cyber security resilience esrm conference amsterdam 2016
TRANSCRIPT
ACHIEVING CYBER RESILIENCE: SECURING INFORMATION SHARINGNIRAN SERIKI, C|CISO, CISM, MSC (RHUL)
SENIOR CYBER SECURITY CONSULTANT, EU INSTITUTIONS
CHIEFINFORMATIONSECURITYOFFICER(CISO),
SHEKINAHINFORMATIONSECURITYCONSULTANCYLTD.UNITEDKINGDOM.
DISCLAIMER:
Allviewsexpressedintheseslidesarestrictlypersonalanddonotrepresenttheviewsofanyorganisation Iconsultfor.
ACHIEVING CYBER RESILIENCE: SECURING INFORMATION SHARING
•Cyber Security, Cyber Threat, Cyber Response…Yes, Cyber Resilience!
•Cyber Resilience, the added Value
•Spell out R-E-S-I-L-I-E-N-C-E to achieve Cyber Resilience
•Partnering and sharing - how much, how long, how done?
CYBER SECURITY, CYBER THREAT, CYBER RESPONSE…YES, CYBER RESILIENCE!
•The whole idea of Cyber Resilience –•Not about achieving 100% security, which is practically impossible.
CYBER RESILIENCE, THE ADDED VALUE
•CyberResilienceisabouthavingarobust,testeddefenceandresponsesysteminplacetocombatcyberattacks.•Goalistominimisebusinessdisruptionbyallmeans.
SPELL OUT R-E-S-I-L-I-E-N-C-E TO ACHIEVE CYBER RESILIENCE • Registerorrecordallcorporateassets(AssetManagementProgram).Youcanonlyprotectwhatyouknoworawareexists.• Educationinformofregular&continuoususersecurityawarenesstraining• SIEM(SecurityIncident&EventsManagement)isa“greattohave”,thoughcomplextomanage.• IncidentResponseTeamandefficient,tested,practicalresponseplans&processes.• Learnfromothers,sharewithothers.• IntrusionDetectionsystemhelpswithmonitoring.• EffectiveVulnerabilityManagementSystemcoupledwithgood&timelypatchmanagement.• NewchangesgothroughtheChangeManagementcontrols&procedures.• ContinualImprovementwiththeCIA(Confidentiality,Integrity&Availability)focus.• ExternalDependency&properVendorsecurityvettingandmanagement.
PARTNERING AND SHARING - HOW MUCH, HOW LONG, HOW DONE?
•Great challenge is not necessarily in partnering but rather in SHARING.•We all face a common enemy! Today is my Organisation, but tomorrow
may be yours.• Suggestions:• Sharing based on common interests• Sharing based on same industry sector• Sharing based on other forms of collaboration.• Sharing is sometimes Vendor-based – the Vendor organising a forum
for clients to come together to share valuable information that could everyone.