Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

CISO Application presentation - Babylon health security

3.174 Aufrufe

Veröffentlicht am

This is the presentation that I created while applying for the CISO position at Babylon Health (note that I ended up taking up the CISO role at Revolut)

Veröffentlicht in: Technologie
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... ......................................................................................................................... ...................................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... ......................................................................................................................... ...................................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... ......................................................................................................................... ...................................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... ......................................................................................................................... ...................................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download Full doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download PDF EBOOK here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download EPUB Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... Download doc Ebook here { http://fb2pdfbooks.com/ } ......................................................................................................................... ......................................................................................................................... ...................................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

CISO Application presentation - Babylon health security

  1. 1. @DinisCruz security Dinis Cruz presentation to Babylon Health When applied to the CISO position Dinis Cruz v0.6 (DRAFT) Sep 2019
  2. 2. @DinisCruz security Babylon Health Security Dinis Cruz Interim CISO Candidate Sep 2019 v0.6
  3. 3. @DinisCruz security This presentation was created by Dinis Cruz , who is an candidate to the Babylon Health CISO position*! DISCLAIMER! * Dinis is currently NOT an Babylon Health employee/contractor ** Dinis does NOT have Internal knowledge of existing Babylon Health security team structure, objectives or activities ? WHY? This is a good medium to present Dinis’ thinking, approach and values**
  4. 4. @DinisCruz security Babylon’s Security team mission is to put an safe, accessible and affordable health service in the hands of every person on earth.
  5. 5. @DinisCruz security must enable and empower these amazing professionals to fulfill their potential … while enhancing the patient’s data: Confidentiality Integrity Availability
  6. 6. @DinisCruz security ? WHY is Babylon Security important?
  7. 7. @DinisCruz security Is the guardian of Babylon’s Customers and employees:
  8. 8. @DinisCruz security @DinisCruz Babylon Health Security commitments
  9. 9. @DinisCruz security @DinisCruz Babylon Health Security page
  10. 10. @DinisCruz security @DinisCruz Security drives business change and digital transformation
  11. 11. @DinisCruz security @DinisCruz Required compliance to multiple standards
  12. 12. @DinisCruz security @DinisCruz https://www.serveit.com/recruitment-sourcing-guide-gdpr/ https://www.serveit.com/gdpr-for-developers-data-subject-rights/ GDPR principles, processing and customers rights
  13. 13. @DinisCruz security @DinisCruz GDPR - Personal Data Journey (Privacy Impact Assessments) https://2018.open-security-summit.org/tracks/gdpr/working-sessions/creating-standard-for-gdpr-patterns/
  14. 14. @DinisCruz security @DinisCruz Desired Threat Level capability Detect and Contain Must be able to: Neutralise Break economic model https://www.canso.org/sites/default/files/CANSO%20Cyber%20Security%20and%20Risk%20Assessment%20Guide.pdf
  15. 15. @DinisCruz security @DinisCruz Health care security stats
  16. 16. @DinisCruz security @DinisCruz Healthcare record’s value and incident’s patterns
  17. 17. @DinisCruz security Strategy
  18. 18. @DinisCruz@DinisCruz security By combining the ever-growing power of AI with the best Security expertise of humans, Babylon Health Security Team can deliver a safe ecosystem for customer’s health Data, including personalised Security assessments, treatment advice and appointments with a Security Professional 24/7. AI + Security Professionals
  19. 19. @DinisCruz security @DinisCruz Aligned with best practices Start here https://www.ncsc.gov.uk/collection/board-toolkit
  20. 20. @DinisCruz securitystrategy
  21. 21. @DinisCruz security @DinisCruz How to prevent and contain malicious activities https://www.ncsc.gov.uk/collection/board-toolkit
  22. 22. @DinisCruz security @DinisCruz 10 Steps to Cyber Security https://www.ncsc.gov.uk/collection/board-toolkit
  23. 23. @DinisCruz security @DinisCruz Effective Cyber Security https://www.canso.org/sites/default/files/CANSO%20Cyber%20Security%20and%20Risk%20Assessment%20Guide.pdfhttps://onlinedegrees.kent.edu/ischool/health-informatics/community/healthcare-data-security/CybersecurityHealthcare.pdf
  24. 24. @DinisCruz security @DinisCruz Strong driver for Information Governance https://www.bdo.com/blogs/nonprofit-standard/may-2018/the-integration-of-data-privacy https://activenavigation.com//wp-content/uploads/2015/10/File-Analysis-and-Your-Information-Governance-Maturity-Oct-2015.pdf
  25. 25. @DinisCruz security @DinisCruz NIST (Cyber Security Framework) https://www.canso.org/sites/default/files/CANSO%20Cyber%20Security%20and%20Risk%20Assessment%20Guide.pdf
  26. 26. @DinisCruz security @DinisCruz Map functions to standards and policies https://insights.sei.cmu.edu/sei_blog/2016/02/structuring-the-chief-information-security-officer-ciso-organization.html
  27. 27. @DinisCruz security @DinisCruz Hippocratic Oath for Security and IT Engineers https://queue.acm.org/detail.cfm?id=1016991
  28. 28. @DinisCruz security @DinisCruz #DataSavesLives https://understandingpatientdata.org.uk
  29. 29. @DinisCruz security = +
  30. 30. @DinisCruz@DinisCruz security Babylon Security objectives and mission are completely aligned with NHS and NHSx Tight collaboration with NHSx Cyber Security team is a win-win scenario for both parties and the wider health care industry Learn, integrate and improve NHSx Cyber Security https://coinzodiac.com/cryptocurrency-arms-race/reinvent-wheel/ Do NOT reinvent the wheel
  31. 31. @DinisCruz security @DinisCruz Be a player Supports Integrates Contributes Babylon should be here Private sector players
  32. 32. @DinisCruz security @DinisCruz NHSx focus = Babylon Health Security focus https://www.slideshare.net/InnovationNWC/dr-masood-nazir-eco-19-care-closer-to-home
  33. 33. @DinisCruz security People Process Technology
  34. 34. @DinisCruz@DinisCruz security 1. Babylon Security provides a comprehensive service, available to all* 2. Access to Babylon Security services is based on need, not an individual’s business unit 3. Babylon Security aspires to the highest standards of excellence and professionalism 4. The patient will be at the heart of everything Babylon Security does 5. Babylon Security works across organisational boundaries 6. Babylon Security is committed to providing best value for money 7. Babylon Security is accountable to the patients, management and shareholders *All = Babylon Health Company and selected partners Principles inspired by:
  35. 35. @DinisCruz security @DinisCruz Following best practices and ideas 1. Ensuring every Babylon Health customer and employee data is protected 2. Establishing shared architecture and standards 3. Implementing services to meet needs 4. Supporting stakeholders to get the best out of technology, data and information 5. Making better use of cyber health and care information https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/443353/HSCIC-Strategy-2015-2020-FINAL-310315.pdf
  36. 36. @DinisCruz security https://digital.nhs.uk/binaries/content/assets/legacy/pdf/8/9/copconfidentialinformation.pdf
  37. 37. @DinisCruz securityhttps://www.gov.uk/government/publications/the-future-of-healthcare-our-vision-for-digital-data-and-technology-in-health-and-care/the-future-of-healthca re-our-vision-for-digital-data-and-technology-in-health-and-care
  38. 38. @DinisCruz security
  39. 39. @DinisCruz security @DinisCruz Babylon Health is very synergetic with GP Connect
  40. 40. @DinisCruz security @DinisCruz NHS Code of Conduct
  41. 41. @DinisCruz security @DinisCruz OWASP ASVS Application Security Verification Standard (in Healthcare)
  42. 42. @DinisCruz security ? HOW Babylon Security Operates and behaves
  43. 43. @DinisCruz security @DinisCruz Team’s capabilities exposed as services
  44. 44. @DinisCruz security @DinisCruz Graph project’s to outcomes and threats Each yellow box is a Jira ticket
  45. 45. @DinisCruz security @DinisCruz Create schema that represents the business
  46. 46. @DinisCruz security @DinisCruz Scale using Workflows RISK Workflow VULN Workflow
  47. 47. @DinisCruz security @DinisCruz Lots of workflows
  48. 48. @DinisCruz security @DinisCruz Hyperlinked RISKs https://www.canso.org/sites/default/files/CANSO%20Cyber%20Security%20and%20Risk%20Assessment%20Guide.pdf
  49. 49. @DinisCruz security @DinisCruz Modern approach to managing security RISKs https://www.soa.org/globalassets/assets/Files/Research/Projects/research-new-approach.pdf
  50. 50. @DinisCruz security Embrace Open Source and CC (Creative Commons)
  51. 51. @DinisCruz security = Linked Security Policies Evidence based Security decisions
  52. 52. @DinisCruz security @DinisCruz Hyperlinked policies in Jira Policy’s pdfs do not scale because it is not possible to link real-world data to the respective policy
  53. 53. @DinisCruz security @DinisCruz Convert policy into an graph
  54. 54. @DinisCruz security Policies Links to Facts Links to Vulns Links to Risks
  55. 55. @DinisCruz security @DinisCruz Context specific Jira projects (for example FACTs)
  56. 56. @DinisCruz security ? WHO is Babylon Security ?
  57. 57. @DinisCruz security @DinisCruz Current Security team
  58. 58. @DinisCruz security @DinisCruz Creating Security Champions https://www.owasp.org/index.php/Security_Champions https://safecode.org/putting-a-face-to-software-security-champions/
  59. 59. @DinisCruz security @DinisCruz Security Champions https://www.slideshare.net/DinisCruz/security-champions-v10
  60. 60. @DinisCruz security @DinisCruz Security Digital Twins Leverage existing Babylon Health technology and create Security digital twins for: ● Security Activities ● Application Security ● Network Security ● Intrusion Detection ● Risks ● Stakeholders (users, customers)
  61. 61. @DinisCruz security } Babylon Security Data Science Tech Stack
  62. 62. @DinisCruz security @DinisCruz Serverless stack
  63. 63. @DinisCruz security @DinisCruz Scalable data creation workflow
  64. 64. @DinisCruz security @DinisCruz JIRA
  65. 65. @DinisCruz security @DinisCruz Elastic (ELK)
  66. 66. @DinisCruz security @DinisCruz Slack
  67. 67. @DinisCruz security @DinisCruz Jupyter notebooks
  68. 68. @DinisCruz security @DinisCruz Other Key Components
  69. 69. @DinisCruz security *Graphs and Maps
  70. 70. @DinisCruz security @DinisCruz Wardley Maps https://leadingedgeforum.com/researchers/simon-wardley/
  71. 71. @DinisCruz security @DinisCruz https://wardle.org/strategy/2018/07/19/mapping.html This is a graph (position doesn’t matter) This is a map (position represents evolution) Using Wardley Maps on Healthcare
  72. 72. @DinisCruz security @DinisCruz Maps help to visualise strategy (and bias)
  73. 73. @DinisCruz security @DinisCruz https://medium.com/@erik_schon/the-art-of-strategy-811c00a96fad Metadata use in Maps is very powerful
  74. 74. @DinisCruz security @DinisCruz Advanced Wardley Mapping
  75. 75. @DinisCruz security @DinisCruz Cynefin Framework https://academic.oup.com/heapro/article/28/1/73/576131
  76. 76. @DinisCruz security Why Dinis Cruz ? for Babylon CISO
  77. 77. @DinisCruz
  78. 78. @DinisCruz
  79. 79. @DinisCruz
  80. 80. @DinisCruz
  81. 81. @DinisCruz Created OWASP Summit* event. Motivated 100+ Security professionals to collaborate together, and release knowledge/code under Open Source (or Creative Commons) * now called Open Security Summit
  82. 82. @DinisCruz Published Books
  83. 83. @DinisCruz https://cyberleadersnetwork.org/dinis-cruz-ciso-of-photobox-on-how-to -identify-communicate-and-resolve-cyber-security-risks/ https://www.youtube.com/watch?v=A7hccDXlDwI https://www.youtube.com/watch?v=6XmCQhn57gk Video interviews and presentations
  84. 84. @DinisCruz LinkedIn, GitHub, Twitter, Blog, Email http://www.linkedin.com/in/diniscruz https://twitter.com/DinisCruz http://github.com/diniscruz http://blog.diniscruz.com/ dinis.cruz@owasp.org
  85. 85. @DinisCruz security Thank you - Any Questions? Dinis Cruz Interim CISO Candidate Sep 2019
  86. 86. @DinisCruz security
  87. 87. @DinisCruz security Misc Slides (to be added to next version of this deck)
  88. 88. @DinisCruz security Security Ecosystem Safe Secure EffectivePeople Mentor Community ResilientCompliant CommercialTransformative FoundationsInnovative Enabler ScalableOpen
  89. 89. @DinisCruz security @DinisCruz Handle incidents (should be seen as opportunities)
  90. 90. @DinisCruz@DinisCruz security The Security team must do the same Babylon thinks in graphs
  91. 91. @DinisCruz security @DinisCruz Board/C-Level view of Cyber Security https://www.ncsc.gov.uk/collection/board-toolkit
  92. 92. @DinisCruz security Open Source as a key strategy
  93. 93. @DinisCruz security @DinisCruz Behaviours
  94. 94. @DinisCruz security Add how this applies to security
  95. 95. @DinisCruz security @DinisCruz Security Team values
  96. 96. @DinisCruz security Wardley maps
  97. 97. @DinisCruz
  98. 98. @DinisCruz https://www.isaca.org/Journal/archives/2017/Volume-3/PublishingImages/17v3-Security-Assurance-2L.jpg
  99. 99. @DinisCruz security NIST and CIS Controls https://www.nist.gov/news-events/news/2018/05/mep-centers-aid-manufacturers-cybersecurity
  100. 100. @DinisCruz security Design elements

×