Upload File

the journey to cyber resilience...the journey to cyber resilience in march 2019, the fca published a...

  • Home
  • Documents
  • THE JOURNEY TO CYBER RESILIENCE...THE JOURNEY TO CYBER RESILIENCE In March 2019, the FCA published a report on cyber resilience within financial services, based upon work conducted
1
THE JOURNEY TO CYBER RESILIENCE In March 2019, the FCA published a report on cyber resilience within financial services, based upon work conducted through the regulator’s sector-specific ‘cyber coordination groups’ (CCGs). These groups aim to improve the cyber security practices within the sectors most crucial to the UK economy. The FCA report provides firms with an outline of cyber resilience best practice, giving them an effective framework within which they can better defend against the increasing threat of cyber crime. Working with cyber security specialists at Gadhia Consultants and taking onboard the guidance of both the FCA’s CCGs and the National Institute of Standards and Technology (USA), we have outlined an ideal “journey to cyber resilience”. If your firm is looking to protect its assets, your customers and your reputation, there is no better time to start than right now, and no better place to start than Gadhia Consultants are able to review, assure and even write cyber- security strategy. In-depth knowledge of regulatory structures and expectations will ensure your firm sets off on the right footing towards compliance. GOOD GOVERNANCE BE AWARE RESPOND AND RECOVER PROTECT YOUR ASSETS Ensure leadership and all staff are educated about cyber risk Create a strategy for managing cyber security Protect your most critical data and systems with the strongest defences Invest in employee training and strong encryption Understand the information you hold and who has access Understand what “normal” looks like allowing you to detect anomalies Deploy contingency resource to manage customer contact Learn from the breach and deploy counter measures Understanding all potential risks and threats is paramount to defence. We know the landscape, and what could be lurking around the corner. We can be your guide. Understand and audit the information assets that need to be protected Use “business impact analysis” to map out what business services need special protection, prioritised by how critical they are Map out what “normal” looks like in your day-to-day operations To bounce back quickly from an attack, firms need to gather accurate data and deploy contingency resource to respond to customer contact and ensure business continuity Be prepared to be grilled by regulators – you need to be able to prove your firm had appropriate defences in place Learn from the breach by performing root cause analysis, then deploy counter-measures to prevent the issue occurring again Use an “enterprise risk management” approach to share knowledge of cyber risk within your firm Ensure leadership is educated about cyber risk and that the Board puts plans in place to maintain operational and business resilience Present management information in a clear way GOOD GOVERNANCE BE AWARE YOU NEED TO: Know who’s who – tie users to accounts through “access management processes” Identify users with privileged access Monitor network and user behaviour Collect the logs most relevant to your business Apply strong access controls Review and seek assurance that your log sources are working as intended 1 2 6 3 5 4 Integrate cyber security policies, standards, procedures and controls into the change management process Layer protections so that the most critical data and systems are protected by the strongest defences Invest in employee training and strong encryption Perform penetration tests and ‘war game’ breach scenarios Seek independent assurance on your security arrangements Test plausible scenarios Make recovery decisions before incidents occur Review information from previous incidents Train staff on necessary skills or bring in specialist consultants to assist 1 2 3 4 Specialist consultants will be able to stress test your operations and even organise "war game" scenarios to test defences. Though you can't transfer responsibility for cyber security to a third party, trained resource can be deployed to bolster your cyber security operations. PROTECT YOUR ASSETS YOU NEED TO: DON’T TRANSFER RESPONSIBILITY FOR CYBER SECURITY TO A THIRD PARTY GOOD GOVERNANCE By bringing in expert security consultants, you will be able to quickly identify the weak links that led to the data breach and implement solutions that will prevent it happening again. We can also help you prepare for post-event interviews with the regulator, providing you with the confidence and evidence needed for success. Huntswood’s resourcing capability can also rapidly deploy contingency resource to help you manage the influxes in customer contact that tend to follow a cyber security incident. right here.

Upload: others

Post on 30-Jul-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: THE JOURNEY TO CYBER RESILIENCE...THE JOURNEY TO CYBER RESILIENCE In March 2019, the FCA published a report on cyber resilience within financial services, based upon work conducted

THE JOURNEY TO CYBER RESILIENCE In March 2019, the FCA published a

report on cyber resilience within financial

services, based upon work conducted

through the regulator’s sector-specific

‘cyber coordination groups’ (CCGs). These

groups aim to improve the cyber security

practices within the sectors most crucial

to the UK economy.

The FCA report provides firms with an

outline of cyber resilience best practice,

giving them an effective framework within

which they can better defend against the

increasing threat of cyber crime.

Working with cyber security specialists at

Gadhia Consultants and taking onboard

the guidance of both the FCA’s CCGs and

the National Institute of Standards and

Technology (USA), we have outlined an

ideal “journey to cyber resilience”.

If your firm is looking to protect its assets,

your customers and your reputation,

there is no better time to start than right

now, and no better place to start than

Gadhia Consultants are able to review, assure and even write cyber- security strategy. In-depth knowledge of regulatory structures and expectations will ensure your firm sets off on the right footing towards compliance.

GOOD GOVERNANCE

BE AWARE

RESPONDAND RECOVER

PROTECT YOUR ASSETS

Ensure leadership and all staff are educated about cyber risk

Create a strategy for managing cyber security

Protect your most critical data and systems with the

strongest defences

Invest in employee training and strong encryption

Understand the information you hold and who has

access

Understand what “normal” looks like allowing you to

detect anomalies

Deploy contingency resource to manage customer contact

Learn from the breach and deploy counter measures

Understanding all potential risks and threats is paramount to defence. We know the landscape, and what could be lurking around the corner. We can be your guide.

Understand and audit the information assets that need to be protected

Use “business impact analysis” to map out what business services need special protection, prioritised by how critical they are

Map out what “normal” looks like in your day-to-day operations

To bounce back quickly from an attack, firms need to gather accurate data and deploy contingency resource to respond to customer contact and ensure business continuity

Be prepared to be grilled by regulators – you need to be able to prove your firm had appropriate defences in place

Learn from the breach by performing root cause analysis, then deploy counter-measures to prevent the issue occurring again

Use an “enterprise risk management” approach to share knowledge of cyber risk within your firm

Ensure leadership is educated about cyber risk and that the Board puts plans in place to maintain operational and business resilience

Present management information in a clear way

GOOD GOVERNANCE

BE AWARE

YOU NEED

TO: Know who’s who – tie users to accounts through “access management processes”

Identify users with privileged access

Monitor network and user behaviour

Collect the logs most relevant to your business

Apply strong access controls

Review and seek assurance that your log sources are working as intended

1

2

6

3

5

4

Integrate cyber security policies, standards, procedures and controls into the change management process

Layer protections so that the most critical data and systems are protected by the strongest defences

Invest in employee training and strong encryption

Perform penetration tests and ‘war game’ breach scenarios

Seek independent assurance on your security arrangements

Test plausible scenarios

Make recovery decisions before incidents occur

Review information from previous incidents

Train staff on necessary skills or bring in specialist consultants to assist

1

2

3

4

Specialist consultants will be able to stress test your operations and even organise "war game" scenarios to test defences. Though you can't transfer responsibility for cyber security to a third party, trained resource can be deployed to bolster your cyber security operations.

PROTECT YOUR

ASSETS

YOU NEED

TO:

DON’T TRANSFER RESPONSIBILITY

FOR CYBER SECURITY TO A THIRD PARTY

GOOD GOVERNANCE

By bringing in expert security consultants, you will be able to quickly identify the weak links that led to the data breach and implement solutions that will prevent it happening again.

We can also help you prepare for post-event interviews with the regulator, providing you with the confidence and evidence needed for success.

Huntswood’s resourcing capability can also rapidly deploy contingency resource to help you manage the influxes in customer contact that tend to follow a cyber security incident.

right here.

Achieve cyber resilience - pwccn.com

Cyber Resilience Guide · 2021. 2. 11. · 02 Cyber Resilience is rarely incorporated into an organization’s vision, values and business strategy. 03 Cyber Resilience is not often

How to achieve cyber resilience

A Manifesto for Cyber Resilience

Enhancing business resilience: Transforming cyber risk

Cyber Resilience - Whose Problem Is It?

Cyber Security & Cyber Resilience Framework Workshop€¦ · Title: Cyber Security & Cyber Resilience Framework Workshop Author: Pravesh Moon (IT\ITRC) Created Date: 7/31/2019 12:09:56

Cyber Risk Assessment to Empower Cyber Insurance Markets... · and resilience associated with underwriting cyber liabilities • Improve the resilience of infrastructure to known

Symantec cyber-resilience

Achieving Cyber Resilience | Accenture

IMPROVING CYBER RESILIENCE IN EASTERN PARTNERSHIP …

What is cyber resilience? - web-oup.s3-us-gov-west-1 ... · documentary data, gathering survey responses. Is it cybersecurity or cyber resilience? Cyber security Cyber resilience

Resilience Plan Develop Your Cyber...Develop Your Cyber Resilience Plan A four-part framework can help you create an eective cyber resilience plan to minimize damage and sustain operations

MUNTINLUPA’S JOURNEY TOWARDS RESILIENCE

POINT OF VIEW From cyber security to operational resilience · 2019-02-15 · 3 The financial services sector is embarking on the journey from cyber security to operational resilience

Building Cyber Resilience

DWP Cyber Resilience Centre

Shift Toward Dynamic Cyber Resilience

Cyber Resilience Summit Briefing

Unclassified - AFCEA International · Unclassified Unclassified 4 Cyber Resilience Strategy Cyber resilience is the Navy’s long-term strategy CYBER RESILIENCY APPROACH Cyber situational

Cyber Physical Resilience

Considerations for Improving Cyber Resilience and Security Cyber... · Considerations for Improving Cyber Resilience and Security ... • Resilience only has meaning in the context

Cyber resilience: Health check · 2015-04-15 · Cyber resilience: Health check . March 2015 . About this report This report highlights the importance of cyber resilience to ASIC’s

SPECIAL REPORT Cyber Resiliency in the Fourth Industrial ... · The path to cyber resilience Cyber breaches happen. That is the new reality. However, with cyber resilience, organizations

Resilience for Weapon System Cyber Defense€¦ · Resilience and Cyber Resilience ... capabilities) operations to achieve a specific outcome in political, military, economic, etc

Cyber Resilience Simon Onyons Financial Stability – Resilience Team 1

Cyber Resilience Toolkit - Business Gateway€¦ · The Cyber Resilience Journey Page 7 Cyber resilience is a journey and every business will be at a different stage of maturity

Cyber-Resilience - CCS Media

Cyber and Operational Risk: Building Cyber Resilience

CYBER RESILIENCE ASSESSMENT FRAMEWORK

CISO Primer: to Building Cyber-Resilience...CISO Primer: 5 Steps to Building Cyber-Resilience Cyber-resilience is the ability of an enterprise to limit the impact of security incidents

02 Cyber Resilience 10

Cyber Security & Cyber Resilience Framework …...Title Cyber Security & Cyber Resilience Framework Workshop Author Pravesh Moon (IT\ITRC) Created Date 7/31/2019 12:09:56 PM

Establishing Cyber Resilience

DHS Cyber Security & Resilience Resources: