building cyber resilience
TRANSCRIPT
Lessons Learned
Strategy & Framework
Risks & Threats
Growing Digital
Building
Cyber Resilience in the Digital Economy
Agus Wicaksono Chairman iCIO
5 Oct 2016
About iCIO
www.ciocummunity.org
Become a premiere community of IT leaders and decision makers that provides the trusted knowledge, resources peer-to-peer collaboration to enable you to become a
more effective leader, driving personal and organizational results.
Growing Digital
Efficiency vs Risk Exposures
Internet Traffics
Growing Threat
New trends emerge
Innovative start-ups create disruptive business models
Early adopters embrace the new models
Advanced incumbents begin to adopt
Mainstream customers adopt
Laggard incumbents drop off
Tipping point
Time
• Continual Connectivity
• Organization Velocity
• Deluge of Data
Source: McKinsey Quarterly May 2014 – Strategic principles for competing in the digital age
Drive the Digital Vision
CMO
33%
38%
2%
8%
10%
CEO
CIO
CDO
CSO
Source: Forrester-Accenture 2015
and address security risks
2013
2014
Natanz
2010
2011
2016
2015
2012
2015
Ukraine
The Threat is Real Global Live Attack
http://map.ipviking.com/
Black Markets Underground Networks Set the Value of Information
Source: * Verizon 2014 Data Breach Investigation Report ** Oracle-Verizon 2015, Securing Information in the New Digital Economy
14%
18%
27% 29%
34%
Ban
k
Secr
ets
Inte
rnal
Pay
me
nt
Variety of at risk data within insider misuse*
Fresh credit card data $ 20-25
Stale credit card data $ 2-7
Medical record $ 50
Hijacked email account $ 10-100
Bank account credentials $ 10-1,000
Pricelist for stolen information**
Strategic Principles
Business Model: digital footprints, revenue generators, crown jewels and risk vulnerabilities
Break or Bend: withstand and recover rapidly from disruptions
Maginot Line: you are only as strong as your weakest link
Incorporate into Crisis Management procedures
Ability to continuously deliver the intended outcome despite adverse cyber events, connecting Information Security, Business Continuity and Organization Resilience.
Process, Policy, and Governance: CIRT, CIA
Technical Controls and Audit
Common Operating Environment
Identify
Protect
Detect
Respond
Recover
The Crown Jewels Framework and Protection System
BSI PAS
DHS CRR
NIST CSF
ISO 27001
Lessons Learned
Advocate at CEO Level
Cyber Hygiene: culture and behavior, more than just technology
Periodic campaigns and socialization
Segregate system to localize possible damages
Qualify 3rd Party Services
Manage digital debris
There are only two types of companies: those that have been hacked, and those that will be. Robert Mueller FBI Director, 2012
Thank You
@aguswicaksono Agus Wicaksono [email protected] http://aguswicaksono.blogspot.com