SlideShare a Scribd company logo

Latest Trends in Cyber Security

Defence and Security Accelerator
Defence and Security Accelerator

The document discusses the Defence Cyber Protection Partnership (DCPP) and its efforts to improve cyber security. It summarizes trends in cyber security breaches from a 2014 survey, noting costs have increased significantly for small businesses. The DCPP works to share threat information, set cyber security measurements and standards, and raise supply chain awareness. It also details the DCPP Cyber Security Model which mandates risk management and brings about cultural and policy changes to ensure contracts include proportionate security requirements. Pilots of the model found it was generally supported but some changes were needed based on feedback.

Technology
1 of 9
Download to read offline
Defence Cyber Protection Partnership Daniel Selman Cyber Industry Deputy Head ISS DAIS CDE Innovation Network event: 30 September 2014, Glasgow
The Latest Trends in Cyber Security Information Security Breaches Survey (2014) – Trends  Small Businesses (< 50 Staff)  % of respondents that had a breach  Average number of breaches in year  Cost of worst breach of the year  Overall cost of security breaches 2013 2014 £65k £115k “The average cost of the worst breach suffered has gone up significantly particularly for small businesses – it’s nearly doubled over the last year.”
3
DCPP ENABLING WORK Information Sharing • Reducing adversaries’ window of opportunity by:- • Timely sharing of information across industry and government – some of it sensitive Measurements & Standards • Providing clarity in terms of where we are and where we need to get to by: • Defining the proportionate and practical cyber security standards required in all defence contracts Supply Chain Awareness • Raising awareness of cyber security by: • Briefing a common message and surveying readiness
Proportionate Security into the Procurement Lifecycle The DCPP Cyber Security Model’s (CSM’s) principles involved are:  To mandate Cyber Security Risk Management  To bring about a cultural change – top-down, policy change (primarily affecting all new contracts placed)  To risk-assess all supplies (including services) so that a proportionate level of security is routinely requested by acquirers  To ensure that all contracts include clear, appropriate cyber security requirements  To ensure that acquirers assess their aggregated risk through active monitoring of their own and suppliers’ on-going compliance to contracted security requirements
Cyber Security Risk Management in Procurement DCPP CSM Key Points:  It mandates organisational Security Risk Management  Security Risk Assessments (by default)  Contracts include proportionate security requirements  Suppliers’ security reporting evidence routinely assessed  Based on ISO27001:2013 and HMG requirements and controls  Based on a maturity model, not a pass/fail test  Incorporates Cyber Essential Scheme (CES) requirements  Has been developed in collaboration (MOD, Industry, Advisory)  Has been tested by Pilots involving both Primes and SMEs
DCPP CSM Pilots - Criteria Confirm the process is simple to follow and identify any areas of concern Confirm the questions are clear and easily understood and identify any areas of concern Confirm hypothesis that CES is subset of DCPP CSM (identify gaps/overlaps) Understand level of effort, skills required and identify commercial issues Determine level of automation / tool support required
Pilots Feedback • Good engagement from all projects • Broad support for the aims of the Cyber Security Model • Useful comments on both the approach and specific questions • Feedback being collated and analysed to understand what changes are needed • Initial conclusions – tweaks needed to the question sets, bit more thinking required on how to manage the burden on supply chain and MOD alike
FURTHER ADVICE General Cyber Security Advice and Guidance:  Check your organisation and your IT service provider(s) against HMG’s “10 Steps to Cyber Security” (search www.cesg.gov.uk or www.gov.uk)  BIS Cyber Essentials Scheme (search www.gov.uk)  Ask your information security staff to join Cyber Security Information Sharing Partnership (CISP) to access threat information (www.cisp.org.uk)  Access Technology Strategy Board’s voucher scheme for funding to improve cyber security (Search https://vouchers.innovateuk.org, closing date: 23 July 2014)  CERT UK (www.cert.gov.uk)  CPNI (www.cpni.gov.uk/advice/cyber)  CESG (www.cesg.gov.uk) Defence Sector Specific Advice  Ask for advice: ADS, techUK, Primes, trade associations

Recommended

Utility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance CapabilitiesUtility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance CapabilitiesBooz Allen Hamilton
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskSkybox Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 

Recommended

Utility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance CapabilitiesUtility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance CapabilitiesBooz Allen Hamilton
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskSkybox Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Hernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler, MBA CPA
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGovernment Technology and Services Coalition
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...Citrin Cooperman
 
5 Steps To Masterminding An Effective Security Awareness Program
5 Steps To Masterminding An Effective Security Awareness Program5 Steps To Masterminding An Effective Security Awareness Program
5 Steps To Masterminding An Effective Security Awareness ProgramTerranova Security
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistTripwire
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Nabil Malik - Security performance metrics
Nabil Malik - Security performance metricsNabil Malik - Security performance metrics
Nabil Malik - Security performance metricsnooralmousa
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Six Degrees Aegis - What's your cybersecurity maturity score?
Six Degrees Aegis - What's your cybersecurity maturity score?Six Degrees Aegis - What's your cybersecurity maturity score?
Six Degrees Aegis - What's your cybersecurity maturity score?Six Degrees
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
Cyber security training for Non-IT Staff
Cyber security training for Non-IT StaffCyber security training for Non-IT Staff
Cyber security training for Non-IT StaffRajneesh G
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessEversheds Sutherland
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information securityJisc
 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
 

More Related Content

What's hot

Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...Citrin Cooperman
 
5 Steps To Masterminding An Effective Security Awareness Program
5 Steps To Masterminding An Effective Security Awareness Program5 Steps To Masterminding An Effective Security Awareness Program
5 Steps To Masterminding An Effective Security Awareness ProgramTerranova Security
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistTripwire
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Nabil Malik - Security performance metrics
Nabil Malik - Security performance metricsNabil Malik - Security performance metrics
Nabil Malik - Security performance metricsnooralmousa
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Six Degrees Aegis - What's your cybersecurity maturity score?
Six Degrees Aegis - What's your cybersecurity maturity score?Six Degrees Aegis - What's your cybersecurity maturity score?
Six Degrees Aegis - What's your cybersecurity maturity score?Six Degrees
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 

What's hot (17)

Hernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO Nordics
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...
 
5 Steps To Masterminding An Effective Security Awareness Program
5 Steps To Masterminding An Effective Security Awareness Program5 Steps To Masterminding An Effective Security Awareness Program
5 Steps To Masterminding An Effective Security Awareness Program
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & Checklist
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Security metrics
Security metrics Security metrics
Security metrics
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Nabil Malik - Security performance metrics
Nabil Malik - Security performance metricsNabil Malik - Security performance metrics
Nabil Malik - Security performance metrics
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Six Degrees Aegis - What's your cybersecurity maturity score?
Six Degrees Aegis - What's your cybersecurity maturity score?Six Degrees Aegis - What's your cybersecurity maturity score?
Six Degrees Aegis - What's your cybersecurity maturity score?
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 

Viewers also liked

Cyber security training for Non-IT Staff
Cyber security training for Non-IT StaffCyber security training for Non-IT Staff
Cyber security training for Non-IT StaffRajneesh G
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessEversheds Sutherland
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information securityJisc
 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
 
Supply chain management Collaboration
Supply chain management CollaborationSupply chain management Collaboration
Supply chain management Collaborationbosp1
 

Viewers also liked (6)

Cyber security training for Non-IT Staff
Cyber security training for Non-IT StaffCyber security training for Non-IT Staff
Cyber security training for Non-IT Staff
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information security
 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
 
Supply chain management Collaboration
Supply chain management CollaborationSupply chain management Collaboration
Supply chain management Collaboration
 

Similar to Latest Trends in Cyber Security

The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationNUS-ISS
 
Cybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfCybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfDaveNjoga1
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd Iaetsd
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWithum
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicCloudHesive
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
 

Similar to Latest Trends in Cyber Security (20)

9 September 2014: Cyber Security Model
9 September 2014: Cyber Security Model 9 September 2014: Cyber Security Model
9 September 2014: Cyber Security Model
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
Cybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfCybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdf
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems using
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
Cisco
CiscoCisco
Cisco
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 

More from Defence and Security Accelerator

DASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade PresentationDASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade PresentationDefence and Security Accelerator
 
DASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office PresentationDASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office PresentationDefence and Security Accelerator
 
Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...Defence and Security Accelerator
 
DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017Defence and Security Accelerator
 
27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposal27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposalDefence and Security Accelerator
 
27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator 27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator Defence and Security Accelerator
 
CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...Defence and Security Accelerator
 
Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...Defence and Security Accelerator
 

More from Defence and Security Accelerator (20)

DASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade PresentationDASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade Presentation
 
DASA Security Showcase - UK Fire Service Presentation
DASA Security Showcase - UK Fire Service Presentation DASA Security Showcase - UK Fire Service Presentation
DASA Security Showcase - UK Fire Service Presentation
 
DASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office PresentationDASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office Presentation
 
DASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA PresentationDASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA Presentation
 
DASA Security Showcase - Bank of England Presentation
DASA Security Showcase - Bank of England PresentationDASA Security Showcase - Bank of England Presentation
DASA Security Showcase - Bank of England Presentation
 
Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...
 
DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017
 
27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposal27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposal
 
27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator 27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator
 
Improving crowd resilience themed competition slides
Improving crowd resilience themed competition slidesImproving crowd resilience themed competition slides
Improving crowd resilience themed competition slides
 
Accelerator First Innovation Fund network event Session 1
Accelerator First Innovation Fund network event Session 1Accelerator First Innovation Fund network event Session 1
Accelerator First Innovation Fund network event Session 1
 
CDE themed comp -syn-bio part 2
CDE themed comp -syn-bio part 2CDE themed comp -syn-bio part 2
CDE themed comp -syn-bio part 2
 
CDE themed comp - synbio part 1
CDE themed comp - synbio part 1CDE themed comp - synbio part 1
CDE themed comp - synbio part 1
 
Beyond battery power: future autonomy
Beyond battery power: future autonomy Beyond battery power: future autonomy
Beyond battery power: future autonomy
 
CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...
 
Beyond battery power - CDE themed competition part 2
Beyond battery power - CDE themed competition part 2Beyond battery power - CDE themed competition part 2
Beyond battery power - CDE themed competition part 2
 
Beyond battery power - CDE themed competition part 1
Beyond battery power - CDE themed competition part 1Beyond battery power - CDE themed competition part 1
Beyond battery power - CDE themed competition part 1
 
Beyond battery power - how the competition will work
Beyond battery power - how the competition will workBeyond battery power - how the competition will work
Beyond battery power - how the competition will work
 
Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...
 
CDE Competition on FASS - technology challenge 1
CDE Competition on FASS - technology challenge 1CDE Competition on FASS - technology challenge 1
CDE Competition on FASS - technology challenge 1
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Latest Trends in Cyber Security

  • 1. Defence Cyber Protection Partnership Daniel Selman Cyber Industry Deputy Head ISS DAIS CDE Innovation Network event: 30 September 2014, Glasgow
  • 2. The Latest Trends in Cyber Security Information Security Breaches Survey (2014) – Trends  Small Businesses (< 50 Staff)  % of respondents that had a breach  Average number of breaches in year  Cost of worst breach of the year  Overall cost of security breaches 2013 2014 £65k £115k “The average cost of the worst breach suffered has gone up significantly particularly for small businesses – it’s nearly doubled over the last year.”
  • 3. 3
  • 4. DCPP ENABLING WORK Information Sharing • Reducing adversaries’ window of opportunity by:- • Timely sharing of information across industry and government – some of it sensitive Measurements & Standards • Providing clarity in terms of where we are and where we need to get to by: • Defining the proportionate and practical cyber security standards required in all defence contracts Supply Chain Awareness • Raising awareness of cyber security by: • Briefing a common message and surveying readiness
  • 5. Proportionate Security into the Procurement Lifecycle The DCPP Cyber Security Model’s (CSM’s) principles involved are:  To mandate Cyber Security Risk Management  To bring about a cultural change – top-down, policy change (primarily affecting all new contracts placed)  To risk-assess all supplies (including services) so that a proportionate level of security is routinely requested by acquirers  To ensure that all contracts include clear, appropriate cyber security requirements  To ensure that acquirers assess their aggregated risk through active monitoring of their own and suppliers’ on-going compliance to contracted security requirements
  • 6. Cyber Security Risk Management in Procurement DCPP CSM Key Points:  It mandates organisational Security Risk Management  Security Risk Assessments (by default)  Contracts include proportionate security requirements  Suppliers’ security reporting evidence routinely assessed  Based on ISO27001:2013 and HMG requirements and controls  Based on a maturity model, not a pass/fail test  Incorporates Cyber Essential Scheme (CES) requirements  Has been developed in collaboration (MOD, Industry, Advisory)  Has been tested by Pilots involving both Primes and SMEs
  • 7. DCPP CSM Pilots - Criteria Confirm the process is simple to follow and identify any areas of concern Confirm the questions are clear and easily understood and identify any areas of concern Confirm hypothesis that CES is subset of DCPP CSM (identify gaps/overlaps) Understand level of effort, skills required and identify commercial issues Determine level of automation / tool support required
  • 8. Pilots Feedback • Good engagement from all projects • Broad support for the aims of the Cyber Security Model • Useful comments on both the approach and specific questions • Feedback being collated and analysed to understand what changes are needed • Initial conclusions – tweaks needed to the question sets, bit more thinking required on how to manage the burden on supply chain and MOD alike
  • 9. FURTHER ADVICE General Cyber Security Advice and Guidance:  Check your organisation and your IT service provider(s) against HMG’s “10 Steps to Cyber Security” (search www.cesg.gov.uk or www.gov.uk)  BIS Cyber Essentials Scheme (search www.gov.uk)  Ask your information security staff to join Cyber Security Information Sharing Partnership (CISP) to access threat information (www.cisp.org.uk)  Access Technology Strategy Board’s voucher scheme for funding to improve cyber security (Search https://vouchers.innovateuk.org, closing date: 23 July 2014)  CERT UK (www.cert.gov.uk)  CPNI (www.cpni.gov.uk/advice/cyber)  CESG (www.cesg.gov.uk) Defence Sector Specific Advice  Ask for advice: ADS, techUK, Primes, trade associations