thor: building a strong cyber defence · thor – building a strong cyber defence. gary hibberd -...
TRANSCRIPT
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
GARY HIBBERDManaging Director
THOR: Building a strong Cyber defence
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
• What does ‘Good’ cyber Security look like?
• Setting standards
• Identifying your own threats, vulnerabilities & risks
• THOR – Building a strong Cyber defence
THOR – Building a strong Cyber Defence
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Good Security is a journey.Not a destination.
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Defend Deter Develop
Our Vision:We are secure and resilient to cyber threats, prosperous and confident in our digital world.
National Cyber Security Strategy 2016 to 2021
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
• People
• Premises
• Processes
• PC’s
• Providers
‘Good’
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Remember: No such thing as 100% Secure
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Business buy-in; IT and Operations
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
• Clear Leadership
• There’s a Strategy
• Security Budget
• It’s an Enabler
• Risk Assessment
Do YOU have this?
• Risk Management
• ‘Some’ Awareness
• Business Buy-in
• Continually Improving
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Score: 1 to 101 = Nothing in place10 = No further action required
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
• Clear Leadership
• There’s a Strategy
• Security Budget
• It’s an Enabler
• Risk Assessment
Do YOU have this?
• Risk Management
• Awareness in place
• Business Buy-in
• Continually Improving
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Setting StandardsSetting Standards
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Copyright © 2016 BSI. All rights reserved.
The Information Security Journey
CSA STARCertificationFor Cloud
Cyber Essentials
ISO/IEC 27001
Information Security Kitemarks
Above and beyond
Cyber Essentials PlusISO/IEC27018
PCI DSS
Not a sequential journey, but modular options basedon organisational needsLevels of complexity or specialism and requiredinputs by client increase from left to rightVulnerability scanning andpenetration testingBSI KitemarkTM Certification
System audits and certification
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Increasing Requirements for Cyber /Information Security:
• From the 1st October 2014 all suppliersmust now be compliant with the newCyber Essentials controls if bidding forgovernment contracts which involve thehandling of sensitive or personal information.
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Increasing Requirements for Cyber /Information Security:
• Secure Configuration• Boundary Firewalls and Internet Gateways• Access Control and Administrative Privilege
Management• Patch Management• Malware Protection
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Increasing Requirements for Cyber /Information Security:
• A specification for an informationsecurity management system (ISMS).An ISMS is a framework of policies andprocedures that includes all legal,physical and technical controlsinvolved in an organisation'sinformation risk managementprocesses.
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Copyright © 2016 BSI. All rights reserved.
112 212 322 329 435 552 712 814 14451064 1432
21723563
4800 52896379
7952 8663
10446
42105550
5807
7394
87889665
10422
1011610414
11994
383
519
839
1303
1328
1497
1668
2002
2251
2569
71
128
206
218
279
332
451
511
606
,0
5,000
10,000
15,000
20,000
25,000
30,000
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
ISO/IEC 27001 - Worldwide total
Middle East
Central and South Asia
East Asia and Pacific
Europe
North America
Central / South America
Africa
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Information Security Management SystemISO27001:Annex A
Security Policies Organisation of InformationSecurity Asset Management
Access Control Communications Security Physical & Environment
Operations Security Cryptography Supplier Relationships
System Acquisition, development & maintenance Business Continuity Management
Security IncidentManagementHuman Resources Compliance
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
ISO27001:2013It is not just about IT!
• IT
• People
• Information
• Intellectual Property
• Infrastructure and Buildings
Security Protection could include for:
Copyright © 2016 BSI. All rights reserved.
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Identifying your own threats, vulnerabilities & risksIdentifying your own threats, vulnerabilities & risks
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
We need to understand…
• What are we trying to protect?
• Where is the data?
• Who is the owner?
• Who has access to it?
• What are they doing with the data?
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
ACTION:Spend a few minutes reviewing these questions.
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Your Business
What are we trying to protect?
Where is the data?
Who is the owner?
Who has access to it?
What are they doing with it?
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
THOR – Building your own plansTHOR – Building your own plans
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
THOR
Technical
Human
Operational
Regulatory
THOR
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
ACTION:Spend a few minutes considering the followingareas
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Your Business
Technical
Human
Operational
Operational
Regulatory
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Information security is not a technical issue
Finally…
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
People are our greatest threat
&
our greatest ally
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
• What does ‘Good’ cyber Security look like?
• Setting standards
• Identifying your own threats, vulnerabilities & risks
• THOR – Building a strong Cyber defence
THOR – Building a strong Cyber Defence
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
Protecting yourselvesFrom Cyber Bugs and Thugs! ©The Common Sense Guide - 2016By Gary Hibberd
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
1. Understand your threats and vulnerabilities
2. Getting the basics right
3. Anti-virus, Anti-Spam, Firewall/s Vulnerability &
Penetration testing
4. Security patching for everyone
5. Password Security
6. What is Encryption and Why it’s important?
7. Incident Management and Contingency plans
8. Look at your 3rd parties Suppliers
9. Education, Education, Education
10. ISO27001, PCI DSS or Cyber Essentials
11. Cyber Insurance & how it helps
Cyber Self-Defence
Gary Hibberd - [email protected] -(T) 0845 4133 666 : (M) 0744 7911 742
GARY HIBBERDManaging Director
Shúkran.Any Questions?