recognising the risks of cyber threats across the organisation john thornton secretary to the...
TRANSCRIPT
Recognising the Risks of Cyber Threats Across the Organisation
John ThorntonSecretary to the Digital Government Security Forum
• Cyber Risks
• Findings from the recent DGSF study
• Managing and mitigating information and cyber security risks
Agenda
• Digital-by –default
• Most transformation & cost saving programmes
• Smart buildings
• Utilities & infrastructure
• Intellectual property
• Personal data/privacy
• Integrity of contract negotiations
Cyber Risks threaten
Understanding the Risks
• Language • Threat Vectors
• Threat Actors
• Types of Attack
• Example Attack
Issues Arising
Digital Enterprises
Mobile Devices
Cloud Computing
Standards
Legacy Systems
Information Sharing
Capacity & Skills
Emerging Best Practice
Governance
Information Asset
Registers
Access & Monitoring
Testing
Sharing Threat
Information
Focus
Emerging Best Practice
Conclusions
• Start by ensuring the foundations are in place and the organisation is secure
• Build on foundations developing culture, analytics & automated threat protection
• Use Security as an Enabler to make savings and improve efficiency - security should not be a barrier
Managing & Mitigating:
• Holistic approach
• Part of Corporate Risk Assessment & Management Processes
• Security-by-default
• Security as an ‘enabler’, not a barrier