the global information and cyber security landscape · the global information and cyber security...
TRANSCRIPT
![Page 1: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/1.jpg)
The Global Information and Cyber Security Landscape
21/05/2018
1
John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP
Global Product Champion; Information Security, Business Continuity
![Page 2: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/2.jpg)
2 Copyright © 2017 BSI. All rights reserved.
BSI History
Leading Global Standards Creation Body: British, European, ISO, Public, Private
The UK National Standards Body: The source of British Standards
Experienced: The world’s first National Standards Body established in 1901 and a founding member of ISO
Thought Leaders: Shaped the world’s most adopted standards, incl. Quality ISO 9001, Sustainability ISO 14001, Health and Safety OHSAS 18001
Specialist Focus on Standards Creation, Training and Certification
Global Network: 81,000 clients in 181 countries worldwide including governments, global brands and SMEs
Trusted: We’re a Royal Charter Company, reinvesting profits back into our business to improve our clients' experience
![Page 3: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/3.jpg)
3 Copyright © 2017 BSI. All rights reserved.
Through the passion and expertise of our people, BSI embeds excellence in
organizations across the globe to improve business performance and resilience
Knowledge Solutions
Assessment Services
Training
Product Certification
Medical Devices
Supply Chain Solutions
EHS Solutions
Cybersecurity and Information Resilience
![Page 4: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/4.jpg)
4 Copyright © 2017 BSI. All rights reserved.
BSI is a global company
75% of FTSE
100
51% of Fortune
500
68% of Nikkei
Index
BSI clients represent
4,000 colleagues & 11,450
experts
40 of the world’s top 50 med dev
manu-facturers
135,000 delegates trained
205,000 audit days delivered
Engaged with >80,000
clients annually
100,000* product
certifications
~40,000 consulting
days delivered
2,200 new standards
39,450 in all
![Page 5: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/5.jpg)
Market Information
21/05/2018
5
10 Oct 2017
![Page 6: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/6.jpg)
6 Copyright © 2017 BSI. All rights reserved.
Information Overload……
![Page 7: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/7.jpg)
7 Copyright © 2017 BSI. All rights reserved.
Information Overload……
40+ ”Zettabytes”
by 2020!
Exponential year on year
growth
700 trn Movies!
90% of all
global data used, processed, stored
today was created in last
2 years
![Page 8: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/8.jpg)
Top ten concerns – 2018 Horizon Scan Report
![Page 9: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/9.jpg)
Top ten concerns
![Page 10: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/10.jpg)
Top five concerns through the years
![Page 11: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/11.jpg)
Top ten disruptions
![Page 12: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/12.jpg)
Top ten disruptions
![Page 13: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/13.jpg)
Top ten trends
![Page 14: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/14.jpg)
Top ten trends
![Page 15: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/15.jpg)
Threats and risks intelligence analysis
21/05/2018
Copyright © 2017 BSI. All rights reserved 15
![Page 16: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/16.jpg)
Threats and risks intelligence analysis
21/05/2018
Copyright © 2017 BSI. All rights reserved 16
![Page 17: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/17.jpg)
Source: http://breachlevelindex.com/
![Page 18: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/18.jpg)
Framework for Improving Critical Infrastructure Cyber Security
In February 2013, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber security risks.
“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats” ~Section I of the Executive order~
![Page 19: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/19.jpg)
21/05/2018 Copyright © 2017 BSI. All rights reserved
19
What is Critical Infrastructure?
http://www.dhs.gov/critical-infrastructure-sectors
![Page 20: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/20.jpg)
21/05/2018
20
![Page 21: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/21.jpg)
Information and Cyber Security Lifecycle
![Page 22: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/22.jpg)
Organizational Resilience
Balancing opportunities and risks, focusing on three essential elements:
• product excellence
• process reliability
• people behaviours
Copyright © 2017 BSI. All rights reserved. 22
![Page 23: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/23.jpg)
Organizational Resilience Index
16 core elements of resilience • Developed using best parts of 4 core
standards
• Index report represents findings from over 1,260 senior executives globally
• Benchmark enables organizations to compare
• Determine areas to focus on, of which business continuity is one of them
Copyright © 2017 BSI. All rights reserved. 23
![Page 24: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/24.jpg)
How important is each element
1 Reputational risk 2 Financial aspects 3 Leadership 4 Vision and purpose 5 Information knowledge 6 Innovation 7 Resource management 8 Business continuity 9 Governance and accountability 10 Awareness, testing, training 11 Supply chain 12 Adaptive capacity 13 Culture 14 Community engagement 15 Alignment 16 Horizon scanning
How resilient are you at each element
1 Financial aspects 2 Alignment 3 Leadership 4 Vision and purpose 5 Governance & accountability 6 Community engagement 7 Business continuity 8 Culture 9 Reputational risk 10 Resource management 11 Adaptive capacity 12 Awareness, testing, training 13 Information knowledge 14 Horizon scanning 15 Innovation 16 Supply chain
RAN
K
Leadership People Process Product
Copyright © 2017 BSI. All rights reserved. 24
![Page 25: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/25.jpg)
25 Copyright © 2017 BSI. All rights reserved.
Addressing your customer needs
Governing your business Running your business
Valuing your people
Managing & securing information
Protecting infrastructure
Enabling trust & reputation
Ensuring regulatory compliance
Safeguarding people
Mitigating social risk
Minimising security risk
Ensuring supply chain continuity
Protecting brand reputation
Organizational Resilience
![Page 26: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/26.jpg)
Information Resilience Enables organizations to secure their information, protect themselves from cyber-threats, strengthening their information governance and in turn assuring resilience, mitigating risk while safeguarding them against vulnerabilities in their critical infrastructure.
Information Resilience
![Page 27: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/27.jpg)
27 Copyright © 2017 BSI. All rights reserved.
Information Resilience
Knowledge Solutions
Assessment Services
Training
Product Certification
Medical Devices
Supply Chain Solutions
EHS Solutions
Cybersecurity and Information Resilience
Cloud security • Security controls for cloud services ISO/IEC 27017 • CSA STAR Certification
Network/system/application security • Vulnerability Scanning • Secure Digital Devices and Transactions Kitemark • Penetration Testing • Cyber Essentials/ Cyber Essentials Plus
Specialist information security • NIST Cybersecurity Framework • Payment Card Industry Data Security Standard PCI DSS • Information Security Management System Kitemark • Security Awareness: Wombat
Information Security
ISO/IEC 27001
Privacy • Privacy gap analysis • Personal Information Management BS 10012 • Personally Identifiable Information Protection ISO/IEC 29151 • Personally Identifiable Information in the cloud ISO/IEC 27018
![Page 28: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/28.jpg)
28 Copyright © 2017 BSI. All rights reserved.
Information Resilience Training
Knowledge Solutions
Assessment Services
Training
Product Certification
Medical Devices
Supply Chain Solutions
EHS Solutions
Cybersecurity and Information Resilience
Cloud security • ISO/IEC 27017 • CSA STAR
Integrated systems • ISO/IEC 27001 - GDPR • ISO/IEC 27001 – ISO 22301 • ISO/IEC 27001 – ISO/IEC 27018 • ISO/IEC 27001 – ISO/IEC 27017
Specialist information security • NIST Cybersecurity Framework • Payment Card Industry Data Security Standard PCI DSS • Information Security Management Risk Assessment Best Practices • ISO/IEC 27002 • ISO/IEC 27032 – IT Security Techniques
Information Security
ISO/IEC 27001
Privacy • BS 10012 - Personal Information Management • ISO/IEC 27552 - Extension to ISO/IEC 27001 for data privacy
• Personally Identifiable Information in the cloud ISO/IEC 27018 • GDPR Implementation and Audit
![Page 29: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/29.jpg)
29 Copyright © 2017 BSI. All rights reserved. 21/05/2018
![Page 30: The Global Information and Cyber Security Landscape · The Global Information and Cyber Security Landscape 21/05/2018 1 John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP Global Product](https://reader034.vdocument.in/reader034/viewer/2022050522/5fa57d39888dfa1808495e65/html5/thumbnails/30.jpg)