© CALS 2016
Congreso Bilbao – 26 a 29 de Octubre 2016
1 Classification | Public
© CALS 2016
Integration Safety – Security: A Systemic approach to GRC
Rafael Rodríguez de Cora Managing Director: Computer Aided Logistics
(CALS)
Congreso Bilbao – 26 a 29 de Octubre 2016
Classification | Public
“All that is necessary for evil to triumph is for good men to do nothing”
© CALS 2016 3 Classification | Public
Background
Ø February 2012 – PESI – Work Group Integral Security: Concept of Integral Security as the Immune System of the Organisations
Ø April / May 2013 – PESI – GT Security Project. Possible European Project
Ø October 2014 – 9th International Congress of European Union for Systemics. Valencia.
Ø September 21st, 2016 – IBM Security Summit: Establish Security as an Immune System. Cognitive Security
Ø October 5th, 2016 – CCI Congress. Darktrace presents the Enterprise Immune System
Ø October 26th, 2016 – We now present a Systemic Approach to Integral Security. Adapted from Systemics Congress in Valencia in 2014.
© CALS 2016
Fragmented Security
Classification | Public
© CALS 2016
New Systemic Approach – General Systems Theory
Classification | Public
Living and Non-Living Systems
Models
Everybody talks now about Ecosystems:
Corporate Ecosystem National Ecosystem
Classification | Public
© CALS 2016
Complex and interlinked Systems New Systemic Approach - Complex and Interlinked Systems
Why are we talking about security and
risks in Organizations? Example – American
Blackout –
Ten days without Electric Energy.
Progressive Impacts
Classification | Public
© CALS 2016 7 Classification | Public
New Systemic Approach – Example Accenture
© CALS 2016 Classification | Public 8
Attacks and Infections come from anywhere
© CALS 2016 Classification | Public
Interactions between Organisms and Environment
Adaptive Complex Systems
Genetics (Deterministic)
Environment Interaction (Program)
Future (Decision Taking)
RESILIENCE: Is also about adapting to the changes of environment.
Resilience is evolution
© CALS 2016
Sub-Systems of the Human Body
Classification | Public
Sub-systems for life support and for complying with objectives.
Many of them function as Control mechanisms and Risk
Management.
© CALS 2016 Classification | Public
Systems and Models – Living Systems
11
Life Support Systems
Defence & Attack Systems
Command & Control Systems (Brain)
Environment Adaptation
PAST
Objectives of the System
Deterministic
Genetics. Historic Memory Maintenance of
Infrastructures and Vital Constants
Nervous System Information and Communication
System
PRESENT
FUTURE
Intelligence Awareness and Learning
Management of Uncertainty Evolutionary Processes
Probabilistic
Unknowns
© CALS 2016
Organisations as Living Systems
12
S: System M: Membrane E: Environment
Classification | Public
© CALS 2016
GRC Concept
Classification | Public
GRC: A capability to reliably achieve objectives (Governance), while addressing uncertainty (Risk Management),
and acting with integrity (Compliance)
© CALS 2016
GRC Extended Systemic Concept
Classification | Public
G: Governance IR: Internal Risk Management MR: Membrane Risk Management ER: External Risk Management C: Compliance FA: Field of Action
© CALS 2016
Threats from Spheres – Systemic Approach
15 Classification | Public
Threats within each sphere
Threats across spheres
Why only cyber now?
© CALS 2016
Conclusions
16 Classification | Public
We think that by “copying” nature, its defence and attack mechanisms
when under threats, and its immune system, we can have hints as how to
design an integral risk management and security system for organisations,
better adapted to the circumstances, and maybe without accidental results.
IoT: Internet of Things?
Why not Intelligence of Things?
© CALS 2016
Conclusions - Integral Security
Classification | Public
Yesterday: Bring your Own Device (ByOD)
Today: Bring your Own Security (ByOS)
© CALS 2016
Organisational Chart for a Systemic Organisation
Classification | Public 18
New! New!
© CALS 2016 19
Classification | Public
Ques%ons?
© CALS 2016
CONTACT
Computer Aided Logis%cs
Velázquez 86-‐ B
28006 – Madrid
Rafael Rodríguez de Cora Tel: +34 91 432 14 15 Móvil: +34 607 995 117 Fax: +34 91 578 27 97
E-‐mail: rrcora@calogis%cs.com
Manuel Ortega Tel: +34 91 432 14 15
Móvil: +34 Fax: +34 91 578 27 97
E-‐mail: @calogis%cs.com
Classification | Public