Escolar Documentos
Profissional Documentos
Cultura Documentos
roadmap
Agenda
• Introduction
• Andrew Burke - Chief Technology Officer, Empired
• Sven Ross - Chief Executive Officer, Diamond Cyber
• Mark Blower - National Business Manager – Networks and Security, Empired
• Why are we vulnerable to a cyber attack?
• What can we do to mitigate the threat?
• How the threat landscape is changing
• How Empired can help
• Free offering and competition
• Questions
2
Introduction
5
What is hacking?
Compromise
No compromise
Efficiency
This is why a realistic threat
should dictate defensive
spend, and why defensive
efficiency (strategy) is
important
2. Weaponisation
Couple exploit with
Advanced backdoor into a payload.
3. Delivery
• Targeted, coordinated, Delivery of exploit to victim.
Create • Identify a framework to reference cyber control definitions (NIST, COBIT, ISO 27001, CIS-CSC)
Current State • Develops a Current Profile by indicating what cyber controls currently exist in the business
• Determine the maturity of controls
Profile
• Assessment is guided by the organisation’s overall risk management process or previous risk
Conduct Risk assessment activities.
• Analyse the operational environment in order to discern the likelihood of a cybersecurity event
Assessment and the impact that the event could have on the organisation.
• Identify the Most Likely and Most Dangerous threat scenario’s which could occur.
Cyber program development
• Create a Target Profile that focuses on the assessment of the identified Controls describing the
Create Target organisation’s desired cybersecurity outcomes
State Profile • Consider influences and requirements of external stakeholders such as sector entities, customers,
and business partners when creating a Target Profile
Determine & • Compare the Current Profile and the Target Profile to determine gaps
Prioritise • Create a prioritised action plan to address those gaps that draws upon mission drivers, a
cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile
Gaps • Determine resources necessary to address the gaps`
Implement • Determine which actions to take in regards to the gaps, if any, identified in the previous step
Action Plan • Monitor the cybersecurity practices against the Target Profile
Cyber program development – Core Functions
Identify
• Identify the components of your business that require
protection and how this is achieved.
• Implement process and technology to protect your
information assets.
• Build capability to detect when an attack may occur, is Recover Protect
occurring or has occurred.
• Establish people, process and technology to respond to
cyber incidents.
• Create a cyber resilient business that is capable of
recovering from cyber incidents.
Respond Detect
17
How the threat landscape is changing