SlideShare a Scribd company logo

Cyber Resilience - Welcoming New Normal - Eryk

‱
‱
Eryk Budi Pratama
Eryk Budi Pratama

Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia. Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal 2 July 2020

Technology
1 of 26
Download to read offline
11 CYBER RESILIENCE Eryk B. Pratama, M.Kom, MM ISACA Student Group Universitas Kristen Satya Wacana (UKSW) Post COVID19 – Welcoming New Normal
About Me https://www.linkedin.com/in/erykbudipratama/ ❑ https://medium.com/@proferyk ❑ https://www.slideshare.net/proferyk You can subscribe to my telegram channel. â–Ș IT Advisory & Risk (t.me/itadvindonesia) â–Ș Data Privacy & Protection (t.me/dataprivid) â–Ș Komunitas Data Privacy & Protection (t.me/dataprotectionid)
Agenda 01 Introduction 02 Cyber Resilience 03 Crisis Management 04 Incident Management 05 Business Continuity Management
Introduction
Fallout of COVID-19 Pandemics Introduction Source: World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
Global Risks amidst COVID-19 Introduction Source: World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
Cybercriminals are deploying disruptive malware like ransomware against critical infrastructure and response institutions such as hospitals and medical center. There has been an increase of domains registered with the key words ‘COVID’ or ‘corona’ , to take advantage of the growing number of people searching for information about COVID-19. Threat actors are exploiting vulnerabilities of systems, networks, and applications used by businesses, governments and schools to support staff who are now working remotely Cybercriminals are creating fake websites related to COVID-19 to entice victims into opening malicious attachments or clicking phishing links, resulting in identity impersonation or illegal access to personal accounts Cyber Threat during COVID-19 Introduction Source: Interpol - Global Landscape on COVID-19 Cyber Threat Vulnerability of working from home Malicious domains Online scams and phishing Malware (Ransom and DDoS)
Lesson Learnt during COVID-19 to Prepare for the New Normal Introduction The following principles will help organizations to shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives: Focus on protecting your critical assets and services Balance risk-informed decisions during the crisis and beyond Businesses will have to prioritize resources and investments to the most essential areas to maintain operational continuity, protect the critical digital assets and ensure compliance. As business enter the new normal, they will need to reassess the digital dependencies and risks accrued to restore their risk profile to an acceptable level Update and practice your response and business continuity plans as your business transitions to the new normal This crisis has reminded business leaders of the importance to adapt and test regularly their response and resilience plans against different disaster scenarios (including pandemics) with their key suppliers and business partners Partnerships and collaborations on cyber resilience between public and private sector peers across the ecosystem are essential in facilitating the transparent sharing of information and go beyond subscription towards a more active engagement. Strengthen ecosystem-wide collaboration Resilience is first and foremost a leadership issue and is more a matter of strategy and culture than tactics. Being resilient requires the importance of the organization to absorb and recover from a cyberattack that would disrupt essential services. Foster a culture of cyber resilience
Cyber Resilience
Enterprise Resilience Cyber Resilience Source: https://home.kpmg/xx/en/home/insights/2020/04/covid-19-a-guide-to-maintaining-enterprise-resilience.html Enterprise Resilience Financial Resilience Commercial ResilienceOperational Resilience The ability to withstand the financial impact on liquidity, income and assets The ability to withstand operational shocks and continue to deliver your core business. The ability to respond to changing market and consumer pressures â–Ș Financial stress testing and forecasting â–Ș Liquidity and financing â–Ș Financial crisis response and contingency planning â–Ș Operational crisis management â–Ș People â–Ș Supply chain â–Ș Technology and data â–Ș Premises and property â–Ș Cyber and fraud risk â–Ș Markets, products and services â–Ș Customer experience and behaviors
Cyber Resilience vs Cyber Security Cyber Resilience “ Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. “ Definition: Cyber Security is about reacting. Cyber Resilience is about anticipating. This framework highlights the critical and continual actions required to achieve Cyber Resilience Cyber Security Cyber Resilience â–Ș Identify â–Ș Protect â–Ș Detect â–Ș Response â–Ș Recover Based on NIST Cybersecurity Framework â–Ș Identify â–Ș Protect â–Ș Detect â–Ș Response â–Ș Recover Emergency Response Plan Crisis Management Business Continuity Management Incident Management Integrating cyber security with enterprise resilience
Cyber Resilience Components from Cyber Security Perspective Cyber Resilience Manage & Protect â–Ș Malware protection â–Ș Information and security policies â–Ș Identity and access control â–Ș Training & Awareness â–Ș Encryption â–Ș Physical and environmental security â–Ș Patch management â–Ș Network and communications security â–Ș Systems security â–Ș Supply chain risk management Identify & Detect Respond & Recover Govern & Assure â–Ș Security monitoring â–Ș Active detection â–Ș Asset management â–Ș Incident response management â–Ș ICT continuity management â–Ș Business continuity management â–Ș Information sharing and collaboration â–Ș Comprehensive risk management program â–Ș Continual improvement process â–Ș Governance structure and processes â–Ș Board-level commitment and involvement â–Ș Internal audit â–Ș External certification/validation Change Management Enterprise Resilience Integration
Crisis Management
Definition Crisis Management Crisis Management or CM is the overall coordination of an organization's response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization's profitability, reputation, or ability to operate. During a crisis, your organization is expected to execute the crisis management plan and during a disaster, the business continuity plan. The decision-making process for the handling of the crisis or disaster is shouldered by the senior management team. The execution of the necessary crisis response and should there be a denial of access to the "people, process and infrastructure, "the recovery activities in accordance with recovery strategies and business continuity plans will be executed. Disaster Crisis “ Sudden accident or a natural catastrophe that causes great damage or loss of life “ “ Time of intense difficulty or danger ” OR “ a time when a difficult or important decision must be made ” unexpected unique largely uncontrollable Criteria
A three-tier response structure Crisis Management Corporate (Strategic) Corp Crisis Management Plan Site/Business (Strategic/Tactical) Site/Business Incident Management Plan Business Area BCM Team (Operational) Business BCP’s Incident Management Team (Operational) Site/Location Plan Communication Roles and Responsibilities CORPORATE CRISIS MANAGEMENT TEAM (GOLD CONTROL) Focus - Manage Corporate Impact SITE/BUSINESS INCIDENT MANAGEMENT TEAM (SILVER CONTROL) Implement Corporate Strategy Manage Impact on Site Manage Business Issues Impact on Strategic Business Areas INCIDENT MANAGEMENT TEAM (BRONZE CONTROL) On-scene response – Local Focus SITE BUSINESS TEAM (BRONZE CONTROL) Business as Usual – Production / Customer Service
Incident Management
Definition Incident Management What is an IT incident? An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In short, an incident is anything that interrupts business continuity. What is IT incident management? Incident management is the process of managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue. Analyst Incident Responder Digital Forensic Incident Escalation Layer 1 (L1) Layer 2 (L2) Layer 3 (L3) Incident Classification MediumHigh Low Incident Prioritization Critical High Medium Low
Incident Management Process Incident Management Incident Management process based on NIST SP 800-61
Practical Incident Management Process Incident Management Incident Logging Incident Categorization Incident Prioritization Incident Assignment Task Creation and Management SLA Management and escalation Incident Resolution Incident Closure
Business Continuity Management
Definition Business Continuity Management Business Continuity (BC) is defined by ISO 22301 as “the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident” Business Continuity Management (BCM) is defined in ISO 22301 as “an holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective(business continuity)*9responsethat safeguards the interests of its key stakeholders, reputation, brand and value creating activities”.
Incident Lifecycle in Business Continuity Context Business Continuity Management Within minutes to days: ‱ Invocation of BCP ‱ Contact staff, customers, suppliers, etc. ‱ Recovery of critical business processes ‱ Rebuild lost work-in- progress Within minutes to hours: ‱ Staff and visitors safety ‱ Damage containment/ limitation ‱ Damage assessment Within weeks to months: ‱ Damage repair/replacement ‱ Relocation to permanent place of work Timeline Incident Response Business continuity Recovery/resumption – back to normal Objective: Back-to-normal as quickly as possibleIncident
PDCA Lifecycle of BCMS Business Continuity Management Source: https://www.continuitycentral.com/OrganisationResilience.pdf
Implement BCM based on ISO 22301 Business Continuity Management ❑ Operational planning and control ❑ Business impact analysis and risk assessment ❑ Business continuity strategies and solutions ❑ Business continuity plans and procedures ❑ Exercise program ❑ Evaluation of business continuity documentation and capabilities 1. Management support 2. Identification of requirements 3. Business continuity policy and objectives 4. Support documents for management system 5. Risk assessment and treatment 6. Business impact analysis 7. Business continuity strategy 8. Business continuity plan 9. Training and awareness 10. Documentation maintenance 11. Exercising & testing 12. Post-incident reviews 13. Communication with interested parties 14. Measurement and evaluation 15. Internal audit 16. Corrective actions 17. Management review
Business Continuity Strategy Business Continuity Management Business Continuity Strategy The continuity strategy is developed to address non availability of resources on each identified critical processes by using following stages: Business Impact Analysis Recovery Options Identification Recovery Options Selection ‱ Identify critical processes ‱ Identify recovery requirement: ‱ Maximum Tolerable Period of Disruption (MTPD) / Maximum Allowable Outage (MAO) ‱ Recovery Time Objective (RTO) & Recovery Point Objective (RPO) ‱ People, IT application, facilities and vital records enabler ‱ Identify available options for: ‱ Alternative workspace ‱ Acquisition method for process enablers ‱ People, IT application, facilities and vital records enabler ‱ Determine viability of identified recovery options through assessment of availability time concern of specified resources in the options ‱ Select recovery strategy will be implemented to recover business processes
Thank You â˜ș https://medium.com/@proferyk https://www.slideshare.net/proferyk IT Advisory & Risk (t.me/itadvindonesia) Data Privacy & Protection (t.me/dataprivid) Komunitas Data Privacy & Protection (t.me/dataprotectionid)

Recommended

The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 

Recommended

The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacyrajab ssemwogerere
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011Jonathan Sinclair
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCPÂź
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)Happiest Minds Technologies
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3Aladdin Dandis
 
Qatar Proposal
Qatar ProposalQatar Proposal
Qatar ProposalAbsar Husain
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resiliencezadok001
 

More Related Content

What's hot

Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacyrajab ssemwogerere
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011Jonathan Sinclair
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 

What's hot (20)

Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
 

Similar to Cyber Resilience - Welcoming New Normal - Eryk

Qatar Proposal
Qatar ProposalQatar Proposal
Qatar ProposalAbsar Husain
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resiliencezadok001
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCiente
 
Risk Management in Supply chain management
Risk Management in Supply chain managementRisk Management in Supply chain management
Risk Management in Supply chain managementNishikant Rajeshirke
 
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecLaura Tibbo
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxjuliennehar
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205Magdalena Anna Fas
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdfDaviesParker
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...run_frictionless
 
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...LDM Global
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineGraeme Parker
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Digital strategy as a response to the New Normal
Digital strategy as a response to the New NormalDigital strategy as a response to the New Normal
Digital strategy as a response to the New NormalAPPAU_Ukraine
 
Cybersecurity Incident Management for Small and Medium-sized Businesses
Cybersecurity Incident Management for Small and Medium-sized BusinessesCybersecurity Incident Management for Small and Medium-sized Businesses
Cybersecurity Incident Management for Small and Medium-sized BusinessesCentextech
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 

Similar to Cyber Resilience - Welcoming New Normal - Eryk (20)

Qatar Proposal
Qatar ProposalQatar Proposal
Qatar Proposal
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resilience
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
 
Risk Management in Supply chain management
Risk Management in Supply chain managementRisk Management in Supply chain management
Risk Management in Supply chain management
 
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docx
 
Risk management of supply chain
Risk management of supply chainRisk management of supply chain
Risk management of supply chain
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Risks in cc
Risks in ccRisks in cc
Risks in cc
 
Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdf
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...
 
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Digital strategy as a response to the New Normal
Digital strategy as a response to the New NormalDigital strategy as a response to the New Normal
Digital strategy as a response to the New Normal
 
Cybersecurity Incident Management for Small and Medium-sized Businesses
Cybersecurity Incident Management for Small and Medium-sized BusinessesCybersecurity Incident Management for Small and Medium-sized Businesses
Cybersecurity Incident Management for Small and Medium-sized Businesses
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 

More from Eryk Budi Pratama

Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsEryk Budi Pratama
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - FundamentalEryk Budi Pratama
 
Software Development Methodology - Unified Process
Software Development Methodology - Unified ProcessSoftware Development Methodology - Unified Process
Software Development Methodology - Unified ProcessEryk Budi Pratama
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentEryk Budi Pratama
 

More from Eryk Budi Pratama (18)

Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT Skills
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - Fundamental
 
Software Development Methodology - Unified Process
Software Development Methodology - Unified ProcessSoftware Development Methodology - Unified Process
Software Development Methodology - Unified Process
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability Assessment
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Cyber Resilience - Welcoming New Normal - Eryk

  • 1. 11 CYBER RESILIENCE Eryk B. Pratama, M.Kom, MM ISACA Student Group Universitas Kristen Satya Wacana (UKSW) Post COVID19 – Welcoming New Normal
  • 2. About Me https://www.linkedin.com/in/erykbudipratama/ ❑ https://medium.com/@proferyk ❑ https://www.slideshare.net/proferyk You can subscribe to my telegram channel. â–Ș IT Advisory & Risk (t.me/itadvindonesia) â–Ș Data Privacy & Protection (t.me/dataprivid) â–Ș Komunitas Data Privacy & Protection (t.me/dataprotectionid)
  • 3. Agenda 01 Introduction 02 Cyber Resilience 03 Crisis Management 04 Incident Management 05 Business Continuity Management
  • 5. Fallout of COVID-19 Pandemics Introduction Source: World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
  • 6. Global Risks amidst COVID-19 Introduction Source: World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
  • 7. Cybercriminals are deploying disruptive malware like ransomware against critical infrastructure and response institutions such as hospitals and medical center. There has been an increase of domains registered with the key words ‘COVID’ or ‘corona’ , to take advantage of the growing number of people searching for information about COVID-19. Threat actors are exploiting vulnerabilities of systems, networks, and applications used by businesses, governments and schools to support staff who are now working remotely Cybercriminals are creating fake websites related to COVID-19 to entice victims into opening malicious attachments or clicking phishing links, resulting in identity impersonation or illegal access to personal accounts Cyber Threat during COVID-19 Introduction Source: Interpol - Global Landscape on COVID-19 Cyber Threat Vulnerability of working from home Malicious domains Online scams and phishing Malware (Ransom and DDoS)
  • 8. Lesson Learnt during COVID-19 to Prepare for the New Normal Introduction The following principles will help organizations to shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives: Focus on protecting your critical assets and services Balance risk-informed decisions during the crisis and beyond Businesses will have to prioritize resources and investments to the most essential areas to maintain operational continuity, protect the critical digital assets and ensure compliance. As business enter the new normal, they will need to reassess the digital dependencies and risks accrued to restore their risk profile to an acceptable level Update and practice your response and business continuity plans as your business transitions to the new normal This crisis has reminded business leaders of the importance to adapt and test regularly their response and resilience plans against different disaster scenarios (including pandemics) with their key suppliers and business partners Partnerships and collaborations on cyber resilience between public and private sector peers across the ecosystem are essential in facilitating the transparent sharing of information and go beyond subscription towards a more active engagement. Strengthen ecosystem-wide collaboration Resilience is first and foremost a leadership issue and is more a matter of strategy and culture than tactics. Being resilient requires the importance of the organization to absorb and recover from a cyberattack that would disrupt essential services. Foster a culture of cyber resilience
  • 10. Enterprise Resilience Cyber Resilience Source: https://home.kpmg/xx/en/home/insights/2020/04/covid-19-a-guide-to-maintaining-enterprise-resilience.html Enterprise Resilience Financial Resilience Commercial ResilienceOperational Resilience The ability to withstand the financial impact on liquidity, income and assets The ability to withstand operational shocks and continue to deliver your core business. The ability to respond to changing market and consumer pressures â–Ș Financial stress testing and forecasting â–Ș Liquidity and financing â–Ș Financial crisis response and contingency planning â–Ș Operational crisis management â–Ș People â–Ș Supply chain â–Ș Technology and data â–Ș Premises and property â–Ș Cyber and fraud risk â–Ș Markets, products and services â–Ș Customer experience and behaviors
  • 11. Cyber Resilience vs Cyber Security Cyber Resilience “ Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. “ Definition: Cyber Security is about reacting. Cyber Resilience is about anticipating. This framework highlights the critical and continual actions required to achieve Cyber Resilience Cyber Security Cyber Resilience â–Ș Identify â–Ș Protect â–Ș Detect â–Ș Response â–Ș Recover Based on NIST Cybersecurity Framework â–Ș Identify â–Ș Protect â–Ș Detect â–Ș Response â–Ș Recover Emergency Response Plan Crisis Management Business Continuity Management Incident Management Integrating cyber security with enterprise resilience
  • 12. Cyber Resilience Components from Cyber Security Perspective Cyber Resilience Manage & Protect â–Ș Malware protection â–Ș Information and security policies â–Ș Identity and access control â–Ș Training & Awareness â–Ș Encryption â–Ș Physical and environmental security â–Ș Patch management â–Ș Network and communications security â–Ș Systems security â–Ș Supply chain risk management Identify & Detect Respond & Recover Govern & Assure â–Ș Security monitoring â–Ș Active detection â–Ș Asset management â–Ș Incident response management â–Ș ICT continuity management â–Ș Business continuity management â–Ș Information sharing and collaboration â–Ș Comprehensive risk management program â–Ș Continual improvement process â–Ș Governance structure and processes â–Ș Board-level commitment and involvement â–Ș Internal audit â–Ș External certification/validation Change Management Enterprise Resilience Integration
  • 14. Definition Crisis Management Crisis Management or CM is the overall coordination of an organization's response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization's profitability, reputation, or ability to operate. During a crisis, your organization is expected to execute the crisis management plan and during a disaster, the business continuity plan. The decision-making process for the handling of the crisis or disaster is shouldered by the senior management team. The execution of the necessary crisis response and should there be a denial of access to the "people, process and infrastructure, "the recovery activities in accordance with recovery strategies and business continuity plans will be executed. Disaster Crisis “ Sudden accident or a natural catastrophe that causes great damage or loss of life “ “ Time of intense difficulty or danger ” OR “ a time when a difficult or important decision must be made ” unexpected unique largely uncontrollable Criteria
  • 15. A three-tier response structure Crisis Management Corporate (Strategic) Corp Crisis Management Plan Site/Business (Strategic/Tactical) Site/Business Incident Management Plan Business Area BCM Team (Operational) Business BCP’s Incident Management Team (Operational) Site/Location Plan Communication Roles and Responsibilities CORPORATE CRISIS MANAGEMENT TEAM (GOLD CONTROL) Focus - Manage Corporate Impact SITE/BUSINESS INCIDENT MANAGEMENT TEAM (SILVER CONTROL) Implement Corporate Strategy Manage Impact on Site Manage Business Issues Impact on Strategic Business Areas INCIDENT MANAGEMENT TEAM (BRONZE CONTROL) On-scene response – Local Focus SITE BUSINESS TEAM (BRONZE CONTROL) Business as Usual – Production / Customer Service
  • 17. Definition Incident Management What is an IT incident? An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In short, an incident is anything that interrupts business continuity. What is IT incident management? Incident management is the process of managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue. Analyst Incident Responder Digital Forensic Incident Escalation Layer 1 (L1) Layer 2 (L2) Layer 3 (L3) Incident Classification MediumHigh Low Incident Prioritization Critical High Medium Low
  • 18. Incident Management Process Incident Management Incident Management process based on NIST SP 800-61
  • 19. Practical Incident Management Process Incident Management Incident Logging Incident Categorization Incident Prioritization Incident Assignment Task Creation and Management SLA Management and escalation Incident Resolution Incident Closure
  • 21. Definition Business Continuity Management Business Continuity (BC) is defined by ISO 22301 as “the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident” Business Continuity Management (BCM) is defined in ISO 22301 as “an holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective(business continuity)*9responsethat safeguards the interests of its key stakeholders, reputation, brand and value creating activities”.
  • 22. Incident Lifecycle in Business Continuity Context Business Continuity Management Within minutes to days: ‱ Invocation of BCP ‱ Contact staff, customers, suppliers, etc. ‱ Recovery of critical business processes ‱ Rebuild lost work-in- progress Within minutes to hours: ‱ Staff and visitors safety ‱ Damage containment/ limitation ‱ Damage assessment Within weeks to months: ‱ Damage repair/replacement ‱ Relocation to permanent place of work Timeline Incident Response Business continuity Recovery/resumption – back to normal Objective: Back-to-normal as quickly as possibleIncident
  • 23. PDCA Lifecycle of BCMS Business Continuity Management Source: https://www.continuitycentral.com/OrganisationResilience.pdf
  • 24. Implement BCM based on ISO 22301 Business Continuity Management ❑ Operational planning and control ❑ Business impact analysis and risk assessment ❑ Business continuity strategies and solutions ❑ Business continuity plans and procedures ❑ Exercise program ❑ Evaluation of business continuity documentation and capabilities 1. Management support 2. Identification of requirements 3. Business continuity policy and objectives 4. Support documents for management system 5. Risk assessment and treatment 6. Business impact analysis 7. Business continuity strategy 8. Business continuity plan 9. Training and awareness 10. Documentation maintenance 11. Exercising & testing 12. Post-incident reviews 13. Communication with interested parties 14. Measurement and evaluation 15. Internal audit 16. Corrective actions 17. Management review
  • 25. Business Continuity Strategy Business Continuity Management Business Continuity Strategy The continuity strategy is developed to address non availability of resources on each identified critical processes by using following stages: Business Impact Analysis Recovery Options Identification Recovery Options Selection ‱ Identify critical processes ‱ Identify recovery requirement: ‱ Maximum Tolerable Period of Disruption (MTPD) / Maximum Allowable Outage (MAO) ‱ Recovery Time Objective (RTO) & Recovery Point Objective (RPO) ‱ People, IT application, facilities and vital records enabler ‱ Identify available options for: ‱ Alternative workspace ‱ Acquisition method for process enablers ‱ People, IT application, facilities and vital records enabler ‱ Determine viability of identified recovery options through assessment of availability time concern of specified resources in the options ‱ Select recovery strategy will be implemented to recover business processes
  • 26. Thank You â˜ș https://medium.com/@proferyk https://www.slideshare.net/proferyk IT Advisory & Risk (t.me/itadvindonesia) Data Privacy & Protection (t.me/dataprivid) Komunitas Data Privacy & Protection (t.me/dataprotectionid)