AS Risk And Resilience In 2017 Sungard PDF Free Download

1y ago

23 Views

1 Downloads

5.06 MB

44 Pages

Report/dmca

Download PDF

Transcription

PropertyofSungardASComplete the headline 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary2

PropertyofSungardASComplete the headline 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary3

PropertyofSungardASComplete the headline 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary4

PropertyofSungardASComplete the headline 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary5

PropertyofSungardASComplete the headline 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary66

PropertyofSungardASComplete the headline 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary77

PropertyofSungardASPerceptions 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary9

PropertyofSungardASKitchenAid 2016 Sungard Availability Services, all rights reserved8 minsThe time it tookKitchenAid toissue an apologyon TwitterSungard Availability Services Confidential and Proprietary11

Credit card detailsstolenPropertyofSungardASHome Depot 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary12

162mThe eventual costof their data lossPropertyofSungardASTarget 2016 Sungard Availability Services, all rights reservedReutersSungard Availability Services Confidential and Proprietary13

French TVchannels taken offair for 18 hoursPropertyofSungardASTV5Monde 2016 Sungard Availability Services, all rights reservedApril 2015Sungard Availability Services Confidential and Proprietary14

2.5mStolen fromcustomer bankaccountsPropertyofSungardASTesco Bank 2016 Sungard Availability Services, all rights reservedwww.thisismoney.co.ukSungard Availability Services Confidential and Proprietary16

dSungaroftyerPropVirusCivil UnrestOtherTheftDenial of AccessFireEnvironmental FailureFloodScheduled OutageTerrorist ActivityCommunicationsData CorruptionPowerHardwareAS2015 All Customer Invocations by Cause1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Sungard Availability Services, all rights reserved18Sungard Availability Services Confidentialand Proprietary18

ASdSungaroftyerProp 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary19

ASdSungaroftyerProp 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary20

ASdSungaroftyerProp 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary21

AS2015 All Customer Invocations by d2% 2016 Sungard Availability Services, all rights reserved2%Data CorruptionCommunicationsFloodEnvironmental FailureFireDenial of Access27%OtherSungard Availability Services Confidential and Proprietary2222

SungardASCyber riskPropertyofAny risk of financial loss,disruption or damage to thereputation of and organisationfrom some sort of failure of itsinformation technology system 2016 Sungard Availability Services, all rights reservedThe Institute of Risk ManagementSungard Availability Services Confidential and Proprietary23

dSungartyofof organisationscannot recover alltheir data frombackup following anattackPropof organisationssuffer at least 1ransomware attackin the last 12months%58er%47ASRansomware 209mWas paid toransomwarecriminals in Q1 2016(FBI estimateindustry hitting 1bnin 2017)Source: www.armadacloud.com/ransomware 2016 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary24

ASThe human ration?Understanding?Awareness?dSocial engineeringPhishingMalwareSophistication increasing 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary25

Resilience“The quality or fact of being able to recover quickly or easilyfrom, or resist being affected by, a misfortune, shock, illness,etc.; robustness; adaptability.” – OED “The ability to become strong, healthy, or successful againafter something bad happens” – Merriam WebsterDictionaryPropertyofSungardAS 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary28

ResilienceAS“The capacity to resist being affected by an event” – ISOGuide 73“Resilience is the ability of an organization to managedisruptive related risk” – ISO 22300“The ability of an organization to anticipate, prepare for,and respond and adapt to incremental change and suddendisruptions in order to survive and prosper” – BS 65000Property of Sungard 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary29

Cyber resilienceASCombination of Business (or Organisational) Resilience andCyber SecurityDefined around corporate outcomes Agility and responsiveness to learn, adapt and evolve People Processes TechnologyProper Capability Resiliencetyof Sungard 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary32

Barriers and Challenges to Cyber ResiliencederPropIBM Resilience/Ponemon study 2016 2016 Sungard Availability Services, all rights reserved Effective governance and seniormanagement engagement Bringing cyber risk managementalongside enterprise risk management Establishing strong incident responsecapabilities and preparing theorganisation Sharing threat intelligence widely andimplementing effective security andcontrol measures Incorporating crisis management,information security, business continuityand disaster recoverySungarofInsufficient planningComplexity of business processesInadequate risk assessmentComplexity of IT processesSilos and turf issuesty ChallengesASBarriersSungard Availability Services Confidential and Proprietary34

of organisations lackformal incidentresponse plansdertyofthink the Insiderthreat is the #1cyber threat toorganisations%75Propof IT and securityprofessionals thinktheir organisationsare unprepared torecover from a cyberattack%74Sungar%66ASCyber Resilience GapSource: Ponemon Cyber Resilient Organisation Study 2016 2016 Sungard Availability Services, all rights reservedSungard Availability Services Confidential and Proprietary35

ASWhat to do?PropertyofSungardTake a risk-based approach 2016 Sungard Availability Services, all rights reservedFormalenterprise riskmanagementmust includecyber risksSungard Availability Services Confidential and Proprietary36

ASWhat to do?PropertyofSungardTake a risk-based approachPrioritise planning and preparation 2016 Sungard Availability Services, all rights reservedof IT security execsare concernedabout poor userawareness andbehaviourEY’s 19th Annual Global Information SecuritySurveySungard Availability Services Confidential and Proprietary37

PropertyofdSungarTake a risk-based approachPrioritise planning and preparationMap out the ecosystem: suppliers, vendors, 3rd partiesASWhat to do? 2016 Sungard Availability Services, all rights reservedparty risks andextended supplychains create jointliabilitiesSungard Availability Services Confidential and Proprietary38

PropertyofSungardTake a risk-based approachPrioritise planning and preparationMap out the ecosystem: suppliers, vendors, 3rd partiesCollaborate and shareASWhat to do? 2016 Sungard Availability Services, all rights reservedof IT professionalsbelieve threatsharing improvesown securityposturePonemon 2016Sungard Availability Services Confidential and Proprietary39

PropertyofSungardTake a risk-based approachPrioritise planning and preparationMap out the ecosystem: suppliers, vendors, 3rd partiesCollaborate and shareUnderstand that ‘cyber’ is a corporate issue for the Board,not just an IT issueASWhat to do? 2016 Sungard Availability Services, all rights reservedof Board membersand C-suite execs lackconfidence in theirorganisation’s level ofcyber-securityEY’s 19th Annual Global Information SecuritySurveySungard Availability Services Confidential and Proprietary40

ASWhat to do?PropertyofSungardTake a risk-based approachPrioritise planning and preparationMap out the ecosystem: suppliers, vendors, 3rd partiesCollaborate and shareUnderstand that ‘cyber’ is a corporate issue for the Board,not just an IT issueGet your head around data privacy and GDPRLast but not least Train and develop the leadership, behaviours, culture,ownership, accountability and decision-making from thevery top of the organisation to create a flexible and agile organisation (including IT!) 2016 Sungard Availability Services, all rights reservedskills are highlyimportant and canbe developedthrough coachingof executiveswww.baselinemag.comSungard Availability Services Confidential and Proprietary42