IT Service Management (ITSM) works with all areas of the cyber resilience chain from information owners to end users, business sponsors and security specialists. The organization’s critical information assets sit on services owned and run by ITSM on behalf of the business.
Adapting to the new cyber reality starts with building personal knowledge and skills, then moving to organization wide culture, collaboration and responsibility. More and more organizations are looking to step up their cyber resilience. IT training and consulting organizations can help your clients build up their capabilities.
With RESILIA, AXELOS Cyber Resilience Best Practice, you can help organizations make the best of ITSM and Cyber Resilience.
6. AXELOS - GLOBAL BEST PRACTICE6
...and the impactsThe response...
“I’m tied in for another year with these
people that can’t manage data properly. I
don’t want to stay with this company giving
them my money”
TalkTalk customer
“TalkTalk hit by customer backlash – legal
claims over cyberattack”
Sunday Times lead article: 25 October
“Experts estimate the debacle could cost
TalkTalk up to £75m in lost revenues and
other costs”
Sunday Times: 25 October
We need to Talk Talk
“Cyber crime is the crime of our generation”
“With the benefit of hindsight, were we doing
enough? Well, you’ve got to say we weren’t
and obviously we will be looking back and
reviewing that extremely seriously”
Asked by the BBC whether customers’ bank
details had been encrypted by TalkTalk, she
said: “the awful truth is, I don’t know”.
Dido Harding, CEO, TalkTalk
7. AXELOS - GLOBAL BEST PRACTICE7
The risks
$4.2 trillion
estimated value of the
internet economy in G20
economies by 2016
The opportunities
94%of businesses with 10+
employees are online
936 exabytesgrowth in global internet
traffic from 2005-2015
13.5% to 23%
projected rise in consumer
purchases made over the
internet from 2010-2016
4.1%of GDP contributed
by internet
$445 billion
cost of cyber-crime to the
global economy per year
44%increase in cyber attacks.
That’s 1.4 successful
attacks per organization
per week
95%of all security incidents
involve human error
3000
companies had been
victims of cyber attacks in
2013
$145average cost paid for each
lost or stolen file
containing sensitive or
confidential information
Opportunity and Risk
8. AXELOS - GLOBAL BEST PRACTICE8
Getting the balance right
PREVENT DETECT CORRECT
PEOPLE PROCESS TECHNOLOGY
RISK OPPORTUNITY
9. AXELOS - GLOBAL BEST PRACTICE9
A familiar situation of ownership
This is a little story about four people named Everybody, Somebody, Anybody, and Nobody.
There was an important job to be done and Everybody was sure that Somebody would do it.
Anybody could have done it, but Nobody did it.
Somebody got angry about that because it was Everybody's job.
Everybody thought that Anybody could do it, but Nobody realized that Everybody wouldn't do it.
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.
10. 10 AXELOS - GLOBAL BEST PRACTICE COMMERCIAL IN CONFIDENCE
“We set security standards and policy;
we expect everyone to stick to these
and we will check compliance”
Risk Information Security
“We flagged the information is
sensitive and needs protecting –
so go and do that”
Information owners
“We own the services – but we
don’t have the detailed technical
knowledge to do everything”
IT delivery & Dev teams
“We have risk and security
teams; if they want to bring
risks or investment cases to us
we will look at them”
Board / Leadership team
Cyber: who’s problem is it?
11. AXELOS - GLOBAL BEST PRACTICE11
Roles and Responsibilities
Further reading:
Cyber Resilience Best
Practice section 9: Roles
and Responsibilities
Governance
* Board / audit
* Information owners
Leadership & management
* Risk & security
management
* IT strategy and services
Delivery
* IT service delivery
* Process owners
13. AXELOS - GLOBAL BEST PRACTICE13
Building collaboration
Start at home: IT and service
management
1
• Large team, diverse skills
• Engaged with all areas of the
organization
• Build common language and
knowledge
• Manage the business value:
Opportunities & Risk balance
Further reading:
Cyber Resilience Best
Practice guide and
Pocket Guide
14. AXELOS - GLOBAL BEST PRACTICE14
Building collaboration
Specialist skills: Information Security
2
• Small team, extended network
• Specialist technical knowledge
and skills
• Help enable everyone to do the
operational basics
Further reading:
Cyber Resilience and
ITSM – white paper
15. AXELOS - GLOBAL BEST PRACTICE15
Building collaboration
Setting the tone: Board and Leadership
team
3
• Business opportunity and risk –
not detail
• Personal responsibility and
reputation
• Sponsors for organization wide
collaboration
Further reading:
Mind the Information
Gap: Non-Executive
Directors – white paper
16. AXELOS - GLOBAL BEST PRACTICE16
Building collaboration
Understanding the value: Information
owners
4
• Understand the value of
information – and the risks
• Provide structure on quantifying
risk
Further reading:
Cyber Resilience Pocket
Guide
17. AXELOS - GLOBAL BEST PRACTICE17
Building collaboration
Everyone is involved: IT users and staff
5
• By far the largest risk – 90% of
incidents
• Balance of security and usability
– Opportunity & Risk
• People are more adaptable than
technology or process
• Proactive culture change
18. AXELOS - GLOBAL BEST PRACTICE18
What does good look like?
Bringing it together
19. AXELOS - GLOBAL BEST PRACTICE19
Lifecycle management
Further reading:
Cyber Resilience Best
Practice guide
20. AXELOS - GLOBAL BEST PRACTICE20
Questions to ask…
1. Do you know what your critical information assets are – and who has
responsibility for them?
2. Is everyone involved in cyber resilience?
3. Are you prepared for when a successful attack comes?
21. AXELOS - GLOBAL BEST PRACTICE21
RESILIA portfolio
Best Practice Guide
Core practical guidance for strategy,
implementation and management or
effective cyber resilience
Individual Awareness
Learning & Know-howAll IT users and staff across an
organization
IT and Security teams and
Membership
& CPDFoundation and
Practitioner community
Leadership
EngagementBoard and leadership teams
Pathway Tool
IT, Security and Risk
decision makers
Foundation
& Practitioner
Training
22. AXELOS - GLOBAL BEST PRACTICE22
Questions and thoughts?
Dan Cole
RESILIA Product Lead
E: dan.cole@axelos.com