A copy of the slides I delivered at the inaugural BANG event in Sydney to a highly receptive audience of talented individuals from the resilience, business continuity, cybersecurity, and risk professions.
25. Assets Vulnerabilities Threats Attacks Breaches Impacts
• Email servers
• Software
• Cables
• Racks
• Power supplies
• Network
infrastructure
• Internet
connection
• Email admins
• Sales team
• ISP infrastructure
• ISP admins
• Tape backup
server
• Tape
• Single supplier of
networks
• Single supplier of
power
• OS buffer
overflow
• Perishable tape
• Only one email
admin
• Overworked
network admins
• Tape backups not
tested
• One sales team
member is a
gambler
• Malware
• Spam
• Environmental
• Brownouts
• Power loss
• Network
disruption
• DDoS
• Illness
• Cyber attackers
recruiting mules
• ISP goes out of
business
• Social engineering
• Cyber espionage
• Sabotage
• Staff absence
• Insider abuse
• Inside misuse
• Destruction of key
sites
• Data loss
• Unavailability of
key resources
• Unavailability of
key sites
• Loss of
productivity
• Loss of contracts
• Loss of clients
• Loss of prospects
• Loss of revenue
• Bad publicity
• Legal action
• Share price drop
Start with a business process – sales
26. Assets Vulnerabilities Threats Attacks Breaches Impacts
• Storage servers
• Food
technologists
• Quality control
staff
• Network
infrastructure
• Internet
connection
• Google
infrastructure
• Google admins
• Dropbox
infrastructure
• Dropbox admins
• Power
infrastructure
• Unpatched file
server
• Poor passwords
• Untrained users
• Poor screening
processes
• Misconfigured
firewall
• Phishing
• Malware
• Targeted attack
• Compromise of
cloud storage
(Google Drive and
Dropbox)
• Theft of biscuit
recipes
• Theft of customer
contact details
• Theft of credit
card details
• Insider threat
• Sabotage
• IP theft
• Customer data
loss
• Modification of
recipe programs
• Loss of contracts
• Loss of clients
• Loss of prospects
• Loss of revenue
• Bad publicity
• Legal action
• Product recall
Start with a dollar value – $1M