Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of WISER and the Democratisation of Cyber security Michele Nannipieri, Director – Trust-IT Services #CyberSecPractice.

Published byRosamond Mosley Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview of WISER and the Democratisation of Cyber security Michele Nannipieri, Director – Trust-IT Services #CyberSecPractice."— Presentation transcript:

1 Overview of WISER and the Democratisation of Cyber security Michele Nannipieri, Director – Trust-IT Services #CyberSecPractice

2 The cybersecurity landscape: some stats No one is immune from cyberattacks
People and organisations depend on digital technologies  we are increasingly exposed, every day The economic impact of cybercrime rose fivefold from 2013 to (to an estimated 450 B$ globally), and could further quadruple by 2019 (1) 53% of US/UK/DE companies are ill-prepared (2) Cyber-risks can not be eliminated  growing economic and social impact (2B of personal records & 100M of medical records stolen in 2016 in the US alone) Organisations need to become cyber-risk aware and need to build resilience: preventing breaches and recovering swiftly from attacks (1) European Council Communication paper - "Resilience, Deterrence and Defence: Building strong cybersecurity for the EU“ Sept 2017. (2) CNBC & Hiscox Insurance, Feb 2017. Cybersecurity in practice – Cluj, 18 October 2017 –

3 Cybersecurity Innovation Security Team Sophistication & Skillset
Cybersecurity Market The other side of the coin: Opportunities for many GDPR Rapidly evolving market, with a growing value – to be boosted by GDPR Cybersecurity in practice – Cluj, 18 October 2017 – Managed security services Big SIEM data Cloud Security Threat Intelligence Real-Time Monitoring Cybersecurity Innovation Vulnerability assessment Monitoring Antivirus Security Team Sophistication & Skillset

4 Cybersecurity: Lines of defense Let’s be schematic
awareness – the prerequisite threats monitor react mitigate Security Information and Event Management insure Security Incident Response Intrusion Prevention Systems DIGITAL ASSETS Many lines of defence & solutions – make sure you choose the right one(s) for you Cybersecurity in practice – Cluj, 18 October 2017 –

5 Risk management it’s the key L’atteggiamento da avere nei confronti della cybersecurity
Primarily adopted only by large companies(e.g. Financial institutions, Nuclear power plants) Risk management approach: Identify risk patterns, monitor threats, quantify likelihood & impact, mitigate Quantify also direct & indirect costs through“real-time” monitoring RAE Risk Assessment Engine DSS Decision-Support System Sensors Models Risk management is the approach as defined by GDPR – It can be done, also by SMEs Cybersecurity in practice – Cluj, 18 October 2017 –

6 Cybersecurity vs data protection Two themes closely linked together
New European Directive GDPR - applicable for all European citizens (since May 25, 2018!) Are you cybersecure? It's not said you're GDPR-compliant & vice versa, but ... you're on the right track Non compliance: up to 4% of annual turnover fines (o 20M€) Image: n° 4 of 6 key points on the GDPR There is no legislation or policy in place in Italy that requires mandatory reporting of cybersecurity incidents. Policy requirements for an inventory of systems and classification of data. Policy requirements for security practices mapped against risk levels. Policy requirement for annual cyber-security audit. Requirement for public report on government capacity. Requirement for public and private procurement of cyber-security solutions based on international accreditation/certification schemes without additional local requirement. The Regulator is moving in a constructive way, (for once) for the benefit of European SMEs Cybersecurity in practice – Cluj, 18 October 2017 –

7 GDPR: a first checklist for a generic website Are you ready for May 2018?
GDPR theme Related Article(s) Checklist for a ‘standard’ website (not elaborating user data) Right to be informed Art. 5 and ff Privacy notice Right of access Art. 15 (13, 14) All user data should be accessible after login Right to rectification Art. 16; notific., Art. 19 All data should be editable by the user Right to erasure Art. 17 It should be possible to delete an account Right to restrict processing Art. 18 It should be possible to disable user account, data will be still visible but can't be changed anymore Right to data portability Art. 20 It should be possible to provide data export in CSV format or similar Right to object Art. 21 Phrase in the privacy notice Rights related to automated decision making and profiling Art. 4(4), Art. 9, Art. 22 No relevant automated processing of personal data are usually taken on a standard website Accountability and governance DPO: Artt. 37, 38, 39, … Implement appropriate technical and organisational measures that ensure and demonstrate that you comply Notification of data breach within 72 h Art. 85, 86 Setup a procedure of notification in case of data breach (when there is risk to the rights & freedom of individuals) GDPR is a complex rule (99 articles on 88 pages), but it must and can be handled in practical terms. Let's involve ICT managers too! Cybersecurity in practice – Cluj, 18 October 2017 –

8 Cyber insurance The “last line of defence”
2017 Ponemon report: Digital Assets have greater average potential loss than PPE - Property, Plant & Equipment assets, but much smaller insurance coverage (15% vs 59%) What risks can you insure? Cyber insurance? Range: k € / year, even with top-of-the-rank companies (eg AIG, Allianz, Chubb, Generali, Unipol) Cybersecurity in practice – Cluj, 18 October 2017 –

9 The cyber-wise SME A possible strategic vision for an "ICT-intensive" SME
1 2 3 “Monitoring” tools “Reaction / Protection” tools Internal processes (notifications, access control, …) 4 Cyber security insurance policy (to cover the residual risk) 5 Internal organisation (DPO – Data Protection Officer, privacy-by-design, …) Which budget to allocate? A (provocative) answer: TCM – Total Cost Management  From to €, on annual basis Cybersecurity in practice – Cluj, 18 October 2017 –

10 What will be looking at today
What will be looking at today? Concrete elements to improve understanding, find solutions & exploit existing opportunities Innovative elements of SMEs Self-assessment of cyber risks "Free" solutions for cybersecurity Risk management, in action GDPR Opportunities to join community of experts Access to / visibility on cybersecurity markeplace Cybersecurity in practice – Cluj, 18 October 2017 –

11 Thank you! Contact: Michele Nannipieri

12 BACKUP SLIDES Cybersecurity in practice – Pisa, 12 October 2017 –

13 Architettura logica di WISER
Risk management it’s the key L’atteggiamento da avere nei confronti della cybersecurity Approccio una volta appannaggio solo di grandi aziende (ad es. Banche, Centrali Nucleari) L’importanza della quantificazione, in Euro, del rischio e il vantaggio del “real-time” Architettura logica di WISER Cybersecurity in practice – Pisa, 12 October 2017 –

14 Cyber insurance The “last line of defence”
Quali coperture possono essere richieste? Cybersecurity in practice – Pisa, 12 October 2017 –

Download ppt "Overview of WISER and the Democratisation of Cyber security Michele Nannipieri, Director – Trust-IT Services #CyberSecPractice."

Similar presentations

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Business Challenges in the evolution of HOME AUTOMATION (IoT)

Business Challenges in the evolution of HOME AUTOMATION (IoT)
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.
Protecting Data, Sharing Information Graham Wakerley: Director

Protecting Data, Sharing Information Graham Wakerley: Director
Proactive Incident Response

Proactive Incident Response
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Michael Wright • Chief Security Officer • Tech Lock

Michael Wright • Chief Security Officer • Tech Lock
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Information Security Program

Information Security Program
Insurance Technology Forums: ‘IT Matters’ Forum

Insurance Technology Forums: ‘IT Matters’ Forum
4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, 14-15 March.

4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.
Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March
Sessione interattiva: Autovalutazione della cyber security della tua Azienda [WISER Team] #CyberSecPractice.

Sessione interattiva: Autovalutazione della cyber security della tua Azienda [WISER Team] #CyberSecPractice.
Www.cyberwatching.eu @cyberwatching.eu info@cyberwatching.eu General presentation of the initiative May 2017 Presented by: Name Lastname, Role – Organisation’s.

General presentation of the initiative May 2017 Presented by: Name Lastname, Role – Organisation’s.
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance

Similar presentations

Ads by Google