1
Mission Critical Global Technology Group
(MCGlobalTech)
Managing Security Risks in Manufacturing
2
Manufacturing Threat Landscape Increasing
• Symantec reports that manufacturing was the most
targeted sector in 2012, accounting for 24% of all targeted
attacks. ermined; and (iv) monitor risk on an ongoing
basis.
3
Manufacturing Threat Landscape Increasing
• Symantec’s Internet Security Report 2013 reports that
manufacturing was the most targeted sector in 2012,
accounting for 24% of all targeted attacks.
• Verizon’s 2014 Data Breach Investigations Report
identified Manufacturing as one of the most victimized
industries by hackers, with companies of all sizes equally
targeted.
• National Association of Manufacturers estimate that
$239.9 billion in revenue has been lost to cyber-piracy
over the past 10 years.
4
Manufacturing and Cyber Espionage
5
Frequency of Security Incidents
6
Proactive Approach to Addressing Risks
Implementing an Enterprise Risk Management Program
allows Manufacturers to:
1. Understand the threat facing their organizations
2. Understand their business and technical environments relative
the threat
3. Identify and asses weakness that exists in defenses around
critical business assets including information, systems and
people
4. Proactively mitigate the risk to business operations, reputation
and profits
7
Enterprise Risk Management Program
Enterprise Risk Management is a:
• Comprehensive process that requires organizations to: (i)
frame risk (i.e., establish the context for risk-based
decisions); (ii) assess risk; (iii) respond to risk once
determined; and (iv) monitor risk on an ongoing basis.
Underlying Principles:
• Every entity, whether for-profit or not, exists to realize
value for its stakeholders.
• Value is created, preserved, or eroded by management
decisions in all activities, from setting strategy to operating
the enterprise day-to-day.
8
Risk Management Levels
• Organization Level
– Governance:
• Senior Leadership responsible for an organization’s mission
ensuring that the risks are managed appropriately and the
resources are used responsibly
– Risk Management Strategy
• Strategic-level decisions and considerations on how senior
leaders/executives are to manage information security risk to
organizational operations, assets and individuals
9
Risk Management Levels
• Mission/Business Process Level
– Identify and establish risk-aware mission/business
processes
– The understanding of Senior Leadership on:
• Types of threats sources and events
• Potential adverse impacts/consequences
• Resilience of information technology to a compromise
– Key output: Risk Response Strategy
10
Risk Management Levels
• Information Systems Level
– Risk Management incorporated in all system life
cycles, including procurement and disposal
– Risk Management activities reflect organization’s risk
management strategy and addresses any risk related
to cost, schedule and performance requirements for
individual information systems.
– Key output: Risk Management Reports
11
Additional Fundamental Components
• Trust and Trustworthiness
– Establishing trust among organizations
– Trustworthiness of information systems
• Organizational Culture
– Values, beliefs, and norms that influence behavior
• Relationship Among Key Risk Concepts
– Governance, Risk Tolerance, and Trust
12
MCGlobalTech EISM Program
13
Questions
14
Contact Us
Mission Critical Global Technology Group
1776 I Street, NW
Washington, District of Columbia 20006
Phone: 571-249-3932
Email: [email protected]
William McBorrough Morris Cody
Managing Principal Managing Principal