SlideShare a Scribd company logo

Introduction to RESILIA and Cyber Resilience

Download as PPTX, PDF
C
Christian F. Nissen

Cyber threats Cyber Resilience Cyber Resilience Lifecycle Strategy Design Transition Operation Continual Improvement Segregation of duties and dual controls Barriers to Cyber Resilience

Technology
1 of 41
RESILIA and Cyber Resilience - Introduction Christian F. Nissen, CFN Consult RESILIATM, ITIL®, PRINCE2® MSP®, MoP® and MoV® are Registered Trade Marks of AXELOS in the United Kingdom and other countries COBIT® is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) TOGAFTM and IT4ITTM are trademarks of The Open Group SIAM® is a registered trademark of EXIN © 2018 of CFN Consult unless otherwise stated
2 Agenda 1. Cyber threats 2. Cyber Resilience 3. Cyber Resilience Lifecycle ❍ Strategy ❍ Design ❍ Transition ❍ Operation ❍ Continual Improvement 4. Segregation of duties and dual controls 5. Barriers to Cyber Resilience Agenda © 2018
Why bother? According to the ISACA’s January 2016 Cybersecurity Snapshot,  84 percent of respondents believe there is a medium to high likelihood of a cybersecurity attack disrupting critical infrastructure (e.g., electrical grid, water supply systems) this year.  20 percent of the respondents have experienced a ransomware incident  72 percent of respondents say they are in favor of the US Cybersecurity Act, but only 46% say their organizations would voluntarily participate in cyber threat information sharing, as outlined in the Act. 3 © 2018 Cyberthreats
Why bother? 4 © 2018 Cyberthreats Jim Baines, CEO of Baines Packaging Inc., a major US packaging company
Why bother? 5 © 2018 Cyberthreats
Best practices and standards Some standards and frameworks that can help organizations to manage cyber threats include:  NIST Framework for Improving Critical Infrastructure Cybersecurity - A US risk-based approach to managing cybersecurity risk.  Management of Risk (M_o_R) - Best practice for managing risk  ISO/IEC 27001 - International standard for information security management  ISO 31000 - International standard defining risk management principles and guidelines.  ISO 22301 - International standard for business continuity  COBIT 5 – Best practice for governance and management of enterprise IT.  ITIL – Best practice for IT service management  ISO/IEC 20000 - International standard for IT service management 6 © 2018 CyberResilience
Information Security versus Cyber Resilience The human factor ❍ Service value resides in information, technology, people and processes ❍ People and their behaviour cause most vulnerabilities ❍ Need to look beyond information security – to cyber resilience 7 © 2018 CyberResilience Information Tech- nology People Pro- cesses
Information Security versus Cyber Resilience Security is defined as ‘the state of being free from danger or threat’ and involves the protection (confidentiality, integrity, availability & non-repudiation) of what is important, often with more emphasis on prevention and less emphasis on recovery from an incident. However prevention alone is no longer a realistic strategy. Resilience is the ability of a system or component to resist an unplanned disturbance or failure, and to recover in a timely manner following any unplanned disturbance or failure. 8 © 2018 Resilience Security CyberResilience
What is Cyber Resilience?  Cyber resilience is the ability to prevent, detect, and correct (respond & recover) any impact that incidents have on the information required to do business.  Right balance between three types of control activity: 9 © 2018 CyberResilience Preventive Detective Corrective
What is RESILIA?  A best practice from Axelos released in 2015  A balanced and holistic approach to cyber resilience  The missing chapter in ITIL  Risk and control based  Lifecycle based 10 © 2018 CyberResilience https://www.axelos.com/resilia
What is RESILIA?  Risk-based 11 © 2018 Asset Vulnera- bility Threat CyberResilience
What is RESILIA?  Addressing risk 12 © 2018 CyberResilience
What is RESILIA? 13 © 2018 CyberResilience Best Practice Guide Core practical guidance for strategy, implementation and management: “what good looks like” Individual Awareness Learning & Know-how All staff across an organisation IT teams and data owners/managers Membership & CPD IT teams and data owners/managers Leader Engagement Leadership team across an organisation Management Pathway Tool Foundation & Practitioner Training
RESILIA Management Pathway Tool Method of assessing the maturity of cyber resilience in your organization ❍ Explore the RESILIA best practice guidance and understand how its processes and security controls apply to your organization. ❍ Evaluate your existing cyber resilience controls and processes to identify the critical gaps ❍ Map the necessary improvements you need to make to meet your desired level of cyber resilience maturity 14 © 2018 CyberResilience
RESILIA Leader Engagement Awareness products tools and guidance specifically designed to increase understanding, insight and action in the boardroom These include: ❍ Continuing professional development and learning for executive and non-executive directors ❍ Cyber boardroom simulations ❍ Cyber resilience risk management training for senior risk management decision makers. 15 © 2018 CyberResilience
RESILIA Awareness Learning 16 © 2018 CyberResilience Learning modules Phishing Social engineering Password safety Information handling Online safety Remote and mobile working Personal information Learning formats Games Simu- lations Videos eLear- ning Tests and refresh- ers Anima- tions
RESILIA Certification 17 © 2018 CyberResilience Cyber Resilience Foundation Cyber Resilience Practitioner Course structure Learning outcomes 3 day classroom course or 20 hours of distance learning, optional simulation to start course, Foundation certification multiple choice exam How decisions impact good/ bad Cyber Resilience Comprehensive approach across all areas How to make good Cyber Resilience an efficient part of business and operational management 2 day classroom course or 15 hours of distance learning, optional simulation to start course, Practitioner certification multiple choice exam, bundled with Foundation as a 5 day course What effective Cyber Resilience looks like Pitfalls, risk and issues that can easily hit Cyber Resilience Getting the best balance of risk, cost, benefits and flexibility within an organization
Positioning of RESILIA certification 18 © 2018 CyberResilience IT VENDORS- CISCO, MS, ORACLE etc ISC(2) CISSP CompTIA Security+ EC Council Ethical Hacker EC Council Certified Security Analyst CISM ISC(2) SSCP CLA S ISO27001 auditor CESG CCP CES G CCT ISACA Cybersecurity Fundamentals Certificate AXELOS RESILIA Practitioner AXELOS RESILIA Foundation BCS InfoSec Principles Key Grey = non-certification course Size of circle = course market share TECHNICAL FOCUS BUSINESS FOCUS GENERAL AUDIENCE NICHE AUDIENCE
RESILIA CPD scheme Continuing Professional Development (CPD): ❍ Coming in 2018 ❍ Completing a RESILIA qualification will earn 15 CPD points towards a professional membership ❍ A route to maintain your RESILIA qualification without re-sitting the exam 19 © 2018 CyberResilience
Who is RESILIA for? The Foundation and Practitioner certification is aimed at:  IT and security functions  Risk and compliance functions  Core business functions including HR, Finance, Procurement, Operations and Marketing. The awareness learning is for the entire organization. The leadership engagement delivers specialised training and learning for the leaders within an organization 20 © 2018 CyberResilience
RESILIA Key principles:  Clear understanding of what the organization’s critical assets are, especially information.  Clear view of the organization’s key threats and vulnerabilities arising from their environment, including their customers, partners, and supply chain.  Adoption of a common language used by all stakeholders in the organization.  Assessment of the organization’s cyber resilience maturity and design of appropriate, prioritized, and proportionate plans using best practice guidance.  An appropriate balance of controls to prevent, detect, and correct. 21 © 2018 CyberResilience
The Cyber Resilience Lifecycle 22 © 2018 CyberResilienceLifecycle Strategy
Cyber Resilience Strategy – Controls 23 © 2018 Controls for Cyber Resilience Strategy Establish governance of cyber resilience Vision and mission Governance roles Manage stakeholders Identifying and categorizing stakeholders Gathering stakeholder requirements Stakeholder communications Create and manage cyber resilience policies Cyber resilience policies Structure of the policies Management of the policies (Process) Manage cyber resilience audit and compliance Audit Compliance management CyberResilienceStrategy
Cyber Resilience Strategy - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Strategy management for IT services  Service portfolio management  Financial management for IT services  Demand management  Business relationship management 24 © 2018 CyberResilienceStrategy
Cyber Resilience Strategy - Processes  Example: Cyber Resilience Interfaces with Service Portfolio Management 25 © 2018 CyberResilienceStrategy
Cyber Resilience Design – Controls 26 © 2018 Controls for Cyber Resilience Design Human Resource Security Recruitment Pre-employment, employment, exit and termination Training & awareness System Acquisition, Development, Architecture, and Design Requirement analysis Architecture design and development Threat and vulnerability modelling Secure design and development Cyber resilience security testing Supplier and Third- Party Security Management Supply chain risk management Managing third-party risks Confidentiality and non-disclosure for suppliers Compliance and auditing of the supply chain Endpoint Security Data-in-transit Data-at-rest Cryptography . . . Business Continuity Management Business impact analysis CyberResilienceDesign
Cyber Resilience Design - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Design Coordination  Service Catalogue Management  Service Level Management  Availability Management  Capacity Management  IT Service Continuity Management  Supplier Management 27 © 2018 CyberResilienceDesign
Cyber Resilience Design - Processes  Example: Cyber Resilience Interfaces with IT Service Continuity Management 28 © 2018 CyberResilienceDesign
Cyber Resilience Transition – Controls 29 © 2018 Controls for Cyber Resilience Transition Asset management and configuration management Classification and handling Data transportation and removable media Change management Authorization, control and secure implementation Testing Code review Unit, system and integration testing Regression and user-acceptance testing Penetration testing Training Documentation management Information retention and disposal CyberResilienceTransition
Cyber Resilience Transition - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Transition planning and support  Change management  Service asset and configuration management  Release and deployment management  Service validation and testing  Change evaluation  Knowledge management  Management of organizational change 30 © 2018 CyberResilienceTransition
Cyber Resilience Transition - Processes  Example: Cyber Resilience Interfaces with Release and Deployment Management 31 © 2018 CyberResilienceTransition
Cyber Resilience Operation – Controls 32 © 2018 CyberResilienceOperation Controls for Cyber Resilience Operation Access control Logical access control Business requirements and access policy Authorization, registration and provisioning Identity verification . . . Network security management Network design for resilience Segmenting networks with firewalls Network switch and logical segmentation Detecting and preventing intrusions . . . Physical security Physical access control Perimeter security Visitor management Identity badges and passes . . . Operations security Documentation Operational activities Cyber resilience incident management Incident planning Incident reporting, logging and initial assessment Responding to the incident Containing the incident, eradicating and recovering Learning lessons
Cyber Resilience Operation - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Event management  Incident management  Request fulfilment  Problem management  Access management 33 © 2018 CyberResilienceOperation
Cyber Resilience Operation - Processes  Example: Cyber Resilience Interfaces with Event Management 34 © 2018 CyberResilienceOperation
Cyber Resilience Continual Improvement 35 © 2018 CRContinualImprovement Controls for Cyber Resilience Continual Improvement Cyber resilience audit and review Technology review and audit Policy Review Review of access rights Review of administrator and operator logs Monitor, review and audit of third parties Control assessment KPI's, Key Risk Indicators and benchmarking Business continuity improvements Learning from information security incidents Process improvement Remediation and improvement planning The remediation plan Implementing improvements
Cyber Resilience Continual Improvement Interaction of ITSM Processes with Cyber Resilience Activities:  The CSI approach  The seven-step improvement process 36 © 2018 CRContinualImprovement
Cyber Resilience Continual Improvement  Example: Cyber Resilience Interfaces with The Seven-Step Improvement Process 37 © 2018 CRContinualImprovement
Segregation of duties and dual controls Segregating Duties  Ensures that privileges and roles are separated so that they cannot be used to commit fraud.  Example: Segregating development and operations Dual Controls  A method used to control abuse of privileges.  Example: Encryption of information using two separate encryption keys, each key belonging to a different person 38 © 2018 CyberResilienceResponsibilities
Barriers to cyber resilience  Lack of awareness (board level down)  Silo thinking (“it’s an IT problem”)  Narrow focus on regulatory compliance, not risk  Confusion about what “good” looks like  Cyber resilience demands a “whole system” view (information, technology, people and processes) 39 © 2018 BarrierstoCyberResilience
Questions and comments 40 © 2018 Leavingthescene
Contact 41 Christian F. Nissen cfn@cfnconsult.dk +45 40 19 41 45 CFN Consult ApS Linde Allé 1 DK-2600 Glostrup CVR: 39 36 47 86 © 2018

Recommended

ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?
Real IRM
 
ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?
The Open Group SA
 
Archimate Introduction
Archimate IntroductionArchimate Introduction
Archimate Introduction
emergingpractices
 
Event Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu KrishnaswamyEvent Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Bob Rhubart
 
Simplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptxSimplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptx
ssuser5faa791
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
Siva Rama Krishna Chunduru
 
Why EA's must drive cloud strategy
Why EA's must drive cloud strategyWhy EA's must drive cloud strategy
Why EA's must drive cloud strategy
Mike Walker
 
ITIL® Tutorial for Beginners | ITIL® Foundation Training | Edureka
ITIL® Tutorial for Beginners | ITIL® Foundation Training | EdurekaITIL® Tutorial for Beginners | ITIL® Foundation Training | Edureka
ITIL® Tutorial for Beginners | ITIL® Foundation Training | Edureka
Edureka!
 

Recommended

ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?
Real IRM
 
ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?ArchiMate® 3.0 - Trick or Treat?
ArchiMate® 3.0 - Trick or Treat?
The Open Group SA
 
Archimate Introduction
Archimate IntroductionArchimate Introduction
Archimate Introduction
emergingpractices
 
Event Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu KrishnaswamyEvent Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Event Driven Architecture (EDA) Reference Architecture | Anbu Krishnaswamy
Bob Rhubart
 
Simplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptxSimplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptx
ssuser5faa791
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
Siva Rama Krishna Chunduru
 
Why EA's must drive cloud strategy
Why EA's must drive cloud strategyWhy EA's must drive cloud strategy
Why EA's must drive cloud strategy
Mike Walker
 
ITIL® Tutorial for Beginners | ITIL® Foundation Training | Edureka
ITIL® Tutorial for Beginners | ITIL® Foundation Training | EdurekaITIL® Tutorial for Beginners | ITIL® Foundation Training | Edureka
ITIL® Tutorial for Beginners | ITIL® Foundation Training | Edureka
Edureka!
 
APIs in a Microservice Architecture
APIs in a Microservice ArchitectureAPIs in a Microservice Architecture
APIs in a Microservice Architecture
WSO2
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
Bridging Microservices, APIs and Integration
Bridging Microservices, APIs and IntegrationBridging Microservices, APIs and Integration
Bridging Microservices, APIs and Integration
Kasun Indrasiri
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud Governance
Jonathan Wade
 
Microservices
MicroservicesMicroservices
Microservices
SmartBear
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SRE
Araf Karsh Hamid
 
Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
tyrantbrian
 
Solution Architecture and Solution Complexity
Solution Architecture and Solution ComplexitySolution Architecture and Solution Complexity
Solution Architecture and Solution Complexity
Alan McSweeney
 
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
jeetendra mandal
 
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Edureka!
 
Cyber security
Cyber securityCyber security
Cyber security
Prem Raval
 
SAP Extended ECM by OpenText 10.0 - What's New?
SAP Extended ECM by OpenText 10.0 - What's New?SAP Extended ECM by OpenText 10.0 - What's New?
SAP Extended ECM by OpenText 10.0 - What's New?
Thomas Demmler
 
Security: The Value of SBOMs
Security: The Value of SBOMsSecurity: The Value of SBOMs
Security: The Value of SBOMs
Weaveworks
 
Cloud Workload Suitability
Cloud Workload SuitabilityCloud Workload Suitability
Cloud Workload Suitability
Vedanta Barooah
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
SlideTeam
 
Complexity and Solution Architecture
Complexity and Solution ArchitectureComplexity and Solution Architecture
Complexity and Solution Architecture
Alan McSweeney
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
 

More Related Content

What's hot

APIs in a Microservice Architecture
APIs in a Microservice ArchitectureAPIs in a Microservice Architecture
APIs in a Microservice Architecture
WSO2
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
Bridging Microservices, APIs and Integration
Bridging Microservices, APIs and IntegrationBridging Microservices, APIs and Integration
Bridging Microservices, APIs and Integration
Kasun Indrasiri
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud Governance
Jonathan Wade
 
Microservices
MicroservicesMicroservices
Microservices
SmartBear
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SRE
Araf Karsh Hamid
 
Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
tyrantbrian
 
Solution Architecture and Solution Complexity
Solution Architecture and Solution ComplexitySolution Architecture and Solution Complexity
Solution Architecture and Solution Complexity
Alan McSweeney
 
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
jeetendra mandal
 
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Edureka!
 
Cyber security
Cyber securityCyber security
Cyber security
Prem Raval
 
SAP Extended ECM by OpenText 10.0 - What's New?
SAP Extended ECM by OpenText 10.0 - What's New?SAP Extended ECM by OpenText 10.0 - What's New?
SAP Extended ECM by OpenText 10.0 - What's New?
Thomas Demmler
 
Security: The Value of SBOMs
Security: The Value of SBOMsSecurity: The Value of SBOMs
Security: The Value of SBOMs
Weaveworks
 
Cloud Workload Suitability
Cloud Workload SuitabilityCloud Workload Suitability
Cloud Workload Suitability
Vedanta Barooah
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
SlideTeam
 
Complexity and Solution Architecture
Complexity and Solution ArchitectureComplexity and Solution Architecture
Complexity and Solution Architecture
Alan McSweeney
 

What's hot (20)

APIs in a Microservice Architecture
APIs in a Microservice ArchitectureAPIs in a Microservice Architecture
APIs in a Microservice Architecture
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
Bridging Microservices, APIs and Integration
Bridging Microservices, APIs and IntegrationBridging Microservices, APIs and Integration
Bridging Microservices, APIs and Integration
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud Governance
 
Microservices
MicroservicesMicroservices
Microservices
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SRE
 
Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
 
Solution Architecture and Solution Complexity
Solution Architecture and Solution ComplexitySolution Architecture and Solution Complexity
Solution Architecture and Solution Complexity
 
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
Top 5 Software Architecture Pattern Event Driven SOA Microservice Serverless ...
 
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
 
Cyber security
Cyber securityCyber security
Cyber security
 
SAP Extended ECM by OpenText 10.0 - What's New?
SAP Extended ECM by OpenText 10.0 - What's New?SAP Extended ECM by OpenText 10.0 - What's New?
SAP Extended ECM by OpenText 10.0 - What's New?
 
Security: The Value of SBOMs
Security: The Value of SBOMsSecurity: The Value of SBOMs
Security: The Value of SBOMs
 
Cloud Workload Suitability
Cloud Workload SuitabilityCloud Workload Suitability
Cloud Workload Suitability
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
 
Complexity and Solution Architecture
Complexity and Solution ArchitectureComplexity and Solution Architecture
Complexity and Solution Architecture
 

Similar to Introduction to RESILIA and Cyber Resilience

New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
accenture
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
accenture
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trust
accenture
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
Accenture Operations
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Item46763
Item46763Item46763
Item46763
madunix
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
Kroll
 

Similar to Introduction to RESILIA and Cyber Resilience (20)

New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trust
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Item46763
Item46763Item46763
Item46763
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 

More from Christian F. Nissen

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
Christian F. Nissen
 
Acquisition of IT Service Management tools
Acquisition of IT Service Management toolsAcquisition of IT Service Management tools
Acquisition of IT Service Management tools
Christian F. Nissen
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
Christian F. Nissen
 
Introduction to ITIL 2011 and IT service management
Introduction to ITIL 2011 and IT service managementIntroduction to ITIL 2011 and IT service management
Introduction to ITIL 2011 and IT service management
Christian F. Nissen
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in IT
Christian F. Nissen
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
Christian F. Nissen
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real life
Christian F. Nissen
 

More from Christian F. Nissen (8)

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
 
Acquisition of IT Service Management tools
Acquisition of IT Service Management toolsAcquisition of IT Service Management tools
Acquisition of IT Service Management tools
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Introduction to ITIL 2011 and IT service management
Introduction to ITIL 2011 and IT service managementIntroduction to ITIL 2011 and IT service management
Introduction to ITIL 2011 and IT service management
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in IT
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real life
 

Recently uploaded

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 

Recently uploaded (20)

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 

Introduction to RESILIA and Cyber Resilience

  • 1. RESILIA and Cyber Resilience - Introduction Christian F. Nissen, CFN Consult RESILIATM, ITIL®, PRINCE2® MSP®, MoP® and MoV® are Registered Trade Marks of AXELOS in the United Kingdom and other countries COBIT® is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) TOGAFTM and IT4ITTM are trademarks of The Open Group SIAM® is a registered trademark of EXIN © 2018 of CFN Consult unless otherwise stated
  • 2. 2 Agenda 1. Cyber threats 2. Cyber Resilience 3. Cyber Resilience Lifecycle ❍ Strategy ❍ Design ❍ Transition ❍ Operation ❍ Continual Improvement 4. Segregation of duties and dual controls 5. Barriers to Cyber Resilience Agenda © 2018
  • 3. Why bother? According to the ISACA’s January 2016 Cybersecurity Snapshot,  84 percent of respondents believe there is a medium to high likelihood of a cybersecurity attack disrupting critical infrastructure (e.g., electrical grid, water supply systems) this year.  20 percent of the respondents have experienced a ransomware incident  72 percent of respondents say they are in favor of the US Cybersecurity Act, but only 46% say their organizations would voluntarily participate in cyber threat information sharing, as outlined in the Act. 3 © 2018 Cyberthreats
  • 4. Why bother? 4 © 2018 Cyberthreats Jim Baines, CEO of Baines Packaging Inc., a major US packaging company
  • 5. Why bother? 5 © 2018 Cyberthreats
  • 6. Best practices and standards Some standards and frameworks that can help organizations to manage cyber threats include:  NIST Framework for Improving Critical Infrastructure Cybersecurity - A US risk-based approach to managing cybersecurity risk.  Management of Risk (M_o_R) - Best practice for managing risk  ISO/IEC 27001 - International standard for information security management  ISO 31000 - International standard defining risk management principles and guidelines.  ISO 22301 - International standard for business continuity  COBIT 5 – Best practice for governance and management of enterprise IT.  ITIL – Best practice for IT service management  ISO/IEC 20000 - International standard for IT service management 6 © 2018 CyberResilience
  • 7. Information Security versus Cyber Resilience The human factor ❍ Service value resides in information, technology, people and processes ❍ People and their behaviour cause most vulnerabilities ❍ Need to look beyond information security – to cyber resilience 7 © 2018 CyberResilience Information Tech- nology People Pro- cesses
  • 8. Information Security versus Cyber Resilience Security is defined as ‘the state of being free from danger or threat’ and involves the protection (confidentiality, integrity, availability & non-repudiation) of what is important, often with more emphasis on prevention and less emphasis on recovery from an incident. However prevention alone is no longer a realistic strategy. Resilience is the ability of a system or component to resist an unplanned disturbance or failure, and to recover in a timely manner following any unplanned disturbance or failure. 8 © 2018 Resilience Security CyberResilience
  • 9. What is Cyber Resilience?  Cyber resilience is the ability to prevent, detect, and correct (respond & recover) any impact that incidents have on the information required to do business.  Right balance between three types of control activity: 9 © 2018 CyberResilience Preventive Detective Corrective
  • 10. What is RESILIA?  A best practice from Axelos released in 2015  A balanced and holistic approach to cyber resilience  The missing chapter in ITIL  Risk and control based  Lifecycle based 10 © 2018 CyberResilience https://www.axelos.com/resilia
  • 11. What is RESILIA?  Risk-based 11 © 2018 Asset Vulnera- bility Threat CyberResilience
  • 12. What is RESILIA?  Addressing risk 12 © 2018 CyberResilience
  • 13. What is RESILIA? 13 © 2018 CyberResilience Best Practice Guide Core practical guidance for strategy, implementation and management: “what good looks like” Individual Awareness Learning & Know-how All staff across an organisation IT teams and data owners/managers Membership & CPD IT teams and data owners/managers Leader Engagement Leadership team across an organisation Management Pathway Tool Foundation & Practitioner Training
  • 14. RESILIA Management Pathway Tool Method of assessing the maturity of cyber resilience in your organization ❍ Explore the RESILIA best practice guidance and understand how its processes and security controls apply to your organization. ❍ Evaluate your existing cyber resilience controls and processes to identify the critical gaps ❍ Map the necessary improvements you need to make to meet your desired level of cyber resilience maturity 14 © 2018 CyberResilience
  • 15. RESILIA Leader Engagement Awareness products tools and guidance specifically designed to increase understanding, insight and action in the boardroom These include: ❍ Continuing professional development and learning for executive and non-executive directors ❍ Cyber boardroom simulations ❍ Cyber resilience risk management training for senior risk management decision makers. 15 © 2018 CyberResilience
  • 16. RESILIA Awareness Learning 16 © 2018 CyberResilience Learning modules Phishing Social engineering Password safety Information handling Online safety Remote and mobile working Personal information Learning formats Games Simu- lations Videos eLear- ning Tests and refresh- ers Anima- tions
  • 17. RESILIA Certification 17 © 2018 CyberResilience Cyber Resilience Foundation Cyber Resilience Practitioner Course structure Learning outcomes 3 day classroom course or 20 hours of distance learning, optional simulation to start course, Foundation certification multiple choice exam How decisions impact good/ bad Cyber Resilience Comprehensive approach across all areas How to make good Cyber Resilience an efficient part of business and operational management 2 day classroom course or 15 hours of distance learning, optional simulation to start course, Practitioner certification multiple choice exam, bundled with Foundation as a 5 day course What effective Cyber Resilience looks like Pitfalls, risk and issues that can easily hit Cyber Resilience Getting the best balance of risk, cost, benefits and flexibility within an organization
  • 18. Positioning of RESILIA certification 18 © 2018 CyberResilience IT VENDORS- CISCO, MS, ORACLE etc ISC(2) CISSP CompTIA Security+ EC Council Ethical Hacker EC Council Certified Security Analyst CISM ISC(2) SSCP CLA S ISO27001 auditor CESG CCP CES G CCT ISACA Cybersecurity Fundamentals Certificate AXELOS RESILIA Practitioner AXELOS RESILIA Foundation BCS InfoSec Principles Key Grey = non-certification course Size of circle = course market share TECHNICAL FOCUS BUSINESS FOCUS GENERAL AUDIENCE NICHE AUDIENCE
  • 19. RESILIA CPD scheme Continuing Professional Development (CPD): ❍ Coming in 2018 ❍ Completing a RESILIA qualification will earn 15 CPD points towards a professional membership ❍ A route to maintain your RESILIA qualification without re-sitting the exam 19 © 2018 CyberResilience
  • 20. Who is RESILIA for? The Foundation and Practitioner certification is aimed at:  IT and security functions  Risk and compliance functions  Core business functions including HR, Finance, Procurement, Operations and Marketing. The awareness learning is for the entire organization. The leadership engagement delivers specialised training and learning for the leaders within an organization 20 © 2018 CyberResilience
  • 21. RESILIA Key principles:  Clear understanding of what the organization’s critical assets are, especially information.  Clear view of the organization’s key threats and vulnerabilities arising from their environment, including their customers, partners, and supply chain.  Adoption of a common language used by all stakeholders in the organization.  Assessment of the organization’s cyber resilience maturity and design of appropriate, prioritized, and proportionate plans using best practice guidance.  An appropriate balance of controls to prevent, detect, and correct. 21 © 2018 CyberResilience
  • 22. The Cyber Resilience Lifecycle 22 © 2018 CyberResilienceLifecycle Strategy
  • 23. Cyber Resilience Strategy – Controls 23 © 2018 Controls for Cyber Resilience Strategy Establish governance of cyber resilience Vision and mission Governance roles Manage stakeholders Identifying and categorizing stakeholders Gathering stakeholder requirements Stakeholder communications Create and manage cyber resilience policies Cyber resilience policies Structure of the policies Management of the policies (Process) Manage cyber resilience audit and compliance Audit Compliance management CyberResilienceStrategy
  • 24. Cyber Resilience Strategy - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Strategy management for IT services  Service portfolio management  Financial management for IT services  Demand management  Business relationship management 24 © 2018 CyberResilienceStrategy
  • 25. Cyber Resilience Strategy - Processes  Example: Cyber Resilience Interfaces with Service Portfolio Management 25 © 2018 CyberResilienceStrategy
  • 26. Cyber Resilience Design – Controls 26 © 2018 Controls for Cyber Resilience Design Human Resource Security Recruitment Pre-employment, employment, exit and termination Training & awareness System Acquisition, Development, Architecture, and Design Requirement analysis Architecture design and development Threat and vulnerability modelling Secure design and development Cyber resilience security testing Supplier and Third- Party Security Management Supply chain risk management Managing third-party risks Confidentiality and non-disclosure for suppliers Compliance and auditing of the supply chain Endpoint Security Data-in-transit Data-at-rest Cryptography . . . Business Continuity Management Business impact analysis CyberResilienceDesign
  • 27. Cyber Resilience Design - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Design Coordination  Service Catalogue Management  Service Level Management  Availability Management  Capacity Management  IT Service Continuity Management  Supplier Management 27 © 2018 CyberResilienceDesign
  • 28. Cyber Resilience Design - Processes  Example: Cyber Resilience Interfaces with IT Service Continuity Management 28 © 2018 CyberResilienceDesign
  • 29. Cyber Resilience Transition – Controls 29 © 2018 Controls for Cyber Resilience Transition Asset management and configuration management Classification and handling Data transportation and removable media Change management Authorization, control and secure implementation Testing Code review Unit, system and integration testing Regression and user-acceptance testing Penetration testing Training Documentation management Information retention and disposal CyberResilienceTransition
  • 30. Cyber Resilience Transition - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Transition planning and support  Change management  Service asset and configuration management  Release and deployment management  Service validation and testing  Change evaluation  Knowledge management  Management of organizational change 30 © 2018 CyberResilienceTransition
  • 31. Cyber Resilience Transition - Processes  Example: Cyber Resilience Interfaces with Release and Deployment Management 31 © 2018 CyberResilienceTransition
  • 32. Cyber Resilience Operation – Controls 32 © 2018 CyberResilienceOperation Controls for Cyber Resilience Operation Access control Logical access control Business requirements and access policy Authorization, registration and provisioning Identity verification . . . Network security management Network design for resilience Segmenting networks with firewalls Network switch and logical segmentation Detecting and preventing intrusions . . . Physical security Physical access control Perimeter security Visitor management Identity badges and passes . . . Operations security Documentation Operational activities Cyber resilience incident management Incident planning Incident reporting, logging and initial assessment Responding to the incident Containing the incident, eradicating and recovering Learning lessons
  • 33. Cyber Resilience Operation - Processes Interaction of ITSM Processes with Cyber Resilience Activities:  Event management  Incident management  Request fulfilment  Problem management  Access management 33 © 2018 CyberResilienceOperation
  • 34. Cyber Resilience Operation - Processes  Example: Cyber Resilience Interfaces with Event Management 34 © 2018 CyberResilienceOperation
  • 35. Cyber Resilience Continual Improvement 35 © 2018 CRContinualImprovement Controls for Cyber Resilience Continual Improvement Cyber resilience audit and review Technology review and audit Policy Review Review of access rights Review of administrator and operator logs Monitor, review and audit of third parties Control assessment KPI's, Key Risk Indicators and benchmarking Business continuity improvements Learning from information security incidents Process improvement Remediation and improvement planning The remediation plan Implementing improvements
  • 36. Cyber Resilience Continual Improvement Interaction of ITSM Processes with Cyber Resilience Activities:  The CSI approach  The seven-step improvement process 36 © 2018 CRContinualImprovement
  • 37. Cyber Resilience Continual Improvement  Example: Cyber Resilience Interfaces with The Seven-Step Improvement Process 37 © 2018 CRContinualImprovement
  • 38. Segregation of duties and dual controls Segregating Duties  Ensures that privileges and roles are separated so that they cannot be used to commit fraud.  Example: Segregating development and operations Dual Controls  A method used to control abuse of privileges.  Example: Encryption of information using two separate encryption keys, each key belonging to a different person 38 © 2018 CyberResilienceResponsibilities
  • 39. Barriers to cyber resilience  Lack of awareness (board level down)  Silo thinking (“it’s an IT problem”)  Narrow focus on regulatory compliance, not risk  Confusion about what “good” looks like  Cyber resilience demands a “whole system” view (information, technology, people and processes) 39 © 2018 BarrierstoCyberResilience
  • 40. Questions and comments 40 © 2018 Leavingthescene
  • 41. Contact 41 Christian F. Nissen cfn@cfnconsult.dk +45 40 19 41 45 CFN Consult ApS Linde Allé 1 DK-2600 Glostrup CVR: 39 36 47 86 © 2018