recognising the risks of cyber threats across the organisation john thornton secretary to the...

Recognising the Risks of Cyber Threats Across the Organisation

John ThorntonSecretary to the Digital Government Security Forum

 • Cyber Risks

• Findings from the recent DGSF study

• Managing and mitigating information and cyber security risks

Agenda

South Korea

Israel

The Trust Multiplier

 • Digital-by –default

• Most transformation & cost saving programmes

• Smart buildings

• Utilities & infrastructure

• Intellectual property

• Personal data/privacy

• Integrity of contract negotiations

Cyber Risks threaten

 • National level

• Operational Level

• Board & Senior Management Level

Recognition of Cyber Risks

• Target Audience • Methodology

About the Study

Understanding the Risks 

• Language • Threat Vectors

• Threat Actors

• Types of Attack

• Example Attack

Issues Arising

Digital Enterprises

Mobile Devices

Cloud Computing

Standards

Legacy Systems

Information Sharing

Capacity & Skills

Emerging Best Practice

Emerging Best Practice

Governance

Information Asset

Registers

Access & Monitoring

Testing

Sharing Threat

Information

Focus

Emerging Best Practice

Conclusions 

• Start by ensuring the foundations are in place and the organisation is secure

• Build on foundations developing culture, analytics & automated threat protection

• Use Security as an Enabler to make savings and improve efficiency - security should not be a barrier

To help: 

• Suggested Review Process

• The Business Case

• Suggested Development Framework

Managing & Mitigating: 

• Holistic approach

• Part of Corporate Risk Assessment & Management Processes

• Security-by-default

• Security as an ‘enabler’, not a barrier

Managing & Mitigating: 

Information Security has never been more:

• More Important

• More complex

• More All encompassing

www.DigitalGovernmentSecurityForum.org