KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.
Embed Size (px)
Transcript of KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.
KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATIONAXELOS.COM1AGENDAInformation, value and cyber resilienceIntroducing RESILIAHow RESILIA builds resilienceThe benefitsThe portfolioThe future
INFORMATION AND VALUEYour precious informationCustomer/client dataOperational dataMarket dataOperational documents and insightConfidential data and IPEnabled by IT systems (which can be hacked or compromised) and now critical to success
Information lies at the heart of any organization: a critical enabler of value, innovation and growth. This information has never been at greater risk from cyber-attack, threatening reputation, customer trust and operational stability. Do you know what your most precious information is? Is it protected? 3
BEYOND ITTHE HUMAN FACTOROrganizational value resides in data plus people (information + intelligence = knowledge and ability)The system is technology plus peoplePeople/behaviours cause most vulnerabilitiesNarrow focus on IT wont align strategy,operations and peopleNeed to look beyond IT security to cyber resilience
Cyber resilience is about resisting, responding to and recovering from attacks that will compromise the information you require to do business. This can no longer be just the responsibility of your information security team everyone has a role to play. Your people are your greatest assets in helping your organization detect, respond to and recover from a cyber attack. Cyber resilient behaviours need to be embedded across the organization. 4
WILL YOUR INFORMATION BE COMPROMISED?The risks are high.73% of large organizations suffered from infectionby viruses or malicious software in the past year(BIS, 2014 Information Security Breaches Survey)37.3 million users experience phishing attacks in 2013 (Kapersky Lab)95% of security incidents involve human(IBM 2014 Cyber Security Intelligence Index report)50% of users open emails and click on phishinglinks with the first hour(Verizon 2015 data breach investigations report)The increased frequency and sophistication of cyber attacks means that its no longer a case of if you will suffer a cyber attack but when. Here are some statistics that demonstrate how real the risk is. The question is how are you going to deal with a cyber attack to minimize its impact and speed up your recovery. The statistic that you really should focus on is that 95% of security incidents involve human error this just reinforces the fact that everyone has a role to play. 5
INTRODUCING CYBER RESILIENCECyber resilience is about keeping data safe, but criticallyIts about keeping the value tied to that data safe Its about how you minimise damage and come through attack or security failureIts about how you prevent, detect, respond and recoverCyber resilience is about resisting, responding to and recovering from attacks that will impact the information you require to do business. It requires a balanced and collaborative approach across the entire organization embedding awareness, insight and skills that will make you more effective in keeping your critical information safe. Not all attacks are of equal seriousness, so you need to know how to prioritise, how to differentiate the low risk attacks from the high risk and where you should focus your efforts.
6BARRIERS TO CYBER RESILIENCE?Lack of awareness (board level down)Silo thinking (its an IT problem)Narrow focus on regulatory compliance, not riskConfusion about what good looks likeCyber resilience demands a whole system view (technology and people)Cyber resilience has to be part of your organisational cultureThis is why you need RESILIA
Historically cyber security has been seen as an IT problem with very little awareness or engagement from the senior management but this is changing. Organizations are waking up to the fact that they need to have a cyber resilience strategy. And this strategy needs to be more than just technology it also has to address the human factor. Lets not forget that 95% of security incidents resulted from human error. The challenge is knowing what good looks like. 7
RISKS TO VALUELoss of corporate reputation and customer trustFinancial loss and reduced productivityRegulatory finesReduced competitive advantage through IP theft(Damaged personal reputations)Ignoring cyber resilience is not an option for organizations that want to grow and be successful in this increasingly digitized, global economy. You will be a victim of a cyber attack. But what is the impact? It could be any of the above. Are you willing to take that risk? 8
WHAT IS RESILIA?RESILIA is a portfolio of training, learning and certification aimed at building cyber resilience across the organization, from the boardroom down. Underpinned by Cyber Resilience Best Practices it comprises of: Foundation and Practitioner Certifications Organization wide awareness learning Cyber Pathway Tool Leadership engagement Professional Development Programme.
RESILIA is a new portfolio from AXELOS Global Best Practice, to help organizations to develop and implement a comprehensive cyber resilience strategy encompassing people, process and technology. The portfolio is made up of five key areas. 9WHAT WILL YOU GAIN (AND KEEP)?clarity and confidence throughout your organization as it responds to a cyber attackbest practice disciplines encompassing people, process and technology, whatever your organizations sizeenhanced management strategiesaligned IT operations, security and incident managementsecured value
RESILIA will build cyber resilience skills across your organization. It offers a framework for practical knowledge which will enhance existing management strategies and help you align cyber resilience with IT operations, security and incident management. RESILIA will give you: 10
WHAT WILL YOU GAIN (AND KEEP)?The right ingredients for effective cyber resilienceCommon language across IT and non-IT teamsEnhanced collaborationEnhanced control, reporting and good governanceA framework to exploit ITIL best practice investmentsHigher levels of certified staff
Having a common language across your business will lead to increased collaboration and control. And you can exploit your existing investment in ITIL and another layer of cyber resilience controls to your existing strategies. 11
Best Practice GuideCore practical guidance for strategy, implementation and management:what good looks likeIndividual Awareness Learning & Know-howAll staff across an organisationIT teams and data owners/managersMembership & CPDIT teams and data owners/managersLeaderEngagementLeadership team across an organisationManagement Pathway ToolFoundation & Practitioner TrainingRESILIA: THE PORTFOLIOThe RESILIA portfolio comprises of a management pathway tool, leader engagement, organization wide awareness learning, Foundation and Practitioner certification and professional development. All of these elements can be implemented individually but the entire portfolio provides organizations with a cohesive solution. 12Who is it for?The Foundation and Practitioner certification is aimed at: IT and security functionsRisk and compliance functionsCore business functions including HR, Finance, Procurement, Operations and Marketing.The awareness learning is for the entire organization. The leadership engagement delivers specialised training and learning for the leaders within an organization
RESILIA offers practical guidance, training and learning for the entire organization, including boardroom teams, IT, risk and business professionals, so that they better understand the risks and benefits of effective cyber resilience.
The Foundation and Practitioner certification is aimed at a number of teams within the organization. The most obvious being the IT and security functions. This includes all professionals within IT service management, information security, IT and security architecture. It also include the senior leadership roles like your CTO (Chief Technology Officer), your CISO (Chief Information Security Officer) and the Head of IT. The certifications are also relevant to individuals working in risk and compliance roles. This is includes your Chief Risk Officer, the head of risk, risk managers, heads of compliance. Finally the certifications are also relevant for other core business functions. HR, Finance, Procurement, Operations and Marketing, will benefit from having cyber resilience expertise within the team, often including a local champion or mentor for all staff to refer to.
The awareness learning is for employees across the organization and provides content that can be delivered across throughout the year, to help embed cyber resilient behaviours across the entire workforce.
Finally the leadership engagement focuses on delivering specialized training and learning for the leaders within an organization so that they understand the role they have to play in developing effective cyber resilient strategies and behaviours.
RESILIA: BEST PRACTICEThe management processes you need to embed across the organization (large or small)An organization-wide management system involving people, process and technologyPractical, pragmatic guidance aligned with common approaches and standardsStructure follows the proven ITIL lifecycle used by thousands of organizations across the worldThe Cyber Resilience Best Practices guide is the core guidance that underpins the entire RESILIA portfolio. The guidance is aimed at all areas and roles within IT, risk and the wider business and helps organizations understand how to build cyber resilience into day to day operations. Stuart Rance is the chief author and examiner and the guidance was also reviewed by experts in cyber resilience from both the UK and US. 14
RESILIA: CERTIFIED TRAININGFoundation and Practitioner course