigital Allied Health Professionals Networking event
Digital Allied Health Professionals Networking event
 
class1 MBA
class1 MBAclass1 MBA
class1 MBA
 
Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?
 
Managing benefits from projects - the NHS way
Managing benefits from projects - the NHS wayManaging benefits from projects - the NHS way
Managing benefits from projects - the NHS way
 
Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014Totara User Group Webinar | Watch & Learn | Oct 15 2014
Totara User Group Webinar | Watch & Learn | Oct 15 2014
 
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips ...
 
Leadership through Resilience
Leadership through ResilienceLeadership through Resilience
Leadership through Resilience
 
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
 
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
PPMA Annual Seminar 2017 - Productivity - what role should HR & OD profession...
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective audit
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209Demonstrating the value of km in your trust CKO workshop 011209
Demonstrating the value of km in your trust CKO workshop 011209
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
QMS Simplified in its very basic context
QMS Simplified in its very basic contextQMS Simplified in its very basic context
QMS Simplified in its very basic context
 
Ants and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainAnts and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul Rain
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Nguyen Thanh Tu Collection
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 

Recently uploaded (20)

Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 

Cyber Crime Simulation Game - incl quick overview of ISO 27001

  • 1. Cyber Crime Simulation Game incl quick overview of ISO 27001 Ms Rinske Geerlings MD, Business As Usual (Australia)
  • 2. 2 Business As Usual (BAU) snapshot • Constantly implementing Business Continuity, Disaster Recovery, Service Continuity, Security and Risk Management with medium & large organisations across industries • Geographical dispersion: Projects in Australia, New Zealand, Asia, Pacific, East Africa, Latin America and Europe • ISO 22301 / ISO 27001 / ISO 28000 / ISO 31000 public and in-house training (PECB Gold training partner) • All work and documentation is done in an easy-to-use and engaging way, whilst in accordance with international standards (incl. ISO, COBIT DSS4, ITIL SCM, APRA SPS/CPS 232, Bank Negara Malaysia, MAS, EAC, SS540 etc)
  • 3. 3 Some of our clients
  • 4. 4 • Gap analysis/‘health check’ • Consultancy/implementation • Executive management briefing • Process/framework implementation • Test/exercise facilitation • Training (in-house/public) incl ISO examination Australia wide – Malaysia – Singapore – Philippines – Thailand – East Africa – Europe Latin America – New Zealand – Papua New Guinea – United Arab Emirates Our service offering
  • 5. 5 Rinske Geerlings, Founder, Managing Director & Principal Consultant at BAU • MSc (Engineering) • Accredited consultant & trainer (ISO 22301 Master / ISO 31000 Lead Risk Manager / ISO 27001 Master) • CBCP by Disaster Recovery Institute (DRI) International • MBCI (Business Continuity Institute) and RMIA member • ITIL (IT Infrastructure Library) Master and COBIT certified • Participant in AllFinance in the lead-up to APRA’s BCM standard (2005) • Presented at 100+ BCM, Risk and Security related seminars/conferences • 20+ years of consulting experience globally • Awarded Alumnus of the Year 2012 (Delft, Netherlands) • Awarded Business Woman of the Year 2010-2013 (BPW, global NGO with UN consultative status) • Awarded Risk Consultant of the Year 2017 (Australasia) by RMIA Who am I?
  • 6. 6 Are you in… • Financial Services (banking, insurance)? • Local/State/Federal Government, or emergency services? • (Health) care? • Technology or utility sectors? • Retail, manufacturing or transport? • Media? • Consultancy? • Other? What about you?
  • 7. 7
  • 8. 8
  • 9. 9 0 points: “Yikes! We’d struggle...” 1 point: “We’d be in a state of flux, looking for some pieces to the puzzle, but we’ll be fine” 2 points: “We’re sweet! We’ve tested the plan, we know our roles, we’re ready with our media response... Bring it on” Your answer… be honest!
  • 10. 10 World Economic Forum 2017 Global risks of highest concern
  • 11. 11 Global risks of highest concern World Economic Forum 2017
  • 12. 12
  • 13. 13 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) ISO 27001 - Will it break or make you?
  • 14. 14 • Good outline of Information Security controls • Easy to use in order to start measuring maturity • Well integrated with other ISO standards (ISO 22301, ISO 31000) • A technical topic well explained in “laymen’s terms” • Various options to delve deeper into the technical space (e.g. ISO 27032: Cyber Risk) • Not just regarding electronic information ISO 27001 - Will it break or make you?
  • 15. 15 ISO 27001 – Security Controls (Annex A)
  • 16. 16 Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 ISO 27001: Certification training
  • 18. 18 • Form teams & team captains and complete basic information • Facilitator reveals the scenario • Teams send each other various ‘challenge cards’ (incl. a ‘Joker card’ – available from 2nd round onwards) • Complete each challenge card & ask sender for acceptance: signature & score • Dispute? Facilitator to mediate. • Winner is the team with the highest number of points • Discussion: Conclusions & wrap-up Game structure & Flow
  • 19. 19 Team Captains Who knows a little bit about any of the above? Teams & Captains Team I – Top Health Care’s Senior Management Team II – Top Health Care’s IT and Security specialists (internal & external) Team III – Patient’s Association (lobby group) Team IV – Gov’t Department of Health & Human Services (regulator) Team V – The Media (journalists, bloggers)
  • 20. 20 Complete for your team the standard questions (steps 1 and 2) using sheets provided Basic team information
  • 21. 21 The scenario Phones have been ringing off the hook since this morning, at the 14-hospital and health services group ‘Top Health Care’. Hundreds of patients have been reporting to have received improper/suspicious emails from Top Health Care. Some patients reported the receipt of fictitious offers for discounted health services from Top Health Care, and the email showing their own personal data. Others are reporting the receipt of an email with an attachment listing personal details of 1000s of fellow patients, including name, email address, employment information and protected health information.
  • 23. 23
  • 24. 24 1. Ask one of the teams around you to give you your first challenge! Note: this cannot be a Joker card in the first round. 2. Fill in your challenge response in the response form provided. 3. Ask challenger for acceptance and a score (must be min 6 to move on) Note: Challenger must actually have further answers/details in mind, in order to be able to reject the response. 4. Dispute? Facilitator to mediate between Team Captains before next challenge can be requested. 5. Ask another team for your next challenge and keep going around the room. Note: You must complete at least one challenge from each team around you… but you can still be smart about picking your challengers! Let the game begin! But first: familiarise yourself with the challenge cards. Next:
  • 26. 26 What was the BCP? The manual work- around?
  • 27. 27 Best practice wheel of holistic BCM
  • 31. 31 • Dynamic BCM framework > prevent ‘collecting dust on the shelf’ • Consequence-based planning > keep it simple • Caters for fatigue/unavailability of staff • ‘Top down’ approach based on time-critical processes… we don’t need to continue everything to maintain our reputation • Strong focus on communication/notification planning, incl. ‘pull communication’ • Colour-coded, matrix style documentation (incl. ‘BCP on a page’) • Hyperlink/utilise what is already there > don’t duplicate • Toolkit approach to BCP activation > easy to find what we need ‘on the spot’ (e.g. the 1-minute assessment tool) • Optimally use agreed manual workarounds to reduce cost • Overall: Prioritisation focus (being selective to reduce workload) Key differences with traditional approach
  • 33. 33 Potential flow-on effects: Implementing a recovery solution shouldn’t bring about a new crisis! Consider ‘recovery risks’
  • 34. 34 ISO 27001 ISO 22301 ISO 31000 COBIT 5 Information Security (IS) Business Continuity Planning (BCP) yes yes Risk Management (RM) IT Governance (ITG)
  • 35. 35 Next ISO Certification Training Courses Delft University - Netherlands (26-30 Nov 2018) ISO 31000 / ISO 27001 / ISO 22301 Sydney/Melbourne - Australia (March 2019) ISO 31000 / ISO 27001 / ISO 22301 Dubai – UAE (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Tanzania / Kenya / Uganda – East Africa (April 2019) ISO 31000 / ISO 27001 / ISO 22301 Special prize draw for November! Message me on LinkedIn your reason to receive a free pass and you may be the winner!