2. About iCIO
www.ciocummunity.org
Become a premiere community of IT leaders and decision makers that provides the
trusted knowledge, resources peer-to-peer collaboration to enable you to become a
more effective leader, driving personal and organizational results.
5. New trends
emerge
Innovative start-ups
create disruptive
business models
Early adopters
embrace the new models
Advanced incumbents
begin to adopt
Mainstream
customers adopt
Laggard
incumbents
drop off
Tipping
point
Time
• Continual
Connectivity
• Organization
Velocity
• Deluge of Data
Source: McKinsey Quarterly May 2014 – Strategic principles for competing in the digital age
Drive the Digital Vision
CMO
33%
38%
2%
8%
10%
CEO
CIO
CDO
CSO
Source: Forrester-Accenture 2015
and address security risks
7. Black Markets
Underground Networks Set the Value of Information
Source: * Verizon 2014 Data Breach Investigation Report
** Oracle-Verizon 2015, Securing Information in the New Digital Economy
14%
18%
27%
29%
34%
Bank
Secrets
Internal
Payment
Variety of at risk data within
insider misuse*
Fresh credit card data $ 20-25
Stale credit card data $ 2-7
Medical record $ 50
Hijacked email account $ 10-100
Bank account credentials $ 10-1,000
Pricelist for
stolen
information**
8. Strategic Principles
Business Model: digital footprints,
revenue generators, crown jewels
and risk vulnerabilities
Break or Bend: withstand and
recover rapidly from disruptions
Maginot Line: you are only as
strong as your weakest link
Incorporate into Crisis
Management procedures
Ability to continuously deliver the intended outcome despite adverse cyber events,
connecting Information Security, Business Continuity and Organization Resilience.
9. Process, Policy, and Governance: CIRT, CIA
Technical Controls and Audit
Common Operating Environment
Identify
Protect
Detect
Respond
Recover
The Crown Jewels
Framework and Protection System
BSI PAS
DHS CRR
NIST CSF
ISO 27001
10. Lessons Learned
Advocate at CEO Level
Cyber Hygiene: culture and behavior,
more than just technology
Periodic campaigns and socialization
Segregate system to localize possible
damages
Qualify 3rd Party Services
Manage digital debris
11. There are only two types of companies:
those that have been hacked,
and those that will be.
Robert Mueller
FBI Director, 2012
Thank You
@aguswicaksono Agus Wicaksono agusw@chevron.com http://aguswicaksono.blogspot.com