Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis



Similar documents
Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Business Plan 2012/13

A Guide to the Cyber Essentials Scheme

The UK cyber security strategy: Landscape review. Cross-government

CYBER SECURITY Audit, Test & Compliance

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

HMG Security Policy Framework

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

A NEW APPROACH TO CYBER SECURITY

Cyber Security - What Would a Breach Really Mean for your Business?

National Cyber Security Policy -2013

Cybercrime in the Automotive Industry How to improve your business cyber security

CYBER SECURITY TRAINING SAFE AND SECURE

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Cyber Security Evolved

Application Guidance CCP Penetration Tester Role, Practitioner Level

Cyber Security Strategy

Cloud Infrastructure Security Management

CESG Certification of Cyber Security Training Courses

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

National Approach to Information Assurance

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

Corporate Security in 2016.

Addressing Cyber Risk Building robust cyber governance

ISO27032 Guidelines for Cyber Security

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Action Plan for Canada s Cyber Security Strategy

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

Small businesses: What you need to know about cyber security

INFORMATION SECURITY TESTING

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Cyber Essentials Scheme

IoT & SCADA Cyber Security Services

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May Dear Sir or Madam,

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

A GOOD PRACTICE GUIDE FOR EMPLOYERS

UK Government IA Recent Changes and Update

Resilience and Cyber Essentials

Address C-level Cybersecurity issues to enable and secure Digital transformation

The Cyber Threat Profiler

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Cyber security Building confidence in your digital future

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Continuous Network Monitoring

Overview TECHIS Manage information security business resilience activities

developing your potential Cyber Security Training

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012

Industry. Head of Research Service Desk Institute

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

Secure by design: taking a strategic approach to cybersecurity

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

The internet and digital technologies play an integral part

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

The enemies ashore Vulnerabilities & hackers: A relationship that works

The Software Experts. Software Asset Management Services & Solutions

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Smart Security. Smart Compliance.

Practitioner Certificate Software Asset Management Syllabus. Version 2.0

OUTCOME OF PROCEEDINGS

Who s next after TalkTalk?

A strategic approach to fraud

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Essentials Scheme. Summary

Caretower s SIEM Managed Security Services

How To Defend Yourself Against Cyber Attacks

Cyber Security Solutions Integrated. Proactive. Resilient.

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY

Internet Governance and Cybersecurity Patrick Curry MACCSA

THALES. corn

CEOP Relationship Management Strategy

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Cyber Security Strategy

Technology management in warship acquisition

THE STRATEGIC POLICING REQUIREMENT. July 2012

FFIEC Cybersecurity Assessment Tool

Transcription:

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

An analogue approach to a digital world What foundations is CDCAT built on? The world is more connected, users are relying on organisations to protect their digital lives and cyber criminals are becoming more adaptable than ever. Are organisations responding to these trends by covering the basics to form adequate cyber defences? Are organisations achieving this through proactive development of their systems, whilst utilising best practice and security measure deployment? Worryingly, in a majority of cases the answer is no. Cyber Crime remains one of the top four priority risks identifi ed in the UK national security strategy. Cyber attacks have become common occurrences, with organisations in 2013 experiencing an average of 48 successful attacks per week. This represents a 16% increase from 2012 when organisations reported 41 successful attacks on average per week¹. Simplifying cyber defence response 81% of large organisations and 60% of small businesses reported they were the victim of a cyber-security breach from 2013 2014. In fi nancial terms the worst of these security breaches has an average cost of 600,000-1.15 million for large organisations and 65,000-115,000 for small businesses². So what can an organisation do to help identify and rectify their cyber defence weaknesses? CDCAT fuses multiple cyber security controls and inputs from commercial, military, and intelligence operations around the world, including; NATO, ISO 27000 series and the NIST Cyber Security Framework - together with leading independent bodies such as the Council on Cyber Security. CDCAT combines them to provide a list of standards associated with one of 145 different aspects of cyber defence. These are mapped to the cyber defence lifecycle categories Assess, Deter, Protect, Detect, Respond/Recover. Each control (e.g. patch management) has a defi nition which describes different levels of compliance based on the Organisation s risk appetite. An organisation is then able to understand where any gaps in defence capability may exist. Each control maps mitigating behaviours to enable an organisation to improve its capability in a given area. Stage 4: DETECT RECOVER Stage 5: RESPOND/ Stage 3: PROTECT Stage 1: ASSESS Stage 2: DETER The Cyber Defence Capability Assessment Tool (CDCAT ) was developed by the Defence Science and Technology Laboratory (Dstl), which is a trading fund of the MOD. Dstl is dedicated to the defence and security of the UK through the development of innovative science and technology. It provides impartial scientifi c and technological advice to the UK Armed Forces and British Government. This unique assessment process is built on key principles to: Establish a converged risk mitigation framework for Information Assurance, Computer Network Defence and Service Management to enable decision development and superiority; CDCAT captures risk control objectives in one single operational activity consistent framework supporting the fusion of: PROTECT - covering Information Assurance DEFEND - covering classic computer network defence OPERATE - covering end to end service management CDCAT is a way for businesses to assess their own cyber defence preparedness, understand where any gaps in defence capability may exist and what mitigations can be applied. CDCAT delivers: A common operational framework and taxonomy Defi nition of control objectives and their maturity levels with their use in assessment and audit Defend Computer Network Defence Defi nition of what good looks like in what controls are more effective based on Computer Emergency Response Team evidence from around the world. Protect Information Assurance Enable Decision Superiority Diagram: Service Operation Operate Service Management Establish the scope for cyber defence against the known scope of the implementation related to the current network environment for that organisation; Provide a common taxonomy for more effi cient discussion, coordination and communication of cyber defence activities across environments; Provide a framework for evolution of organisational developments and partner or community cooperation on the development of cyber defence capabilities; Provide a framework for providing interoperability interfaces at various levels and various capabilities, in order to apply a federated approach to cyber defence (with industry, partners and other environment actors) Provide a framework for business strategy and planning in the context of cyber defence Service Management needs with visualisation for assessment results. Page 2 Page 3

81% of large organisations and 60% of small businesses reported they were the victim of a cyber-security breach from 2013 2014. Cultivating your cyber environment Why your organisation needs CDCAT The principle benefi t of fused situational awareness is to Enable Decision Superiority in the Cyber Environment. Where vulnerabilities are built-in during the design phases, inadvertently or deliberately, cyber protections set the baseline for the security protection of the system. Defence activities then actively manage potential or on-going exploitation of these vulnerabilities, reactively or proactively. Computer Network Defence and Service Management are designed to show business perspectives in CDCAT so that stakeholders recognise their traditional activities in the now fused model. Each of these control perspectives represent the overlapping Protect, Defend, and Operate respectively of the Cyber Environment and combine effectively to Enable Decision Superiority. Cyber Defence encompasses many components and touch points as shown. CDCAT directly builds out operational risk control activities supporting an organisation s operating strategy. Whilst immediately applicable to wide area networking, local area networking and mobile IT, much of CDCAT is applicable to managing cyber risks in any digital technology in the other domains shown in the fi gure Cyber Environment Applied Scope. Cyber defence activities are mapped to one of the ITIL and cyber defence categories. Each of the different controls (e.g. patch management) has a defi nition which describes different levels of compliance. An organisation is then able to assess its own performance to understand where any gaps in defence capability may exist. Each control maps mitigating behaviours to enable an organisation to improve its score, and therefore capability in a given area. The scope of the Cyber Environment in terms of its physical and logical systems can be described by the following diagram: Cyber Environment Applied Scope Human Interaction (Vetting, Social Media, Compliance etc) Collaboration Industry General IT (e.g. WAN/LAN, Mobile, Cloud etc) CYBER DEFENCE Process Control Systems (e.g. SCADA) Embedded Systems (e.g. Vehicles, Platforms) Microelectronics Supply Chain Organisations in 2013 experiencing an average of 48 successful attacks per week. Physical (e.g. idam, Attribution, Safety) Page 4 Page 5

You have piqued my interest, is there a quick start version? Yes, CDCAT has a lightweight capability maturity questionnaire (<1 hour) which supports the production of risk treatment plans from many detailed best practice resources and incident evidence. This process reviews the top group of most effective security controls within an organisation or environment. Based on evidence, these controls have been proven to address 85% of known risks and threats in the cyber environment. By 2015 the UK Government s vision is to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions - guided by our core values of liberty, fairness, transparency and the rule of law - enhance prosperity, national security and a strong society³. CDCAT helps drive this vision by providing organisations with tailored, ongoing assessments which enable proactive cyber defence strategies. CDCAT is the most comprehensive tool on the market, drawing from Government and military standards which are not available anywhere else. Cyber threats are dynamic. Regardless of how many precautions are taken or how much money is invested in this area it is not possible for an organisation to be 100% safe. Technology moves too fast and there will always be someone out there to exploit weakness. However rapid CDCAT assessment and re-assessment over time ensures the door is not left wide open for them to stroll in. Future Cyber Defence: A bright tomorrow or a mist of uncertainty CDCAT uses multiple cyber security controls and inputs from commercial, military and government organisations around the world, including ISO 27000, NATO, the UK Ministry of Defence (MOD) and the National Institute of Standards and Technology (NIST), together with those from leading independent bodies such as the Council on Cyber Security. These are used to create a list of key cyber defence controls against which an organisation s capabilities can be measured alongside the protection strategies it has in place to show where there might be gaps and what mitigations can be implemented. The tool and its scoring system can be used on an ongoing basis if business risk demands, or when a company is looking to reassess its cyber defence strategy. - Martin Huddleston, Principal Cyber Solutions Architect at Dstl Who we are APM Group is a global business providing accreditation and certifi cation services. It has been assessing and certifying practitioners around the world in a variety of different professionalisms since 1993. Providing a wide range of cyber security training and certifi cation schemes, APMG aims to provide individuals and organisations alike with the necessary tools and skillsets to effectively police and protect vital, and often sensitive information. Follow us on Twitter @APMG_Inter Ploughshare Innovations was formed in 2005 to commercialise and exploit Dstl s intellectual property generated from its research. Since its establishment, Ploughshare has commercialised more than 110 technologies and launched eleven spin-out companies, principally for civilian applications. Ploughshare has also negotiated licences in the defence fi eld resulting in research being pulled through into defence products to meet defence requirements. References ¹(Source: Ponemon Institute 2013 Cost of Cyber Crime Study: United Kingdom) ²(Source: BIS information security breaches survey 2014) ³(Source: The UK Cyber Security Strategy 2011) The Defence Science and Technology Laboratory (Dstl) maximises the impact of science and technology (S&T) for the defence and security of the UK, supplying sensitive and specialist S&T services for the Ministry of Defence (MOD) and wider government. Dstl is a trading fund of the MOD, run along commercial lines. It is one of the principal government organisations dedicated to S&T in the defence and security fi eld, with three main sites at Porton Down, near Salisbury, Portsdown West, near Portsmouth, and Fort Halstead, near Sevenoaks. Dstl works with a wide range of partners and suppliers in industry, in academia and overseas. Around 60% of the Defence Science and Technology Programme is delivered by these external partners and suppliers. Follow us on Twitter @dstlmod (ITIL is a registered trade mark of AXELOS Limited.) (CDCAT is subject to Crown Copyright and Crown Database Rights. The work was sponsored by the MOD ISS NTA) Page 6 Page 7

Why should I invest in CDCAT? CDCAT is the unique decision support system which allows a company to dynamically and proactively tackle its cyber security needs through business risk appetite analysis. CDCAT is updated on a quarterly basis with information drawn from multiple international sources not readily available to the private/public sector. CDCAT makes it easier for an organisation to manage their own cyber risk strategy and provides simple steps to improve cyber defence capabilities. CDCAT provides cyber professionals with the tools to build effective business cases for vital updates. Worst case scenario modelling outlines the potential cost to an organisation of not implementing the recommended change and suffering a breach. This is measured against the costs of enacting the change. These forecasts are based on the data provided during the assessment. CDCAT supports continuous security improvements for organisations and supply chains - as threats, consequences and risk appetites change. Through integrating multiple evolving reference standards, e.g. ISO 27000-series, it provides a framework for the assessment and integration of new technologies, e.g. cloud, mobile, digital applications, etc. supporting an up-to-date assessment. CDCAT provides organisations with a way to report back to key stakeholders that they are addressing sector based vulnerabilities and proactively targeting cyber defence weak spots. CDCAT calculates the overall business preparedness scores and defi nes a number of reports to support the analysis and assessment of the business improvements required. Cost savings can be driven through adopting an effi cient risk management approach utilising the recommendations made in the CDCAT report. Visible, effective cyber security is an enabler for a thriving business. Would you like to know more? Please contact: E: CDCAT@apmgroup.co.uk T: +44 (0) 1494 452450 APM Group Ltd. 2014 All Rights Reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information