Published on March 13, 2014
Cyber 24-7: Sound advice for board members, the C-Suite and non- technical executives Peter O’Dell email@example.com
Book Summary • Cyber threat is real and unpredictable • Board and C-Suite need to manage • The threat extends far beyond the IT group • Gap between management and IT • Preparation is critical to incident response • Outside partners/services key resource • Incident response must be well executed • Future threats are emerging
Who should read Cyber 24-7 • Board of Directors, C-Suite, and non-technical execs: – Understanding impact and risk – Key strategy elements – Preparation and response – Entire organizational view • IT – CSO, CIO, CISO: – Comprehend management perspective/responsibility – Understand entire scope of cyber threat – Narrow communications gap – Improve planning and response planning
Table of Contents • Chapter 1 The Cyber Problem – Where are we today? • Chapter 2: Cyber: Not your everyday risk! • Chapter 3: Leadership from the Top – Board and Executive Issues • Chapter 4: Real time Cyber Intelligence – Preparing and Prevention • Chapter 5: Attacked and Breached – Now What? • Chapter 6: Cyber Information Sharing • Chapter 7: Government Activities in Cyber • Chapter 8: Information Resources • Chapter 9: A Standardized Approach can streamline the future • Chapter 10: The Future of Cyber Security • Chapter 11: Final Conclusions • Appendix A: Sample Incident Response Checklist • Appendix B: Executive Order on Cyber and NIST Framework
Today’s Situation • Victims of our own success – incredible growth • Opportunity expands the attack surface: – Clouds linked to legacy systems – Internet of Things (IOT) means more entry points – Bring Your Own Devices (BYOD) • We’re not doing all we can: – Boards and C-Suite largely delegating/ignoring – Poor info sharing even at basic levels, not real-time – Eliminating/upgrading legacy systems – “Tone at the Top” by the board and C-Suite – Government – no legislation since 2002, poor grades
Cyber is not a Normal Risk! • Cyber defies conventional metrics – Non-quantifiable – Non-predictable – Global, not local – Can put the entire organization at complete risk • Examples of normal risks: – Weather - business interruption – Employee and customer lawsuits – Theft of a trailer full of cell phones
Executive Leadership • Set the organizational “Tone at the Top” • Responsible for oversight and priorities • The board sets the risk tolerance level • People should be vetted and monitored • Outside resources should be identified • Cross organization response should be planned and exercised • The threat is much broader than just IT issues
What to worry about today • Customer payment information - Target • Intellectual property theft – 20 year impact – Lockheed-Martin • Malicious insiders - Snowden • Critical Infrastructure attack – power, communications • Emerging threats – important to stay current • Device loss or theft – multiple scenarios
Board & C-Suite Preparation/Proactive Efforts • Set the “Tone at the Top” • Understand executive vulnerabilities • Consider a technical board member/committee • Hire the right people and partners • Detailed risk, resilience and plan review • Exercise the full plan across the enterprise
People – Critical at all Levels • Industry shortage means higher Bozo % at all levels • Validating through outside expertise • Finding, training, retaining and motivating • Standing guard 24/7 very difficult • Great can turn malicious for outside reasons • 360 degree communications for team success • Entire organization – this is not just an IT issue
Future Trends • Threat is expanding with new vulnerabilities • Mobile, Cloud, and Internet of Things (IOT) enabling new vulnerabilities • Sharing is still an under-utilized defense • Law enforcement will have to improve cross- jurisdictional investigations and prosecution • Market of services and solutions growing rapidly in response to the threat • Likely will be years before a downturn in risk
About the Author – Pete O’Dell • Current: author, board member, consultant • Past: Multiple roles, multiple industries – President of software division – Autodesk – CIO: Microwarehouse, Autodesk, UCA – COO: Online Interactive, Supertracks – Co-founded Swan Island Networks • Contact: – Peterlodell@gmail.com – Skype: Peterlodell
Canvas Prints at Affordable Prices make you smile.Visit http://www.shopcanvasprint...
30 Días en Bici en Gijón organiza un recorrido por los comercios históricos de la ...
Con el fin de conocer mejor el rol que juega internet en el proceso de compra en E...
With three established projects across the country and seven more in the pipeline,...
Retailing is not a rocket science, neither it's walk-in-the-park. In this presenta...
slideshare influenceurs cybersecurite twitter from Sentryo... ... May 24, 2016. 0 9. This post was ... © Copyright 2014 ...
Technology Tidbits: Thoughts of a Cyber Hero ... October 3, 2014. SlideShare Presentations ...
Update August 2014: Slideshare is ... July 24, 2013 at 7 ... One of my readers followed our tips and published a Slideshare presentation about cyber ...
... download mobile megatrends 2014 slideshare pdf || ... download march 2014 daily ... 2014 FIRE SHIFT CALENDAR 24 72
... RSS&vs_p=Cyber Risk Report: March ... RSS&vs_p=Cyber Risk Report: August 18-24, 2014&vs ... RSS&vs_p=Cyber Risk Report: July 7-13, 2014&vs ...
By Jason Smith on 24 ... CERT Australia has been generating STIX packages since January 2014 and ... I will describe the cyber threat ...