Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
5. Fallout of COVID-19 Pandemics
Introduction
Source: World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
6. Global Risks amidst COVID-19
Introduction
Source: World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
World Economic Forum - COVID-19 Risks Outlook A Preliminary Mapping and Its Implications
7. Cybercriminals are deploying disruptive
malware like ransomware against critical
infrastructure and response institutions
such as hospitals and medical center.
There has been an increase of domains
registered with the key words âCOVIDâ or
âcoronaâ , to take advantage of the
growing number of people searching for
information about COVID-19.
Threat actors are exploiting vulnerabilities
of systems, networks, and applications
used by businesses, governments and
schools to support staff who are now
working remotely
Cybercriminals are creating fake websites
related to COVID-19 to entice victims
into opening malicious attachments or
clicking phishing links, resulting in
identity impersonation or illegal access
to personal accounts
Cyber Threat during COVID-19
Introduction
Source: Interpol - Global Landscape on COVID-19 Cyber Threat
Vulnerability
of working
from home
Malicious
domains
Online
scams and
phishing
Malware
(Ransom
and DDoS)
8. Lesson Learnt during COVID-19 to Prepare for the New Normal
Introduction
The following principles will help organizations to shape a responsible course of action that balances short-term goals
against medium- to longer-term imperatives:
Focus on protecting your critical assets and services
Balance risk-informed decisions during the crisis and beyond
Businesses will have to prioritize resources and investments to the most essential areas to maintain operational continuity,
protect the critical digital assets and ensure compliance.
As business enter the new normal, they will need to reassess the digital dependencies and risks accrued to restore their risk
profile to an acceptable level
Update and practice your response and business continuity plans as your business transitions to the new normal
This crisis has reminded business leaders of the importance to adapt and test regularly their response and resilience plans
against different disaster scenarios (including pandemics) with their key suppliers and business partners
Partnerships and collaborations on cyber resilience between public and private sector peers across the ecosystem are essential in
facilitating the transparent sharing of information and go beyond subscription towards a more active engagement.
Strengthen ecosystem-wide collaboration
Resilience is first and foremost a leadership issue and is more a matter of strategy and culture than tactics. Being resilient
requires the importance of the organization to absorb and recover from a cyberattack that would disrupt essential services.
Foster a culture of cyber resilience
10. Enterprise Resilience
Cyber Resilience
Source: https://home.kpmg/xx/en/home/insights/2020/04/covid-19-a-guide-to-maintaining-enterprise-resilience.html
Enterprise Resilience
Financial Resilience Commercial ResilienceOperational Resilience
The ability to withstand the financial
impact on liquidity, income and assets
The ability to withstand operational
shocks and continue to deliver your core
business.
The ability to respond to changing
market and consumer pressures
âȘ Financial stress testing and
forecasting
âȘ Liquidity and financing
âȘ Financial crisis response and
contingency planning
âȘ Operational crisis management
âȘ People
âȘ Supply chain
âȘ Technology and data
âȘ Premises and property
âȘ Cyber and fraud risk
âȘ Markets, products and services
âȘ Customer experience and
behaviors
11. Cyber Resilience vs Cyber Security
Cyber Resilience
â Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. â
Definition:
Cyber Security is about reacting. Cyber Resilience is about anticipating. This framework
highlights the critical and continual actions required to achieve Cyber Resilience
Cyber Security Cyber Resilience
âȘ Identify
âȘ Protect
âȘ Detect
âȘ Response
âȘ Recover
Based on NIST Cybersecurity
Framework
âȘ Identify
âȘ Protect
âȘ Detect
âȘ Response
âȘ Recover
Emergency Response Plan
Crisis Management
Business Continuity Management
Incident Management
Integrating cyber security with enterprise resilience
12. Cyber Resilience Components from Cyber Security Perspective
Cyber Resilience
Manage & Protect
âȘ Malware protection
âȘ Information and security
policies
âȘ Identity and access control
âȘ Training & Awareness
âȘ Encryption
âȘ Physical and environmental
security
âȘ Patch management
âȘ Network and
communications security
âȘ Systems security
âȘ Supply chain risk
management
Identify & Detect Respond & Recover Govern & Assure
âȘ Security monitoring
âȘ Active detection
âȘ Asset management
âȘ Incident response
management
âȘ ICT continuity
management
âȘ Business continuity
management
âȘ Information sharing and
collaboration
âȘ Comprehensive risk
management program
âȘ Continual improvement
process
âȘ Governance structure and
processes
âȘ Board-level commitment
and involvement
âȘ Internal audit
âȘ External
certification/validation
Change Management
Enterprise Resilience Integration
14. Definition
Crisis Management
Crisis Management or CM is the overall coordination of an organization's response to a crisis, in an effective,
timely manner, with the goal of avoiding or minimizing damage to the organization's profitability, reputation, or
ability to operate.
During a crisis, your organization is expected to execute the crisis management plan and during a disaster, the business
continuity plan. The decision-making process for the handling of the crisis or disaster is shouldered by the senior management
team. The execution of the necessary crisis response and should there be a denial of access to the "people, process and
infrastructure, "the recovery activities in accordance with recovery strategies and business continuity plans will be executed.
Disaster
Crisis
â Sudden accident or a natural catastrophe that causes great damage or loss of life â
â Time of intense difficulty or danger â OR
â a time when a difficult or important decision must be made â
unexpected unique largely uncontrollable
Criteria
15. A three-tier response structure
Crisis Management
Corporate
(Strategic)
Corp Crisis
Management Plan
Site/Business
(Strategic/Tactical)
Site/Business
Incident Management Plan
Business Area
BCM Team
(Operational)
Business BCPâs
Incident
Management Team
(Operational)
Site/Location Plan
Communication
Roles and Responsibilities
CORPORATE CRISIS MANAGEMENT TEAM
(GOLD CONTROL)
Focus - Manage Corporate Impact
SITE/BUSINESS INCIDENT MANAGEMENT
TEAM (SILVER CONTROL)
Implement Corporate Strategy Manage Impact on Site
Manage Business Issues Impact on Strategic Business
Areas
INCIDENT MANAGEMENT TEAM
(BRONZE CONTROL)
On-scene response â Local Focus
SITE BUSINESS TEAM
(BRONZE CONTROL)
Business as Usual â Production / Customer Service
17. Definition
Incident Management
What is an IT incident?
An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In
short, an incident is anything that interrupts business continuity.
What is IT incident management?
Incident management is the process of managing IT service disruptions and restoring services within agreed
service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and
ends with a service desk team member resolving that issue.
Analyst Incident Responder Digital Forensic
Incident Escalation
Layer 1 (L1) Layer 2 (L2) Layer 3 (L3)
Incident Classification
MediumHigh Low
Incident Prioritization
Critical High Medium Low
21. Definition
Business Continuity Management
Business Continuity (BC) is defined by ISO 22301 as
âthe capability of the organization to continue delivery of products or services at acceptable predefined levels
following a disruptive incidentâ
Business Continuity Management (BCM) is defined in ISO 22301 as
âan holistic management process that identifies potential threats to an organization and the impacts to business
operations that those threats, if realized, might cause, and which provides a framework for building organizational
resilience with the capability for an effective(business continuity)*9responsethat safeguards the interests of its key
stakeholders, reputation, brand and value creating activitiesâ.
22. Incident Lifecycle in Business Continuity Context
Business Continuity Management
Within minutes to days:
âą Invocation of BCP
âą Contact staff, customers,
suppliers, etc.
âą Recovery of critical
business processes
âą Rebuild lost work-in-
progress
Within minutes to hours:
âą Staff and visitors safety
âą Damage containment/
limitation
âą Damage assessment
Within weeks to months:
âą Damage repair/replacement
âą Relocation to permanent place of work
Timeline
Incident Response
Business continuity
Recovery/resumption â back to normal
Objective: Back-to-normal as quickly as possibleIncident
23. PDCA Lifecycle of BCMS
Business Continuity Management
Source: https://www.continuitycentral.com/OrganisationResilience.pdf
24. Implement BCM based on ISO 22301
Business Continuity Management
â Operational planning and control
â Business impact analysis and risk
assessment
â Business continuity strategies and solutions
â Business continuity plans and procedures
â Exercise program
â Evaluation of business continuity
documentation and capabilities
1. Management support
2. Identification of requirements
3. Business continuity policy and objectives
4. Support documents for management system
5. Risk assessment and treatment
6. Business impact analysis
7. Business continuity strategy
8. Business continuity plan
9. Training and awareness
10. Documentation maintenance
11. Exercising & testing
12. Post-incident reviews
13. Communication with interested parties
14. Measurement and evaluation
15. Internal audit
16. Corrective actions
17. Management review
25. Business Continuity Strategy
Business Continuity Management
Business Continuity Strategy
The continuity strategy is developed to address non availability of resources on each identified critical processes by using following stages:
Business Impact
Analysis
Recovery Options
Identification
Recovery Options
Selection
âą Identify critical processes
âą Identify recovery requirement:
âą Maximum Tolerable Period of Disruption (MTPD) / Maximum Allowable Outage (MAO)
âą Recovery Time Objective (RTO) & Recovery Point Objective (RPO)
âą People, IT application, facilities and vital records enabler
âą Identify available options for:
âą Alternative workspace
âą Acquisition method for process enablers
âą People, IT application, facilities and vital records enabler
âą Determine viability of identified recovery options through
assessment of availability time concern of specified
resources in the options
âą Select recovery strategy will be implemented to recover
business processes