SlideShare a Scribd company logo

Approaches to Cyber Resilience and Supply Chain Assurance

Leonardo
Leonardo

Presented by Leonardo's Head of Cyber Consulting, Max Wigley, at DSEI 2019.

Technology
1 of 17
Download to read offline
CYBER SECURITY DIVISION DSEI Sept 2019 Approaches to Cyber Resilience and Supply Chain Assurance
CYBER SECURITY DIVISION 2 © 2019 Leonardo MW Ltd – All rights reserved Introductions  Dr Max Wigley  Head of Cyber Consulting in Leonardo’s Cyber Security Division  NCSC Accredited Head Consultant and Consultancy Service Owner  Working with customers to understand the holistic and Enterprise level Cyber Risk associated with operating complex capabilities;  Developing architectures and approaches to cyber security and business transformation that enable operation within a stated risk appetite.
CYBER SECURITY DIVISION 3 © 2019 Leonardo MW Ltd – All rights reserved Leonardo MW Ltd – UK Business Bristol 200 people Cyber Security & ICT Solutions • NCSC Certified Cyber Security Consultancy • Cyber and Information Assurance • Trusted ICT Homeland Security & Critical National Infrastructure • Critical Infrastructure Protection 7,100 people Leonardo Academy Business Innovation Hub Cyber Security
CYBER SECURITY DIVISION 4 © 2019 Leonardo MW Ltd – All rights reserved Why do we want Products to be Assured on Delivery?  Customers expect products and services to be “cyber assured on delivery”  Rapidly changing digital systems need to be approached differently  Traditional risk assessments are often out of date soon after delivery.  An agile approach to secure by design is therefore needed. Traditional security approaches too often result in changes being made to products late in the CADMID lifecycle or risks being accepted during operations
CYBER SECURITY DIVISION 5 © 2019 Leonardo MW Ltd – All rights reserved Why do Traditional Approaches to Security Fail? Traditional approaches are often inflexible and do not accurately describe the cyber risk
CYBER SECURITY DIVISION 6 © 2019 Leonardo MW Ltd – All rights reserved What is Cyber Resilience?  Cyber Resilience approaches assume that a breach will happen.  Focus effort on implementing security controls that allow you to: o Detect attacks early o Contain, disrupt or monitor o Continue to operate o Safeguard assets “The capability for organisations to continue to deliver services or capabilities during and after a cyber-incident, in a manner which is within the organisations risk appetite and in which critical information is protected” Christoph Roser at AllAboutLean.com
CYBER SECURITY DIVISION 7 © 2019 Leonardo MW Ltd – All rights reserved What does Cyber Resilience Mean for your Organisation? Why? GoalsObjectives Risk Management Strategy Techniques and Approaches Implementation of Cyber Resilience Principles Inform selection and Prioritisation Leonardo Cyber Resilience Principles Before embarking on the Cyber Resilience journey, it is crucial to define a strategy along with specified goals and objectives
CYBER SECURITY DIVISION 8 © 2019 Leonardo MW Ltd – All rights reserved Cyber Defence vs Cyber Resilience Threat Model Script Kiddies Criminal Groups Serious Organised Crime Foreign Governments What or who are we defending against when we implement “good practice” cyber defence? Cyber Resilience and Cyber Defence tackle different security problems. Organisations and systems need an approach based on a threat and risk assessment
CYBER SECURITY DIVISION 9 © 2019 Leonardo MW Ltd – All rights reserved Use of an Attack Path Approach to Drive Agile Secure-by-Design  It is not realistic to require a completed design to commence security assurance  Iteratively develop attack paths, risks and security controls  Embed security within the design team  Provide accurate risk information at all times to support decisions Assess Quantify Model Iteratively development of security artefacts allows up to date risk information at all times
CYBER SECURITY DIVISION 10 © 2019 Leonardo MW Ltd – All rights reserved How does Supply Chain fit in? Direct Supply Chain Attacks Adversary aims to access sensitive information, or compromise critical services Indirect Supply Chain Attacks Adversary attacks a supplier to gain intelligence Modern supply chains are complex and distributed and can be used to deliver a cyber effect, or for intelligence gathering.
CYBER SECURITY DIVISION 11 © 2019 Leonardo MW Ltd – All rights reserved How do we know if Suppliers Present Risk? A holistic approach is needed. Current approaches focus on sensitive information, meaning that the risk picture can be incomplete Supply chains can provide or hold one or more of:  Sensitive Information  Critical Services / Capabilities  Critical Identifiable Information How exposed are you if one of your suppliers is compromised? How many companies does your procurement process release sensitive information to? How much sensitive information do your suppliers hold?
CYBER SECURITY DIVISION 12 © 2019 Leonardo MW Ltd – All rights reserved Sensitive Information is Released Inadvertently in Procurement Documentation The risk associated with information release during procurement processes needs to be understood – balancing competition and security. • Adversaries want a high success rate • Much information is available from open sources • Information obtained via supply chain adds refinement and understanding
CYBER SECURITY DIVISION 13 © 2019 Leonardo MW Ltd – All rights reserved How widely is information disseminated? Organisations need to be aware of the scale of information release via chosen procurement approaches, and consider the aggregated risk of this for a product / capability. • Framework procurements release information widely • Many recipients have no interest in bidding • Approaches must cover more than just those organisations on contract
CYBER SECURITY DIVISION 14 © 2019 Leonardo MW Ltd – All rights reserved What Assurance do you have over Supplier systems? Ultimately risk owners want to know where in the supply chain they are exposed, and what action needs to be taken.  Adopt a Systems Engineering approach to understanding supply chains  Consider sensitive information, critical services and critical identifiable information  Approach to assurance / security proportionate to risk  Identify gaps, risks and any actions required Identify Critical Services and Information Build Supply Chain Delivery Model Assess Assurance Level and Controls
CYBER SECURITY DIVISION 15 © 2019 Leonardo MW Ltd – All rights reserved Risk is not a Dirty Word  Digital Transformation does not need to be “risky”  Security risk should be treated alongside other programme risks  Ignoring or not assessing risk is not an option  In the digital transformation, security can genuinely be an enabler: o Helping organisations find ways to do digital business without exceeding the risk appetite. Security risk needs to be managed alongside other risk areas such as safety and programme risk. Key is understanding what risks you are accepting and how you are managing them.
CYBER SECURITY DIVISION 16 © 2019 Leonardo MW Ltd – All rights reserved Summary and Conclusions  Traditional approaches to security have often failed to deliver good business outcomes  Need a flexible approach to deal with agile projects  Cyber Resilience is not just another word for cyber security – need to find the right mix of defence and resilience  Any holistic approach should include the supply chain  Key is understanding the flow of information and capabilities, and a proportionate approach to assurance at each point  As the digital transformation proceeds, there is an opportunity for security to act as a genuine enabler to support improvements in capability As the digital transformation proceeds, there is an opportunity for security to act as a genuine enabler. We must adapt our approaches to support improvements in capability
THANK YOU FOR YOUR ATTENTION leonardocompany.com CYBER SECURITY DIVISION Max Wigley max.wigley@leonardocompany.com 07825 541434

Recommended

Maritime Cyber Security Education
Maritime Cyber Security EducationMaritime Cyber Security Education
Maritime Cyber Security EducationValentin Bañaco
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentationejervis
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersSynopsys Software Integrity Group
 
Escrow Presentation Final
Escrow Presentation FinalEscrow Presentation Final
Escrow Presentation FinalTony_Clarke
 
Econocom - identifying funding for success
Econocom - identifying funding for successEconocom - identifying funding for success
Econocom - identifying funding for successIISPEastMids
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedSynopsys Software Integrity Group
 
CTPAT and Cybersecurity.
CTPAT and Cybersecurity. CTPAT and Cybersecurity.
CTPAT and Cybersecurity. Dan Petrosini
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMoti Sagey מוטי שגיא
 

Recommended

Maritime Cyber Security Education
Maritime Cyber Security EducationMaritime Cyber Security Education
Maritime Cyber Security EducationValentin Bañaco
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentationejervis
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersSynopsys Software Integrity Group
 
Escrow Presentation Final
Escrow Presentation FinalEscrow Presentation Final
Escrow Presentation FinalTony_Clarke
 
Econocom - identifying funding for success
Econocom - identifying funding for successEconocom - identifying funding for success
Econocom - identifying funding for successIISPEastMids
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedSynopsys Software Integrity Group
 
CTPAT and Cybersecurity.
CTPAT and Cybersecurity. CTPAT and Cybersecurity.
CTPAT and Cybersecurity. Dan Petrosini
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMoti Sagey מוטי שגיא
 
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Amazon Web Services
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualSynopsys Software Integrity Group
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
New Rules Coming for CTPAT
New Rules Coming for CTPATNew Rules Coming for CTPAT
New Rules Coming for CTPATDan Petrosini
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010simongreaves
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityOnward Security
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperNIIT Technologies
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Gettozero stealth industrial
Gettozero stealth industrialGettozero stealth industrial
Gettozero stealth industrialSherid444
 
High Performance Schools
High Performance SchoolsHigh Performance Schools
High Performance SchoolsMarc Lijour, OCT, BSc, MBA
 
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15Todd Mouton
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti
 
Cyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshareCyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshareM. Ariel Evans
 
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
Phoenix And TPA
Phoenix And TPAPhoenix And TPA
Phoenix And TPAZylog Systems Canada Ltd
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti
 
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Cohesive Networks
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber riskaakash malhotra
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 

More Related Content

What's hot

Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Amazon Web Services
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
New Rules Coming for CTPAT
New Rules Coming for CTPATNew Rules Coming for CTPAT
New Rules Coming for CTPATDan Petrosini
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010simongreaves
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityOnward Security
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperNIIT Technologies
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Gettozero stealth industrial
Gettozero stealth industrialGettozero stealth industrial
Gettozero stealth industrialSherid444
 
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15Todd Mouton
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti
 
Cyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshareCyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshareM. Ariel Evans
 
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti
 
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Cohesive Networks
 

What's hot (20)

Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security
 
New Rules Coming for CTPAT
New Rules Coming for CTPATNew Rules Coming for CTPAT
New Rules Coming for CTPAT
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 
Gettozero stealth industrial
Gettozero stealth industrialGettozero stealth industrial
Gettozero stealth industrial
 
High Performance Schools
High Performance SchoolsHigh Performance Schools
High Performance Schools
 
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
 
Cyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshareCyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshare
 
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
Phoenix And TPA
Phoenix And TPAPhoenix And TPA
Phoenix And TPA
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
 
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
 

Similar to Approaches to Cyber Resilience and Supply Chain Assurance

Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber riskaakash malhotra
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfMetaorange
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxMetaorange
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assetscyberprosocial
 
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfHow to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfMr. Business Magazine
 
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxWatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxRachatrinTongrungroj1
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Pierre Audoin Consultants
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...TraintechTde
 
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...poore120
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Enable your employees to work securely from anywhere with digital workplace
Enable your employees to work securely from anywhere with digital workplaceEnable your employees to work securely from anywhere with digital workplace
Enable your employees to work securely from anywhere with digital workplaceNeetaSahay1
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trustaccenture
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 

Similar to Approaches to Cyber Resilience and Supply Chain Assurance (20)

Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
NCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentialsNCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentials
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
 
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfHow to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdf
 
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxWatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptx
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
 
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Enable your employees to work securely from anywhere with digital workplace
Enable your employees to work securely from anywhere with digital workplaceEnable your employees to work securely from anywhere with digital workplace
Enable your employees to work securely from anywhere with digital workplace
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trust
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDI
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 

More from Leonardo

Leonardo - Technologies for a Safer Future.pdf
Leonardo - Technologies for a Safer Future.pdfLeonardo - Technologies for a Safer Future.pdf
Leonardo - Technologies for a Safer Future.pdfLeonardo
 
The Leonardo FY 2023 Preliminary Results Presentation
The Leonardo FY 2023 Preliminary Results PresentationThe Leonardo FY 2023 Preliminary Results Presentation
The Leonardo FY 2023 Preliminary Results PresentationLeonardo
 
Leonardo 3Q/9M Results Presentation
Leonardo 3Q/9M Results PresentationLeonardo 3Q/9M Results Presentation
Leonardo 3Q/9M Results PresentationLeonardo
 
Leonardo 1H 2023 Results
Leonardo 1H 2023 ResultsLeonardo 1H 2023 Results
Leonardo 1H 2023 ResultsLeonardo
 
Leonardo 1Q 2023 Results
Leonardo 1Q 2023 ResultsLeonardo 1Q 2023 Results
Leonardo 1Q 2023 ResultsLeonardo
 
Leonardo FY 2022 Results
Leonardo FY 2022 ResultsLeonardo FY 2022 Results
Leonardo FY 2022 ResultsLeonardo
 
Leonardo 3Q/9M 2022 Results
Leonardo 3Q/9M 2022 ResultsLeonardo 3Q/9M 2022 Results
Leonardo 3Q/9M 2022 ResultsLeonardo
 
Leonardo 2Q/1H2022 Results Presentation
Leonardo 2Q/1H2022 Results PresentationLeonardo 2Q/1H2022 Results Presentation
Leonardo 2Q/1H2022 Results PresentationLeonardo
 
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and UpdatesLeonardo
 
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...Leonardo
 
Leonardo 1Q 2022 Results
Leonardo 1Q 2022 ResultsLeonardo 1Q 2022 Results
Leonardo 1Q 2022 ResultsLeonardo
 
Leonardo FY2021 Results
Leonardo FY2021 ResultsLeonardo FY2021 Results
Leonardo FY2021 ResultsLeonardo
 
European Rotors - Certification by Simulation
European Rotors - Certification by SimulationEuropean Rotors - Certification by Simulation
European Rotors - Certification by SimulationLeonardo
 
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...Leonardo
 
European Rotors - Rotorcraft and VTOL Symposium
European Rotors - Rotorcraft and VTOL SymposiumEuropean Rotors - Rotorcraft and VTOL Symposium
European Rotors - Rotorcraft and VTOL SymposiumLeonardo
 
European Rotors - Contributing to the Swiss Innovation Day
European Rotors - Contributing to the Swiss Innovation Day European Rotors - Contributing to the Swiss Innovation Day
European Rotors - Contributing to the Swiss Innovation Day Leonardo
 
European Rotors - Helioffshore panel on Sustainable Aviation Fuel
European Rotors - Helioffshore panel on Sustainable Aviation FuelEuropean Rotors - Helioffshore panel on Sustainable Aviation Fuel
European Rotors - Helioffshore panel on Sustainable Aviation FuelLeonardo
 
European Rotors - PBN and GNSS for Rotorcraft Operations
European Rotors - PBN and GNSS for Rotorcraft OperationsEuropean Rotors - PBN and GNSS for Rotorcraft Operations
European Rotors - PBN and GNSS for Rotorcraft OperationsLeonardo
 
European Rotors - AW609 for HEMS Market
European Rotors - AW609 for HEMS MarketEuropean Rotors - AW609 for HEMS Market
European Rotors - AW609 for HEMS MarketLeonardo
 
Leonardo 3Q/9M 2021 Results
Leonardo 3Q/9M 2021 ResultsLeonardo 3Q/9M 2021 Results
Leonardo 3Q/9M 2021 ResultsLeonardo
 

More from Leonardo (20)

Leonardo - Technologies for a Safer Future.pdf
Leonardo - Technologies for a Safer Future.pdfLeonardo - Technologies for a Safer Future.pdf
Leonardo - Technologies for a Safer Future.pdf
 
The Leonardo FY 2023 Preliminary Results Presentation
The Leonardo FY 2023 Preliminary Results PresentationThe Leonardo FY 2023 Preliminary Results Presentation
The Leonardo FY 2023 Preliminary Results Presentation
 
Leonardo 3Q/9M Results Presentation
Leonardo 3Q/9M Results PresentationLeonardo 3Q/9M Results Presentation
Leonardo 3Q/9M Results Presentation
 
Leonardo 1H 2023 Results
Leonardo 1H 2023 ResultsLeonardo 1H 2023 Results
Leonardo 1H 2023 Results
 
Leonardo 1Q 2023 Results
Leonardo 1Q 2023 ResultsLeonardo 1Q 2023 Results
Leonardo 1Q 2023 Results
 
Leonardo FY 2022 Results
Leonardo FY 2022 ResultsLeonardo FY 2022 Results
Leonardo FY 2022 Results
 
Leonardo 3Q/9M 2022 Results
Leonardo 3Q/9M 2022 ResultsLeonardo 3Q/9M 2022 Results
Leonardo 3Q/9M 2022 Results
 
Leonardo 2Q/1H2022 Results Presentation
Leonardo 2Q/1H2022 Results PresentationLeonardo 2Q/1H2022 Results Presentation
Leonardo 2Q/1H2022 Results Presentation
 
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
 
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
 
Leonardo 1Q 2022 Results
Leonardo 1Q 2022 ResultsLeonardo 1Q 2022 Results
Leonardo 1Q 2022 Results
 
Leonardo FY2021 Results
Leonardo FY2021 ResultsLeonardo FY2021 Results
Leonardo FY2021 Results
 
European Rotors - Certification by Simulation
European Rotors - Certification by SimulationEuropean Rotors - Certification by Simulation
European Rotors - Certification by Simulation
 
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
 
European Rotors - Rotorcraft and VTOL Symposium
European Rotors - Rotorcraft and VTOL SymposiumEuropean Rotors - Rotorcraft and VTOL Symposium
European Rotors - Rotorcraft and VTOL Symposium
 
European Rotors - Contributing to the Swiss Innovation Day
European Rotors - Contributing to the Swiss Innovation Day European Rotors - Contributing to the Swiss Innovation Day
European Rotors - Contributing to the Swiss Innovation Day
 
European Rotors - Helioffshore panel on Sustainable Aviation Fuel
European Rotors - Helioffshore panel on Sustainable Aviation FuelEuropean Rotors - Helioffshore panel on Sustainable Aviation Fuel
European Rotors - Helioffshore panel on Sustainable Aviation Fuel
 
European Rotors - PBN and GNSS for Rotorcraft Operations
European Rotors - PBN and GNSS for Rotorcraft OperationsEuropean Rotors - PBN and GNSS for Rotorcraft Operations
European Rotors - PBN and GNSS for Rotorcraft Operations
 
European Rotors - AW609 for HEMS Market
European Rotors - AW609 for HEMS MarketEuropean Rotors - AW609 for HEMS Market
European Rotors - AW609 for HEMS Market
 
Leonardo 3Q/9M 2021 Results
Leonardo 3Q/9M 2021 ResultsLeonardo 3Q/9M 2021 Results
Leonardo 3Q/9M 2021 Results
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Approaches to Cyber Resilience and Supply Chain Assurance

  • 1. CYBER SECURITY DIVISION DSEI Sept 2019 Approaches to Cyber Resilience and Supply Chain Assurance
  • 2. CYBER SECURITY DIVISION 2 © 2019 Leonardo MW Ltd – All rights reserved Introductions  Dr Max Wigley  Head of Cyber Consulting in Leonardo’s Cyber Security Division  NCSC Accredited Head Consultant and Consultancy Service Owner  Working with customers to understand the holistic and Enterprise level Cyber Risk associated with operating complex capabilities;  Developing architectures and approaches to cyber security and business transformation that enable operation within a stated risk appetite.
  • 3. CYBER SECURITY DIVISION 3 © 2019 Leonardo MW Ltd – All rights reserved Leonardo MW Ltd – UK Business Bristol 200 people Cyber Security & ICT Solutions • NCSC Certified Cyber Security Consultancy • Cyber and Information Assurance • Trusted ICT Homeland Security & Critical National Infrastructure • Critical Infrastructure Protection 7,100 people Leonardo Academy Business Innovation Hub Cyber Security
  • 4. CYBER SECURITY DIVISION 4 © 2019 Leonardo MW Ltd – All rights reserved Why do we want Products to be Assured on Delivery?  Customers expect products and services to be “cyber assured on delivery”  Rapidly changing digital systems need to be approached differently  Traditional risk assessments are often out of date soon after delivery.  An agile approach to secure by design is therefore needed. Traditional security approaches too often result in changes being made to products late in the CADMID lifecycle or risks being accepted during operations
  • 5. CYBER SECURITY DIVISION 5 © 2019 Leonardo MW Ltd – All rights reserved Why do Traditional Approaches to Security Fail? Traditional approaches are often inflexible and do not accurately describe the cyber risk
  • 6. CYBER SECURITY DIVISION 6 © 2019 Leonardo MW Ltd – All rights reserved What is Cyber Resilience?  Cyber Resilience approaches assume that a breach will happen.  Focus effort on implementing security controls that allow you to: o Detect attacks early o Contain, disrupt or monitor o Continue to operate o Safeguard assets “The capability for organisations to continue to deliver services or capabilities during and after a cyber-incident, in a manner which is within the organisations risk appetite and in which critical information is protected” Christoph Roser at AllAboutLean.com
  • 7. CYBER SECURITY DIVISION 7 © 2019 Leonardo MW Ltd – All rights reserved What does Cyber Resilience Mean for your Organisation? Why? GoalsObjectives Risk Management Strategy Techniques and Approaches Implementation of Cyber Resilience Principles Inform selection and Prioritisation Leonardo Cyber Resilience Principles Before embarking on the Cyber Resilience journey, it is crucial to define a strategy along with specified goals and objectives
  • 8. CYBER SECURITY DIVISION 8 © 2019 Leonardo MW Ltd – All rights reserved Cyber Defence vs Cyber Resilience Threat Model Script Kiddies Criminal Groups Serious Organised Crime Foreign Governments What or who are we defending against when we implement “good practice” cyber defence? Cyber Resilience and Cyber Defence tackle different security problems. Organisations and systems need an approach based on a threat and risk assessment
  • 9. CYBER SECURITY DIVISION 9 © 2019 Leonardo MW Ltd – All rights reserved Use of an Attack Path Approach to Drive Agile Secure-by-Design  It is not realistic to require a completed design to commence security assurance  Iteratively develop attack paths, risks and security controls  Embed security within the design team  Provide accurate risk information at all times to support decisions Assess Quantify Model Iteratively development of security artefacts allows up to date risk information at all times
  • 10. CYBER SECURITY DIVISION 10 © 2019 Leonardo MW Ltd – All rights reserved How does Supply Chain fit in? Direct Supply Chain Attacks Adversary aims to access sensitive information, or compromise critical services Indirect Supply Chain Attacks Adversary attacks a supplier to gain intelligence Modern supply chains are complex and distributed and can be used to deliver a cyber effect, or for intelligence gathering.
  • 11. CYBER SECURITY DIVISION 11 © 2019 Leonardo MW Ltd – All rights reserved How do we know if Suppliers Present Risk? A holistic approach is needed. Current approaches focus on sensitive information, meaning that the risk picture can be incomplete Supply chains can provide or hold one or more of:  Sensitive Information  Critical Services / Capabilities  Critical Identifiable Information How exposed are you if one of your suppliers is compromised? How many companies does your procurement process release sensitive information to? How much sensitive information do your suppliers hold?
  • 12. CYBER SECURITY DIVISION 12 © 2019 Leonardo MW Ltd – All rights reserved Sensitive Information is Released Inadvertently in Procurement Documentation The risk associated with information release during procurement processes needs to be understood – balancing competition and security. • Adversaries want a high success rate • Much information is available from open sources • Information obtained via supply chain adds refinement and understanding
  • 13. CYBER SECURITY DIVISION 13 © 2019 Leonardo MW Ltd – All rights reserved How widely is information disseminated? Organisations need to be aware of the scale of information release via chosen procurement approaches, and consider the aggregated risk of this for a product / capability. • Framework procurements release information widely • Many recipients have no interest in bidding • Approaches must cover more than just those organisations on contract
  • 14. CYBER SECURITY DIVISION 14 © 2019 Leonardo MW Ltd – All rights reserved What Assurance do you have over Supplier systems? Ultimately risk owners want to know where in the supply chain they are exposed, and what action needs to be taken.  Adopt a Systems Engineering approach to understanding supply chains  Consider sensitive information, critical services and critical identifiable information  Approach to assurance / security proportionate to risk  Identify gaps, risks and any actions required Identify Critical Services and Information Build Supply Chain Delivery Model Assess Assurance Level and Controls
  • 15. CYBER SECURITY DIVISION 15 © 2019 Leonardo MW Ltd – All rights reserved Risk is not a Dirty Word  Digital Transformation does not need to be “risky”  Security risk should be treated alongside other programme risks  Ignoring or not assessing risk is not an option  In the digital transformation, security can genuinely be an enabler: o Helping organisations find ways to do digital business without exceeding the risk appetite. Security risk needs to be managed alongside other risk areas such as safety and programme risk. Key is understanding what risks you are accepting and how you are managing them.
  • 16. CYBER SECURITY DIVISION 16 © 2019 Leonardo MW Ltd – All rights reserved Summary and Conclusions  Traditional approaches to security have often failed to deliver good business outcomes  Need a flexible approach to deal with agile projects  Cyber Resilience is not just another word for cyber security – need to find the right mix of defence and resilience  Any holistic approach should include the supply chain  Key is understanding the flow of information and capabilities, and a proportionate approach to assurance at each point  As the digital transformation proceeds, there is an opportunity for security to act as a genuine enabler to support improvements in capability As the digital transformation proceeds, there is an opportunity for security to act as a genuine enabler. We must adapt our approaches to support improvements in capability
  • 17. THANK YOU FOR YOUR ATTENTION leonardocompany.com CYBER SECURITY DIVISION Max Wigley max.wigley@leonardocompany.com 07825 541434