The Global Information and Cyber Security Landscape
21/05/2018
1
John DiMaria; CSSBB, MHISP, HISP, AMBCI, CERP
Global Product Champion; Information Security, Business Continuity
2 Copyright © 2017 BSI. All rights reserved.
BSI History
Leading Global Standards Creation Body: British, European, ISO, Public, Private
The UK National Standards Body: The source of British Standards
Experienced: The world’s first National Standards Body established in 1901 and a founding member of ISO
Thought Leaders: Shaped the world’s most adopted standards, incl. Quality ISO 9001, Sustainability ISO 14001, Health and Safety OHSAS 18001
Specialist Focus on Standards Creation, Training and Certification
Global Network: 81,000 clients in 181 countries worldwide including governments, global brands and SMEs
Trusted: We’re a Royal Charter Company, reinvesting profits back into our business to improve our clients' experience
3 Copyright © 2017 BSI. All rights reserved.
Through the passion and expertise of our people, BSI embeds excellence in
organizations across the globe to improve business performance and resilience
Knowledge Solutions
Assessment Services
Training
Product Certification
Medical Devices
Supply Chain Solutions
EHS Solutions
Cybersecurity and Information Resilience
4 Copyright © 2017 BSI. All rights reserved.
BSI is a global company
75% of FTSE
100
51% of Fortune
500
68% of Nikkei
Index
BSI clients represent
4,000 colleagues & 11,450
experts
40 of the world’s top 50 med dev
manu-facturers
135,000 delegates trained
205,000 audit days delivered
Engaged with >80,000
clients annually
100,000* product
certifications
~40,000 consulting
days delivered
2,200 new standards
39,450 in all
Market Information
21/05/2018
5
10 Oct 2017
6 Copyright © 2017 BSI. All rights reserved.
Information Overload……
7 Copyright © 2017 BSI. All rights reserved.
Information Overload……
40+ ”Zettabytes”
by 2020!
Exponential year on year
growth
700 trn Movies!
90% of all
global data used, processed, stored
today was created in last
2 years
Top ten concerns – 2018 Horizon Scan Report
Top ten concerns
Top five concerns through the years
Top ten disruptions
Top ten disruptions
Top ten trends
Top ten trends
Threats and risks intelligence analysis
21/05/2018
Copyright © 2017 BSI. All rights reserved 15
Threats and risks intelligence analysis
21/05/2018
Copyright © 2017 BSI. All rights reserved 16
Source: http://breachlevelindex.com/
Framework for Improving Critical Infrastructure Cyber Security
In February 2013, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber security risks.
“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats” ~Section I of the Executive order~
21/05/2018 Copyright © 2017 BSI. All rights reserved
19
What is Critical Infrastructure?
http://www.dhs.gov/critical-infrastructure-sectors
21/05/2018
20
Information and Cyber Security Lifecycle
Organizational Resilience
Balancing opportunities and risks, focusing on three essential elements:
• product excellence
• process reliability
• people behaviours
Copyright © 2017 BSI. All rights reserved. 22
Organizational Resilience Index
16 core elements of resilience • Developed using best parts of 4 core
standards
• Index report represents findings from over 1,260 senior executives globally
• Benchmark enables organizations to compare
• Determine areas to focus on, of which business continuity is one of them
Copyright © 2017 BSI. All rights reserved. 23
How important is each element
1 Reputational risk 2 Financial aspects 3 Leadership 4 Vision and purpose 5 Information knowledge 6 Innovation 7 Resource management 8 Business continuity 9 Governance and accountability 10 Awareness, testing, training 11 Supply chain 12 Adaptive capacity 13 Culture 14 Community engagement 15 Alignment 16 Horizon scanning
How resilient are you at each element
1 Financial aspects 2 Alignment 3 Leadership 4 Vision and purpose 5 Governance & accountability 6 Community engagement 7 Business continuity 8 Culture 9 Reputational risk 10 Resource management 11 Adaptive capacity 12 Awareness, testing, training 13 Information knowledge 14 Horizon scanning 15 Innovation 16 Supply chain
RAN
K
Leadership People Process Product
Copyright © 2017 BSI. All rights reserved. 24
25 Copyright © 2017 BSI. All rights reserved.
Addressing your customer needs
Governing your business Running your business
Valuing your people
Managing & securing information
Protecting infrastructure
Enabling trust & reputation
Ensuring regulatory compliance
Safeguarding people
Mitigating social risk
Minimising security risk
Ensuring supply chain continuity
Protecting brand reputation
Organizational Resilience
Information Resilience Enables organizations to secure their information, protect themselves from cyber-threats, strengthening their information governance and in turn assuring resilience, mitigating risk while safeguarding them against vulnerabilities in their critical infrastructure.
Information Resilience
27 Copyright © 2017 BSI. All rights reserved.
Information Resilience
Knowledge Solutions
Assessment Services
Training
Product Certification
Medical Devices
Supply Chain Solutions
EHS Solutions
Cybersecurity and Information Resilience
Cloud security • Security controls for cloud services ISO/IEC 27017 • CSA STAR Certification
Network/system/application security • Vulnerability Scanning • Secure Digital Devices and Transactions Kitemark • Penetration Testing • Cyber Essentials/ Cyber Essentials Plus
Specialist information security • NIST Cybersecurity Framework • Payment Card Industry Data Security Standard PCI DSS • Information Security Management System Kitemark • Security Awareness: Wombat
Information Security
ISO/IEC 27001
Privacy • Privacy gap analysis • Personal Information Management BS 10012 • Personally Identifiable Information Protection ISO/IEC 29151 • Personally Identifiable Information in the cloud ISO/IEC 27018
28 Copyright © 2017 BSI. All rights reserved.
Information Resilience Training
Knowledge Solutions
Assessment Services
Training
Product Certification
Medical Devices
Supply Chain Solutions
EHS Solutions
Cybersecurity and Information Resilience
Cloud security • ISO/IEC 27017 • CSA STAR
Integrated systems • ISO/IEC 27001 - GDPR • ISO/IEC 27001 – ISO 22301 • ISO/IEC 27001 – ISO/IEC 27018 • ISO/IEC 27001 – ISO/IEC 27017
Specialist information security • NIST Cybersecurity Framework • Payment Card Industry Data Security Standard PCI DSS • Information Security Management Risk Assessment Best Practices • ISO/IEC 27002 • ISO/IEC 27032 – IT Security Techniques
Information Security
ISO/IEC 27001
Privacy • BS 10012 - Personal Information Management • ISO/IEC 27552 - Extension to ISO/IEC 27001 for data privacy
• Personally Identifiable Information in the cloud ISO/IEC 27018 • GDPR Implementation and Audit
29 Copyright © 2017 BSI. All rights reserved. 21/05/2018