O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
CRI Extract from "Cyber Lessons from the Front lines"
Cyber Executive Briefing
Presenter: Paul C Dwyer
CEO – Cyber Risk International
Date: September 25th 2014
IDC Security Event - Ireland
Paul C Dwyer
Paul C Dwyer is an internationally recognised information security expert with over
two decades experience and serves as President of ICTTF International Cyber
Threat Task Force and Co Chairman of the UK NCA National Crime Agency Industry
Group. A certified industry professional by the International Information Systems
Security Certification Consortium (ISC2) and the Information System Audit &
Control Association (ISACA) and selected for the IT Governance Expert Panel.
Paul is a world leading Cyber Security GRC authority. He has been an advisor to
Fortune 500 companies including law enforcement agencies, military (NATO) and
recently advised DEFCOM UK at Westminster Parliament.
He has worked and trained with organisations such as the US Secret Service,
Scotland Yard, FBI, National Counter Terrorism Security Office (MI5), is approved by
the National Crime Faculty and is a member of the High Tech Crime Network
Paul C Dwyer CEO
Cyber Risk International
THE CYBER WORLD AND
THE PHYSICAL ARE INTEGRATED
Who’s a Target?
• Chinese 12th Five-Year Plan, Seven Priority Industries
– New energy
– Life sciences
– Next generation IT
– Energy conservation and environment protection
– High-end equipment manufacturing
– New materials
– New-energy vehicle (NEVs)
• Other targets
– Legal disputes
– M&A and negotiations
– Government policy and defense
– Defamation or human rights advocacy
Cyber Risks for You
• Tangible Costs
– Loss of funds
– Damage to Systems
– Regulatory Fines
– Legal Damages
– Financial Compensation
• Intangible Costs
– Loss of competitive advantage (Stolen IP)
– Loss of customer and/or partner trust
– Loss of integrity (compromised digital assets)
– Damage to reputation and brand
Quantitative vs. Qualitative
Regulatory and Legal
EU Data Privacy Directive
European Convention on
Responsibility – Convention Cybercrime
All organisations need to be aware of the Convention’s provisions in article 12,
‘ensure that a legal person can be held liable where the lack of supervision or
control by a natural person…has made possible the commission of a criminal
offence established in accordance with this Convention’.
In other words, directors can be responsible for offences committed by their
organisation simply because they failed to adequately exercise their duty of care.
Cyber is a Strategic Issue
How do cyber attacks affect, policies,
industry, business decisions?
What kind of policies, procedures and
business models do we need?
How can we solve our security
problems with technology?
Board Room Discussion
•Loss of market share and reputation
•Legal Exposure CEO
•Fines and Criminal Charges
•Financial Loss CFO/COO
•Loss of data confidentiality, CIO integrity and/or availability
CHRO •Violation of employee privacy
•Loss of customer trust
•Loss of brand reputation CMO
Increasingly companies are appointing CRO’s and CISO’s with a direct line to the audit committee.
Further Cyber Tips
• Awareness at C-Suite Level
• Recognition you will be attacked
• Understand what are the biggest threats
• Understand which assets are at greatest risk
• Well balanced cyber defence – no such things as 100% secure
• Agree risk appetite – exposure - metrics
• Good Intel
• Mix processes prevention, detection and response