SlideShare a Scribd company logo

Introduction to Cyber Resilience

Peter Wood
Peter Wood

This document discusses cyber resilience and provides guidance on developing a cyber resilience strategy. It defines cyber resilience as an organization's ability to continue operations despite adverse cyber events. The document recommends that organizations implement the five pillars of cyber resilience: prepare/identify, protect, detect, respond, and recover. For each pillar, it provides examples of specific activities organizations can undertake such as conducting risk assessments, implementing security controls, establishing incident response plans, and developing disaster recovery processes. The overall message is that cyber resilience requires a strategic, comprehensive approach across people, processes, and technologies to withstand various cyber threats.

1 of 31
Downloaded 143 times
Cyber Resilience for Dummies Leading the way in cyber security Since 1989 Peter Wood Chief Executive Officer First Base Technologies LLP (with apologies to John Wiley & Sons)
Founder and Chief Executive - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS • Chartered IT Professional • CISSP • Member of the Institute of Information Security Professionals • 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group • Senior Member of the Information Systems Security Association (ISSA) • Member of the BCS Information Risk Management and Assurance Group • Founder of white-hats.co.uk • Member of ACM, IEEE, Institute of Directors , Mensa Peter Wood Leading the way in cyber security Since 1989
Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
What is Cyber Resilience? Leading the way in cyber security Since 1989
Slide 5 © First Base Technologies 2017 Wikipedia’s definition Cyber Resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events Cyber Resilience is an evolving perspective that is rapidly gaining recognition The concept essentially brings the areas of information security, business continuity and (organisational) resilience together https://en.wikipedia.org/wiki/Cyber_Resilience
Slide 6 © First Base Technologies 2017 Information Security Forum’s guidance Organisations should develop a business plan to exploit cyberspace that identifies threats, considers the limitations of IT and information security, and develops cyber resilience Cyberspace is critical to most organisations today; disconnecting is not an option By implementing the ISF Cyber Resilience Framework organisations can develop cyber resilience and be better able to withstand impacts from evolving cyber threats. Only then can organisations safely realise the benefits of cyberspace.
Slide 7 © First Base Technologies 2017 Symantec’s guidance Cyber Resilience is about the management not the elimination of risk Not only is eliminating risk impossible, but it impedes agility; an environment with an acceptable level of risk supports innovation Knowledge is power; cyber resilient organisations recognise that security needs to go beyond systems, software or IT departments to include raising the security IQ of all employees and improved organisational processes https://www.symantec.com/page.jsp?id=cyber-resilience
Why Cyber Resilience? Leading the way in cyber security Since 1989
Slide 9 © First Base Technologies 2017 There is no silver bullet Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
Slide 10 © First Base Technologies 2017
Slide 11 © First Base Technologies 2017 We have to be strategic
A Cyber Resilience Strategy Leading the way in cyber security Since 1989
Slide 13 © First Base Technologies 2017 Cyber Resilience Strategy A Cyber Resilience Strategy will permit you to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace The ideal situation is one where you minimise the cost of controls, responses and other cyber resilience activities, relative to the spend needed to minimise the cost of negative impacts from activities in cyberspace Cyber security is a key element of being resilient, but you must recognise that it goes far beyond just technical measures, embracing people, processes, and technology
Slide 14 © First Base Technologies 2017 Key Issues • Cyber Resilience requires recognition that you must prepare now to deal with severe impacts from cyber threats that cannot be predicted or prevented • Cyber Resilience requires very high levels of partnering and collaboration, including external collaboration (with ISPs, intelligence agencies, industry groups, security analysts, customers and supply chains), and internal collaboration throughout the organisation • Cyber Resilience requires you to have the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents
Slide 15 © First Base Technologies 2017 Some Specifics - 1 • Good governance, including leadership, devolved decision- making and appropriate escalation • Nimble IT and information security responses, such as the ability to increase capacity, or shut down, isolate or load balance systems • Up-to-date and well tested public relations policies, with key issues decided in advance (such as the organisational stance on issues, planned responses and media releases) • Crisis preparedness: updated plans that have been rehearsed and tested with real life simulations
Slide 16 © First Base Technologies 2017 Some Specifics - 2 • Human relations responses, such as dealing with inappropriate use of social media, carelessness and criminal acts by insiders • Investigative and forensic capability, to investigate and conclude on what happened and have the evidence to prove it • The ability to share information with ISPs, security analysts and intelligence agencies • Legal responses, to use the legal system to mitigate threats or actions such as knowing how to shut down attacking servers
Slide 17 © First Base Technologies 2017 ISF Framework Model
Slide 18 © First Base Technologies 2017 Symantec’s Five Pillars Prepare / Identify Protect Detect Respond Recover
Slide 19 © First Base Technologies 2017 Prepare / Identify To successfully face and overcome an attack, you must thoroughly understand your organisation’s security and risk posture. This means painstakingly identifying your vital information, conducting an assessment that includes all known security vulnerabilities, and establishing a baseline which you will compare with your peers. Prepare / Identify Protect Detect Respond Recover
Slide 20 © First Base Technologies 2017 Prepare / Identify · Improve visibility and understand your information and systems, through asset and network discovery and mapping · Understand your cyber risk posture through assessments and simulations · Identify and remediate vulnerabilities in your IT organization, including your supply chain, where many cyber criminals seed attacks · Map assets to vendor relationships · Build awareness of the external threat landscape and understand how to recognise if you are being targeted through comprehensive global threat intelligence, correlation, and analysis capabilities · Make users cyber-aware through regular and on-going education on best practices and risky behaviour · Ensure appropriate backup and recovery strategies are in place
Slide 21 © First Base Technologies 2017 Protect The second pillar is about implementing safeguards to limit or contain the impact of an attack or breach. Your goal is to protect your infrastructure and data from malicious attack and accidental exposure. All three areas - people, processes, and technology - are important to your protection. Prepare / Identify Protect Detect Respond Recover
Slide 22 © First Base Technologies 2017 Protect · Assess existing defences in the context of advanced threats and plan improvements as necessary · Conduct advanced penetration tests against Internet-facing services, mobile endpoints and key internal systems · Conduct penetration tests of mobile access and teleworking systems · Evaluate and implement attack detection solutions across the organisation · Engage with line managers to ensure staff comply with security policies · Evaluate technical monitoring systems to detect policy breaches · Protect and govern information assets over their lifecycle, including protecting from data loss or illegal access
Slide 23 © First Base Technologies 2017 Detect The Detect pillar focuses on developing activities to rapidly identify an attack or a breach, assess the systems that may be affected, and ensure a timely response. To effectively minimise any damage, you must have the necessary detection and response policies, processes, and technologies in place. Prepare / Identify Protect Detect Respond Recover
Slide 24 © First Base Technologies 2017 Detect · Develop systems and processes to identify attacks, assess affected systems and ensure a timely response · Implement network monitoring systems and correlate security events with external threats · Conduct regular reviews of detection and response strategies · Evaluate third-party security monitoring, advanced threat protection and incident response management services · Plan how to resource the correlation of security intelligence with the IT infrastructure to detect and remediate a potential issue before it spreads
Slide 25 © First Base Technologies 2017 Respond The Respond pillar addresses activities that accelerate remediation and contain the impact of an attack once detected. Whilst there are many solutions and services available to help, much of what is needed involves people and processes internal to your business. Prepare / Identify Protect Detect Respond Recover
Slide 26 © First Base Technologies 2017 Respond · Plan and implement a Computer Security Incident Response Team and define roles and responsibilities · Manage risk by measuring and tracking your cyber resilience, including how well systems were protected during an attack · Create a plan: outline how you intend to respond to cyber incidents · Determine how response processes and procedures will be maintained and tested · Co-ordinate communications response activities, and understand how analysis and mitigation activities will be performed · Devise a system where ensures lessons learned are incorporated into future response activities
Slide 27 © First Base Technologies 2017 Recover This stage involves developing systems and plans to restore data and services after an attack. Even if you respond quickly to a cyber breach, there may be consequences for people, processes and systems. An effective recovery depends on a clear and thorough recovery plan. Prepare / Identify Protect Detect Respond Recover
Slide 28 © First Base Technologies 2017 Recover · Develop and implement systems and plans to restore any data and services that may have been impacted during a cyber attack · Ensure that your disaster recovery plans cover major cyber attacks as well as system failures and natural disasters · Consider cyber attack scenarios: · Ransomware attacks · Website hijack · Remote access compromise · Network-level infection · Business Email Compromise
Slide 29 © First Base Technologies 2017 Getting started
Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
peter@firstbase.co.uk http://firstbase.co.uk twitter: @FBTechies Thank you! Peter Wood Chief Executive Officer First Base Technologies LLP Leading the way in cyber security Since 1989
Ad

Recommended

What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Lab report writing
Lab report writingLab report writing
Lab report writing
Rachel Standring
 
PEMBINAAN KESADARAN BELA NEGARA (PKBN)
PEMBINAAN KESADARAN BELA NEGARA (PKBN)PEMBINAAN KESADARAN BELA NEGARA (PKBN)
PEMBINAAN KESADARAN BELA NEGARA (PKBN)
Badan Pembina Mahasiswa Wahidiyah Pusat
 
Data Collection in Qualitative Research
Data Collection in Qualitative ResearchData Collection in Qualitative Research
Data Collection in Qualitative Research
Dr. Senthilvel Vasudevan
 
How to Write a Lab Report
How to Write a Lab ReportHow to Write a Lab Report
How to Write a Lab Report
libhgtc
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planing
Hanaysha
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
accenture
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
Professional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptxProfessional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptx
ssusercc05cf
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Ad

More Related Content

What's hot (20)

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
accenture
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
Professional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptxProfessional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptx
ssusercc05cf
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
accenture
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
Professional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptxProfessional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptx
ssusercc05cf
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 

Similar to Introduction to Cyber Resilience (20)

The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
yoroflowproduct
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
Securing Your Network with Innovative Technologies
Securing Your Network with Innovative TechnologiesSecuring Your Network with Innovative Technologies
Securing Your Network with Innovative Technologies
Ahad
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
Cybersecurity.pdf
Cybersecurity.pdfCybersecurity.pdf
Cybersecurity.pdf
PetaBytz Technologies
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
Ciente
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Prahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Tyler Carlson
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
Naushad Rajani. - CISA, CISSP, CCSP, PMP, DCPP (Privacy)
 
Purple Gradient Illustration Cyber Security Presentation (1).pptx
Purple Gradient Illustration Cyber Security Presentation (1).pptxPurple Gradient Illustration Cyber Security Presentation (1).pptx
Purple Gradient Illustration Cyber Security Presentation (1).pptx
adnanhanif190b
 
Cyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation ChecklistCyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation Checklist
timsnp
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Christian F. Nissen
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
Marc St-Pierre
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Software
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
CyberPro Magazine
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
yoroflowproduct
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
Securing Your Network with Innovative Technologies
Securing Your Network with Innovative TechnologiesSecuring Your Network with Innovative Technologies
Securing Your Network with Innovative Technologies
Ahad
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
Cybersecurity.pdf
Cybersecurity.pdfCybersecurity.pdf
Cybersecurity.pdf
PetaBytz Technologies
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
Ciente
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Prahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Tyler Carlson
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
Naushad Rajani. - CISA, CISSP, CCSP, PMP, DCPP (Privacy)
 
Purple Gradient Illustration Cyber Security Presentation (1).pptx
Purple Gradient Illustration Cyber Security Presentation (1).pptxPurple Gradient Illustration Cyber Security Presentation (1).pptx
Purple Gradient Illustration Cyber Security Presentation (1).pptx
adnanhanif190b
 
Cyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation ChecklistCyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation Checklist
timsnp
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Christian F. Nissen
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
Marc St-Pierre
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Software
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
CyberPro Magazine
 
Ad

More from Peter Wood (20)

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
Peter Wood
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
Peter Wood
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
Peter Wood
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
Peter Wood
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
Peter Wood
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
Peter Wood
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
Peter Wood
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
Peter Wood
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Peter Wood
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
Peter Wood
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Peter Wood
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
Peter Wood
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
Peter Wood
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Peter Wood
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
Peter Wood
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
Peter Wood
 
Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
Peter Wood
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
Peter Wood
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
Peter Wood
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
Peter Wood
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
Peter Wood
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
Peter Wood
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
Peter Wood
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
Peter Wood
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Peter Wood
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
Peter Wood
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Peter Wood
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
Peter Wood
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
Peter Wood
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Peter Wood
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
Peter Wood
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
Peter Wood
 
Ad

Recently uploaded (19)

5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 

Introduction to Cyber Resilience

  • 1. Cyber Resilience for Dummies Leading the way in cyber security Since 1989 Peter Wood Chief Executive Officer First Base Technologies LLP (with apologies to John Wiley & Sons)
  • 2. Founder and Chief Executive - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS • Chartered IT Professional • CISSP • Member of the Institute of Information Security Professionals • 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group • Senior Member of the Information Systems Security Association (ISSA) • Member of the BCS Information Risk Management and Assurance Group • Founder of white-hats.co.uk • Member of ACM, IEEE, Institute of Directors , Mensa Peter Wood Leading the way in cyber security Since 1989
  • 3. Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
  • 4. What is Cyber Resilience? Leading the way in cyber security Since 1989
  • 5. Slide 5 © First Base Technologies 2017 Wikipedia’s definition Cyber Resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events Cyber Resilience is an evolving perspective that is rapidly gaining recognition The concept essentially brings the areas of information security, business continuity and (organisational) resilience together https://en.wikipedia.org/wiki/Cyber_Resilience
  • 6. Slide 6 © First Base Technologies 2017 Information Security Forum’s guidance Organisations should develop a business plan to exploit cyberspace that identifies threats, considers the limitations of IT and information security, and develops cyber resilience Cyberspace is critical to most organisations today; disconnecting is not an option By implementing the ISF Cyber Resilience Framework organisations can develop cyber resilience and be better able to withstand impacts from evolving cyber threats. Only then can organisations safely realise the benefits of cyberspace.
  • 7. Slide 7 © First Base Technologies 2017 Symantec’s guidance Cyber Resilience is about the management not the elimination of risk Not only is eliminating risk impossible, but it impedes agility; an environment with an acceptable level of risk supports innovation Knowledge is power; cyber resilient organisations recognise that security needs to go beyond systems, software or IT departments to include raising the security IQ of all employees and improved organisational processes https://www.symantec.com/page.jsp?id=cyber-resilience
  • 8. Why Cyber Resilience? Leading the way in cyber security Since 1989
  • 9. Slide 9 © First Base Technologies 2017 There is no silver bullet Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
  • 10. Slide 10 © First Base Technologies 2017
  • 11. Slide 11 © First Base Technologies 2017 We have to be strategic
  • 12. A Cyber Resilience Strategy Leading the way in cyber security Since 1989
  • 13. Slide 13 © First Base Technologies 2017 Cyber Resilience Strategy A Cyber Resilience Strategy will permit you to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace The ideal situation is one where you minimise the cost of controls, responses and other cyber resilience activities, relative to the spend needed to minimise the cost of negative impacts from activities in cyberspace Cyber security is a key element of being resilient, but you must recognise that it goes far beyond just technical measures, embracing people, processes, and technology
  • 14. Slide 14 © First Base Technologies 2017 Key Issues • Cyber Resilience requires recognition that you must prepare now to deal with severe impacts from cyber threats that cannot be predicted or prevented • Cyber Resilience requires very high levels of partnering and collaboration, including external collaboration (with ISPs, intelligence agencies, industry groups, security analysts, customers and supply chains), and internal collaboration throughout the organisation • Cyber Resilience requires you to have the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents
  • 15. Slide 15 © First Base Technologies 2017 Some Specifics - 1 • Good governance, including leadership, devolved decision- making and appropriate escalation • Nimble IT and information security responses, such as the ability to increase capacity, or shut down, isolate or load balance systems • Up-to-date and well tested public relations policies, with key issues decided in advance (such as the organisational stance on issues, planned responses and media releases) • Crisis preparedness: updated plans that have been rehearsed and tested with real life simulations
  • 16. Slide 16 © First Base Technologies 2017 Some Specifics - 2 • Human relations responses, such as dealing with inappropriate use of social media, carelessness and criminal acts by insiders • Investigative and forensic capability, to investigate and conclude on what happened and have the evidence to prove it • The ability to share information with ISPs, security analysts and intelligence agencies • Legal responses, to use the legal system to mitigate threats or actions such as knowing how to shut down attacking servers
  • 17. Slide 17 © First Base Technologies 2017 ISF Framework Model
  • 18. Slide 18 © First Base Technologies 2017 Symantec’s Five Pillars Prepare / Identify Protect Detect Respond Recover
  • 19. Slide 19 © First Base Technologies 2017 Prepare / Identify To successfully face and overcome an attack, you must thoroughly understand your organisation’s security and risk posture. This means painstakingly identifying your vital information, conducting an assessment that includes all known security vulnerabilities, and establishing a baseline which you will compare with your peers. Prepare / Identify Protect Detect Respond Recover
  • 20. Slide 20 © First Base Technologies 2017 Prepare / Identify · Improve visibility and understand your information and systems, through asset and network discovery and mapping · Understand your cyber risk posture through assessments and simulations · Identify and remediate vulnerabilities in your IT organization, including your supply chain, where many cyber criminals seed attacks · Map assets to vendor relationships · Build awareness of the external threat landscape and understand how to recognise if you are being targeted through comprehensive global threat intelligence, correlation, and analysis capabilities · Make users cyber-aware through regular and on-going education on best practices and risky behaviour · Ensure appropriate backup and recovery strategies are in place
  • 21. Slide 21 © First Base Technologies 2017 Protect The second pillar is about implementing safeguards to limit or contain the impact of an attack or breach. Your goal is to protect your infrastructure and data from malicious attack and accidental exposure. All three areas - people, processes, and technology - are important to your protection. Prepare / Identify Protect Detect Respond Recover
  • 22. Slide 22 © First Base Technologies 2017 Protect · Assess existing defences in the context of advanced threats and plan improvements as necessary · Conduct advanced penetration tests against Internet-facing services, mobile endpoints and key internal systems · Conduct penetration tests of mobile access and teleworking systems · Evaluate and implement attack detection solutions across the organisation · Engage with line managers to ensure staff comply with security policies · Evaluate technical monitoring systems to detect policy breaches · Protect and govern information assets over their lifecycle, including protecting from data loss or illegal access
  • 23. Slide 23 © First Base Technologies 2017 Detect The Detect pillar focuses on developing activities to rapidly identify an attack or a breach, assess the systems that may be affected, and ensure a timely response. To effectively minimise any damage, you must have the necessary detection and response policies, processes, and technologies in place. Prepare / Identify Protect Detect Respond Recover
  • 24. Slide 24 © First Base Technologies 2017 Detect · Develop systems and processes to identify attacks, assess affected systems and ensure a timely response · Implement network monitoring systems and correlate security events with external threats · Conduct regular reviews of detection and response strategies · Evaluate third-party security monitoring, advanced threat protection and incident response management services · Plan how to resource the correlation of security intelligence with the IT infrastructure to detect and remediate a potential issue before it spreads
  • 25. Slide 25 © First Base Technologies 2017 Respond The Respond pillar addresses activities that accelerate remediation and contain the impact of an attack once detected. Whilst there are many solutions and services available to help, much of what is needed involves people and processes internal to your business. Prepare / Identify Protect Detect Respond Recover
  • 26. Slide 26 © First Base Technologies 2017 Respond · Plan and implement a Computer Security Incident Response Team and define roles and responsibilities · Manage risk by measuring and tracking your cyber resilience, including how well systems were protected during an attack · Create a plan: outline how you intend to respond to cyber incidents · Determine how response processes and procedures will be maintained and tested · Co-ordinate communications response activities, and understand how analysis and mitigation activities will be performed · Devise a system where ensures lessons learned are incorporated into future response activities
  • 27. Slide 27 © First Base Technologies 2017 Recover This stage involves developing systems and plans to restore data and services after an attack. Even if you respond quickly to a cyber breach, there may be consequences for people, processes and systems. An effective recovery depends on a clear and thorough recovery plan. Prepare / Identify Protect Detect Respond Recover
  • 28. Slide 28 © First Base Technologies 2017 Recover · Develop and implement systems and plans to restore any data and services that may have been impacted during a cyber attack · Ensure that your disaster recovery plans cover major cyber attacks as well as system failures and natural disasters · Consider cyber attack scenarios: · Ransomware attacks · Website hijack · Remote access compromise · Network-level infection · Business Email Compromise
  • 29. Slide 29 © First Base Technologies 2017 Getting started
  • 30. Managed Services Compliance Testing Cyber Readiness Penetration Testing Threat and Risk Cyber Awareness Leading the way in cyber security Since 1989
  • 31. [email protected] http://firstbase.co.uk twitter: @FBTechies Thank you! Peter Wood Chief Executive Officer First Base Technologies LLP Leading the way in cyber security Since 1989