Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis"

Transcription

1 Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

2 An analogue approach to a digital world What foundations is CDCAT built on? The world is more connected, users are relying on organisations to protect their digital lives and cyber criminals are becoming more adaptable than ever. Are organisations responding to these trends by covering the basics to form adequate cyber defences? Are organisations achieving this through proactive development of their systems, whilst utilising best practice and security measure deployment? Worryingly, in a majority of cases the answer is no. Cyber Crime remains one of the top four priority risks identifi ed in the UK national security strategy. Cyber attacks have become common occurrences, with organisations in 2013 experiencing an average of 48 successful attacks per week. This represents a 16% increase from 2012 when organisations reported 41 successful attacks on average per week¹. Simplifying cyber defence response 81% of large organisations and 60% of small businesses reported they were the victim of a cyber-security breach from In fi nancial terms the worst of these security breaches has an average cost of 600, million for large organisations and 65, ,000 for small businesses². So what can an organisation do to help identify and rectify their cyber defence weaknesses? CDCAT fuses multiple cyber security controls and inputs from commercial, military, and intelligence operations around the world, including; NATO, ISO series and the NIST Cyber Security Framework - together with leading independent bodies such as the Council on Cyber Security. CDCAT combines them to provide a list of standards associated with one of 145 different aspects of cyber defence. These are mapped to the cyber defence lifecycle categories Assess, Deter, Protect, Detect, Respond/Recover. Each control (e.g. patch management) has a defi nition which describes different levels of compliance based on the Organisation s risk appetite. An organisation is then able to understand where any gaps in defence capability may exist. Each control maps mitigating behaviours to enable an organisation to improve its capability in a given area. Stage 4: DETECT RECOVER Stage 5: RESPOND/ Stage 3: PROTECT Stage 1: ASSESS Stage 2: DETER The Cyber Defence Capability Assessment Tool (CDCAT ) was developed by the Defence Science and Technology Laboratory (Dstl), which is a trading fund of the MOD. Dstl is dedicated to the defence and security of the UK through the development of innovative science and technology. It provides impartial scientifi c and technological advice to the UK Armed Forces and British Government. This unique assessment process is built on key principles to: Establish a converged risk mitigation framework for Information Assurance, Computer Network Defence and Service Management to enable decision development and superiority; CDCAT captures risk control objectives in one single operational activity consistent framework supporting the fusion of: PROTECT - covering Information Assurance DEFEND - covering classic computer network defence OPERATE - covering end to end service management CDCAT is a way for businesses to assess their own cyber defence preparedness, understand where any gaps in defence capability may exist and what mitigations can be applied. CDCAT delivers: A common operational framework and taxonomy Defi nition of control objectives and their maturity levels with their use in assessment and audit Defend Computer Network Defence Defi nition of what good looks like in what controls are more effective based on Computer Emergency Response Team evidence from around the world. Protect Information Assurance Enable Decision Superiority Diagram: Service Operation Operate Service Management Establish the scope for cyber defence against the known scope of the implementation related to the current network environment for that organisation; Provide a common taxonomy for more effi cient discussion, coordination and communication of cyber defence activities across environments; Provide a framework for evolution of organisational developments and partner or community cooperation on the development of cyber defence capabilities; Provide a framework for providing interoperability interfaces at various levels and various capabilities, in order to apply a federated approach to cyber defence (with industry, partners and other environment actors) Provide a framework for business strategy and planning in the context of cyber defence Service Management needs with visualisation for assessment results. Page 2 Page 3

3 81% of large organisations and 60% of small businesses reported they were the victim of a cyber-security breach from Cultivating your cyber environment Why your organisation needs CDCAT The principle benefi t of fused situational awareness is to Enable Decision Superiority in the Cyber Environment. Where vulnerabilities are built-in during the design phases, inadvertently or deliberately, cyber protections set the baseline for the security protection of the system. Defence activities then actively manage potential or on-going exploitation of these vulnerabilities, reactively or proactively. Computer Network Defence and Service Management are designed to show business perspectives in CDCAT so that stakeholders recognise their traditional activities in the now fused model. Each of these control perspectives represent the overlapping Protect, Defend, and Operate respectively of the Cyber Environment and combine effectively to Enable Decision Superiority. Cyber Defence encompasses many components and touch points as shown. CDCAT directly builds out operational risk control activities supporting an organisation s operating strategy. Whilst immediately applicable to wide area networking, local area networking and mobile IT, much of CDCAT is applicable to managing cyber risks in any digital technology in the other domains shown in the fi gure Cyber Environment Applied Scope. Cyber defence activities are mapped to one of the ITIL and cyber defence categories. Each of the different controls (e.g. patch management) has a defi nition which describes different levels of compliance. An organisation is then able to assess its own performance to understand where any gaps in defence capability may exist. Each control maps mitigating behaviours to enable an organisation to improve its score, and therefore capability in a given area. The scope of the Cyber Environment in terms of its physical and logical systems can be described by the following diagram: Cyber Environment Applied Scope Human Interaction (Vetting, Social Media, Compliance etc) Collaboration Industry General IT (e.g. WAN/LAN, Mobile, Cloud etc) CYBER DEFENCE Process Control Systems (e.g. SCADA) Embedded Systems (e.g. Vehicles, Platforms) Microelectronics Supply Chain Organisations in 2013 experiencing an average of 48 successful attacks per week. Physical (e.g. idam, Attribution, Safety) Page 4 Page 5

4 You have piqued my interest, is there a quick start version? Yes, CDCAT has a lightweight capability maturity questionnaire (<1 hour) which supports the production of risk treatment plans from many detailed best practice resources and incident evidence. This process reviews the top group of most effective security controls within an organisation or environment. Based on evidence, these controls have been proven to address 85% of known risks and threats in the cyber environment. By 2015 the UK Government s vision is to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions - guided by our core values of liberty, fairness, transparency and the rule of law - enhance prosperity, national security and a strong society³. CDCAT helps drive this vision by providing organisations with tailored, ongoing assessments which enable proactive cyber defence strategies. CDCAT is the most comprehensive tool on the market, drawing from Government and military standards which are not available anywhere else. Cyber threats are dynamic. Regardless of how many precautions are taken or how much money is invested in this area it is not possible for an organisation to be 100% safe. Technology moves too fast and there will always be someone out there to exploit weakness. However rapid CDCAT assessment and re-assessment over time ensures the door is not left wide open for them to stroll in. Future Cyber Defence: A bright tomorrow or a mist of uncertainty CDCAT uses multiple cyber security controls and inputs from commercial, military and government organisations around the world, including ISO 27000, NATO, the UK Ministry of Defence (MOD) and the National Institute of Standards and Technology (NIST), together with those from leading independent bodies such as the Council on Cyber Security. These are used to create a list of key cyber defence controls against which an organisation s capabilities can be measured alongside the protection strategies it has in place to show where there might be gaps and what mitigations can be implemented. The tool and its scoring system can be used on an ongoing basis if business risk demands, or when a company is looking to reassess its cyber defence strategy. - Martin Huddleston, Principal Cyber Solutions Architect at Dstl Who we are APM Group is a global business providing accreditation and certifi cation services. It has been assessing and certifying practitioners around the world in a variety of different professionalisms since Providing a wide range of cyber security training and certifi cation schemes, APMG aims to provide individuals and organisations alike with the necessary tools and skillsets to effectively police and protect vital, and often sensitive information. Follow us on Ploughshare Innovations was formed in 2005 to commercialise and exploit Dstl s intellectual property generated from its research. Since its establishment, Ploughshare has commercialised more than 110 technologies and launched eleven spin-out companies, principally for civilian applications. Ploughshare has also negotiated licences in the defence fi eld resulting in research being pulled through into defence products to meet defence requirements. References ¹(Source: Ponemon Institute 2013 Cost of Cyber Crime Study: United Kingdom) ²(Source: BIS information security breaches survey 2014) ³(Source: The UK Cyber Security Strategy 2011) The Defence Science and Technology Laboratory (Dstl) maximises the impact of science and technology (S&T) for the defence and security of the UK, supplying sensitive and specialist S&T services for the Ministry of Defence (MOD) and wider government. Dstl is a trading fund of the MOD, run along commercial lines. It is one of the principal government organisations dedicated to S&T in the defence and security fi eld, with three main sites at Porton Down, near Salisbury, Portsdown West, near Portsmouth, and Fort Halstead, near Sevenoaks. Dstl works with a wide range of partners and suppliers in industry, in academia and overseas. Around 60% of the Defence Science and Technology Programme is delivered by these external partners and suppliers. Follow us on (ITIL is a registered trade mark of AXELOS Limited.) (CDCAT is subject to Crown Copyright and Crown Database Rights. The work was sponsored by the MOD ISS NTA) Page 6 Page 7

5 Why should I invest in CDCAT? CDCAT is the unique decision support system which allows a company to dynamically and proactively tackle its cyber security needs through business risk appetite analysis. CDCAT is updated on a quarterly basis with information drawn from multiple international sources not readily available to the private/public sector. CDCAT makes it easier for an organisation to manage their own cyber risk strategy and provides simple steps to improve cyber defence capabilities. CDCAT provides cyber professionals with the tools to build effective business cases for vital updates. Worst case scenario modelling outlines the potential cost to an organisation of not implementing the recommended change and suffering a breach. This is measured against the costs of enacting the change. These forecasts are based on the data provided during the assessment. CDCAT supports continuous security improvements for organisations and supply chains - as threats, consequences and risk appetites change. Through integrating multiple evolving reference standards, e.g. ISO series, it provides a framework for the assessment and integration of new technologies, e.g. cloud, mobile, digital applications, etc. supporting an up-to-date assessment. CDCAT provides organisations with a way to report back to key stakeholders that they are addressing sector based vulnerabilities and proactively targeting cyber defence weak spots. CDCAT calculates the overall business preparedness scores and defi nes a number of reports to support the analysis and assessment of the business improvements required. Cost savings can be driven through adopting an effi cient risk management approach utilising the recommendations made in the CDCAT report. Visible, effective cyber security is an enabler for a thriving business. Would you like to know more? Please contact: E: T: +44 (0) APM Group Ltd All Rights Reserved

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

The UK cyber security strategy: Landscape review. Cross-government

The UK cyber security strategy: Landscape review. Cross-government REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

Thales Service Definition for Cyber Incident Response - Critical 48 for Cloud Services

Thales Service Definition for Cyber Incident Response - Critical 48 for Cloud Services Thales Service Definition for Cyber Incident Response - Critical Thales Service Definition for Cyber Incident Response - Critical for Cloud Services April 2014 Page 1 of 7 Thales Service Definition for

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI CGI Cyber Protection & Resilience Solutions Optimized risk management and protection

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Cybercrime in the Automotive Industry How to improve your business cyber security

Cybercrime in the Automotive Industry How to improve your business cyber security Cybercrime in the Automotive Industry How to improve your business cyber security Robert Morbin, Project Co-ordinator, SMMT Simon Kendall, Cyber Security, Department for Business, Innovation and Skills

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level

More information

Application Guidance CCP Penetration Tester Role, Practitioner Level

Application Guidance CCP Penetration Tester Role, Practitioner Level August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document

More information

Cloud Infrastructure Security Management

Cloud Infrastructure Security Management www.netconsulting.co.uk Cloud Infrastructure Security Management Visualise your cloud network, identify security gaps and reduce the risks of cyber attacks. Being able to see, understand and control your

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Cyber Security Evolved

Cyber Security Evolved Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE AIIA Response 14 November 2011 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing

More information

INFORMATION SECURITY TESTING

INFORMATION SECURITY TESTING INFORMATION SECURITY TESTING SERVICE DESCRIPTION Penetration testing identifies potential weaknesses in a technical infrastructure and provides a level of assurance in the security of that infrastructure.

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Corporate Security in 2016.

Corporate Security in 2016. Corporate Security in 2016. A QA Report Study Highlights According to ThreatMetrix, businesses in the UK are at greater risk of cybercrime than any other country in the world. In a recent survey carried

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087, Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 4, 60 Edward St, Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au

More information

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint Under control 2015 Hot topics for IT internal audit in financial services An Internal Audit viewpoint Introduction Welcome to our fourth annual review of the IT hot topics for IT internal audit in financial

More information

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Business Continuity Management Systems. Protecting for tomorrow by building resilience today Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power

More information

A GOOD PRACTICE GUIDE FOR EMPLOYERS

A GOOD PRACTICE GUIDE FOR EMPLOYERS MITIGATING SECURITY RISK IN THE NATIONAL INFRASTRUCTURE SUPPLY CHAIN A GOOD PRACTICE GUIDE FOR EMPLOYERS April 2015 Disclaimer: Reference to any specific commercial product, process or service by trade

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified

More information

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May 2014. Dear Sir or Madam,

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May 2014. Dear Sir or Madam, Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET 7 th May 2014 Dear Sir or Madam, The Federation of Small Businesses (FSB) welcomes the opportunity to respond to this consultation

More information

ISO27032 Guidelines for Cyber Security

ISO27032 Guidelines for Cyber Security ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance

More information

Action Plan 2010-2015 for Canada s Cyber Security Strategy

Action Plan 2010-2015 for Canada s Cyber Security Strategy Action Plan -2015 for Canada s Cyber Security Strategy Her Majesty the Queen in Right of Canada, 2013 Cat: PS9-1/2013E-PDF ISBN: 978-1-100-21895-3 ii Introduction Information technology is highly integrated

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

Cyber Security Organisational Standards. Guidance

Cyber Security Organisational Standards. Guidance Cyber Security Organisational Standards Guidance April 2013 Contents Contents...2 Overview...3 Background...4 Definitions...5 Presentation and Layout...6 Submissions Guidance...7 Acceptance Criteria...8

More information

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Cyber Security CESG Certified Training // 2 Contents 3

More information

UK Government IA Recent Changes and Update

UK Government IA Recent Changes and Update UK Government IA Recent Changes and Update INTRODUCTION Agenda Part 1 Government IA and Cyber Security Background Quick Threat Update UK Government Cyber Security Initiative Government Asset Control in

More information

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit 2014 Welcome to our third annual review of the IT hot topics facing Internal Audit functions within

More information

Resilience and Cyber Essentials

Resilience and Cyber Essentials Resilience and Cyber Essentials Richard Bach Assistant Director Cyber Security Talk outline Why Cyber Essentials: the Policy context What is Cyber Essentials: Scheme background How the Scheme works: accreditation,

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Smart Security. Smart Compliance.

Smart Security. Smart Compliance. Smart Security. Smart Compliance. SRM are dedicated to helping our clients stay safe in the information environment. With a wide range of knowledge and practical experience, our consultants are ready to

More information

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification Cyber Essentials Scheme Protect your business from cyber threats and gain valuable certification Why you need it Cybercrime appears in the news on an almost daily basis - but it s not just the large and

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations

More information

The UK Cyber Security Strategy. Report on progress December 2012. Forward Plans

The UK Cyber Security Strategy. Report on progress December 2012. Forward Plans The UK Cyber Security Strategy Report on progress December 2012 Forward Plans We are at the end of the first year of meeting the objectives outlined in the National Cyber Security Strategy. A great deal

More information

Secure by design: taking a strategic approach to cybersecurity

Secure by design: taking a strategic approach to cybersecurity Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Protecting Malaysia in the Connected world

Protecting Malaysia in the Connected world Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE

More information

The enemies ashore Vulnerabilities & hackers: A relationship that works

The enemies ashore Vulnerabilities & hackers: A relationship that works The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively

More information

The Software Experts. Software Asset Management Services & Solutions

The Software Experts. Software Asset Management Services & Solutions The Software Experts Software Asset Management Services & Solutions one WORLD CLASS SOFTWARE ASSET MANAGEMENT Make Optimised IT Simple Simplify the management of IT assets and minimise financial, legal

More information

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012 SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012 Cyberspace is both an ecosystem consisting of an infrastructure and services, and an environment where and through

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

C DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP

C DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP C DIG CSCSS / DEFENCE INTELLIGENCE GROUP COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE C DIG CSCSS / DEFENCE INTELLIGENCE GROUP

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Organizer: BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Session 6 : Securing Your Fortress Best practices, standards, techniques and technologies secure your organization from cyber criminals.

More information

Cyber Security Solutions Integrated. Proactive. Resilient.

Cyber Security Solutions Integrated. Proactive. Resilient. Cyber Security Solutions Integrated. Proactive. Resilient. Between defending against cyber attacks and ensuring mission resilience, there is one important word: HOW Cyber attacks never stop coming. Intrusions

More information

The internet and digital technologies play an integral part

The internet and digital technologies play an integral part The Cyber challenge Adjacent Digital Politics Ltd gives an overview of the EU Commission s Cyber Security Strategy and Commissioner Ashton s priorities to increase cyber security in Europe The internet

More information

Practitioner Certificate Software Asset Management Syllabus. Version 2.0

Practitioner Certificate Software Asset Management Syllabus. Version 2.0 Practitioner Certificate Software Asset Management Syllabus Version 2.0 June 2010 Practitioner Certificate in Software Asset Management The ISEB Practitioner Certificate in Software Asset Management (SAM)

More information

Technology management in warship acquisition

Technology management in warship acquisition management in warship acquisition A J Shanks B.Eng(Hons) MIET BMT Defence Services Limited SYNOPSIS Today s warship designers and engineers look to technology to provide warships and systems better, cheaper

More information

CYBER ZONE INTRODUCING THE 10% CALL FOR EXHIBITORS

CYBER ZONE INTRODUCING THE 10% CALL FOR EXHIBITORS CALL FOR EXHIBITORS 10% DISCOUNT FOR FIRST TIME EXHIBITORS* INTRODUCING THE CYBER ZONE Get ready to really showcase your products and services to a specific and vetted audience in a distinctive, dedicated

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

Overview TECHIS60851. Manage information security business resilience activities

Overview TECHIS60851. Manage information security business resilience activities Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool 6/9/2016 Tim Segerson, Deputy Director Office of Examination & Insurance FFIEC Cybersecurity Assessment Tool LSCU Cyber Breakout June 17, 2016 Continuing saga of lost sensitive data Every event enhances

More information

THE STRATEGIC POLICING REQUIREMENT. July 2012

THE STRATEGIC POLICING REQUIREMENT. July 2012 THE STRATEGIC POLICING REQUIREMENT July 2012 Contents Foreward by the Home Secretary...3 1. Introduction...5 2. National Threats...8 3. Capacity and contribution...9 4. Capability...11 5. Consistency...12

More information

Cyber security is a shared responsibility and each of us has a role to play in making it safer, more secure and resilient.

Cyber security is a shared responsibility and each of us has a role to play in making it safer, more secure and resilient. Overview of Cyber Security: Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. We rely on this vast array of networks to communicate and travel,

More information

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx Sub-section Content 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx 2 Job Purpose - To support the implementation of an Enterprise Risk Management

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Cyber Essentials Scheme. Summary

Cyber Essentials Scheme. Summary Cyber Essentials Scheme Summary June 2014 Introduction... 3 Background... 4 Scope... 4 Assurance Framework... 5 Next steps... 6 Questions about the scheme?... 7 2 Introduction The Cyber Essentials scheme

More information

Internet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net

Internet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net Internet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net This project has received funding from the European Union s Seventh Framework Programme for research, technological development

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

BT Assure Threat Intelligence

BT Assure Threat Intelligence BT Assure Threat Intelligence Providing you with the intelligence to help keep your organisation safe BT Assure. Security that matters At all times, organisations are vulnerable to all kinds of cyber attacks

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

Embracing CHANGE as a Competitive Advantage

Embracing CHANGE as a Competitive Advantage Web Intelligence Content Management TOGETHER System WE CAN Embracing CHANGE as a Competitive Advantage October 2011 V1 Intelligence TOGETHER WE CAN Agile Business Transformation Embracing CHANGE as a Competitive

More information

Industry. Head of Research Service Desk Institute

Industry. Head of Research Service Desk Institute Asset Management in the ITSM Industry Prepared by Daniel Wood Head of Research Service Desk Institute Sponsored by Declaration We believe the information in this document to be accurate, relevant and truthful

More information

Energy Industry Cybersecurity Report. July 2015

Energy Industry Cybersecurity Report. July 2015 Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

CASSIDIAN CYBERSECURITY

CASSIDIAN CYBERSECURITY CASSIDIAN CYBERSECURITY ADVANCED PERSISTENT THREAT (APT) SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something no organisation can afford

More information

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not

More information

THALES. www.thalesgroup. corn

THALES. www.thalesgroup. corn THALES www.thalesgroup. corn c Understanding cyber security is a challenge faced by all businesses and organisations around the world. New threats emerge on a daily basis and it can be difficult to understand

More information

Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY

Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY December 2013 Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND

More information

Cybersecurity on a Global Scale

Cybersecurity on a Global Scale Cybersecurity on a Global Scale Time-tested Leadership A global leader for more than a century with customers in 80 nations supported by offices in 19 countries worldwide, Raytheon recognizes that shared

More information

Active Engagement, Modern Defence - Strategic Concept for the Defence and Security of the Members of the North Atlantic Treaty Organization, 1010

Active Engagement, Modern Defence - Strategic Concept for the Defence and Security of the Members of the North Atlantic Treaty Organization, 1010 1 Modern security environment contains a broad and evolving set of challenges to the security of NATO s territory and populations. In order to assure their security, the Alliance must and will continue

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information