Introduction to Cyber Resilience

Cyber Resilience for Dummies
Leading the way in cyber security
Since 1989
Peter Wood
Chief Executive Officer
First Base Technologies LLP
(with apologies to John Wiley & Sons)

Founder and Chief Executive - First Base Technologies LLP
• Engineer, IT and information security professional since 1969
• Fellow of the BCS
• Chartered IT Professional
• CISSP
• Member of the Institute of Information Security Professionals
• 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group
• Senior Member of the Information Systems Security Association (ISSA)
• Member of the BCS Information Risk Management and Assurance Group
• Founder of white-hats.co.uk
• Member of ACM, IEEE, Institute of Directors , Mensa
Peter Wood
Since 1989

Managed Services Compliance Testing
Cyber Readiness
Penetration Testing
Threat and Risk Cyber Awareness
Since 1989

What is Cyber Resilience?
Since 1989

© First Base Technologies 2017
Wikipedia’s definition
Cyber Resilience refers to an entity's ability to continuously deliver
the intended outcome despite adverse cyber events
Cyber Resilience is an evolving perspective that is rapidly gaining
recognition
The concept essentially brings the areas of information security,
business continuity and (organisational) resilience together
https://en.wikipedia.org/wiki/Cyber_Resilience

Information Security Forum’s guidance
Organisations should develop a business plan to exploit
cyberspace that identiﬁes threats, considers the limitations of IT
and information security, and develops cyber resilience
Cyberspace is critical to most organisations today; disconnecting
is not an option
By implementing the ISF Cyber Resilience Framework
organisations can develop cyber resilience and be better able to
withstand impacts from evolving cyber threats. Only then can
organisations safely realise the beneﬁts of cyberspace.

Symantec’s guidance
Cyber Resilience is about the management not the elimination of risk
Not only is eliminating risk impossible, but it impedes agility; an
environment with an acceptable level of risk supports innovation
Knowledge is power; cyber resilient organisations recognise that
security needs to go beyond systems, software or IT departments to
include raising the security IQ of all employees and improved
organisational processes
https://www.symantec.com/page.jsp?id=cyber-resilience

Why Cyber Resilience?
Since 1989

There is no silver bullet
Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected

We have to be strategic

A Cyber Resilience Strategy
Since 1989

Cyber Resilience Strategy
A Cyber Resilience Strategy will permit you to withstand negative
impacts due to known, predictable, unknown, unpredictable,
uncertain and unexpected threats from activities in cyberspace
The ideal situation is one where you minimise the cost of controls,
responses and other cyber resilience activities, relative to the
spend needed to minimise the cost of negative impacts from
activities in cyberspace
Cyber security is a key element of being resilient, but you must
recognise that it goes far beyond just technical measures,
embracing people, processes, and technology

Key Issues
• Cyber Resilience requires recognition that you must prepare
now to deal with severe impacts from cyber threats that cannot
be predicted or prevented
• Cyber Resilience requires very high levels of partnering and
collaboration, including external collaboration (with ISPs,
intelligence agencies, industry groups, security analysts,
customers and supply chains), and internal collaboration
throughout the organisation
• Cyber Resilience requires you to have the agility to prevent,
detect and respond quickly and effectively, not just to
incidents, but also to the consequences of the incidents

Some Specifics - 1
• Good governance, including leadership, devolved decision-
making and appropriate escalation
• Nimble IT and information security responses, such as the
ability to increase capacity, or shut down, isolate or load
balance systems
• Up-to-date and well tested public relations policies, with key
issues decided in advance (such as the organisational stance
on issues, planned responses and media releases)
• Crisis preparedness: updated plans that have been rehearsed
and tested with real life simulations

Some Specifics - 2
• Human relations responses, such as dealing with inappropriate
use of social media, carelessness and criminal acts by insiders
• Investigative and forensic capability, to investigate and
conclude on what happened and have the evidence to prove it
• The ability to share information with ISPs, security analysts and
intelligence agencies
• Legal responses, to use the legal system to mitigate threats or
actions such as knowing how to shut down attacking servers

ISF Framework Model

Symantec’s Five Pillars
Prepare /
Identify
Protect Detect Respond Recover

Prepare / Identify
To successfully face and overcome an attack, you must thoroughly
understand your organisation’s security and risk posture.
This means painstakingly identifying your vital information,
conducting an assessment that includes all known security
vulnerabilities, and establishing a baseline which you will compare
with your peers.
Prepare /
Identify

Prepare / Identify
· Improve visibility and understand your information and systems,
through asset and network discovery and mapping
· Understand your cyber risk posture through assessments and
simulations
· Identify and remediate vulnerabilities in your IT organization, including
your supply chain, where many cyber criminals seed attacks
· Map assets to vendor relationships
· Build awareness of the external threat landscape and understand how
to recognise if you are being targeted through comprehensive global
threat intelligence, correlation, and analysis capabilities
· Make users cyber-aware through regular and on-going education on
best practices and risky behaviour
· Ensure appropriate backup and recovery strategies are in place

Protect
The second pillar is about implementing safeguards to limit or
contain the impact of an attack or breach.
Your goal is to protect your infrastructure and data from malicious
attack and accidental exposure.
All three areas - people, processes, and technology - are
important to your protection.
Prepare /
Identify

Protect
· Assess existing defences in the context of advanced threats and plan
improvements as necessary
· Conduct advanced penetration tests against Internet-facing services,
mobile endpoints and key internal systems
· Conduct penetration tests of mobile access and teleworking systems
· Evaluate and implement attack detection solutions across the
organisation
· Engage with line managers to ensure staff comply with security policies
· Evaluate technical monitoring systems to detect policy breaches
· Protect and govern information assets over their lifecycle, including
protecting from data loss or illegal access

Detect
The Detect pillar focuses on developing activities to rapidly
identify an attack or a breach, assess the systems that may be
affected, and ensure a timely response.
To effectively minimise any damage, you must have the necessary
detection and response policies, processes, and technologies in
place.
Prepare /
Identify

Detect
· Develop systems and processes to identify attacks, assess affected
systems and ensure a timely response
· Implement network monitoring systems and correlate security events
with external threats
· Conduct regular reviews of detection and response strategies
· Evaluate third-party security monitoring, advanced threat protection
and incident response management services
· Plan how to resource the correlation of security intelligence with the IT
infrastructure to detect and remediate a potential issue before it
spreads

Respond
The Respond pillar addresses activities that accelerate
remediation and contain the impact of an attack once detected.
Whilst there are many solutions and services available to help,
much of what is needed involves people and processes internal to
your business.
Prepare /
Identify

Respond
· Plan and implement a Computer Security Incident Response Team and
define roles and responsibilities
· Manage risk by measuring and tracking your cyber resilience,
including how well systems were protected during an attack
· Create a plan: outline how you intend to respond to cyber incidents
· Determine how response processes and procedures will be maintained
and tested
· Co-ordinate communications response activities, and understand how
analysis and mitigation activities will be performed
· Devise a system where ensures lessons learned are incorporated into
future response activities

Recover
This stage involves developing systems and plans to restore data
and services after an attack.
Even if you respond quickly to a cyber breach, there may be
consequences for people, processes and systems. An effective
recovery depends on a clear and thorough recovery plan.
Prepare /
Identify

Recover
· Develop and implement systems and plans to restore any data and
services that may have been impacted during a cyber attack
· Ensure that your disaster recovery plans cover major cyber attacks as
well as system failures and natural disasters
· Consider cyber attack scenarios:
· Ransomware attacks
· Website hijack
· Remote access compromise
· Network-level infection
· Business Email Compromise

Getting started

peter@firstbase.co.uk
http://firstbase.co.uk
twitter: @FBTechies
Thank you!
Peter Wood
Chief Executive Officer
First Base Technologies LLP
Since 1989

Introduction to Cyber Resilience

More Related Content

What's hot

Similar to Introduction to Cyber Resilience

More from Peter Wood

Recently uploaded

Introduction to Cyber Resilience