Submit Search
Upload
Approaches to Cyber Resilience and Supply Chain Assurance
•
1 like
•
452 views
Leonardo
Follow
Presented by Leonardo's Head of Cyber Consulting, Max Wigley, at DSEI 2019.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 17
Download now
Download to read offline
Recommended
Maritime Cyber Security Education
Maritime Cyber Security Education
Valentin Bañaco
Escrow Presentation
Escrow Presentation
ejervis
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Synopsys Software Integrity Group
Escrow Presentation Final
Escrow Presentation Final
Tony_Clarke
Econocom - identifying funding for success
Econocom - identifying funding for success
IISPEastMids
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
Synopsys Software Integrity Group
CTPAT and Cybersecurity.
CTPAT and Cybersecurity.
Dan Petrosini
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Moti Sagey מוטי שגיא
Recommended
Maritime Cyber Security Education
Maritime Cyber Security Education
Valentin Bañaco
Escrow Presentation
Escrow Presentation
ejervis
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Synopsys Software Integrity Group
Escrow Presentation Final
Escrow Presentation Final
Tony_Clarke
Econocom - identifying funding for success
Econocom - identifying funding for success
IISPEastMids
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
Synopsys Software Integrity Group
CTPAT and Cybersecurity.
CTPAT and Cybersecurity.
Dan Petrosini
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Moti Sagey מוטי שגיא
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both
Amazon Web Services
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
Synopsys Software Integrity Group
Infrastructure security
Infrastructure security
Adhar kashyap
New Rules Coming for CTPAT
New Rules Coming for CTPAT
Dan Petrosini
Escrow Presentation2010
Escrow Presentation2010
simongreaves
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
SurfWatch Labs
The Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
NIIT Technologies
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
Denim Group
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Synopsys Software Integrity Group
Gettozero stealth industrial
Gettozero stealth industrial
Sherid444
High Performance Schools
High Performance Schools
Marc Lijour, OCT, BSc, MBA
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
Todd Mouton
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learn
Ivanti
Cyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshare
M. Ariel Evans
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
Denim Group
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
Phoenix And TPA
Phoenix And TPA
Zylog Systems Canada Ltd
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Cohesive Networks
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
aakash malhotra
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
More Related Content
What's hot
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both
Amazon Web Services
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
Synopsys Software Integrity Group
Infrastructure security
Infrastructure security
Adhar kashyap
New Rules Coming for CTPAT
New Rules Coming for CTPAT
Dan Petrosini
Escrow Presentation2010
Escrow Presentation2010
simongreaves
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
SurfWatch Labs
The Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
NIIT Technologies
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
Denim Group
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Synopsys Software Integrity Group
Gettozero stealth industrial
Gettozero stealth industrial
Sherid444
High Performance Schools
High Performance Schools
Marc Lijour, OCT, BSc, MBA
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
Todd Mouton
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learn
Ivanti
Cyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshare
M. Ariel Evans
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
Denim Group
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
Phoenix And TPA
Phoenix And TPA
Zylog Systems Canada Ltd
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Cohesive Networks
What's hot
(20)
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
Infrastructure security
Infrastructure security
New Rules Coming for CTPAT
New Rules Coming for CTPAT
Escrow Presentation2010
Escrow Presentation2010
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
The Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Gettozero stealth industrial
Gettozero stealth industrial
High Performance Schools
High Performance Schools
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
AIC Products _ Services _ Accomplishments - Rvsd 01 28 15
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learn
Cyber intelligence 4 u overview for slideshare
Cyber intelligence 4 u overview for slideshare
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Phoenix And TPA
Phoenix And TPA
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Similar to Approaches to Cyber Resilience and Supply Chain Assurance
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
aakash malhotra
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
The Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
Metaorange
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
Metaorange
NCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentials
NCVO - National Council for Voluntary Organisations
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
cyberprosocial
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdf
Mr. Business Magazine
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptx
RachatrinTongrungroj1
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
PECB
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
Pierre Audoin Consultants
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
ControlCase
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Christian F. Nissen
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
TraintechTde
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
poore120
New technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
Enable your employees to work securely from anywhere with digital workplace
Enable your employees to work securely from anywhere with digital workplace
NeetaSahay1
Securing Consumer Trust
Securing Consumer Trust
accenture
dcb1203CyberNDI
dcb1203CyberNDI
Paul Elliott
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
Similar to Approaches to Cyber Resilience and Supply Chain Assurance
(20)
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
The Security Circle- Services Offered
The Security Circle- Services Offered
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
NCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentials
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdf
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptx
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency ...
New technologies - Amer Haza'a
New technologies - Amer Haza'a
Enable your employees to work securely from anywhere with digital workplace
Enable your employees to work securely from anywhere with digital workplace
Securing Consumer Trust
Securing Consumer Trust
dcb1203CyberNDI
dcb1203CyberNDI
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
More from Leonardo
Leonardo - Technologies for a Safer Future.pdf
Leonardo - Technologies for a Safer Future.pdf
Leonardo
The Leonardo FY 2023 Preliminary Results Presentation
The Leonardo FY 2023 Preliminary Results Presentation
Leonardo
Leonardo 3Q/9M Results Presentation
Leonardo 3Q/9M Results Presentation
Leonardo
Leonardo 1H 2023 Results
Leonardo 1H 2023 Results
Leonardo
Leonardo 1Q 2023 Results
Leonardo 1Q 2023 Results
Leonardo
Leonardo FY 2022 Results
Leonardo FY 2022 Results
Leonardo
Leonardo 3Q/9M 2022 Results
Leonardo 3Q/9M 2022 Results
Leonardo
Leonardo 2Q/1H2022 Results Presentation
Leonardo 2Q/1H2022 Results Presentation
Leonardo
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
Leonardo
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
Leonardo
Leonardo 1Q 2022 Results
Leonardo 1Q 2022 Results
Leonardo
Leonardo FY2021 Results
Leonardo FY2021 Results
Leonardo
European Rotors - Certification by Simulation
European Rotors - Certification by Simulation
Leonardo
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
Leonardo
European Rotors - Rotorcraft and VTOL Symposium
European Rotors - Rotorcraft and VTOL Symposium
Leonardo
European Rotors - Contributing to the Swiss Innovation Day
European Rotors - Contributing to the Swiss Innovation Day
Leonardo
European Rotors - Helioffshore panel on Sustainable Aviation Fuel
European Rotors - Helioffshore panel on Sustainable Aviation Fuel
Leonardo
European Rotors - PBN and GNSS for Rotorcraft Operations
European Rotors - PBN and GNSS for Rotorcraft Operations
Leonardo
European Rotors - AW609 for HEMS Market
European Rotors - AW609 for HEMS Market
Leonardo
Leonardo 3Q/9M 2021 Results
Leonardo 3Q/9M 2021 Results
Leonardo
More from Leonardo
(20)
Leonardo - Technologies for a Safer Future.pdf
Leonardo - Technologies for a Safer Future.pdf
The Leonardo FY 2023 Preliminary Results Presentation
The Leonardo FY 2023 Preliminary Results Presentation
Leonardo 3Q/9M Results Presentation
Leonardo 3Q/9M Results Presentation
Leonardo 1H 2023 Results
Leonardo 1H 2023 Results
Leonardo 1Q 2023 Results
Leonardo 1Q 2023 Results
Leonardo FY 2022 Results
Leonardo FY 2022 Results
Leonardo 3Q/9M 2022 Results
Leonardo 3Q/9M 2022 Results
Leonardo 2Q/1H2022 Results Presentation
Leonardo 2Q/1H2022 Results Presentation
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
1st Leonardo Helicopters SAR Workshop - AW139 SAR Overview and Updates
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
1st Leonardo Helicopters SAR Workshop - Training Services & Solutions for SAR...
Leonardo 1Q 2022 Results
Leonardo 1Q 2022 Results
Leonardo FY2021 Results
Leonardo FY2021 Results
European Rotors - Certification by Simulation
European Rotors - Certification by Simulation
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
European Rotors - Mission Management System’s Capabilities for Law Enforcemen...
European Rotors - Rotorcraft and VTOL Symposium
European Rotors - Rotorcraft and VTOL Symposium
European Rotors - Contributing to the Swiss Innovation Day
European Rotors - Contributing to the Swiss Innovation Day
European Rotors - Helioffshore panel on Sustainable Aviation Fuel
European Rotors - Helioffshore panel on Sustainable Aviation Fuel
European Rotors - PBN and GNSS for Rotorcraft Operations
European Rotors - PBN and GNSS for Rotorcraft Operations
European Rotors - AW609 for HEMS Market
European Rotors - AW609 for HEMS Market
Leonardo 3Q/9M 2021 Results
Leonardo 3Q/9M 2021 Results
Recently uploaded
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
MarianaLemus7
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
costume and set research powerpoint presentation
costume and set research powerpoint presentation
phoebematthew05
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Recently uploaded
(20)
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
costume and set research powerpoint presentation
costume and set research powerpoint presentation
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Approaches to Cyber Resilience and Supply Chain Assurance
1.
CYBER SECURITY DIVISION DSEI Sept
2019 Approaches to Cyber Resilience and Supply Chain Assurance
2.
CYBER SECURITY DIVISION 2 ©
2019 Leonardo MW Ltd – All rights reserved Introductions Dr Max Wigley Head of Cyber Consulting in Leonardo’s Cyber Security Division NCSC Accredited Head Consultant and Consultancy Service Owner Working with customers to understand the holistic and Enterprise level Cyber Risk associated with operating complex capabilities; Developing architectures and approaches to cyber security and business transformation that enable operation within a stated risk appetite.
3.
CYBER SECURITY DIVISION 3 ©
2019 Leonardo MW Ltd – All rights reserved Leonardo MW Ltd – UK Business Bristol 200 people Cyber Security & ICT Solutions • NCSC Certified Cyber Security Consultancy • Cyber and Information Assurance • Trusted ICT Homeland Security & Critical National Infrastructure • Critical Infrastructure Protection 7,100 people Leonardo Academy Business Innovation Hub Cyber Security
4.
CYBER SECURITY DIVISION 4 ©
2019 Leonardo MW Ltd – All rights reserved Why do we want Products to be Assured on Delivery? Customers expect products and services to be “cyber assured on delivery” Rapidly changing digital systems need to be approached differently Traditional risk assessments are often out of date soon after delivery. An agile approach to secure by design is therefore needed. Traditional security approaches too often result in changes being made to products late in the CADMID lifecycle or risks being accepted during operations
5.
CYBER SECURITY DIVISION 5 ©
2019 Leonardo MW Ltd – All rights reserved Why do Traditional Approaches to Security Fail? Traditional approaches are often inflexible and do not accurately describe the cyber risk
6.
CYBER SECURITY DIVISION 6 ©
2019 Leonardo MW Ltd – All rights reserved What is Cyber Resilience? Cyber Resilience approaches assume that a breach will happen. Focus effort on implementing security controls that allow you to: o Detect attacks early o Contain, disrupt or monitor o Continue to operate o Safeguard assets “The capability for organisations to continue to deliver services or capabilities during and after a cyber-incident, in a manner which is within the organisations risk appetite and in which critical information is protected” Christoph Roser at AllAboutLean.com
7.
CYBER SECURITY DIVISION 7 ©
2019 Leonardo MW Ltd – All rights reserved What does Cyber Resilience Mean for your Organisation? Why? GoalsObjectives Risk Management Strategy Techniques and Approaches Implementation of Cyber Resilience Principles Inform selection and Prioritisation Leonardo Cyber Resilience Principles Before embarking on the Cyber Resilience journey, it is crucial to define a strategy along with specified goals and objectives
8.
CYBER SECURITY DIVISION 8 ©
2019 Leonardo MW Ltd – All rights reserved Cyber Defence vs Cyber Resilience Threat Model Script Kiddies Criminal Groups Serious Organised Crime Foreign Governments What or who are we defending against when we implement “good practice” cyber defence? Cyber Resilience and Cyber Defence tackle different security problems. Organisations and systems need an approach based on a threat and risk assessment
9.
CYBER SECURITY DIVISION 9 ©
2019 Leonardo MW Ltd – All rights reserved Use of an Attack Path Approach to Drive Agile Secure-by-Design It is not realistic to require a completed design to commence security assurance Iteratively develop attack paths, risks and security controls Embed security within the design team Provide accurate risk information at all times to support decisions Assess Quantify Model Iteratively development of security artefacts allows up to date risk information at all times
10.
CYBER SECURITY DIVISION 10 ©
2019 Leonardo MW Ltd – All rights reserved How does Supply Chain fit in? Direct Supply Chain Attacks Adversary aims to access sensitive information, or compromise critical services Indirect Supply Chain Attacks Adversary attacks a supplier to gain intelligence Modern supply chains are complex and distributed and can be used to deliver a cyber effect, or for intelligence gathering.
11.
CYBER SECURITY DIVISION 11 ©
2019 Leonardo MW Ltd – All rights reserved How do we know if Suppliers Present Risk? A holistic approach is needed. Current approaches focus on sensitive information, meaning that the risk picture can be incomplete Supply chains can provide or hold one or more of: Sensitive Information Critical Services / Capabilities Critical Identifiable Information How exposed are you if one of your suppliers is compromised? How many companies does your procurement process release sensitive information to? How much sensitive information do your suppliers hold?
12.
CYBER SECURITY DIVISION 12 ©
2019 Leonardo MW Ltd – All rights reserved Sensitive Information is Released Inadvertently in Procurement Documentation The risk associated with information release during procurement processes needs to be understood – balancing competition and security. • Adversaries want a high success rate • Much information is available from open sources • Information obtained via supply chain adds refinement and understanding
13.
CYBER SECURITY DIVISION 13 ©
2019 Leonardo MW Ltd – All rights reserved How widely is information disseminated? Organisations need to be aware of the scale of information release via chosen procurement approaches, and consider the aggregated risk of this for a product / capability. • Framework procurements release information widely • Many recipients have no interest in bidding • Approaches must cover more than just those organisations on contract
14.
CYBER SECURITY DIVISION 14 ©
2019 Leonardo MW Ltd – All rights reserved What Assurance do you have over Supplier systems? Ultimately risk owners want to know where in the supply chain they are exposed, and what action needs to be taken. Adopt a Systems Engineering approach to understanding supply chains Consider sensitive information, critical services and critical identifiable information Approach to assurance / security proportionate to risk Identify gaps, risks and any actions required Identify Critical Services and Information Build Supply Chain Delivery Model Assess Assurance Level and Controls
15.
CYBER SECURITY DIVISION 15 ©
2019 Leonardo MW Ltd – All rights reserved Risk is not a Dirty Word Digital Transformation does not need to be “risky” Security risk should be treated alongside other programme risks Ignoring or not assessing risk is not an option In the digital transformation, security can genuinely be an enabler: o Helping organisations find ways to do digital business without exceeding the risk appetite. Security risk needs to be managed alongside other risk areas such as safety and programme risk. Key is understanding what risks you are accepting and how you are managing them.
16.
CYBER SECURITY DIVISION 16 ©
2019 Leonardo MW Ltd – All rights reserved Summary and Conclusions Traditional approaches to security have often failed to deliver good business outcomes Need a flexible approach to deal with agile projects Cyber Resilience is not just another word for cyber security – need to find the right mix of defence and resilience Any holistic approach should include the supply chain Key is understanding the flow of information and capabilities, and a proportionate approach to assurance at each point As the digital transformation proceeds, there is an opportunity for security to act as a genuine enabler to support improvements in capability As the digital transformation proceeds, there is an opportunity for security to act as a genuine enabler. We must adapt our approaches to support improvements in capability
17.
THANK YOU FOR YOUR
ATTENTION leonardocompany.com CYBER SECURITY DIVISION Max Wigley max.wigley@leonardocompany.com 07825 541434
Download now