a view on cyber security
DESCRIPTION
A view on cyber security: Commenting on the UK government’s “ten steps to cyber security” advice (http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1120-10-steps-to-cyber-security-executive). Presentation to students at the University College of London studying for MSc in Human Computer Interaction (sociotechnical systems and the future of work, soft systems methodology).TRANSCRIPT
A view on cyber security
Image source: Ministry of Defence: http://www.flickr.com/photos/defenceimages/6892189807/
Commenting on the UK government’s “ten steps to cyber security” advicehttp://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1120-10-steps-to-cyber-security-executive
@markwilsonit
Imag
e ©
John
Cas
sidy
Hea
dsho
ts/M
ark
Wils
on. A
ll rig
hts
Rese
rved
Image source: CA Technologies: http://www.flickr.com/photos/cainc/6690581435/
Last year it was BYOD…
“Cyber”“Cyberspace”“Cyber security”
Image source: Ministry of Defence: http://www.flickr.com/photos/defenceimages/6892189807/
Cybermen?
Image source: BBC: http://www.bbc.co.uk/doctorwho/classic/gallery/cybermen/6t_12.shtml
People switch off
Image source: Andrew Huff: http://www.flickr.com/photos/deadhorse/367716072/
Not just the CIO’s problem
Image source: The_Warfield: http://www.flickr.com/photos/the_warfield/4992455554/
10 steps
Image source: Seite-3: http://www.flickr.com/photos/seite-3/437418799/
Home and mobile working
Image source: Simon Collison: http://www.flickr.com/photos/collylogic/5739130295/
Home and mobile working“Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.”
User education and awareness
Image source: Kaptain Kobold: http://www.flickr.com/photos/kaptainkobold/5181464194/
User education and awareness“Produce user security policies covering acceptable use of the organisation’s systems. Establish a staff training programme. Maintain user awareness of the cyber risks.”
Incident Management
Image source: kenjonbro: http://www.flickr.com/photos/kenjonbro/6289681274/
Incident Management“Establish an incident management response and disaster recovery capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.”
Information Risk Management Regime
Image source: Aidan Morgan: http://www.flickr.com/photos/aidanmorgan/5589187752/
Information Risk Management Regime“Establish an effective governance structure and determine your risk appetite – just like you would for any other risk. Maintain the Board’s engagement with the cyber risk. Produce supporting information risk management policies.”
Managing User Privileges
Image source: Angus Kingston: http://www.flickr.com/photos/kingo/4051530414/
Managing user privileges“Establish account management processes and limit the number of privileged accounts. Limit user privileges monitor user activity. Control access to activity and audit logs.”
Removable Media Controls
Image source: Thana Thaweeskulchai: http://www.flickr.com/photos/sparkieblues/3971234819/
Removable Media Controls“Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to corporate system.”
Monitoring
Image source: Bun Lovin’ Criminal: http://www.flickr.com/photos/myxi/4129235610/
Monitoring“Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.”
Secure Configuration
Image source: brunotto: http://www.flickr.com/photos/brunauto/4359223723/
Secure configuration “Apply security patches and ensure that the secure configuration of all ICT systems is maintained. Create a system inventory and define a baseline build for all ICT devices.”
Malware Protection
Image source: Martin Cathrae: http://www.flickr.com/photos/suckamc/271222157/
Malware Protection“Produce relevant policy and establish anti-malware defences that are applicable and relevant to all business areas. Scan for malware across the organisation.”
Network Security
Image source: photosteve101: http://www.flickr.com/photos/42931449@N07/6088751332/
Network Security “Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access and malicious content. Monitor and test security controls.”
In summary
Image source: UK Government: http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1120-10-steps-to-cyber-security-executive
CThis work is licensed under a Creative Commons Licence.
For further details, please visit http://creativecommons.org/licenses/by-nc-nd/2.0/uk/
cbnd
© 2013, Mark Wilson.Some rights reserved.