Copyright © 2015 ITpreneurs. All rights reserved. Cyber Resilience: whose problem is it? Follow: @itpreneurs Visit: www.itpreneurs.com
Copyright © 2015 ITpreneurs. All rights reserved.
Cyber Resilience: whose problem is it?
Follow: @itpreneursVisit: www.itpreneurs.com
Copyright © 2015 ITpreneurs. All rights reserved.
Welcome
Connie TaiHead of Products and Solutions MarketingITpreneurs
AXELOS - GLOBAL BEST PRACTICE 3
Cyber: who’s problem is it?
Dan ColeRESILIA Product Lead, AXELOSwww.AXELOS.com/RESILIA
AXELOS - GLOBAL BEST PRACTICE 6
...and the impactsThe response...
“I’m tied in for another year with these people that can’t manage data properly. I don’t want to stay with this company giving them my money”
TalkTalk customer
“TalkTalk hit by customer backlash – legal claims over cyberattack”
Sunday Times lead article: 25 October
“Experts estimate the debacle could cost TalkTalk up to £75m in lost revenues and other costs”
Sunday Times: 25 October
We need to Talk Talk
“Cyber crime is the crime of our generation”
“With the benefit of hindsight, were we doing enough? Well, you’ve got to say we weren’t and obviously we will be looking back and reviewing that extremely seriously”
Asked by the BBC whether customers’ bank details had been encrypted by TalkTalk, she said: “the awful truth is, I don’t know”.
Dido Harding, CEO, TalkTalk
AXELOS - GLOBAL BEST PRACTICE 7
The risks
$4.2 trillionestimated value of the
internet economy in G20 economies by 2016
The opportunities
94%of businesses with 10+ employees are online
936 exabytesgrowth in global internet traffic from 2005-2015
13.5% to 23%projected rise in consumer purchases made over the internet from 2010-2016
4.1%of GDP contributed
by internet
$445 billioncost of cyber-crime to the global economy per year
44%increase in cyber attacks.
That’s 1.4 successful attacks per organization
per week
95%of all security incidents
involve human error
3000companies had been
victims of cyber attacks in 2013
$145average cost paid for each
lost or stolen file containing sensitive or
confidential information
Opportunity and Risk
AXELOS - GLOBAL BEST PRACTICE 8
Getting the balance right
PREVENT DETECT CORRECT
PEOPLE PROCESS TECHNOLOGY
RISK OPPORTUNITY
AXELOS - GLOBAL BEST PRACTICE 9
A familiar situation of ownership
This is a little story about four people named Everybody, Somebody, Anybody, and Nobody.
There was an important job to be done and Everybody was sure that Somebody would do it.
Anybody could have done it, but Nobody did it.
Somebody got angry about that because it was Everybody's job.
Everybody thought that Anybody could do it, but Nobody realized that Everybody wouldn't do it.
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.
10 AXELOS - GLOBAL BEST PRACTICE COMMERCIAL IN CONFIDENCE
“We set security standards and policy; we expect everyone to stick to these and we will check compliance”
Risk Information Security
“We flagged the information is sensitive and needs protecting – so go and do that”
Information owners
“We own the services – but we don’t have the detailed technical knowledge to do everything”
IT delivery & Dev teams
“We have risk and security teams; if they want to bring risks or investment cases to us we will look at them”
Board / Leadership team
Cyber: who’s problem is it?
AXELOS - GLOBAL BEST PRACTICE 11
Roles and Responsibilities
Further reading:Cyber Resilience Best Practice section 9: Roles and Responsibilities
Governance* Board / audit
* Information owners
Leadership & management* Risk & security
management* IT strategy and services
Delivery* IT service delivery
* Process owners
AXELOS - GLOBAL BEST PRACTICE 13
Building collaboration
Start at home: IT and service management1
• Large team, diverse skills• Engaged with all areas of the
organization
• Build common language and knowledge
• Manage the business value: Opportunities & Risk balance
Further reading:Cyber Resilience Best Practice guide and Pocket Guide
AXELOS - GLOBAL BEST PRACTICE 14
Building collaboration
Specialist skills: Information Security 2• Small team, extended network• Specialist technical knowledge
and skills
• Help enable everyone to do the operational basics
Further reading:Cyber Resilience and ITSM – white paper
AXELOS - GLOBAL BEST PRACTICE 15
Building collaboration
Setting the tone: Board and Leadership team3
• Business opportunity and risk – not detail
• Personal responsibility and reputation
• Sponsors for organization wide collaboration
Further reading:Mind the Information Gap: Non-Executive Directors – white paper
AXELOS - GLOBAL BEST PRACTICE 16
Building collaboration
Understanding the value: Information owners4
• Understand the value of information – and the risks
• Provide structure on quantifying risk
Further reading:Cyber Resilience Pocket Guide
AXELOS - GLOBAL BEST PRACTICE 17
Building collaboration
Everyone is involved: IT users and staff 5• By far the largest risk – 90% of
incidents• Balance of security and usability
– Opportunity & Risk
• People are more adaptable than technology or process
• Proactive culture change
AXELOS - GLOBAL BEST PRACTICE 19
Lifecycle management
Further reading:Cyber Resilience Best Practice guide
AXELOS - GLOBAL BEST PRACTICE 20
Questions to ask…
1. Do you know what your critical information assets are – and who has responsibility for them?
2. Is everyone involved in cyber resilience?
3. Are you prepared for when a successful attack comes?
AXELOS - GLOBAL BEST PRACTICE 21
RESILIA portfolio
Best Practice GuideCore practical guidance for strategy, implementation and management or
effective cyber resilience
Individual Awareness Learning & Know-howAll IT users and staff across an
organization
IT and Security teams and
Membership & CPDFoundation and Practitioner community
LeadershipEngagementBoard and leadership teams
Pathway ToolIT, Security and Risk
decision makers
Foundation & Practitioner Training
AXELOS - GLOBAL BEST PRACTICE 22
Questions and thoughts?
Dan ColeRESILIA Product LeadE: [email protected]
Copyright © 2015 ITpreneurs. All rights reserved.
● Quality
Our Lead author Moyn Uddin is one of the authors of the RESILIA cyber security best practice
● Enabling You to Succeed
ITpreneurs does not compete with you and we are dedicated to make you successful
● Cutting Edge Content
Classroom, eLearning, Printed materials, eBooks
Working with ITpreneurs on RESILIA
Copyright © 2015 ITpreneurs. All rights reserved.
ITpreneurs RESILIA Portfolio
RESILIA ™ FoundationClassroom/Virtual Classroom
(3 days)
RESILIA ™ PractitionerClassroom/ Virtual Classroom
(2 days)
Fast-Track
RESILIA ™ PractitionerClassroom/Virtual Classroom
(2 days)
RESILIA ™ FoundationeLearning(12 hours)
Copyright © 2015 ITpreneurs. All rights reserved.
How Can You Work with ITpreneurs?
Accreditor AXELOS
Exam institute
Exam institute
EXAMINATION / ACCREDITATIONCOURSEWARE PROVISION
Exam institute
Exam institute ACP ACP
ITPRENEURSACP
ATOITPRENEURS ATO ATO
Affiliate Affiliate
ACP
Courseware Exams
Copyright © 2015 ITpreneurs. All rights reserved.
About ITpreneursSolutions for IT Training Providers
Copyright © 2016 ITpreneurs. All rights reserved.
Training Materials & Services for Each Component in Your IT Training Value Chain
28
ITpreneurs End-to-End Services
Portfolio Planning
Training Calendar Marketing Sales Delivery
400+ certifications1000+ titles
portfolio
Accreditation Services
Training Content
Partner Course Calendar Marketing in a Box
Go-To Market Webinars Sales Enablement Printing Services 24/7 Support
LMS Exam Ordering
Instructor
Primary Activities of a Training Provider
TTT’s Partner Matters Newsletter
Partner Products & Solutions Updates
Copyright © 2016 ITpreneurs. All rights reserved.
ITpreneurs is a full service provider to training and consulting organizations
Access a Comprehensive Library
Cost Saving on content by up to 80%
● No Content Development Costs● No Content Maintenance Costs● Pay-per-use: Use more, pay less!
● 1000+ Titles● Across most IT Domains● 12 Languages● Some unique Titles
Enjoy Convenience
● Anytime, Anywhere ordering ● Marketing Support● Exam Services● Accreditation● Trainer Services
Stay on the Cutting-Edge
● First to Market● Consistent Quality● Various Delivery Formats● Always Up-to-Date● Partner Enablement
Increase Revenues Save Costs
Copyright © 2016 ITpreneurs. All rights reserved.
ITpreneurs’ Certification PortfolioIT Best Practices
IT Governance and Assurance
- CGEIT- CISA- COBIT 5- COBIT Controls for NIST
Cloud /Big Data
- Big Data- CCSK- CCC - professional cloud- OpenStack- CTA
IT ProgramManagement
- MoV- MSP- Managing Benefits- MoP- P3O
IT ProjectManagement
- AGILE PM- PRINCE2- PMI-PMP- PMI-ACP- PMI-CAPM
Testing
Business Analysis
- CBAP- CCBA-PM-PBA
Development
- Agile Scrum- ScrumMaster
- Mobile App Testing- TMAP- ISTQB-CMAP
Process and QualityManagement
Asset Management
- Lean Six Sigma- Lean IT- TIPA
- IAITAM
Service Management
Support CenterManagement
- DevOps- Kepner- Tregoe- ITIL- ISO/IEC 20000- MOF
- HDI
Change Management
- Change Management
Network and Hardware management
- CISM- CISSP- NIST Cyber Security- RESILIA- Security+- EC-Council- ISO/IEC 27001- ISO/IEC 27002- ISO/IEC 22301- Secure Programming
Information Security
- A+- Network+- SDN
Risk Management
- M_o_R- PMI-RMP- CRISC- ISO31000
Architecture
- Archimate- Professional Cloud Architect- TOGAF- BPMN-IT4IT
Big Data
- Big Data Strategy
Copyright © 2016 ITpreneurs. All rights reserved.
FAQWhat services does ITpreneurs provide? ITpreneurs is a full service provider to training organizations. ITpreneurs offers courseware, exams, trainers, logistical services and anything else that a training provider requires to deliver a course.How do I engage with ITpreneurs? You can reach out to us through [email protected] We then walk you through the process of leveraging our services and get you up and running, quickly.What is your commercial model? We offer courseware and other products in a Pay-per-use model. If you would like to run a course with 10 students, you can purchase 10 sets of course materials from us.What countries do you serve, and at what time zones?ITpreneurs offers support in most geographies. We operate global support centers in three major locations, and ensure that we are available when you need us most.How is your courseware provided? Courseware is provided as ebooks, or printed coursebooks, but we also allow you to print most of the courseware titles.
Copyright © 2016 ITpreneurs. All rights reserved.
Solutions for IT Training ProvidersITpreneurs provides IT training content and services to training providers worldwide. We’ll help you keep up with changes, scale your business and increase your profitability.
View RESILIA Training Materials →
#greatproducts #greatpricingKeep an eye on our blog: www.itpreneurs.com/blogFollow our twitter channel: @itpreneursConnect via linkedin: www.linkedin.com/company/itpreneurs