Securing a Digital Economy

Transcription

1 Securing a Digital Economy

2 HQ Cheltenham Spa 1998 Founded by Charles White and David Cazalet INDEPENDENT We always recommend what is best for your business SIMPLICITY We deliver confidence, not complexity VISIBILITY We make risks visible and measurable to the right people, at the right time MATURITY We enable Board-led and business-as-usual risk management SC MAGAZINE Information Security Consultancy of the Year SECURITY PRIVACY TRUST The nature of our business

3 About Information Risk Management Plc (IRM) Digital Innovators Founded in 1998, IRM is an award winning and independent cyber security consultancy. The company s vision is to align proportionate and innovative cyber security with the strategic direction of our clients. IRM works with a diverse range of organisations, including FTSE 100 companies, central Government departments and many international Blue Chip clients operating in EMEA. Our mission is to help our clients make distinctive, lasting and substantial improvements to their cyber security posture in times of growing threat and to build a great company which through its thought leadership and innovative solutions attracts, excites, and retains both exceptional people and its customers. IRM believe that we will be successful if we dare to think about what we do differently and how we deliver cyber security in an innovative way. Security Specialists As one of the largest cyber security consultancies in the country, IRM s outstanding reputation is based above all on the professionalism, ability and integrity of our people. We employ professionals with a natural flair for problem solving, commercial awareness and practical experience. Our consultants are regularly invited to present at security conferences and play key roles in industry bodies and working groups, such as CREST. Whilst working for IRM, consultants are able to participate in company funded research into emerging and evolving security threats, such as Cloud Computing, Mobile Devices, the Internet of Things (IoT), Biometrics and Voice over IP (VoIP). This research supports the development of our industry leading testing tools and methodologies, training courses and cyber security services. Cyber Credentials IRM has a long established relationship with the National Technical Authority for Information Assurance, CESG and is a member of the CESG, CHECK Scheme with Green light status. CHECK is a partnership between the UK Government and Industry that allows third parties to conduct security tests on Government networks. We are also a member of the Cyber Security Information Sharing Partnership (CiSP), a real time cyber threat information exchange, and receive insights from a number of wellrespected sources, such as the Information Security Forum (ISF). IRM is proud to be a thought leader in the payment security space, having co-authored the award winning Barclaycard Risk Reduction Programme (BRRP) a cost effective and risk-based approach maintaining PCI DSS compliance. The BRRP won Compliance Project of the Year at the 2013 FStech Awards. Client Collaboration IRM builds long-term relationships - working with clients to bring the best of our abilities to every project and achieve success. We understand the specific business challenges facing the companies we work with as well as their cyber risk posture relative to that of the wider industry. IRM prides itself on implementing managed security services and solutions that support, as oppose to adversely impact, our client s ability to innovate, invest in new technologies and confidently compete in the Digital Age. In light of our research, cyber security testing and cyber incident response engagements, we take a proactive approach to ensure that the organisations we work with are prepared with actionable threat intelligence and can reduce their risk exposure.

4 Human Behaviour Only amateurs attack machines, professionals target people - Bruce Schneier, American cryptographer, Human behaviour is often the weakest link in the cyber security chain. Last year, 31% of the worst security breaches were caused by human error and a further 20% by deliberate misuses of systems 1. Employee s interaction with new technology is amplifying their propensity to make mistakes (in the very worst cases, automating stupidity ) and circumvent security measures. At IRM, we have the ability to test, measure, train and increase awareness via bespoke campaigns in order to ultimately reduce your behavioural risks. IT Infrastructure There is a huge need and a huge opportunity to help transform society for the future. The scale of the technology and infrastructure that must be built is unprecedented. - Mark Zuckerberg, CEO, Facebook Almost a quarter of large organisations detected that outsiders have penetrated their networks in the last year. Furthermore, around 70-80% of system attacks are actually conducted from within an organisation s internal network 2. If the increasing risk to IT infrastructure is going to be managed the design and implementation of defences must be multi-layered and not undermined by the weakest link. At IRM we help our clients implement effective security policies, processes, procedures and products to give them a multi-layered and coordinated defence strategy. Regulatory Requirements If you have ten thousand regulations you destroy all respect for the law - Winston Churchill, Prime Minster of the United Kingdom from and The Digital Age has brought forth a number of regulatory requirements, standards, guidelines and certifications. This landscape is highly complex, with domestic and international Government and industry-led standards in existence and development. It is no wonder that complying with laws and regulations is the 4th main driver for information security expenditure 3. IRM identify gaps and common controls across compliance initiatives, helping our clients comply with, and invest in, standards that drive the most business benefit and effectively protect customer information and data integrity. IT Infrastructure Requirements Regulatory New Technology People who think they are crazy enough to change the world are the ones that do. - Steve Jobs, Co-founder, Chairman and CEO, Apple Inc. Human Behaviour Supply Chain New Technology Underpinning our clients COMPETITIVENESS with CYBER SECURITY Supply Chain Change the name. The name has been poisoned. - Don Draper, Mad Men, after being asked what a client should do when its popular brand of dog food is found to contain horsemeat Involving cyber security at a project s outset and being able to calculate the attendant cyber risk of a digital decision enables businesses to confidently (and quickly!) capitalise on new technology and remain competitive. Worryingly, less than 25% of companies currently involve cyber security at the beginning of a digital project 5. IRM sit on a number of innovation teams aligning business and cyber security objectives to dramatically increase the probability of successful digital change. Incident Response & Forensic Readiness Reputation Business Resilience In the event of a data breach, your business will be held accountable for the actions of vendors and suppliers their risk is your own. More than 80% of companies are concerned about the resilience of their digital supply chain 4. Organisations now require a process for defining the cyber risks of sharing data with suppliers, customers and partners outside of traditional audit regimes. IRM categorises suppliers according to cyber criticality via a risk management framework that is flexible enough to cope with the changing nature of these relationships. Reputation It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you ll do things differently. - Warren Buffett, American business magnate, investor and philanthropist The Digital Age has re-written the rule book on customer behaviour and communication. Customers will no longer passively invest in your brand; they expect service on social media and will actively research your company s digital footprint. At IRM, we ensure that our clients have tailored and tested plans to prevent a cyber-incident from spiralling into a reputational crisis. We test resilience to high likelihood and high risk events from an organisation s network monitoring and forensics maturity through to the preparedness of their communications team. Business Resilience Resilience is all about being able to overcome the unexpected. Sustainability is about survival. The goal of resilience is to thrive. - Jamais Cascio, writer and futurist Online attacks now cost the UK around 27 billion a year 6. Digital interdependencies associated with the rise of technology have become indispensible to businesses, and demand the same resilient strategies and disaster recovery plans necessary to prepare for a natural disaster, political uprising and world economic or health crisis. IRM help our clients build cyber resilience strategies and programmes - acting as an extension of existing security and IT teams. We define business risks based on threat-led outcomes, develop policies for the people, processes and technology that access key assets before implementing and testing a recovery plan. Incident Response & Forensic Readiness There cannot be a crisis next week. My schedule is already full. - Henry A.Kissinger, American diplomat and political scientist Expect the unexpected this applies to any type of incident. In cyberspace, the well-known phrase assume you have been breached is illustrative of a total shift in perception fatalism that corporate networks are already infiltrated. 73% of large organisations suffered from infection by viruses or malicious software in the past year (up from 59% a year ago 7 ). IRM is able to inform organisations if they are being actively targeted, identify any changes to information systems, implement processes that identify whether forensic investigation is required and quickly deploy an incident response team to conduct complex investigations. 1. Information Security Breaches Survey, Department for Business, Innovation and Skills, IT Infrastructure Security-Step by Step, SANS, Information Security Breaches Survey, Department for Business, Innovation and Skills, Building Resilience in Supply Chains, World Economic Forum, The Global State of Information Security Survey, PwC, The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world, Cabinet Office, Information Security Breaches Survey, Department for Business, Innovation and Skills, 2014

5 How we DELIVER IRM s Governance, Risk and Compliance (GRC) platform, Synergy GRC, has been developed to provide our clients with an essential tool to unify and manage their cyber security strategy in an era of virtual volatility and change. IRM s Governance, Risk and Compliance (GRC) platform, Synergy GRC, has been developed to provide our clients with an essential tool in which to unify and manage their cyber security strategy in an era of virtual volatility and change. Key Benefits: Demonstrates the value of business intelligence driven by cyber security KPIs. Understands and models cyber and information risk in future business ventures. Reports on cyber threats, risk and compliance. Centrally assesses third parties against a common set of criteria. Assigns users to specific security roles via role based access control. Includes all major standards, such as ISO 27001, PCI DSS, Cyber Essentials and PAS 555. Allows you to manage cyber as a business risk not an issue isolated to the IT Department. Modules: Governance Management: Proportionally governs information integrity for a strategic advantage. Risk Management: Manages information asset risk relative to business change and objectives. Compliance Management: Achieves an integrated and accurate view of your regulatory landscape. Third Party Assurance: Provides assurance that suppliers are following best practices and are assessed proportionally to the cyber risk they carry on your behalf. Incident Management: Allows you to manage incidents from detection through to response, analysis, resolution and lessons learnt.

6 Some of our clients At IRM, we take pride in delivering a collaborative and exceptional service to every organisation we work with. Some of the UK s biggest brands and industries rely on us to help them build and realise the value in an effective cyber risk management strategy. +44 (0) linkedin.com/company/irm-plc irmplc.com

7 Cheltenham Spa 1st Floor Cheltenham House Clarence Street Cheltenham GL50 3JR London 8th Floor Westminster City Hall 64 Victoria Street London SW1E 6QP