resilia: how to make the best of itsm and cyber resilience

Copyright © 2015 ITpreneurs. All rights reserved.

Cyber Resilience: whose problem is it?

Follow: @itpreneursVisit: www.itpreneurs.com


Welcome

Connie TaiHead of Products and Solutions MarketingITpreneurs

AXELOS - GLOBAL BEST PRACTICE 3

Cyber: who’s problem is it?

Dan ColeRESILIA Product Lead, AXELOSwww.AXELOS.com/RESILIA

http://www.axelos.com/RESILIA

http://www.axelos.com/RESILIA


Why is it an issue now?


...and the impactsThe response...

“I’m tied in for another year with these people that can’t manage data properly. I don’t want to stay with this company giving them my money”

TalkTalk customer

“TalkTalk hit by customer backlash – legal claims over cyberattack”

Sunday Times lead article: 25 October

“Experts estimate the debacle could cost TalkTalk up to £75m in lost revenues and other costs”

Sunday Times: 25 October

We need to Talk Talk

“Cyber crime is the crime of our generation”

“With the benefit of hindsight, were we doing enough? Well, you’ve got to say we weren’t and obviously we will be looking back and reviewing that extremely seriously”

Asked by the BBC whether customers’ bank details had been encrypted by TalkTalk, she said: “the awful truth is, I don’t know”.

Dido Harding, CEO, TalkTalk


The risks

$4.2 trillionestimated value of the

internet economy in G20 economies by 2016

The opportunities

94%of businesses with 10+ employees are online

936 exabytesgrowth in global internet traffic from 2005-2015

13.5% to 23%projected rise in consumer purchases made over the internet from 2010-2016

4.1%of GDP contributed

by internet

$445 billioncost of cyber-crime to the global economy per year

44%increase in cyber attacks.

That’s 1.4 successful attacks per organization

per week

95%of all security incidents

involve human error

3000companies had been

victims of cyber attacks in 2013

$145average cost paid for each

lost or stolen file containing sensitive or

confidential information

Opportunity and Risk


Getting the balance right

PREVENT DETECT CORRECT

PEOPLE PROCESS TECHNOLOGY

RISK OPPORTUNITY


A familiar situation of ownership

This is a little story about four people named Everybody, Somebody, Anybody, and Nobody.

There was an important job to be done and Everybody was sure that Somebody would do it.

Anybody could have done it, but Nobody did it.

Somebody got angry about that because it was Everybody's job.

Everybody thought that Anybody could do it, but Nobody realized that Everybody wouldn't do it.

It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.

10 AXELOS - GLOBAL BEST PRACTICE COMMERCIAL IN CONFIDENCE

“We set security standards and policy; we expect everyone to stick to these and we will check compliance”

Risk Information Security

“We flagged the information is sensitive and needs protecting – so go and do that”

Information owners

“We own the services – but we don’t have the detailed technical knowledge to do everything”

IT delivery & Dev teams

“We have risk and security teams; if they want to bring risks or investment cases to us we will look at them”

Board / Leadership team

Cyber: who’s problem is it?


Roles and Responsibilities

Further reading:Cyber Resilience Best Practice section 9: Roles and Responsibilities

Governance* Board / audit

* Information owners

Leadership & management* Risk & security

management* IT strategy and services

Delivery* IT service delivery

* Process owners


Need to build collaboration


Building collaboration

Start at home: IT and service management1

• Large team, diverse skills• Engaged with all areas of the

organization

• Build common language and knowledge

• Manage the business value: Opportunities & Risk balance

Further reading:Cyber Resilience Best Practice guide and Pocket Guide



Specialist skills: Information Security 2• Small team, extended network• Specialist technical knowledge

and skills

• Help enable everyone to do the operational basics

Further reading:Cyber Resilience and ITSM – white paper



Setting the tone: Board and Leadership team3

• Business opportunity and risk – not detail

• Personal responsibility and reputation

• Sponsors for organization wide collaboration

Further reading:Mind the Information Gap: Non-Executive Directors – white paper



Understanding the value: Information owners4

• Understand the value of information – and the risks

• Provide structure on quantifying risk

Further reading:Cyber Resilience Pocket Guide



Everyone is involved: IT users and staff 5• By far the largest risk – 90% of

incidents• Balance of security and usability

– Opportunity & Risk

• People are more adaptable than technology or process

• Proactive culture change


What does good look like?

Bringing it together


Lifecycle management

Further reading:Cyber Resilience Best Practice guide


Questions to ask…

1. Do you know what your critical information assets are – and who has responsibility for them?

2. Is everyone involved in cyber resilience?

3. Are you prepared for when a successful attack comes?


RESILIA portfolio

Best Practice GuideCore practical guidance for strategy, implementation and management or

effective cyber resilience

Individual Awareness Learning & Know-howAll IT users and staff across an

organization

IT and Security teams and

Membership & CPDFoundation and Practitioner community

LeadershipEngagementBoard and leadership teams

Pathway ToolIT, Security and Risk

decision makers

Foundation & Practitioner Training


Questions and thoughts?

Dan ColeRESILIA Product LeadE: [email protected]

mailto:[email protected]


Working with ITpreneurs on RESILIA


● Quality

Our Lead author Moyn Uddin is one of the authors of the RESILIA cyber security best practice

● Enabling You to Succeed

ITpreneurs does not compete with you and we are dedicated to make you successful

● Cutting Edge Content

Classroom, eLearning, Printed materials, eBooks

Working with ITpreneurs on RESILIA


ITpreneurs RESILIA Portfolio

RESILIA ™ FoundationClassroom/Virtual Classroom

(3 days)

RESILIA ™ PractitionerClassroom/ Virtual Classroom

(2 days)

Fast-Track

RESILIA ™ PractitionerClassroom/Virtual Classroom

(2 days)

RESILIA ™ FoundationeLearning(12 hours)


How Can You Work with ITpreneurs?

Accreditor AXELOS

Exam institute

Exam institute

EXAMINATION / ACCREDITATIONCOURSEWARE PROVISION

Exam institute

Exam institute ACP ACP

ITPRENEURSACP

ATOITPRENEURS ATO ATO

Affiliate Affiliate

ACP

Courseware Exams


About ITpreneursSolutions for IT Training Providers


Training Materials & Services for Each Component in Your IT Training Value Chain

28

ITpreneurs End-to-End Services

Portfolio Planning

Training Calendar Marketing Sales Delivery

400+ certifications1000+ titles

portfolio

Accreditation Services

Training Content

Partner Course Calendar Marketing in a Box

Go-To Market Webinars Sales Enablement Printing Services 24/7 Support

LMS Exam Ordering

Instructor

Primary Activities of a Training Provider

TTT’s Partner Matters Newsletter

Partner Products & Solutions Updates


ITpreneurs is a full service provider to training and consulting organizations

Access a Comprehensive Library

Cost Saving on content by up to 80%

● No Content Development Costs● No Content Maintenance Costs● Pay-per-use: Use more, pay less!

● 1000+ Titles● Across most IT Domains● 12 Languages● Some unique Titles

Enjoy Convenience

● Anytime, Anywhere ordering ● Marketing Support● Exam Services● Accreditation● Trainer Services

Stay on the Cutting-Edge

● First to Market● Consistent Quality● Various Delivery Formats● Always Up-to-Date● Partner Enablement

Increase Revenues Save Costs


ITpreneurs’ Certification PortfolioIT Best Practices

IT Governance and Assurance

- CGEIT- CISA- COBIT 5- COBIT Controls for NIST

Cloud /Big Data

- Big Data- CCSK- CCC - professional cloud- OpenStack- CTA

IT ProgramManagement

- MoV- MSP- Managing Benefits- MoP- P3O

IT ProjectManagement

- AGILE PM- PRINCE2- PMI-PMP- PMI-ACP- PMI-CAPM

Testing

Business Analysis

- CBAP- CCBA-PM-PBA

Development

- Agile Scrum- ScrumMaster

- Mobile App Testing- TMAP- ISTQB-CMAP

Process and QualityManagement

Asset Management

- Lean Six Sigma- Lean IT- TIPA

- IAITAM

Service Management

Support CenterManagement

- DevOps- Kepner- Tregoe- ITIL- ISO/IEC 20000- MOF

- HDI

Change Management

- Change Management

Network and Hardware management

- CISM- CISSP- NIST Cyber Security- RESILIA- Security+- EC-Council- ISO/IEC 27001- ISO/IEC 27002- ISO/IEC 22301- Secure Programming

Information Security

- A+- Network+- SDN

Risk Management

- M_o_R- PMI-RMP- CRISC- ISO31000

Architecture

- Archimate- Professional Cloud Architect- TOGAF- BPMN-IT4IT

Big Data

- Big Data Strategy


FAQ


FAQWhat services does ITpreneurs provide? ITpreneurs is a full service provider to training organizations. ITpreneurs offers courseware, exams, trainers, logistical services and anything else that a training provider requires to deliver a course.How do I engage with ITpreneurs? You can reach out to us through [email protected] We then walk you through the process of leveraging our services and get you up and running, quickly.What is your commercial model? We offer courseware and other products in a Pay-per-use model. If you would like to run a course with 10 students, you can purchase 10 sets of course materials from us.What countries do you serve, and at what time zones?ITpreneurs offers support in most geographies. We operate global support centers in three major locations, and ensure that we are available when you need us most.How is your courseware provided? Courseware is provided as ebooks, or printed coursebooks, but we also allow you to print most of the courseware titles.

mailto:[email protected]


Solutions for IT Training ProvidersITpreneurs provides IT training content and services to training providers worldwide. We’ll help you keep up with changes, scale your business and increase your profitability.

View RESILIA Training Materials →

#greatproducts #greatpricingKeep an eye on our blog: www.itpreneurs.com/blogFollow our twitter channel: @itpreneursConnect via linkedin: www.linkedin.com/company/itpreneurs

https://www.itpreneurs.com/resources/course-catalog/?wpv_column_sort_id=post_title&wpv_column_sort_dir=asc&wpv_view_count=992&wpv_post_search=cobit&wpv-delivery-types=0&wpv-catalog-connections=0&wpv-accreditation-bodies=0&wpv-course-languages=0&wpv_filter_submit=Search

http://itprn.rs/24XDbO4

http://itprn.rs/24XDbO4

http://www.itpreneurs.com/blog

https://twitter.com/itpreneurs

http://www.linkedin.com/company/itpreneurs

resilia: how to make the best of itsm and cyber resilience

Education