SlideShare una empresa de Scribd logo

CTO-CybersecurityForum-2010-Mark-Oram

S
segughana
Tecnología
1 de 15
Descargar para leer sin conexión
Information Infrastructure Protection
Role of the CPNI The Centre for the Protection of National Infrastructure is the recognised UK government authority for protective security advice to the National Infrastructure. It protects national security through: • Minimising risk to the National Infrastructure; by • Delivering authoritative advice; to • Reduce the vulnerability of the National Infrastructure to terrorist and other threats.
The N i Th National Infrastructure (NI): lI f (NI) Telecommunications Energy E Finance Government & Public Services Water Health Emergency Services Transport Food Delivering D li i essential services to ti l i t the citizen Not everything is critical Each sector is different
Protecting the NI: Our Strategic Approach •Impact driven •Vulnerability focused •Threat informed •Under pinned by: p y Tripartite Relationship International angle Research and Technology Programme
The Th Old Approach to Criticality A h t C iti lit •‘CNI’ means different things to different people. •Only ‘catalogue’ was f EKP (S O l ‘ t l ’ for EKPs (Supers, 1 2 ) 1s, 2s). •Focus on the site, not the service. •Old fashioned language. language •EKPs did not cover critical networks & systems. •Criteria different across sectors. •Insufficient account taken of non-’critical’ infrastructure.
Updating the Meaning of C iti lit U d ti th M i f Criticality •Focus on delivery of ‘critical services’, including information infrastructure infrastructure. •Scale from 5 (most critical) down to 0. •Cat 5 = Supers; Cat 4 = EKP 1s; etc. •Common approach for sites and critical networks. •Categories 3 – 5 likely to represent ‘critical’ national infrastructure. •Foundation for prioritisation of advice and resources.
Criticality Scales Definition Example 5 Catastrophic Loss of > 20% of national gas supply for > 24 hours 4 Severe Loss of electricity for > 1m consumers for > 18 hours 3 Substantial Loss of water for > 100k consumers > 3 days 2 Significant Disruption to payment settlement systems for up to 12 hours 1 Moderate Local disruption to emergency services p g y 0 Minor
Criticality sc cale 1 2 3 4 5 Communic cations Emer rgency Se ervices E Energy Fi inance Food NI Sectors Gover rnment Health Criticality Scale Tran nsport Water Th Critical Threshold h ld
CPNI Knowledge Development Integrated advice… PHYSICAL SECURITY …to reduce INFORMATION vulnerability in y SECURITY the national infrastructure PERSONNEL SECURITY & BEHAVIOURAL ASSESSMENT
Advice D li Ad i Delivery External Inputs Processes Outputs Outcomes factors Contest C t t2 Prioritisation f P i iti ti of Focused F d Reduced R d d Terrorism resources consultancy vulnerability in National Risk CNI Espionage Assessment Advice delivery Better plans products & Shaped IA Strategy services environment CNI Self Knowledge: assessment Better skilled •Threats advisers Requirement •Sectors setting Performance management •Technology R&D Programme •People Training •Criticalities Information •Vulnerabilities sharing
Information Exchanges Transport Sector Pharmaceuticals Industry 28 Representatives 12 Representatives 18 Companies 7 Companies Managed Service Providers Finance Sector 36 Representatives 54 Representatives 23 Companies 34 Companies TSIE PIIE MSPIE FSIE Northern Ireland Aerospace/Defence Crossover 32 Representatives 26 Representatives NIXIE CPNI ADMIE 17 Companies 14 Companies Information SCADA Exchanges SCSIE 77 Representatives Space Industries SPIIE 37 Companies 10 Representatives 7 Companies WSIE NSIE Water S W t Security it VIE SRIE VSIE 40 Representatives Network Security 27 Representatives 18 Companies 15 Companies Security Researchers Vendor S V d Security i 12 Exchanges 23 Representatives 30 Representatives 15 Companies 15 Companies 220 Companies
Building Trust •Flourishes i small groups with th same members. It i Fl i h in ll ith the b is personal. •Start small and grow – you can’t easily shrink a group. •Trust and value grow together but needs investment and an understanding of incentives. •Regular face to face contact works best Other options best. are teleconferences and “meetings outside of meetings”. Trust will only develop if all members contribute.
Extranet
CPNI Website
THANK YOU

Recomendados

'Knowledge Transfer 2.0'
'Knowledge Transfer 2.0''Knowledge Transfer 2.0'
'Knowledge Transfer 2.0'JISC BCE
 
Complying With Conflict Minerals One Page Italy
Complying With Conflict Minerals One Page ItalyComplying With Conflict Minerals One Page Italy
Complying With Conflict Minerals One Page Italyggiacoma
 
Is SCA aligned?
Is SCA aligned?Is SCA aligned?
Is SCA aligned?globalsdr
 
Fleet Management Technology Summit
Fleet Management Technology SummitFleet Management Technology Summit
Fleet Management Technology SummitAshleyRowe
 
Father's day 2011
Father's day 2011Father's day 2011
Father's day 2011Brian Salisbury
 
Learning Center Results 2009
Learning Center Results 2009Learning Center Results 2009
Learning Center Results 2009Lindamood-Bell Learning Processes
 
AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011Procontent.Ru Magazine
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carrsegughana
 

Recomendados

'Knowledge Transfer 2.0'
'Knowledge Transfer 2.0''Knowledge Transfer 2.0'
'Knowledge Transfer 2.0'JISC BCE
 
Complying With Conflict Minerals One Page Italy
Complying With Conflict Minerals One Page ItalyComplying With Conflict Minerals One Page Italy
Complying With Conflict Minerals One Page Italyggiacoma
 
Is SCA aligned?
Is SCA aligned?Is SCA aligned?
Is SCA aligned?globalsdr
 
Fleet Management Technology Summit
Fleet Management Technology SummitFleet Management Technology Summit
Fleet Management Technology SummitAshleyRowe
 
Father's day 2011
Father's day 2011Father's day 2011
Father's day 2011Brian Salisbury
 
Learning Center Results 2009
Learning Center Results 2009Learning Center Results 2009
Learning Center Results 2009Lindamood-Bell Learning Processes
 
AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011Procontent.Ru Magazine
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carrsegughana
 
Risk Management_Consulting Industry
Risk Management_Consulting IndustryRisk Management_Consulting Industry
Risk Management_Consulting IndustryAtul Singh
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
North Amercian LNG Exports
North Amercian LNG ExportsNorth Amercian LNG Exports
North Amercian LNG Exportsalaskalng
 
Fast Tracking Innovation to Market
Fast Tracking Innovation to MarketFast Tracking Innovation to Market
Fast Tracking Innovation to MarketCybera Inc.
 
Cirque du Soleil Business Proposal
Cirque du Soleil Business ProposalCirque du Soleil Business Proposal
Cirque du Soleil Business Proposalagsdiamond
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Deloitte Presentation Team4 Final1
Deloitte Presentation Team4 Final1Deloitte Presentation Team4 Final1
Deloitte Presentation Team4 Final1miller2ah
 
Bluegrass Entrepreneur Study
Bluegrass Entrepreneur StudyBluegrass Entrepreneur Study
Bluegrass Entrepreneur Studyrestum
 
Transforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingTransforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingICJIA Webmaster
 
Policy-making for digital development: the role of the government
Policy-making for digital development: the role of the governmentPolicy-making for digital development: the role of the government
Policy-making for digital development: the role of the governmentIsmael Peña-López
 
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)MAPexpo 2012 - James Griffin & Greg Daniels (SR7)
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)mapexpo
 
Towards a comprehensive model of the digital economy by Ismael Peña-Lopez
Towards a comprehensive model of the digital economy by Ismael Peña-LopezTowards a comprehensive model of the digital economy by Ismael Peña-Lopez
Towards a comprehensive model of the digital economy by Ismael Peña-Lopezi2tic
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
The Talent Technology Connection_Celgene
The Talent Technology Connection_CelgeneThe Talent Technology Connection_Celgene
The Talent Technology Connection_CelgeneZycus
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminarcmckinney
 
Knowledge Mangement framework in managing the risks in supply chain and logi...
Knowledge Mangement framework in managing the risks in supply chain and logi...Knowledge Mangement framework in managing the risks in supply chain and logi...
Knowledge Mangement framework in managing the risks in supply chain and logi...Kannan Ramanujam
 
April 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overviewApril 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overviewLeland Lehrman
 
MphasiS - insurance and technology
MphasiS - insurance and technologyMphasiS - insurance and technology
MphasiS - insurance and technologyMphasis
 
CompTIA 3Q Research Round-Up
CompTIA 3Q Research Round-UpCompTIA 3Q Research Round-Up
CompTIA 3Q Research Round-UpCompTIA
 
Oracle Open World Presentation
Oracle Open World PresentationOracle Open World Presentation
Oracle Open World PresentationJohn Simmins
 
CTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-KattaniCTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-Kattanisegughana
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Reportsegughana
 

Más contenido relacionado

Similar a CTO-CybersecurityForum-2010-Mark-Oram

Risk Management_Consulting Industry
Risk Management_Consulting IndustryRisk Management_Consulting Industry
Risk Management_Consulting IndustryAtul Singh
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
North Amercian LNG Exports
North Amercian LNG ExportsNorth Amercian LNG Exports
North Amercian LNG Exportsalaskalng
 
Fast Tracking Innovation to Market
Fast Tracking Innovation to MarketFast Tracking Innovation to Market
Fast Tracking Innovation to MarketCybera Inc.
 
Cirque du Soleil Business Proposal
Cirque du Soleil Business ProposalCirque du Soleil Business Proposal
Cirque du Soleil Business Proposalagsdiamond
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Deloitte Presentation Team4 Final1
Deloitte Presentation Team4 Final1Deloitte Presentation Team4 Final1
Deloitte Presentation Team4 Final1miller2ah
 
Bluegrass Entrepreneur Study
Bluegrass Entrepreneur StudyBluegrass Entrepreneur Study
Bluegrass Entrepreneur Studyrestum
 
Transforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingTransforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingICJIA Webmaster
 
Policy-making for digital development: the role of the government
Policy-making for digital development: the role of the governmentPolicy-making for digital development: the role of the government
Policy-making for digital development: the role of the governmentIsmael Peña-López
 
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)MAPexpo 2012 - James Griffin & Greg Daniels (SR7)
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)mapexpo
 
Towards a comprehensive model of the digital economy by Ismael Peña-Lopez
Towards a comprehensive model of the digital economy by Ismael Peña-LopezTowards a comprehensive model of the digital economy by Ismael Peña-Lopez
Towards a comprehensive model of the digital economy by Ismael Peña-Lopezi2tic
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
The Talent Technology Connection_Celgene
The Talent Technology Connection_CelgeneThe Talent Technology Connection_Celgene
The Talent Technology Connection_CelgeneZycus
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminarcmckinney
 
Knowledge Mangement framework in managing the risks in supply chain and logi...
Knowledge Mangement framework in managing the risks in supply chain and logi...Knowledge Mangement framework in managing the risks in supply chain and logi...
Knowledge Mangement framework in managing the risks in supply chain and logi...Kannan Ramanujam
 
April 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overviewApril 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overviewLeland Lehrman
 
MphasiS - insurance and technology
MphasiS - insurance and technologyMphasiS - insurance and technology
MphasiS - insurance and technologyMphasis
 
CompTIA 3Q Research Round-Up
CompTIA 3Q Research Round-UpCompTIA 3Q Research Round-Up
CompTIA 3Q Research Round-UpCompTIA
 
Oracle Open World Presentation
Oracle Open World PresentationOracle Open World Presentation
Oracle Open World PresentationJohn Simmins
 

Similar a CTO-CybersecurityForum-2010-Mark-Oram (20)

Risk Management_Consulting Industry
Risk Management_Consulting IndustryRisk Management_Consulting Industry
Risk Management_Consulting Industry
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
 
North Amercian LNG Exports
North Amercian LNG ExportsNorth Amercian LNG Exports
North Amercian LNG Exports
 
Fast Tracking Innovation to Market
Fast Tracking Innovation to MarketFast Tracking Innovation to Market
Fast Tracking Innovation to Market
 
Cirque du Soleil Business Proposal
Cirque du Soleil Business ProposalCirque du Soleil Business Proposal
Cirque du Soleil Business Proposal
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
Deloitte Presentation Team4 Final1
Deloitte Presentation Team4 Final1Deloitte Presentation Team4 Final1
Deloitte Presentation Team4 Final1
 
Bluegrass Entrepreneur Study
Bluegrass Entrepreneur StudyBluegrass Entrepreneur Study
Bluegrass Entrepreneur Study
 
Transforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingTransforming our Nation’s Information Sharing
Transforming our Nation’s Information Sharing
 
Policy-making for digital development: the role of the government
Policy-making for digital development: the role of the governmentPolicy-making for digital development: the role of the government
Policy-making for digital development: the role of the government
 
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)MAPexpo 2012 - James Griffin & Greg Daniels (SR7)
MAPexpo 2012 - James Griffin & Greg Daniels (SR7)
 
Towards a comprehensive model of the digital economy by Ismael Peña-Lopez
Towards a comprehensive model of the digital economy by Ismael Peña-LopezTowards a comprehensive model of the digital economy by Ismael Peña-Lopez
Towards a comprehensive model of the digital economy by Ismael Peña-Lopez
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
 
The Talent Technology Connection_Celgene
The Talent Technology Connection_CelgeneThe Talent Technology Connection_Celgene
The Talent Technology Connection_Celgene
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminar
 
Knowledge Mangement framework in managing the risks in supply chain and logi...
Knowledge Mangement framework in managing the risks in supply chain and logi...Knowledge Mangement framework in managing the risks in supply chain and logi...
Knowledge Mangement framework in managing the risks in supply chain and logi...
 
April 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overviewApril 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overview
 
MphasiS - insurance and technology
MphasiS - insurance and technologyMphasiS - insurance and technology
MphasiS - insurance and technology
 
CompTIA 3Q Research Round-Up
CompTIA 3Q Research Round-UpCompTIA 3Q Research Round-Up
CompTIA 3Q Research Round-Up
 
Oracle Open World Presentation
Oracle Open World PresentationOracle Open World Presentation
Oracle Open World Presentation
 

Más de segughana

CTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-KattaniCTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-Kattanisegughana
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Reportsegughana
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Borensegughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Wardsegughana
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johansonsegughana
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victorsegughana
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Wardsegughana
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwesegughana
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crainsegughana
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundusegughana
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torressegughana
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowskisegughana
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardnersegughana
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesingsegughana
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamssegughana
 

Más de segughana (20)

CTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-KattaniCTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-Kattani
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Report
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victor
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundu
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torres
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowski
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardner
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliams
 

Último

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

CTO-CybersecurityForum-2010-Mark-Oram

  • 2. Role of the CPNI The Centre for the Protection of National Infrastructure is the recognised UK government authority for protective security advice to the National Infrastructure. It protects national security through: • Minimising risk to the National Infrastructure; by • Delivering authoritative advice; to • Reduce the vulnerability of the National Infrastructure to terrorist and other threats.
  • 3. The N i Th National Infrastructure (NI): lI f (NI) Telecommunications Energy E Finance Government & Public Services Water Health Emergency Services Transport Food Delivering D li i essential services to ti l i t the citizen Not everything is critical Each sector is different
  • 4. Protecting the NI: Our Strategic Approach •Impact driven •Vulnerability focused •Threat informed •Under pinned by: p y Tripartite Relationship International angle Research and Technology Programme
  • 5. The Th Old Approach to Criticality A h t C iti lit •‘CNI’ means different things to different people. •Only ‘catalogue’ was f EKP (S O l ‘ t l ’ for EKPs (Supers, 1 2 ) 1s, 2s). •Focus on the site, not the service. •Old fashioned language. language •EKPs did not cover critical networks & systems. •Criteria different across sectors. •Insufficient account taken of non-’critical’ infrastructure.
  • 6. Updating the Meaning of C iti lit U d ti th M i f Criticality •Focus on delivery of ‘critical services’, including information infrastructure infrastructure. •Scale from 5 (most critical) down to 0. •Cat 5 = Supers; Cat 4 = EKP 1s; etc. •Common approach for sites and critical networks. •Categories 3 – 5 likely to represent ‘critical’ national infrastructure. •Foundation for prioritisation of advice and resources.
  • 7. Criticality Scales Definition Example 5 Catastrophic Loss of > 20% of national gas supply for > 24 hours 4 Severe Loss of electricity for > 1m consumers for > 18 hours 3 Substantial Loss of water for > 100k consumers > 3 days 2 Significant Disruption to payment settlement systems for up to 12 hours 1 Moderate Local disruption to emergency services p g y 0 Minor
  • 8. Criticality sc cale 1 2 3 4 5 Communic cations Emer rgency Se ervices E Energy Fi inance Food NI Sectors Gover rnment Health Criticality Scale Tran nsport Water Th Critical Threshold h ld
  • 9. CPNI Knowledge Development Integrated advice… PHYSICAL SECURITY …to reduce INFORMATION vulnerability in y SECURITY the national infrastructure PERSONNEL SECURITY & BEHAVIOURAL ASSESSMENT
  • 10. Advice D li Ad i Delivery External Inputs Processes Outputs Outcomes factors Contest C t t2 Prioritisation f P i iti ti of Focused F d Reduced R d d Terrorism resources consultancy vulnerability in National Risk CNI Espionage Assessment Advice delivery Better plans products & Shaped IA Strategy services environment CNI Self Knowledge: assessment Better skilled •Threats advisers Requirement •Sectors setting Performance management •Technology R&D Programme •People Training •Criticalities Information •Vulnerabilities sharing
  • 11. Information Exchanges Transport Sector Pharmaceuticals Industry 28 Representatives 12 Representatives 18 Companies 7 Companies Managed Service Providers Finance Sector 36 Representatives 54 Representatives 23 Companies 34 Companies TSIE PIIE MSPIE FSIE Northern Ireland Aerospace/Defence Crossover 32 Representatives 26 Representatives NIXIE CPNI ADMIE 17 Companies 14 Companies Information SCADA Exchanges SCSIE 77 Representatives Space Industries SPIIE 37 Companies 10 Representatives 7 Companies WSIE NSIE Water S W t Security it VIE SRIE VSIE 40 Representatives Network Security 27 Representatives 18 Companies 15 Companies Security Researchers Vendor S V d Security i 12 Exchanges 23 Representatives 30 Representatives 15 Companies 15 Companies 220 Companies
  • 12. Building Trust •Flourishes i small groups with th same members. It i Fl i h in ll ith the b is personal. •Start small and grow – you can’t easily shrink a group. •Trust and value grow together but needs investment and an understanding of incentives. •Regular face to face contact works best Other options best. are teleconferences and “meetings outside of meetings”. Trust will only develop if all members contribute.