+ All Categories
Home > Leadership & Management > Managing Security Risks in Manufacturing

Managing Security Risks in Manufacturing

Date post: 04-Jul-2015
Category:
Upload: william-mcborrough
View: 134 times
Download: 6 times
Share this document with a friend
Description:
MCGlobalTech presentation to manufacturing sector executives on managing cybersecurity risks by implementing an enterprise information security management program.
14
1 Mission Critical Global Technology Group (MCGlobalTech) Managing Security Risks in Manufacturing
Transcript
Page 1: Managing Security Risks in Manufacturing

1

Mission Critical Global Technology Group

(MCGlobalTech)

Managing Security Risks in Manufacturing

Page 2: Managing Security Risks in Manufacturing

2

Manufacturing Threat Landscape Increasing

• Symantec reports that manufacturing was the most

targeted sector in 2012, accounting for 24% of all targeted

attacks. ermined; and (iv) monitor risk on an ongoing

basis.

Page 3: Managing Security Risks in Manufacturing

3

Manufacturing Threat Landscape Increasing

• Symantec’s Internet Security Report 2013 reports that

manufacturing was the most targeted sector in 2012,

accounting for 24% of all targeted attacks.

• Verizon’s 2014 Data Breach Investigations Report

identified Manufacturing as one of the most victimized

industries by hackers, with companies of all sizes equally

targeted.

• National Association of Manufacturers estimate that

$239.9 billion in revenue has been lost to cyber-piracy

over the past 10 years.

Page 4: Managing Security Risks in Manufacturing

4

Manufacturing and Cyber Espionage

Page 5: Managing Security Risks in Manufacturing

5

Frequency of Security Incidents

Page 6: Managing Security Risks in Manufacturing

6

Proactive Approach to Addressing Risks

Implementing an Enterprise Risk Management Program

allows Manufacturers to:

1. Understand the threat facing their organizations

2. Understand their business and technical environments relative

the threat

3. Identify and asses weakness that exists in defenses around

critical business assets including information, systems and

people

4. Proactively mitigate the risk to business operations, reputation

and profits

Page 7: Managing Security Risks in Manufacturing

7

Enterprise Risk Management Program

Enterprise Risk Management is a:

• Comprehensive process that requires organizations to: (i)

frame risk (i.e., establish the context for risk-based

decisions); (ii) assess risk; (iii) respond to risk once

determined; and (iv) monitor risk on an ongoing basis.

Underlying Principles:

• Every entity, whether for-profit or not, exists to realize

value for its stakeholders.

• Value is created, preserved, or eroded by management

decisions in all activities, from setting strategy to operating

the enterprise day-to-day.

Page 8: Managing Security Risks in Manufacturing

8

Risk Management Levels

• Organization Level

– Governance:

• Senior Leadership responsible for an organization’s mission

ensuring that the risks are managed appropriately and the

resources are used responsibly

– Risk Management Strategy

• Strategic-level decisions and considerations on how senior

leaders/executives are to manage information security risk to

organizational operations, assets and individuals

Page 9: Managing Security Risks in Manufacturing

9

Risk Management Levels

• Mission/Business Process Level

– Identify and establish risk-aware mission/business

processes

– The understanding of Senior Leadership on:

• Types of threats sources and events

• Potential adverse impacts/consequences

• Resilience of information technology to a compromise

– Key output: Risk Response Strategy

Page 10: Managing Security Risks in Manufacturing

10

Risk Management Levels

• Information Systems Level

– Risk Management incorporated in all system life

cycles, including procurement and disposal

– Risk Management activities reflect organization’s risk

management strategy and addresses any risk related

to cost, schedule and performance requirements for

individual information systems.

– Key output: Risk Management Reports

Page 11: Managing Security Risks in Manufacturing

11

Additional Fundamental Components

• Trust and Trustworthiness

– Establishing trust among organizations

– Trustworthiness of information systems

• Organizational Culture

– Values, beliefs, and norms that influence behavior

• Relationship Among Key Risk Concepts

– Governance, Risk Tolerance, and Trust

Page 12: Managing Security Risks in Manufacturing

12

MCGlobalTech EISM Program

Page 13: Managing Security Risks in Manufacturing

13

Questions

Page 14: Managing Security Risks in Manufacturing

14

Contact Us

Mission Critical Global Technology Group

1776 I Street, NW

Washington, District of Columbia 20006

Phone: 571-249-3932

Email: [email protected]

William McBorrough Morris Cody

Managing Principal Managing Principal

[email protected] [email protected]


Recommended