© CALS 2016

Congreso Bilbao – 26 a 29 de Octubre 2016

1 Classification | Public

© CALS 2016

Integration Safety – Security: A Systemic approach to GRC

Rafael Rodríguez de Cora Managing Director: Computer Aided Logistics

(CALS)

Congreso Bilbao – 26 a 29 de Octubre 2016

Classification | Public

“All that is necessary for evil to triumph is for good men to do nothing”

© CALS 2016 3 Classification | Public

Background

Ø  February 2012 – PESI – Work Group Integral Security: Concept of Integral Security as the Immune System of the Organisations

Ø  April / May 2013 – PESI – GT Security Project. Possible European Project

Ø  October 2014 – 9th International Congress of European Union for Systemics. Valencia.

Ø  September 21st, 2016 – IBM Security Summit: Establish Security as an Immune System. Cognitive Security

Ø  October 5th, 2016 – CCI Congress. Darktrace presents the Enterprise Immune System

Ø  October 26th, 2016 – We now present a Systemic Approach to Integral Security. Adapted from Systemics Congress in Valencia in 2014.

© CALS 2016

Fragmented Security

Classification | Public

© CALS 2016

New Systemic Approach – General Systems Theory

Classification | Public

Living and Non-Living Systems

Models

Everybody talks now about Ecosystems:

Corporate Ecosystem National Ecosystem

Classification | Public

© CALS 2016

Complex and interlinked Systems New Systemic Approach - Complex and Interlinked Systems

Why are we talking about security and

risks in Organizations? Example – American

Blackout –

Ten days without Electric Energy.

Progressive Impacts

Classification | Public

© CALS 2016 7 Classification | Public

New Systemic Approach – Example Accenture

© CALS 2016 Classification | Public 8

Attacks and Infections come from anywhere

© CALS 2016 Classification | Public

Interactions between Organisms and Environment

Adaptive Complex Systems

Genetics (Deterministic)

Environment Interaction (Program)

Future (Decision Taking)

RESILIENCE: Is also about adapting to the changes of environment.

Resilience is evolution

© CALS 2016

Sub-Systems of the Human Body

Classification | Public

Sub-systems for life support and for complying with objectives.

Many of them function as Control mechanisms and Risk

Management.

© CALS 2016 Classification | Public

Systems and Models – Living Systems

11

Life Support Systems

Defence & Attack Systems

Command & Control Systems (Brain)

Environment Adaptation

PAST

Objectives of the System

Deterministic

Genetics. Historic Memory Maintenance of

Infrastructures and Vital Constants

Nervous System Information and Communication

System

PRESENT

FUTURE

Intelligence Awareness and Learning

Management of Uncertainty Evolutionary Processes

Probabilistic

Unknowns

© CALS 2016

Organisations as Living Systems

12

S: System M: Membrane E: Environment

Classification | Public

© CALS 2016

GRC Concept

Classification | Public

GRC: A capability to reliably achieve objectives (Governance), while addressing uncertainty (Risk Management),

and acting with integrity (Compliance)

© CALS 2016

GRC Extended Systemic Concept

Classification | Public

G: Governance IR: Internal Risk Management MR: Membrane Risk Management ER: External Risk Management C: Compliance FA: Field of Action

© CALS 2016

Threats from Spheres – Systemic Approach

15 Classification | Public

Threats within each sphere

Threats across spheres

Why only cyber now?

© CALS 2016

Conclusions

16 Classification | Public

We think that by “copying” nature, its defence and attack mechanisms

when under threats, and its immune system, we can have hints as how to

design an integral risk management and security system for organisations,

better adapted to the circumstances, and maybe without accidental results.

IoT: Internet of Things?

Why not Intelligence of Things?

© CALS 2016

Conclusions - Integral Security

Classification | Public

Yesterday: Bring your Own Device (ByOD)

Today: Bring your Own Security (ByOS)

© CALS 2016

Organisational Chart for a Systemic Organisation

Classification | Public 18

New! New!

© CALS 2016 19

Classification | Public

Ques%ons?  

© CALS 2016

CONTACT

Computer  Aided  Logis%cs  

Velázquez  86-­‐  B  

28006  –  Madrid  

 

 Rafael  Rodríguez  de  Cora  Tel:  +34  91  432  14  15  Móvil:  +34  607  995  117  Fax:  +34  91  578  27  97  

E-­‐mail:  rrcora@calogis%cs.com  

Manuel  Ortega  Tel:  +34  91  432  14  15  

Móvil:  +34    Fax:  +34  91  578  27  97  

E-­‐mail:    @calogis%cs.com  

Classification | Public