SlideShare a Scribd company logo

Why implement a robust cyber security policy?

Download as PPTX, PDF
Jisc
Jisc

A presentation from the Jisc security conference 2018, but Dr Ken Thomson, principal and chief executive, Forth Valley College

Technology
1 of 22
Why implement a robust cyber security policy? Dr Ken Thomson principal and chief executive, Forth Valley College
Operational Downtime and Recovery Period Long Lasting Reputational Damage Severe Financial Cost Impact Cyber Attack For “Why” ask “What is the Damage” Then ask “how?”
What if… Impact of a DDOS attack on the College • Research places a network outage as costing on average £3,300 per minute. This is the equivalent of the annual funding to the College for 1 full time student EVERY MINUTE • Average length of attack at a Scottish College is 21 minutes, equating to £70,000 • Loss of external links means loss of contact with external stakeholders, including potential new applicants via the College website • All levels of teaching interrupted from BCS ECDL courses to Degree level provision • Depending on timing, could impact on processing student funding or staff salary payments impacting relationships internally
What if… The College suffered a Phishing/Malware attack? • Loss of control of business critical infrastructure, information and/or IP • Loss of access to affected network drive until restored • Impact on staff time to restore affected network drive • If information taken from College systems – • Reputational damage and loss of trust • Potential legal action against the College (Information Commissioner or private individuals)
Cyber Mitigation It’s not all digital • Complacency can be the biggest threat to an organisation. The Cyber environment is constantly evolving and you must evolve with it • There can be a temptation to just throw money at the problem of Cyber Security with the latest software protections and kit • While important, all your efforts are only as effective as the weakest link in your armour which research shows is almost always • People
How Implement a Robust Cyber Security Policy?
Cyber Mitigation Policies and Strategies • Robust IT Security Policy • Creative Learning & Technologies Strategy • People Strategy • Enhancing the digital skills and cyber awareness of staff
Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
DDOS Phreaker Malware Phisher Click Jacking Cybernetic Symbiosis Shoulder Surfer Patching Fake Access Point Hacker Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
How do we treat health and safety? Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
Hello! I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Your password from ken.thomson@forthvalley.ac.uk on moment of crack: hu11city Of course you can will change your password, or already made it. But it doesn't matter, my rat software update it every time……………….. Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
Protecting your Infrastructure • Invest in a secure firewall • Up to date anti-virus and malware protection • Deploy security patches timeously • Regular vulnerability scans and action results Cyber Mitigation
External Scrutiny and help/advice • Cyber Essentials accreditation • External audit • JISC Review • Penetration Testing • JISC expertise on cyber resilience • Member of Cyber Security Information Sharing Partnership (early warning of cyber threats and secure exchange of information) • Member of Scottish Colleges Information Leadership Group (sharing of knowledge and good practice) Cyber Mitigation
Dealing with the impact • You must recognise that, even with all the preparations in place within your organisation, a sufficiently skilled/persistent attacker will get through • Structure your network to implement isolation and cut off impacted sections and prevent spread • Effective and robust business continuity plan in place and tested to facilitate recovery to normal operations • Build resilience to your network – multiple routes to the outside world Cyber Mitigation
Dealing with the impact • You must recognise that, even with all the preparations in place within your organisation, a sufficiently skilled/persistent attacker will get through • Structure your network to implement isolation and cut off impacted sections and prevent spread • Effective and robust business continuity plan in place and tested to facilitate recovery to normal operations • Build resilience to your network – multiple routes to the outside world Cyber Mitigation
Ultimately, cybersecurity is definitely a FVC Panda
Thank you

Recommended

Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communicationSnapComms
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crainsegughana
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelSURFnet
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To CloudMichael Yung
 

Recommended

Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communicationSnapComms
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crainsegughana
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelSURFnet
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To CloudMichael Yung
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
DataShepherd Security
DataShepherd SecurityDataShepherd Security
DataShepherd SecurityJason Newell
 
PACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPace IT at Edmonds Community College
 
Security On Demand by NBSecurity Srl
Security On Demand by NBSecurity SrlSecurity On Demand by NBSecurity Srl
Security On Demand by NBSecurity SrlAntonio Fiorito
 
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...raymurphy9533
 
2011 ADC Security Survey—Global Findings
2011 ADC Security Survey—Global Findings 2011 ADC Security Survey—Global Findings
2011 ADC Security Survey—Global Findings F5 Networks
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Crew
 
Charity Winkler
Charity WinklerCharity Winkler
Charity WinklerCharity Winkler
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusLumension
 
A closer look at CTF challenges
A closer look at CTF challengesA closer look at CTF challenges
A closer look at CTF challengesDNIF
 
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Michele Marius
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationExpressworks International
 
Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 Consulting
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
S bailey resume
S bailey resumeS bailey resume
S bailey resumeSherry D. Bailey
 
Jason r mc kinney halfday
Jason r mc kinney halfdayJason r mc kinney halfday
Jason r mc kinney halfdayJason Mckinney-Halfday
 
Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization Gross, Mendelsohn & Associates
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 

More Related Content

What's hot

IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
DataShepherd Security
DataShepherd SecurityDataShepherd Security
DataShepherd SecurityJason Newell
 
Security On Demand by NBSecurity Srl
Security On Demand by NBSecurity SrlSecurity On Demand by NBSecurity Srl
Security On Demand by NBSecurity SrlAntonio Fiorito
 
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...raymurphy9533
 
2011 ADC Security Survey—Global Findings
2011 ADC Security Survey—Global Findings 2011 ADC Security Survey—Global Findings
2011 ADC Security Survey—Global Findings F5 Networks
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Crew
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusLumension
 
A closer look at CTF challenges
A closer look at CTF challengesA closer look at CTF challenges
A closer look at CTF challengesDNIF
 
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Michele Marius
 
Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 Consulting
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization Gross, Mendelsohn & Associates
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 

What's hot (20)

IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
DataShepherd Security
DataShepherd SecurityDataShepherd Security
DataShepherd Security
 
PACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related Concepts
 
Security On Demand by NBSecurity Srl
Security On Demand by NBSecurity SrlSecurity On Demand by NBSecurity Srl
Security On Demand by NBSecurity Srl
 
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray M...
 
2011 ADC Security Survey—Global Findings
2011 ADC Security Survey—Global Findings 2011 ADC Security Survey—Global Findings
2011 ADC Security Survey—Global Findings
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
 
Charity Winkler
Charity WinklerCharity Winkler
Charity Winkler
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
 
A closer look at CTF challenges
A closer look at CTF challengesA closer look at CTF challenges
A closer look at CTF challenges
 
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
 
Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness Program
 
S bailey resume
S bailey resumeS bailey resume
S bailey resume
 
Jason r mc kinney halfday
Jason r mc kinney halfdayJason r mc kinney halfday
Jason r mc kinney halfday
 
Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 

Similar to Why implement a robust cyber security policy?

Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmcanpaksolutions04
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
KnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfKnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfahmad661583
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Understanding the Importance of Security Testing in Safeguarding Your Digital...
Understanding the Importance of Security Testing in Safeguarding Your Digital...Understanding the Importance of Security Testing in Safeguarding Your Digital...
Understanding the Importance of Security Testing in Safeguarding Your Digital...Afour tech
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers Precisely
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
 
Why SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsWhy SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsThe TNS Group
 
How to Protect Your Business from Cyberattacks.pptx
How to Protect Your Business from Cyberattacks.pptxHow to Protect Your Business from Cyberattacks.pptx
How to Protect Your Business from Cyberattacks.pptxRohit kumar
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Shield Your Data: Master Cyber Security Essentials
Shield Your Data: Master Cyber Security EssentialsShield Your Data: Master Cyber Security Essentials
Shield Your Data: Master Cyber Security EssentialsFutureSkills Prime
 

Similar to Why implement a robust cyber security policy? (20)

Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber security
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmm
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
KnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfKnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdf
 
mille2.pptx
mille2.pptxmille2.pptx
mille2.pptx
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
 
Understanding the Importance of Security Testing in Safeguarding Your Digital...
Understanding the Importance of Security Testing in Safeguarding Your Digital...Understanding the Importance of Security Testing in Safeguarding Your Digital...
Understanding the Importance of Security Testing in Safeguarding Your Digital...
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
 
How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Why SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsWhy SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPs
 
How to Protect Your Business from Cyberattacks.pptx
How to Protect Your Business from Cyberattacks.pptxHow to Protect Your Business from Cyberattacks.pptx
How to Protect Your Business from Cyberattacks.pptx
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Shield Your Data: Master Cyber Security Essentials
Shield Your Data: Master Cyber Security EssentialsShield Your Data: Master Cyber Security Essentials
Shield Your Data: Master Cyber Security Essentials
 

More from Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

More from Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Recently uploaded

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Why implement a robust cyber security policy?

  • 1. Why implement a robust cyber security policy? Dr Ken Thomson principal and chief executive, Forth Valley College
  • 2. Operational Downtime and Recovery Period Long Lasting Reputational Damage Severe Financial Cost Impact Cyber Attack For “Why” ask “What is the Damage” Then ask “how?”
  • 3. What if… Impact of a DDOS attack on the College • Research places a network outage as costing on average £3,300 per minute. This is the equivalent of the annual funding to the College for 1 full time student EVERY MINUTE • Average length of attack at a Scottish College is 21 minutes, equating to £70,000 • Loss of external links means loss of contact with external stakeholders, including potential new applicants via the College website • All levels of teaching interrupted from BCS ECDL courses to Degree level provision • Depending on timing, could impact on processing student funding or staff salary payments impacting relationships internally
  • 4. What if… The College suffered a Phishing/Malware attack? • Loss of control of business critical infrastructure, information and/or IP • Loss of access to affected network drive until restored • Impact on staff time to restore affected network drive • If information taken from College systems – • Reputational damage and loss of trust • Potential legal action against the College (Information Commissioner or private individuals)
  • 5. Cyber Mitigation It’s not all digital • Complacency can be the biggest threat to an organisation. The Cyber environment is constantly evolving and you must evolve with it • There can be a temptation to just throw money at the problem of Cyber Security with the latest software protections and kit • While important, all your efforts are only as effective as the weakest link in your armour which research shows is almost always • People
  • 6. How Implement a Robust Cyber Security Policy?
  • 7.
  • 8.
  • 9. Cyber Mitigation Policies and Strategies • Robust IT Security Policy • Creative Learning & Technologies Strategy • People Strategy • Enhancing the digital skills and cyber awareness of staff
  • 10. Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
  • 11. DDOS Phreaker Malware Phisher Click Jacking Cybernetic Symbiosis Shoulder Surfer Patching Fake Access Point Hacker Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
  • 12. Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
  • 13. How do we treat health and safety? Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
  • 14. Hello! I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Your password from ken.thomson@forthvalley.ac.uk on moment of crack: hu11city Of course you can will change your password, or already made it. But it doesn't matter, my rat software update it every time……………….. Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
  • 15. Preparing People • Effective training for your staff • De-mystifying cyber threats • Sense of ownership across the organisation – not just an IT issue! • Staff have awareness of cyber threats and bear this in mind when developing/reviewing systems • Raise awareness of staff to enable them to recognise a threat • Educate staff to be aware of digital risks in both their work and personal life Cyber Mitigation
  • 16. Protecting your Infrastructure • Invest in a secure firewall • Up to date anti-virus and malware protection • Deploy security patches timeously • Regular vulnerability scans and action results Cyber Mitigation
  • 17. External Scrutiny and help/advice • Cyber Essentials accreditation • External audit • JISC Review • Penetration Testing • JISC expertise on cyber resilience • Member of Cyber Security Information Sharing Partnership (early warning of cyber threats and secure exchange of information) • Member of Scottish Colleges Information Leadership Group (sharing of knowledge and good practice) Cyber Mitigation
  • 18. Dealing with the impact • You must recognise that, even with all the preparations in place within your organisation, a sufficiently skilled/persistent attacker will get through • Structure your network to implement isolation and cut off impacted sections and prevent spread • Effective and robust business continuity plan in place and tested to facilitate recovery to normal operations • Build resilience to your network – multiple routes to the outside world Cyber Mitigation
  • 19.
  • 20. Dealing with the impact • You must recognise that, even with all the preparations in place within your organisation, a sufficiently skilled/persistent attacker will get through • Structure your network to implement isolation and cut off impacted sections and prevent spread • Effective and robust business continuity plan in place and tested to facilitate recovery to normal operations • Build resilience to your network – multiple routes to the outside world Cyber Mitigation
  • 21. Ultimately, cybersecurity is definitely a FVC Panda