Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP3357 Managing Cyber Risk

Published byCorey Griffin Modified over 6 years ago

Similar presentations

Presentation on theme: "COMP3357 Managing Cyber Risk"— Presentation transcript:

1 COMP3357 Managing Cyber Risk
Richard Henson University of Worcester April 2017

2 Week 11: Business Continuity to increase competitiveness and gain market share…
Objectives: Apply business continuity planning (BCP) to allow a business to contemplate 100% uptime, 24-7! Enhance an asset register (protected through BCP) to include not just hardware but digital resources Use BCP to help a business gain market share

3 Reminder of the current (2017) business environment
All about business<>customer! Physical Environments (shops) Online Environments (websites) All use IT. All need BCP

4 Physical & Online Markets?
On-line B2C only started in 1996 grown every year since! Different growth rates in different countries… fastest rate in early years… US/Canada fastest rate in UK! driven by people being pushed into technology? argument that online trading will encourage growth?

5 Variety of Physical Markets:
Retail parks (expensive but many customers) High street shops (lower rent; fewer customers?) Side street shops/street traders Almost all physical businesses use IT to run their business (internal IT) even street traders…

6 Business Functions and IT
Finance spreadsheets… apps… (e.g. Sage) Marketing spreadsheets, databases, graphics, etc. Human Resources databases, apps… Purchasing spreadsheets, databases, apps…

7 Variety of Online Environments
No shop! Internal and External IT! customers visit by the www dependent on advertising and search engines Still have internal IT where is the internal/external boundary?

8 Engaging with the Online Environment
Several levels: website separate from business own IT website for advertising and enquiries only website for online shopping website integrated with rest of business IT much larger development and maintenance operation may be outsourced… business needs to keep control of its data!

9 Competition and Internal IT
Smooth operation... pleases… Suppliers want to do business… not have their time wasted Existing customers will return for more will tell others…

10 Competition and Internal IT
Messed up operation… annoys… Suppliers… Customers… if it carries on, will ruin reputation! On-line business cannot successfully integrate internal & external IT if internal operation messed up (!)

11 Valuing a Business Until recently, based on
physical assets no/quality of customers/partners profit (and projections…) Yet businesses dependent on IT! e.g. their data and data structures not a physical asset… so ignored!

12 BCP Approach to “The Asset Register”
Asset list (register) needs to include Software (apps & system/platform) data used with that software! Introduced to business via information assurance… COBIT ISO27001

13 Reminder of Threats to organisational cyber security …
Divides neatly into: “internal”… employees applies to all businesses “external”… hackers specific to online businesses Consequences over and above “messed up” systems

14 Messed up systems AND Data Losses… not good for the business!
Depending on which data a business loses… it may not be able to trade efficiently, or even at all! Worst case scenario: 10 days maximum to recover, or out of business! If business data is stolen, they may ALSO lose trade secrets, customer image, supplier information, market share…

15 Data Losses & not-for-profit organisations
Personal data often not regarded as so important, other than in legal terms hence the catastrophic sequence of errors that led to 25 million records being lost by HMRC HOWEVER… customers do expect their personal data to be safeguarded increasing concern about privacy in recent years source of great embarrassment if data lost

16 Internal Data Losses Well-meaning employees not following procedures and misusing data or allowing it to get into the wrong hands…. The same employees who could already be dealing with a “messed up” system Employees or temps with bad intent…

17 External (hacking…) Inside people or business partners accessing data from outside, and either accidentally or on purpose, misusing it People hacking in from outside, usually via the Internet, possibly with help from inside

18 Do “we” have a problem? Perceptions “from the inside” quite different from “outside looking in”

19 Stages in BCP… Where to start?
Internal systems… need to get them working smoothly keep separate from any online operation until this is a reality Put together a plan to keep them working smoothly Back up plans from: environmental disasters hardware failure software failure (system or app)

20 Align with Information Security Policy
Security of information should be central to organisation’s strategic plan… therefore part of organisational policy… BCP part of same policy? Large organisations… easier to align via ISO27001 & ISO22301 Small organisations… align with simpler standards e.g. PCI-DSS, IASME

21 Asset Register and BCP Use list of assets… (incl. information assets)
devise a plan to protect each one, according to priority (H, M, L) for business continuity another column in asset register stating how a back up for each category H asset Protecting “H” assets make sure a plan is in place to quickly replace that asset if damaged! make sure that plan is put to the test on a regular basis! no good if replacement resources not working or compatible

22 BCP and Competitors… Good service to customers depends on IT not failing good BCP will help ensure this doesn’t happen steal a march on competitors! Customers don’t think about IT… If all OK, may well return until things go wrong then not much loyalty… Will go somewhere else!

23 BCP and Reputation Business relationship like all human relationships…
can take 25 years to build… And 5 minutes to knock down! BCP should ensure that the business doesn’t lose reputation because of failing IT won’t stop hackers may delay their effects…

Download ppt "COMP3357 Managing Cyber Risk"

Similar presentations

INFORMATION TECHNOLOGY. HARDWARE 1.MAINFRAME COMPUTERS Large computers that process huge amounts of info for a firm quickly However, they are expensive.

INFORMATION TECHNOLOGY. HARDWARE 1.MAINFRAME COMPUTERS Large computers that process huge amounts of info for a firm quickly However, they are expensive.
Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.

Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.
Customer Care.  The features of good customer service  The benefits of good customer service  The impact of poor customer service  How to find out.

Customer Care.  The features of good customer service  The benefits of good customer service  The impact of poor customer service  How to find out.
Today’s Strategic Imperative: E-Business Jeremy Malley BSAD – 145 Ch. 3 20 February 2002.

Today’s Strategic Imperative: E-Business Jeremy Malley BSAD – 145 Ch February 2002.
1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Tutor2u ™ GCSE Business Studies Revision Presentations 2004 Quality.

Tutor2u ™ GCSE Business Studies Revision Presentations 2004 Quality.
A Limited Company A Business owned by shareholders who each give the business money in exchange for Shares It is run by directors (who may also be shareholders)

A Limited Company A Business owned by shareholders who each give the business money in exchange for Shares It is run by directors (who may also be shareholders)
Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.

Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.
Freelancing Neli Ban at Second Wednesday. Who we are Specialist recruitment agency for creative industry in East Midlands Permanent and freelance jobs.

Freelancing Neli Ban at Second Wednesday. Who we are Specialist recruitment agency for creative industry in East Midlands Permanent and freelance jobs.
Business Strategy and Policy

Business Strategy and Policy
Types of organisation.

Types of organisation.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
What is E-Commerce? Section 8.1. What is E-commerce? E-commerce is the exchange of goods, services, information, or other businesses through electronic.

What is E-Commerce? Section 8.1. What is E-commerce? E-commerce is the exchange of goods, services, information, or other businesses through electronic.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
Product Manager, Windows Client Robert Geller. Need to differentiate from competitors Customer complexity driving cost Need new growth strategies Difficult.

Product Manager, Windows Client Robert Geller. Need to differentiate from competitors Customer complexity driving cost Need new growth strategies Difficult.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
What is the purpose of this task? To understand the fundamental aspects of how businesses work What will you learn from this task? Define the main types.

What is the purpose of this task? To understand the fundamental aspects of how businesses work What will you learn from this task? Define the main types.
COMP2113 E-Commerce/E-business Management Richard Henson University of Worcester May 2008.

COMP2113 E-Commerce/E-business Management Richard Henson University of Worcester May 2008.
COMP1321 Networks in Organisations Richard Henson March 2014.

COMP1321 Networks in Organisations Richard Henson March 2014.
INFO1408 Database Design Concepts Week 16: Introduction to Database Management Systems Continued.

INFO1408 Database Design Concepts Week 16: Introduction to Database Management Systems Continued.

Similar presentations

Ads by Google