Touchpoint! Where Cybersecurity and Business Continuity Meet The Webinar will begin shortly. Touchpoint! Where Cybersecurity and Business Continuity Meet The Webinar will begin in 2 minutes. Touchpoint! Where Cybersecurity and Business Continuity Meet The Webinar will begin in 1 minute.
The Architects of Resiliency
Use the Instant Message feature
to submit questions for discussion
by the panelists.
How Cyber Security Threats Impact Business Continuity Planning…
Presenter: David A. Kondrup
C.E.O. All Business Management, LLC
Vice President, Cyber Diligence, Inc.
Business Continuity Planning (BCP):
(Search Engine Optimization - Poisoning Info)
BIA should examine employee training, review of Acceptable Use Policy.
National Security Cyber Awareness Campaign: “Stop. Think. Connect.”
People cannot value security without first understanding how much is at risk.
Therefore, the Federal government should initiate a national public awareness campaign…
This campaign should focus on public messages to promote responsible us of the Internet and awareness of fraud, identity theft, cyber predators, and cyber ethics.
- White House Cyberspace Policy Review 6/2009
Does the BIA examine updates & patches;
October 4 new Critical Security Updates by Adobe (Reader & Flash Player)
Scan of systems, networks and computers for known malware, viruses, Trojans
Does the BIA address resiliency against Cyber attacks through:
Security Training, Executive Management Awareness, Endpoint Security,
Cyber Security Response, Cyber Security Audits
Does the BIA, RTO and RPO address E-Commerce issues?
Does the BIA address the impact of a Denial of Service attack?
Is there an Incident Response Plan for Cyber Attacks?
Plan for In-house or outside cyber security investigations?
Specialized computer forensic tools & software.
BIA address Enterprise Security Updates
BIA address the Acceptable Use Policy for use of Private Phones at work
Don’t leave unattended, do not install unknown apps
Sweep phones if symptoms occur.
Most enterprise platforms are OK if security maintained.
BIA address policies on lost phones
Training on safeguarding phones, do not lend out your phone.
Does the BIA examine policies for end point users (USB ports)?
Does IT use a program to alert them when USB’s are accessed & copied?
BIA examine policies on encryption, travel, transport, use of USB ports?
Does Acceptable Use Policy address employee privacy expectations on use of
private e-mail accounts on the corporate network?
Private vendor to monitor networks or investigate “data in motion”
BIA address Social media training (used to distribute malicious programs)
BIA address network & computer scanning for malware & trojans
(More than 55% of all Malware were trojans in the 3Q 2010 – per PandaLabs)
BIA to address training executives and employees with financial responsibilities
(Panda Security reports most malware are “Banker Trojans” to trick web users into navigating to fake financial sites so cybercriminals can steal login details and passwords)
BIA address security updates on MAC platforms
Does your BIA address security and privacy regulations when sensitive data (“crown jewels”) resides in the cloud? Location of the equipment?
BIA and Risk Assessment include Cloud Vendor certification of security?
Cost benefit analysis should include fines & risks for loss of PII, HIPPA and financial data.
You reap all the benefits from Cloud Computing however while you are responsible you are not in charge of managing the cloud security.
Denial of Service, E-Commerce
IP – PII – Reputational Losses
Unauthorized Access, DOS
Loss of controls, but responsible for losses, regulatory issues
Fusion Risk Management Inc.
Consider this question as we run
Through the next few slides
= Unknown Risk
Focus Up Here…
Q: Does BCP/DR try to eliminate ALL risk?
…not down here!!!!!!!