|
|
- Lester Stone
- 8 years ago
- Views:
Transcription
1 CYBER SECURITY PROTECTING YOUR BUSINESS James Hatch Director, Cyber Services BAE Systems Applied Intelligence 1
2 CYBER SECURITY AT BAE SYSTEMS Professional Services Technical Services Prepare Protect Cyber Products Respond Monitor Managed Security 2
3 CONTENTS Cyber risk why it is different Challenges and organising to address them My suggestions for internal audit 3
4 CYBER SECURITY IN PHYSICAL TERMS Images from "Three Surveillance cameras" by Hustvedt, "HH Polizeihauptmeister MZ" by Daniel Schwen, "Janeskh11leakedphoto" by Naval Intelligence Support Center, "T-72 Ajeya1" by Vivek Patankarderivative 4
5 CURRENT TRENDS Cyber crime Continued industrialization and specialization of digital criminality International law enforcement disruptions Point-of-sale and mobile emerging but still localised DDoS and data breaches continue to grab headlines 5
6 SHYLOCK FINANCIAL CRIME OPERATION 50k machines compromised globally but mainly in Western Europe and United States UK US IT BR TW UA DE Other 6
7 CURRENT TRENDS Cyber crime Cyber espionage Continued industrialization and specialization of digital criminality International law enforcement disruptions Point-of-sale and mobile emerging but still localised DDoS and data breaches continue to grab headlines More revelations about nation state activity US authorities increasing pressure on Chinese cyber-espionage Security community focusing more on Russian groups More specialist companies dealing in exploits and malware 7
8 MONITORING THE EVOLVING THREAT SOC threat intelligence Incident Response Team Malware feeds Open source & security research communities Active & passive tracking Social media & hacker forums 93 Attack Groups tracked; 5 do not have a known location Intelligence exchange with trusted partners 8
9 CURRENT TRENDS Cyber crime Cyber espionage Cyber activism Continued industrialization and specialization of digital criminality International law enforcement disruptions Point-of-sale and mobile emerging but still localised DDoS and data breaches continue to grab headlines More revelations about nation state activity US authorities increasing pressure on Chinese cyber-espionage Security community focusing more on Russian groups More specialist companies dealing in exploits and malware Low-level activity continues under Anonymous banner Crossover between nation state operations and activism Anti-security activism and research Middle East hot-bed for cyber-attacks and terrorism crossover 9
10 ANATOMY OF SONY PICTURES ATTACK Phishing Initial compromise Skilled attackers arrive Attacker network Announce Multiple spear phishing s Some users visit convincing website Website drops custom remote access and inventory tools Command and control Admin credentials Data removed through encrypted files Network destroyed Sony Pictures network 10
11 EVOLUTION OF CYBER THREATS 11
12 CONTENTS Cyber risk why it is different Challenges and organising to address them My suggestions for internal audit 12
13 CHALLENGES OF ACHIEVING CYBER SECURITY Labour intensive Scarce resources BEING EFFICIENT Swamped in data Automation and integration Asymmetric threat Situational awareness EFFECTIVE AGAINST REAL THREATS The threat keeps changing Compliance is not security Trap of risk acceptance Achieving coverage IMPLEMENTING CONTROLS Funding and prioritisation Project execution Suppliers and processors KNOWING YOUR ESTATE Shadow IT and BYOD Legacy systems and data Weak architecture and change 13
14 CYBER SECURITY LAYERS ORGANISATION & GOVERNANCE SECURITY MANAGEMENT SECURITY OPERATIONS Long-term priority (years) Focus on building and overseeing a mature and capable organisation Medium-term priority (months) Focus on understanding and managing down specific security risks Short-term priority (hours / days) Focus on defending against and dealing with live incidents 14
15 SUMMARY VIEW OF CYBER SECURITY ORGANISATION & GOVERNANCE STRATEGY CAPABILITY BUILD CULTURE AND LEADERSHIP RISK REPORTING MATURITY SECURITY MANAGEMENT PRIORISATION CHANGE PROCESS CONTINUOUS IMPROVEMENT SITUATIONAL AWARENESS TESTING & ASSURANCE SECURITY OPERATIONS 15
16 KEY STANDARDS AND GUIDANCE ORGANISATION & GOVERNANCE SECURITY MANAGEMENT SECURITY OPERATIONS Three Lines of Defence Operations Assurance Audit BSI PAS555 Cyber risk governance Leadership and governance Risk assessment Protection and mitigation Detection and response Recovery Capability based ISO27000 family 1. Specification for Information Security Management System 2. Potential controls 3. Implementation guidance 4. Measurement and metrics 5. Risk management 6. Certificating organisations Key issues are scope and appetite 10 Steps to Cyber Security Cyber Essentials Critical Security Controls Council on Cyber Security Formerly SANS Top 20 Industry-specific standards Eg Payment Card Industry Data Security Standard Tend to have high overlap and narrow scope 16
17 CONTENTS Cyber risk why it is different Challenges and organising to address them My suggestions for internal audit 17
18 ORGANISATIONS SHOULD SHOW THAT THEY Are clear who is responsible Understand their cyber risk Make active decisions on risk Plan for resilience Support strategic priorities 18
19 ORGANISATIONS SHOULD SHOW THAT THEY Are clear who is responsible Who on the board is responsible? Who explains the risk to them? On what information will we make decisions? Understand their cyber risk Make active decisions on risk Plan for resilience Support strategic priorities 19
20 CYBER RESPONSIBILITY SOME CHALLENGES Personal experience poor guide Many legitimate demands Nature Sustaining interest is difficult Much is deliberately hidden Moves suddenly from hypothetical to emotional Culture Organisations underestimate their significance / attractiveness Security often treated as compliance or IT issue Skill / language Needs three different skills: Strategic (Impact) Technical (Vulnerability) Intelligence (Threat) People struggle to cover breadth Bad news Not about making money Often asking for cash FD risk owners focussed on cost control Negative baseline 20
21 ENGAGING WITH BOARD MEMBERS IS THIS A KEY CONCERN FOR THE NEXT 5 YEARS? HOW CAN I HAVE A SECURE BUT AGILE, COMPETITIVE AND GROWING BUSINESS? CEO/Chairmen/ CFO and NEDs HOW SECURE IS MY SUPPLY CHAIN? CFO/COO/CIO HOW DO WE GET CYBER ON THE BOARD AGENDA? General Counsel and NEDs A CYBER AWARE BOARD WHAT IS MY MOST VALUABLE INFORMATION AND WHAT S OUR RISK APPETITE? CRO/CIO WHAT S THE BUSINESS CASE FOR CYBER SECURITY? CFO/CRO/CIO WHAT S THE FINANCIAL IMPACT OF CYBER ATTACK? CFO/CRO/CIO Different board members worry about different questions Find the one whose agenda matches your concern 21
22 ORGANISATIONS SHOULD SHOW THAT THEY Are clear who is responsible Understand their cyber risk Who on the board is responsible? Who explains the risk to them? On what information will we make decisions? What information is most important to us? What types of cyber risk do we care about? How exposed are we to those risks? Make active decisions on risk Plan for resilience Support strategic priorities 22
23 CYBER RISK PRINCIPLES Assets Confidentiality Integrity Availability Consequences Risk Impact x Likelihood Vulnerability x Threat Systems Configuration Connectivity Third parties Controls Effectiveness Actors Motivation Intent Tools and techniques 23
24 UNDERSTAND THEIR CYBER RISK Censure and Embarrassment Client Loss How big is our risk? Direct Fraud Sabotage What type is it? Cyber Espionage Do we care? 24
25 ORGANISATIONS SHOULD SHOW THAT THEY Are clear who is responsible Understand their cyber risk Make active decisions on risk Who on the board is responsible? Who explains the risk to them? On what information will we make decisions? What information is most important to us? What types of cyber risk do we care about? How exposed are we to those risks? What is our appetite for risk? Have we communicated this to all functions? Are our resources deployed efficiently? Plan for resilience Support strategic priorities 25
26 MAKE ACTIVE DECISIONS ON RISK 26
27 EXAMPLE SCENARIO Chris Retail Marketing Campaigns Manager Despite working long hours and over the weekend for the last year, Chris does not get promoted. He applies for another job with a competitor. His new manager invites him out for drinks before he starts the new job to meet the team and suggests he takes some of the customer data with him when he leaves Chris downloads thousands of records via a printer onto a USB stick, for which he has rights. He uploads the details onto the CRM system at his new employer when he joins. The team are then able to use this information to try to win over the customers as it contains details about their accounts and rates. This is made worse by One of the customers that is persistently contacted by the competitor is not happy, she wants to know how they got her details. When no satisfactory answer is forthcoming the customer reports the incident to the Information Commissioner s Office and FSA. The source is traced back to the Bank; there is extensive media coverage with very negative headlines; people lose patience with responses of an ongoing internal investigation and calls are made for the Retail Customer Service Director s resignation. What this means Customers unaware that their details have been leaked are successfully persuaded to switch providers, the organisation loses revenue nadmarket share Negative media coverage. Reputation with customers and within industry is damaged. Additional funds in social media monitoring and a campaign to counter the affect of negative sentiment. FSA and ICO fines. Where we have seen this happen before? A well-publicized data breach can translate into lost business opportunity to the tune of 71 per leaked customer record, according to the Ponemon study A survey by the Ponemon Institute reveals that one-third (34 percent) of customers would move their business to another supplier after learning about a single security breach Blizzard s General Manager for China quit in Dec 2010 after a large data breach involving global subscriber details, financial data and the games release roadmap 27
28 RISK TREATMENT DECISIONS AVOID REDUCE SHARE RETAIN Bring decisions together in an integrated, prioritised plan 28
29 ORGANISATIONS SHOULD SHOW THAT THEY Are clear who is responsible Understand their cyber risk Make active decisions on risk Plan for resilience Who on the board is responsible? Who explains the risk to them? On what information will we make decisions? What information is most important to us? What types of cyber risk do we care about? How exposed are we to those risks? What is our appetite for risk? Have we communicated this to all functions? Are our resources deployed efficiently? Do we cover 10 Steps to Cyber Security? How will we know we are being attacked? How will we thrive despite attacks? Support strategic priorities 29
30 BEING CYBER SECURE PROTECTION DETECTION RESPONSE INTELLIGENCE SECURITY OPERATIONS RISK MANAGEMENT 30
31 ORGANISATIONS SHOULD SHOW THAT THEY Are clear who is responsible Understand their cyber risk Make active decisions on risk Plan for resilience Support strategic priorities Who on the board is responsible? Who explains the risk to them? On what information will we make decisions? What information is most important to us? What types of cyber risk do we care about? How exposed are we to those risks? What is our appetite for risk? Have we communicated this to all functions? Are our resources deployed efficiently? Do we cover 10 Steps to Cyber Security? How will we know we are being attacked? How will we thrive despite attacks? Does our risk mitigation facilitate and enable growth? Are our controls delaying or blocking progress? Are we agile enough to exploit market opportunities? 31
32 SUPPORT STRATEGIC PRIORITIES Risks identified early can be managed without compromising opportunity Opportunity Executives focus on pursuing opportunity while managing cost and risk Piecemeal decisions often balance risk and opportunity poorly Business cases for new projects often defer consideration of cyber risk Risk Cost Information security often identifies risk late and in isolation from business Weak costing of information assets and risks means they are ignored Good risk management focuses spend where it is most needed. 32
33 ORGANISATIONS SHOULD SHOW THAT THEY Are clear who is responsible Understand their cyber risk Make active decisions on risk Plan for resilience Support strategic priorities Who on the board is responsible? Who explains the risk to them? On what information will we make decisions? What information is most important to us? What types of cyber risk do we care about? How exposed are we to those risks? What is our appetite for risk? Have we communicated this to all functions? Are our resources deployed efficiently? Do we cover 10 Steps to Cyber Security? How will we know we are being attacked? How will we thrive despite attacks? Does our risk mitigation facilitate and enable growth? Are our controls delaying or blocking progress? Are we agile enough to exploit market opportunities? 33
34 CONTACT DETAILS James Hatch Director, Cyber Security Services BAE Systems Applied Intelligence Surrey Research Park Guildford Surrey GU2 7YP United Kingdom T: +44 (0) E: Copyright BAE Systems All rights reserved. BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc. BAE Systems Detica and BAE Systems Applied Intelligence are trading names of Detica Limited registered in England (No ) with its registered office at Surrey Research Park, Guildford, England, GU2 7YP. 34
CSM-ACE 2014 Cyber Threat Intelligence Driven Environments
CSM-ACE 2014 Cyber Threat Intelligence Driven Environments Presented by James Calder Client Services Manager, Singapore 1 CONTENTS Digital criminality Intelligence-led security Shylock case study Making
More informationRisk Management in Global Operating Industry
Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationCybercrime Security Risks and Challenges Facing Business
Cybercrime Security Risks and Challenges Facing Business Sven Hansen Technical Manager South Africa East Africa Security Conference August 2013 1 Agenda 1 What is Cyber Crime? 2 Cyber Crime Trends 3 Impact
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationHOSTING. Managed Security Solutions. Managed Security. ECSC Solutions
Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationCYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO
CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO CYBER, INFORMATION SECURITY - OVERVIEW A cyber security breach is no longer just an
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationInstitute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander
Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationLondon Business Interruption Association Technology new risks and opportunities for the Insurance industry
London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationCyber Security for audit committees
AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationThreat analytics solution
Threat analytics solution Comprehensive protection against all cyber threats Why do so many companies still find themselves the victims of successful cyber attacks, in spite of all the layers of protection
More informationIf an alert falls in the forest, does your SOC hear it?
If an alert falls in the forest, does your SOC hear it? If an alert falls in the forest, does your SOC hear it? 2 It s a good question, and very topical. In the world of cyber, since the release of the
More informationBT Assure Threat Intelligence
BT Assure Threat Intelligence Providing you with the intelligence to help keep your organisation safe BT Assure. Security that matters At all times, organisations are vulnerable to all kinds of cyber attacks
More informationCyber Security & Digital Privacy What Family Offices Need to Know
Cyber Security & Digital Privacy What Family Offices Need to Know Who s at risk? Executive Summary Protecting servers and filtering malicious emails rarely stay on the agenda for long in a small business
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationProtecting Malaysia in the Connected world
Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE
More informationREPORT. Next steps in cyber security
REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15
More informationARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.
ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service
More informationPROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION
PROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION 15 Table of contents 1 Introduction...2 2 Service Overview...3 2.1 Protective Monitoring...3 2.2 Service Description...4 2.3 Scenario: Basis for
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationCYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY
CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationBAE Systems Cyber Security Survey Report
BAE Systems Cyber Security Survey Report Q1 2016 1 Copyright 2016 BAE Systems. All Rights Reserved. Table of Contents Page Number Objectives & Methodology 3 Executive Summary 4 Key Findings 7 Detailed
More informationCyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry
Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry
More informationSecurity for the Cloud of Clouds
Security for the Cloud of Clouds Ramy Houssaini. Vice President, BT Security Europe. RamyHoussaini strategicleadership About BT Security BT s end to end Security portfolio integrates classic perimeter
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationBusiness Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise
Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise White Paper Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical
More informationIdentifying Cyber Risks and How they Impact Your Business
10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates
More informationDATA ANALYTICS SERVICES. G-CLOUD SERVICE DEFINITION.
DATA ANALYTICS SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Services Overview...4 2.1 Rapid KPI Reporting Delivery Services...4 2.2 Data Discovery & Exploitation Services...5
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationFINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES
FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world
More informationEFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013
EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:
More informationSOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness
SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached
More informationPlan of Attack 5 Step Plan
Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationNext-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security
Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised
More informationPolicing Together. A quick guide for businesses to Information Security and Cyber Crime
Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will
More informationClose the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle
Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationSecurity & Privacy Current cover and Risk Management Services
Security & Privacy Current cover and Risk Management Services Introduction Technological advancement has enabled greater working flexibility and increased methods of communications. However, new technology
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationNew challenges in Data privacy.
New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationCYBER SECURITY Audit, Test & Compliance
www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit
More informationWebsite Security: It s Not all About the Hacker Anymore
Website Security: It s Not all About the Hacker Anymore Mike Smart Sr. Manager, Products and Solutions Trust Services & Website Security Website Security 1 Website Security Challenges Evolving Web Use
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationExternal Communication to Third Parties
External Communication to Third Parties Egress Software Technologies Ltd Unit 16 Quadrant Business Center, 135 Salusbury Road, London, NW6 6RJ T: +44 (0)20 7624 8500 / F: +44 (0)20 7624 8200 / E: info@egress.com
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis
Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationHow To Protect Your Organization From Insider Threats
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT
More informationADVANCED THREAT DETECTION G-CLOUD SERVICE DEFINITION
ADVANCED THREAT DETECTION G-CLOUD SERVICE DEFINITION 14 Table of contents 1 Introduction...2 2 Service Overview...3 2.1 Advanced Threat Detection Service...3 2.2 Service Description...4 2.3 Scenario: Basis
More informationDAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES
DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationidata Improving Defences Against Targeted Attack
idata Improving Defences Against Targeted Attack Summary JULY 2014 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does
More informationAre your people playing an effective role in your cyber resilience?
Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to
More informationCorporate Spying An Overview
Corporate Spying An Overview With the boom in informational and technological advancements in recent years, there comes the good and the bad the bad being more susceptibility to the theft of confidential
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More informationSecure by design: taking a strategic approach to cybersecurity
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationTHE HUMAN COMPONENT OF CYBER SECURITY
cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the
More informationHow do we Police Cyber Crime?
How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges
More information