A presentation by Professor Martin Gill, Director, Perpetuity Research on the role of private security in tackling cybercrime, delivered at the Police Foundation's annual conference 'Policing and Justice for a Digital Age'.
While some argue that cyber resilience is foundational for managing risk holistically in an increasingly complex world, others deride the concept as little more than the latest buzzword. This presentation provides an overview of what cyber resilience means and how it is being used by governments and corporations across different industries.
This whitepaper discusses some common challenges and myths about data security when outsourcing engineering and looks at some industry best practices to address these concerns.
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
The new RSA Security Brief highlights that basic security lapses still contribute to most security incidents. The report identifies top areas for improvement and provides practical guidance on measures that deliver the greatest impact on organizations' ability to respond to cyber attacks and data breaches.
About RSA Security Brief :
RSA Security Briefs provide security leaders and risk management executives with essential guidance on today's most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today's forward-thinking security and risk management practitioners.
Read More via
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
Are you confident in your company's cyber security posture? Read the latest S-RM report for guidance on mapping a path to cyber confidence: https://www.s-rminform.com/cyber-confidence/?utm_campaign=Cyber_Confidence&utm_source=slideshare&utm_medium=social
While some argue that cyber resilience is foundational for managing risk holistically in an increasingly complex world, others deride the concept as little more than the latest buzzword. This presentation provides an overview of what cyber resilience means and how it is being used by governments and corporations across different industries.
This whitepaper discusses some common challenges and myths about data security when outsourcing engineering and looks at some industry best practices to address these concerns.
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
The new RSA Security Brief highlights that basic security lapses still contribute to most security incidents. The report identifies top areas for improvement and provides practical guidance on measures that deliver the greatest impact on organizations' ability to respond to cyber attacks and data breaches.
About RSA Security Brief :
RSA Security Briefs provide security leaders and risk management executives with essential guidance on today's most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today's forward-thinking security and risk management practitioners.
Read More via
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
Are you confident in your company's cyber security posture? Read the latest S-RM report for guidance on mapping a path to cyber confidence: https://www.s-rminform.com/cyber-confidence/?utm_campaign=Cyber_Confidence&utm_source=slideshare&utm_medium=social
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
Data Protection becomes increasingly important, especially in the digital world. Data Protection by Design and by Default (“DPbDD”) plays a critical role in this connection and has been enshrined in Article 25 the EU General Data Protection Regulation (“GDPR”). Data Protection by Design requires that data protection principles are to be taken into consideration at the earliest stage of the design process, while Data Protection by Default should ensure that, by default, only personal data that are necessary for each purpose of the processing are processed.
Even though Article 25 GDPR specifically addresses data controllers (e.g. companies or public administrations using software for processing personal data), developers may find it useful to get familiar with DPbDD requirements for creating GDPR compliant software that enables data controllers to fulfill their data protection obligations. This could possibly lead to competitive advantages over competitors who do not design their products with data protection principles in mind.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Organizations are improving cyber resilience and showing they can perform better under greater pressure as the number of targeted attacks more than doubles.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC, contributes on Strategies to minimise loss and damage in Corporate Livewire Cyber Security & Data Protection Expert Guide, published in December 2017
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
Data Protection becomes increasingly important, especially in the digital world. Data Protection by Design and by Default (“DPbDD”) plays a critical role in this connection and has been enshrined in Article 25 the EU General Data Protection Regulation (“GDPR”). Data Protection by Design requires that data protection principles are to be taken into consideration at the earliest stage of the design process, while Data Protection by Default should ensure that, by default, only personal data that are necessary for each purpose of the processing are processed.
Even though Article 25 GDPR specifically addresses data controllers (e.g. companies or public administrations using software for processing personal data), developers may find it useful to get familiar with DPbDD requirements for creating GDPR compliant software that enables data controllers to fulfill their data protection obligations. This could possibly lead to competitive advantages over competitors who do not design their products with data protection principles in mind.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Organizations are improving cyber resilience and showing they can perform better under greater pressure as the number of targeted attacks more than doubles.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC, contributes on Strategies to minimise loss and damage in Corporate Livewire Cyber Security & Data Protection Expert Guide, published in December 2017
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
The simulation of a vehicles suspension system represents an important part of how the driver experiences ride quality. Without a suspension system, a vehicle acts in a stiff and uncomfortable way. The characteristics of a vehicles performance are dependent on the properties of the suspension. A model of this system would enable a manufacturer to test how certain changes to the properties change the behavior of the vehicle. This way they are able to see how the stiffness of the spring and damper in the suspension system affects the ride experience before building an actual car. This can also reduce the cost of development. The most basic suspension system consists of a spring and shock absorber and also includes the stiffness of the tire being used. More complex suspension systems consist of sensors that take into account and compensate for traction control, engine torque, steering, and braking systems.
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
Learn how cognitive security may be a powerful tool in addressing challenges security professionals face.
New capabilities for a
challenging era
Security leaders are working to address three gaps
in their current capabilities
—
in intelligence, speed
and accuracy. Some organizations are beginning to
explore the potential of cognitive security solutions
to address these gaps and get ahead of their risks
and threats. There are high expectations for this
technology. Fifty-seven percent of the security
leaders we surveyed believe that it can significantly
slow the ef forts of cybercriminals. The 22 percent of
respondents who we call “Primed” have started their
journey into the cognitive era of cybersecurity
—
they
believe they have the familiarity, the maturity and the
resources they need. To begin the journey, it is
important to explore your weaknesses, determine
how you want to augment your capabilities with
cognitive solutions and think about building education
and investment plans for your stakeholders.
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
Many law firms would suffer greatly from being breached due
to the extreme sensitive data they are handling on a daily basis.
Any cyber attack in this sector can be catastrophic so do lawyers
feel ready to stand against the rising tide of cybercrime?
With this in mind, Symantec, in conjunction with the law
publication Managing Partner, conducted a study into how law firms see cyber security.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
A data breach can threaten the continued existence of even the largest organizations.This presentation by Chris Roach, Managing Director at CBIZ shares what is at stake and, more importantly, what your business can do to minimize the risk of a data breach.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
A Time of Great Risk: The Time Between Compromise and Mitigation
In most organizations today, threat detection is based on various security sensors that attempt to look for anomalous behavior or for known signatures of malicious activity. These sensors include firewalls, intrusion detection/prevention systems (IDS/IPS), application gateways, anti- virus/anti-malware, endpoint protection, and more. They operate at and provide visibility into all layers of the IT stack.
Securing the digital frontier cyber security policies for a safer future.pdfAltius IT
Cybersecurity policies, often considered a subset of IT security policies, focus specifically on protecting an organization's digital assets from cyber threats. These policies encompass strategies for defending against malware, phishing attacks, data breaches, and other cyberattacks. Cybersecurity policies are essential for staying ahead of evolving cyber threats and minimizing the risk of data loss or system compromise.
Web:- https://altiusit.com/
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Although a latecomer to the security party, HR organizations can play an important role in protecting assets and influencing good security behaviors. HR leadership can strengthen hiring practices, tighten responses for disgruntled employees, spearhead effective employee security education, advocate regulatory compliance and exemplify good privacy practices, be a good custodian of HR data, and rise to the challenges of hiring good cybersecurity professionals.
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
Holistic Cyber Risk Management Programs in the Financial Industry Must "Predict and Prevent" in Today's Complex Threat Environment, says new White Paper.
The top challenges to expect in network security in 2019 survey report Bricata, Inc.
The Bricata team conducted a survey to ask cybersecurity professionals about the challenges and opportunities they face in network security.
64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others.
While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10.
Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated.
About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts.
While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months.
Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus.
Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t.
Similar to Professor Martin Gill, Director, Perpetuity Research (20)
A presentation given by Will Linden, Acting Director of the Violence Reduction Unit, Scotland for the Police Foundation's Annual Conference 2017 'Networked Policing: effective collaboration between the police, partners and communities'.
Networked policing - the Greater Manchester Experience CSSaunders
A presentation by Chief Constable Ian Hopkins of Greater Manchester Police given at the Police Foundation's annual conference 2017 'Networked Policing: effective collaboration between the police, partners and communities'.
Joining up what we've got or designing for what is needed?CSSaunders
A presentation by David Kelly, Programme Manager (Place-Based Integration), Greater Manchester Police given at the Police Foundation's Annual Conference 2017.
Networked policing: learning and working across organisational boundaries to ...CSSaunders
A presentation given by Professor Adam Crawford, Director of Leeds Social Sciences Unit, University of Leeds at the Police Foundation's annual conference 2017 'Networked Policing: effective collaboration between the police, partners and communities'.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
Donate to charity during this holiday seasonSERUDS INDIA
For people who have money and are philanthropic, there are infinite opportunities to gift a needy person or child a Merry Christmas. Even if you are living on a shoestring budget, you will be surprised at how much you can do.
Donate Us
https://serudsindia.org/how-to-donate-to-charity-during-this-holiday-season/
#charityforchildren, #donateforchildren, #donateclothesforchildren, #donatebooksforchildren, #donatetoysforchildren, #sponsorforchildren, #sponsorclothesforchildren, #sponsorbooksforchildren, #sponsortoysforchildren, #seruds, #kurnool
Monitoring Health for the SDGs - Global Health Statistics 2024 - WHOChristina Parmionova
The 2024 World Health Statistics edition reviews more than 50 health-related indicators from the Sustainable Development Goals and WHO’s Thirteenth General Programme of Work. It also highlights the findings from the Global health estimates 2021, notably the impact of the COVID-19 pandemic on life expectancy and healthy life expectancy.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
2024: The FAR - Federal Acquisition Regulations, Part 38
Professor Martin Gill, Director, Perpetuity Research
1. Perpetuity Research & Consultancy International (PRCI) Ltd
www.perpetuityresearch.com
Tackling Cyber Crime: TheTackling Cyber Crime: The
Role of Private SecurityRole of Private Security
Professor Martin GillProfessor Martin Gill
m.gill@perpetuityresearch.comm.gill@perpetuityresearch.com
3. The focusThe focus
Understanding the role of privateUnderstanding the role of private
security in tackling cyber crimesecurity in tackling cyber crime
A lot of cyber-security expertise is inA lot of cyber-security expertise is in
the private sector – how do responsesthe private sector – how do responses
to cyber crime reflect this?to cyber crime reflect this?
What constitutes cyber crime?What constitutes cyber crime?
4. DefinitionDefinition
Definitions typically focus, to a lesser
or greater extent, on whether offences
are cyber dependent, cyber enabled,
or cyber assisted
In practice, cyber crime involves a
wide variety of offences, some are
routine and a nuisance and some are
serious and can require a wide variety
of skill sets to manage
5. DefinitionDefinition
UK GovernmentUK Government
‘illegal activities undertaken by criminals
for financial gain which exploit
vulnerabilities in the use of the internet
and other electronic systems to illicitly
access or attack information and
services used by citizens, business
and the Government’
6. Cyber security in perspectiveCyber security in perspective
People, not least security staff, arePeople, not least security staff, are
crucial to protecting against cyber losscrucial to protecting against cyber loss
although this is often undervalued andalthough this is often undervalued and
under-statedunder-stated
Considerable overlap between goodConsiderable overlap between good
cyber security and good overall securitycyber security and good overall security
Adequate cyber response requiresAdequate cyber response requires
agencies to work togetheragencies to work together
7. ImportanceImportance
Much of the infrastructure that
underpins cyberspace is owned and
maintained by different elements of
the private sector; inevitably it is
business that will need to take a
leading role in offering protection
8. ConsequencesConsequences
Loss of sales
Fall in stocks and share prices
Loss of profit
Adverse media coverage
Higher employee turnover
Key staff/talent retention issues
Employee disengagement and
dissatisfaction
9. ConsequencesConsequences
A drop in consumer confidence
The loss of suppliers or sales
Reduction in influence of the
organisation on policy-makers in their
sector/industry
The costs and complications of
managing recovery and improving
resilience after a cyber attack
10. Clash of culturesClash of cultures
‘IT security requires technical
expertise but not large numbers of
staff, whereas physical security
generally has the opposite’ (Tyson)
11. ContextContext
Police are often relatively minorPolice are often relatively minor
playersplayers
Police sometimes lack trust in otherPolice sometimes lack trust in other
partners (including members of publicpartners (including members of public
and online community)and online community)
Police face problems – lack ofPolice face problems – lack of
technical skill, disjointed approach,technical skill, disjointed approach,
insufficient resources, poorinsufficient resources, poor
understanding of cyber spaceunderstanding of cyber space
12. ResearchingResearching
A survey was conducted of securityA survey was conducted of security
professionals from around the worldprofessionals from around the world
Follow-up one-to-one interviews withFollow-up one-to-one interviews with
physical and cyber security specialistsphysical and cyber security specialists
13. ResearchResearch
Research addressed 4 key areas:Research addressed 4 key areas:
– The current approach to managingThe current approach to managing
cyber securitycyber security
– The relevance of convergenceThe relevance of convergence
between physical and cyber securitybetween physical and cyber security
– Perspectives on law enforcementPerspectives on law enforcement
– The potential role of private securityThe potential role of private security
in responding to cyber crimein responding to cyber crime
14. The current approach to managingThe current approach to managing
cyber securitycyber security
88% of respondents agreed that88% of respondents agreed that
organisations were poor at preventingorganisations were poor at preventing
cyber crimecyber crime
63% of respondents agreed that63% of respondents agreed that
organisations were poor in knowingorganisations were poor in knowing
when there had been a breach ofwhen there had been a breach of
securitysecurity
15. QuotesQuotes
‘Our clients, in most cases at least, don’t
see the threat of cyber, it is not visible, they
would have to be shown something to
notice’. Head of Security, Construction
‘It is not well understood, I work with start
ups as well as multi-national companies,
and on the whole, they think it will not
happen to them. There is a lack lustre
attitude, it baffles me…Security is not an
easy sell.’ Consultant, Website
Development
16. People matterPeople matter
45% believed that cyber and physical45% believed that cyber and physical
security were equally important in thesecurity were equally important in the
companies they were linked tocompanies they were linked to
55% agreed that people issues were55% agreed that people issues were
more important than technology inmore important than technology in
tackling cyber crimetackling cyber crime
81% agreed that an alert workforce81% agreed that an alert workforce
was the best defence against cyberwas the best defence against cyber
crimecrime
17. QuoteQuote
‘The humans, all of your staff are your
most effective line of defence.
Technology is a critical part’. Head of
Cyber Resilience, Security Supplier
You could have all the technical
security solutions in the world and all it
takes is the human factor to create risk
and introduce a threat’. On-line surveyOn-line survey
18. ConvergenceConvergence
‘Security convergence is the integration,
in a formal, collaborative, and strategic
manner, of the cumulative security
resources of an organisation in order to
deliver enterprise-wide benefits through
enhanced risk mitigation, increased
operational effectiveness and efficiency,
and cost savings’ (Tyson)
19. The relevance of convergenceThe relevance of convergence
between physical and cyber securitybetween physical and cyber security
Considerable support for the idea ofConsiderable support for the idea of
convergenceconvergence
– 56% argued for some type of56% argued for some type of
converged working, 38% for separateconverged working, 38% for separate
teams, 6% not sureteams, 6% not sure
More research needed to translate theoryMore research needed to translate theory
into practice and understand differentinto practice and understand different
models/approaches of convergencemodels/approaches of convergence
20. The relevance of convergenceThe relevance of convergence
between physical and cyber securitybetween physical and cyber security
29% of respondents agreed that bringing29% of respondents agreed that bringing
together physical and cyber securitytogether physical and cyber security
specialists was widely understood inspecialists was widely understood in
relation to securityrelation to security
35% felt that physical security experts did35% felt that physical security experts did
not want to get involved in cyber securitynot want to get involved in cyber security
56% felt that cyber security personnel did56% felt that cyber security personnel did
not want physical security experts involvednot want physical security experts involved
in ’their’ areain ’their’ area
21. QuoteQuote
‘In fact, more and more they are the
same place, as in physical security we
are moving towards the same
assessments and policies and we are
working in the same direction, in a
couple of years we will merge’.
Security Manager (Physical), Bank
22. QuoteQuote
‘I follow the same risk assessment and
risk evaluation process. They may
require different skill sets to get under
the skin of threats and the availability
and effectiveness of controls, but
broad resilience risk management
should follow the same thought
process’. Head of Resilience, Utilities
23. QuoteQuote
‘If you have a cyber attack there is
often a physical element to it, a
demand or a ransom for example, so it
will soon become a ransom
management project; information is a
valuable asset after all, and these
offenders know that’. Security
Manager, Service Provider
24. BarriersBarriers
Barriers commonly thought of asBarriers commonly thought of as
coming between physical security andcoming between physical security and
cyber threats were:cyber threats were:
– The belief that cyber is outside theThe belief that cyber is outside the
remit of physical securityremit of physical security
– The lack of cyber expertise amongstThe lack of cyber expertise amongst
physical security expertsphysical security experts
– Belief that cyber specialistsBelief that cyber specialists
generally operate in isolationgenerally operate in isolation
25. QuoteQuote
The advantage of being separate is
about skills sets, about being able to
dedicate a focus to professionals in
their dedicated sphere rather than
being seen as a one-stop-shop’.
Security Manager, Energy provider
26. QuoteQuote
‘The biggest difference that I experience –
we have about 150 offices and they all look
different – different types of buildings,
different security – I have to achieve security
in all those places. The cyber folks – when
they go to address something on a network,
they are doing the same thing everywhere –
the network looks the same everywhere, the
computers look the same’. Director of
Physical Security, risk management
company
27. QuoteQuote
‘When looking at physical and cyber there is
a difference. When something goes wrong
what is harmful? In the case of physical
security human beings can get hurt, if cyber
goes wrong no one will get physically hurt,
no one will die unless a cyber attacker
hacks hospitals, so outcomes of risks are
different, with physical you can die with
cyber the harm is more financially’. Global
Security Director, Security Supplier.
28. ConvergenceConvergence
Although then a lot of support thereAlthough then a lot of support there
are concerns and the clash of culturesare concerns and the clash of cultures
is worthy of special commentis worthy of special comment
29. QuoteQuote
In physical they are pretty much driven to be
physically dominant, alpha personalities,
physical control over physical space and by
and large info security services people don’t
have that cultural approach, they are geeky,
introverted focused on their technologies
and how they can be used, and they tend
not to be very physical people’. Cyber
Security Partnership Manager
30. Perspectives on lawPerspectives on law
enforcementenforcement
3% respondents strongly agreed that3% respondents strongly agreed that
the police are effective at tacklingthe police are effective at tackling
cyber crimecyber crime
4% thought they were experts in this4% thought they were experts in this
areaarea
18% agreed that police are effective at18% agreed that police are effective at
tackling cyber crimetackling cyber crime
31. QuoteQuote
‘They don’t understand it. They don’t
have the resources. They see it as a
business issue. Stealing data from a
business is not seen as a crime, it’s
seen…as a crime against business,
not society’. Director of Physical
Security, Risk Management Company
32. QuoteQuote
‘Companies report incidents but never get
feedback and it is the same for the
intelligence services; when we report
intelligence, say about spamming, we send
reports and call friends and contacts but we
get no feedback. Only one side
communication; we give but we don’t
receive. Everyone speaks about public and
private partnership and it is only one way’.
Security Manager (Physical), Bank
33. Law enforcementLaw enforcement
69% of those who expressed an69% of those who expressed an
opinion either way agreed that it isopinion either way agreed that it is
impractical to report all cyber crimeimpractical to report all cyber crime
General view that the scale of cyberGeneral view that the scale of cyber
offending and depletion of resourcesoffending and depletion of resources
available to police meantavailable to police meant
organisations will have to takeorganisations will have to take
responsibility for protectingresponsibility for protecting
themselvesthemselves
34. QuoteQuote
‘The police need to set up an effective
response to cyber crime, this means
being agile and flexible; they need to
be able to move quickly. They need to
think in a different paradigm’.
Corporate Head of Security, Retail
35. The potential role of private securityThe potential role of private security
in responding to cyber crimein responding to cyber crime
52% respondents agreed that any52% respondents agreed that any
approach to cyber that didn’t include aapproach to cyber that didn’t include a
physical response was therefore weakphysical response was therefore weak
79% thought that physical security79% thought that physical security
was crucial to tackling cyberwas crucial to tackling cyber
36. Thinking about the physicalThinking about the physical
38% agreed physical security38% agreed physical security
suppliers often don’t see opportunitiessuppliers often don’t see opportunities
for contributing to cyber securityfor contributing to cyber security
52% felt that manned guarding52% felt that manned guarding
companies could make a contribution,companies could make a contribution,
38% thought facilities management38% thought facilities management
companies could, 91% thoughtcompanies could, 91% thought
security consultants couldsecurity consultants could
37. QuoteQuote
‘[there are] lots of opportunities for a
bold security company [to] be a bit of a
disrupter, and maybe they have to
employ different people, and pay
more, the size of the prize is high: any
dinosaur that isn’t adapting might
struggle justifying what they do with
the current group of people’. Head of
Resilience, Utilities
38. Overall commentsOverall comments
Physical security has generally underplayedPhysical security has generally underplayed
the contribution it can make to tackling cyberthe contribution it can make to tackling cyber
crimecrime
Some felt that by not engaging in this area, itSome felt that by not engaging in this area, it
was missing an opportunity to influence andwas missing an opportunity to influence and
profit from this workprofit from this work
There is a mistaken tendency to see theThere is a mistaken tendency to see the
response to cyber crime in terms ofresponse to cyber crime in terms of
technologytechnology
Convergence is widely discussed but there’sConvergence is widely discussed but there’s
a lack of clarity as to what this meansa lack of clarity as to what this means
39. CommentsComments
Police have an important role to play, butPolice have an important role to play, but
there needs to be more awareness aboutthere needs to be more awareness about
what can be realistically expectedwhat can be realistically expected
Cost of technical cyber response can beCost of technical cyber response can be
high and this excludes many companieshigh and this excludes many companies
from being able to afford what they need.from being able to afford what they need.
Cyber threats are relatively new andCyber threats are relatively new and
security and policing worlds are only nowsecurity and policing worlds are only now
beginning to determine the merits ofbeginning to determine the merits of
different approachesdifferent approaches
40. More informationMore information
To obtain a copy of the reportTo obtain a copy of the report
((Tackling Cyber Crime: The Role of
Private Security) and other reports goand other reports go
to:to:
www.perpetuityresearch.comwww.perpetuityresearch.com
41. Recognising OutstandingRecognising Outstanding
PerformersPerformers
For information on a new worldwideFor information on a new worldwide
scheme recognising those who arescheme recognising those who are
excellent at what they do, go to:excellent at what they do, go to:
www.theospas.comwww.theospas.com
42. Perpetuity Research & Consultancy International (PRCI) Ltd
www.perpetuityresearch.com
Tackling Cyber Crime: TheTackling Cyber Crime: The
Role of Private SecurityRole of Private Security
Professor Martin GillProfessor Martin Gill
m.gill@perpetuityresearch.comm.gill@perpetuityresearch.com