The Global Information and Cyber Security Landscape

21/05/2018

1

John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP

Global Product Champion; Information Security, Business Continuity

2 Copyright © 2017 BSI. All rights reserved.

BSI History

Leading Global Standards Creation Body: British, European, ISO, Public, Private

The UK National Standards Body: The source of British Standards

Experienced: The world’s first National Standards Body established in 1901 and a founding member of ISO

Thought Leaders: Shaped the world’s most adopted standards, incl. Quality ISO 9001, Sustainability ISO 14001, Health and Safety OHSAS 18001

Specialist Focus on Standards Creation, Training and Certification

Global Network: 81,000 clients in 181 countries worldwide including governments, global brands and SMEs

Trusted: We’re a Royal Charter Company, reinvesting profits back into our business to improve our clients' experience

3 Copyright © 2017 BSI. All rights reserved.

Through the passion and expertise of our people, BSI embeds excellence in

organizations across the globe to improve business performance and resilience

Knowledge Solutions

Assessment Services

Training

Product Certification

Medical Devices

Supply Chain Solutions

EHS Solutions

Cybersecurity and Information Resilience

4 Copyright © 2017 BSI. All rights reserved.

BSI is a global company

75% of FTSE

100

51% of Fortune

500

68% of Nikkei

Index

BSI clients represent

4,000 colleagues & 11,450

experts

40 of the world’s top 50 med dev

manu-facturers

135,000 delegates trained

205,000 audit days delivered

Engaged with >80,000

clients annually

100,000* product

certifications

~40,000 consulting

days delivered

2,200 new standards

39,450 in all

Market Information

21/05/2018

5

10 Oct 2017

6 Copyright © 2017 BSI. All rights reserved.

Information Overload……

7 Copyright © 2017 BSI. All rights reserved.

Information Overload……

40+ ”Zettabytes”

by 2020!

Exponential year on year

growth

700 trn Movies!

90% of all

global data used, processed, stored

today was created in last

2 years

Top ten concerns – 2018 Horizon Scan Report

Top ten concerns

Top five concerns through the years

Top ten disruptions

Top ten disruptions

Top ten trends

Top ten trends

Threats and risks intelligence analysis

21/05/2018

Copyright © 2017 BSI. All rights reserved 15

Threats and risks intelligence analysis

21/05/2018

Copyright © 2017 BSI. All rights reserved 16

Source: http://breachlevelindex.com/

Framework for Improving Critical Infrastructure Cyber Security

In February 2013, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber security risks.

“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats” ~Section I of the Executive order~

21/05/2018 Copyright © 2017 BSI. All rights reserved

19

What is Critical Infrastructure?

http://www.dhs.gov/critical-infrastructure-sectors

21/05/2018

20

Information and Cyber Security Lifecycle

Organizational Resilience

Balancing opportunities and risks, focusing on three essential elements:

• product excellence

• process reliability

• people behaviours

Copyright © 2017 BSI. All rights reserved. 22

Organizational Resilience Index

16 core elements of resilience • Developed using best parts of 4 core

standards

• Index report represents findings from over 1,260 senior executives globally

• Benchmark enables organizations to compare

• Determine areas to focus on, of which business continuity is one of them

Copyright © 2017 BSI. All rights reserved. 23

How important is each element

1 Reputational risk 2 Financial aspects 3 Leadership 4 Vision and purpose 5 Information knowledge 6 Innovation 7 Resource management 8 Business continuity 9 Governance and accountability 10 Awareness, testing, training 11 Supply chain 12 Adaptive capacity 13 Culture 14 Community engagement 15 Alignment 16 Horizon scanning

How resilient are you at each element

1 Financial aspects 2 Alignment 3 Leadership 4 Vision and purpose 5 Governance & accountability 6 Community engagement 7 Business continuity 8 Culture 9 Reputational risk 10 Resource management 11 Adaptive capacity 12 Awareness, testing, training 13 Information knowledge 14 Horizon scanning 15 Innovation 16 Supply chain

RAN

K

Leadership People Process Product

Copyright © 2017 BSI. All rights reserved. 24

25 Copyright © 2017 BSI. All rights reserved.

Addressing your customer needs

Governing your business Running your business

Valuing your people

Managing & securing information

Protecting infrastructure

Enabling trust & reputation

Ensuring regulatory compliance

Safeguarding people

Mitigating social risk

Minimising security risk

Ensuring supply chain continuity

Protecting brand reputation

Organizational Resilience

Information Resilience Enables organizations to secure their information, protect themselves from cyber-threats, strengthening their information governance and in turn assuring resilience, mitigating risk while safeguarding them against vulnerabilities in their critical infrastructure.

Information Resilience

27 Copyright © 2017 BSI. All rights reserved.

Information Resilience

Knowledge Solutions

Assessment Services

Training

Product Certification

Medical Devices

Supply Chain Solutions

EHS Solutions

Cybersecurity and Information Resilience

Cloud security • Security controls for cloud services ISO/IEC 27017 • CSA STAR Certification

Network/system/application security • Vulnerability Scanning • Secure Digital Devices and Transactions Kitemark • Penetration Testing • Cyber Essentials/ Cyber Essentials Plus

Specialist information security • NIST Cybersecurity Framework • Payment Card Industry Data Security Standard PCI DSS • Information Security Management System Kitemark • Security Awareness: Wombat

Information Security

ISO/IEC 27001

Privacy • Privacy gap analysis • Personal Information Management BS 10012 • Personally Identifiable Information Protection ISO/IEC 29151 • Personally Identifiable Information in the cloud ISO/IEC 27018

28 Copyright © 2017 BSI. All rights reserved.

Information Resilience Training

Knowledge Solutions

Assessment Services

Training

Product Certification

Medical Devices

Supply Chain Solutions

EHS Solutions

Cybersecurity and Information Resilience

Cloud security • ISO/IEC 27017 • CSA STAR

Integrated systems • ISO/IEC 27001 - GDPR • ISO/IEC 27001 – ISO 22301 • ISO/IEC 27001 – ISO/IEC 27018 • ISO/IEC 27001 – ISO/IEC 27017

Specialist information security • NIST Cybersecurity Framework • Payment Card Industry Data Security Standard PCI DSS • Information Security Management Risk Assessment Best Practices • ISO/IEC 27002 • ISO/IEC 27032 – IT Security Techniques

Information Security

ISO/IEC 27001

Privacy • BS 10012 - Personal Information Management • ISO/IEC 27552 - Extension to ISO/IEC 27001 for data privacy

• Personally Identifiable Information in the cloud ISO/IEC 27018 • GDPR Implementation and Audit

29 Copyright © 2017 BSI. All rights reserved. 21/05/2018