7. Cybersecurity is state of
protection of the interests of
enterprise stakeholders in the
information area, determined by
the totality of balanced
interests of the individual,
society, state, and business
Or process?
Not
important!
23. Business thinks about cybersecurity, but in its
own way
Reservoir
Pump
Water intake
Water
treatment
plants
Underground
tank
Pump
Distribution
Cleaning with
reagents,
ozone and
coal
Sump
Flats /
Houses
Water
meter
Smooth operation
Correctand
uninterrupted
bills
Smooth operation
Continuous
diagnosis
Telemetry
control
Continuous
monitoring
Proper dosing
FZ-152
Order №31 CIP Law
Water supply process
26. Let's try to reformulate our goals
Profit increase
Geo expansion
Sales increase
Production optimization
Reduction in logistics
costs
Loss reduction
X hours of downtime due
to ransomware
Y hours of process
downtime due to
DoS/DDoS-attack
Z hours of employee
downtime due to spam
N rubles fine from
supervisory authorities
Business
Cybersecurity
35. Can compare yourself with competitors?
0
0,5
1
1,5
2
2,5
3
3,5
4
4,5
План & бюджет
Организация
Защитные меры
Архитектура
Процессы и операции
Осведомленность
Реагирование
Управление уязвимостями
Оценка рисков
Корпоративное управление
В среднем по отрасли
У нас
Tricks: instead of comparing with competitors (if there is no data),
you can compare yourself in different states (there was - now - in a
year - ideal)
38. Key Success Factors
• You must understand what you are doing
in the field of information security
• You must understand your business
• You must understand your target
audience
• You must be able to combine these three
elements together
• You need to know where the data is
• You must be able to code/program