Recognising the Risks of Cyber Threats Across the Organisation

John ThorntonSecretary to the Digital Government Security Forum

 • Cyber Risks

• Findings from the recent DGSF study

• Managing and mitigating information and cyber security risks

Agenda

South Korea

Israel

The Trust Multiplier

 • Digital-by –default

• Most transformation & cost saving programmes

• Smart buildings

• Utilities & infrastructure

• Intellectual property

• Personal data/privacy

• Integrity of contract negotiations

Cyber Risks threaten

 • National level

• Operational Level

• Board & Senior Management Level

Recognition of Cyber Risks

 

• Target Audience • Methodology

About the Study

Understanding the Risks 

• Language • Threat Vectors

• Threat Actors

• Types of Attack

• Example Attack

Issues Arising

Digital Enterprises

Mobile Devices

Cloud Computing

Standards

Legacy Systems

Information Sharing

Capacity & Skills

Emerging Best Practice

Emerging Best Practice

Governance

Information Asset

Registers

Access & Monitoring

Testing

Sharing Threat

Information

Focus

Emerging Best Practice

Conclusions 

• Start by ensuring the foundations are in place and the organisation is secure

• Build on foundations developing culture, analytics & automated threat protection

• Use Security as an Enabler to make savings and improve efficiency - security should not be a barrier

To help: 

• Suggested Review Process

• The Business Case

• Suggested Development Framework

Managing & Mitigating: 

• Holistic approach

• Part of Corporate Risk Assessment & Management Processes

• Security-by-default

• Security as an ‘enabler’, not a barrier

Managing & Mitigating: 

Information Security has never been more:

• More Important

• More complex

• More All encompassing

www.DigitalGovernmentSecurityForum.org