client confidential...client confidential thecore objectiveofthisstudy: to bring insight to the uk...

Client Confidential

Client Confidential

Client Confidential

Client Confidential

Producing guidance on cyber security best practice, including risk management

Conducting focused industry studies on cyber security risk

Facilitating a structured approach to information sharing, including risk information, incident reporting and supply chain risk information

Standardising approaches to common activities across the industry

Client Confidential

Client Confidential

The core objectiveof this study:

To bring insight to the UK Oil and Gas industry to support entitiesassisting the Oil & Gas industry to effectively balance themanagement of cyber security risk and business innovation, and,where possible, bring consistency to the approach to cybersecurity and supporting areas of investment.

Client Confidential

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

Client Confidential

Cyber Security Landscape Cyber Security Roadmap Key Challenges

Defining the current state of cyber security within the UK O&G industry. This section is broken out across three areas of focus: • The Threat Context• The Regulatory Context• Cyber Defence

The cyber security roadmap defines a set of key activities and objectives that the industry, with support from the OGTC, is delivering in the short, medium and long term.

This section details the thematic challenges seen across the industry as well as proposing ways that the OGTC can support the UK Oil and Gas Industry in managing them.

Pages 9-17 Pages 18-23 Pages 24-33

Client Confidential

Client Confidential

Client Confidential

Client Confidential

Client Confidential

Client Confidential

•

•

•

•

Client Confidential

Client Confidential

Client Confidential

•

•

••

•

•

•

•

•

•

•

•

•

Client Confidential

Client Confidential

•

•

•

Client Confidential

Client Confidential

Client Confidential

Client Confidential

Client Confidential

Client Confidential

Understanding and managing cyber risk

Securing the supply chain

Sustaining a high-performing security

team

Keeping pace with the rate of business change

Organisations struggle to determine and quantify their exposure to cyber risks. Security leaders are restricted in their ability to report on exposure to influence senior stakeholders.

Supply chains are getting bigger, more complex, and more essential to critical business processes.This trajectory is increasing cyber risk in the supply chain whilst restricting organisations’ ability tomanage those risks.

Skill gaps are present across the industry and the pipeline for future talent is not strong enough tosupport the increasing demand for theseskills.

Security is struggling to keep pace with business initiatives aimed at delivering new digital technologies

1

2

3

4

Client Confidential

•

•

•

•

•

Client Confidential

•

•

•

•

•

•

•

•

•

Proposed Solution Firs t Steps

•

•

•

Client Confidential

•

•

•

•

Client Confidential

•

•

•

•

•

•

•

•

•

Proposed Solution Firs t Steps

•

Client Confidential

•

•

•

•

•

Client Confidential

•

•

•

•

•

•

Proposed Solution Firs t Steps

•

•

•

•

•

Client Confidential

•

•

•

•

Client Confidential

•

•

Proposed Solution Firs t Steps

•

•

•

•

Client Confidential

Client Confidential

Client Confidential

Client Confidential