A summary powerpoint describing my new book on cybersecurity. It is written for an organization's leadership team in an easy to read, non-technical format. It covers the wide range of issues that are present in cybersecurity planning today.
3. Book Summary
• Cyber threat is real and unpredictable
• Board and C-Suite need to manage
• The threat extends far beyond the IT group
• Gap between management and IT
• Preparation is critical to incident response
• Outside partners/services key resource
• Incident response must be well executed
• Future threats are emerging
4. Who should read Cyber 24-7
• Board of Directors, C-Suite, and non-technical execs:
– Understanding impact and risk
– Key strategy elements
– Preparation and response
– Entire organizational view
• IT – CSO, CIO, CISO:
– Comprehend management perspective/responsibility
– Understand entire scope of cyber threat
– Narrow communications gap
– Improve planning and response planning
5. Table of Contents
• Chapter 1 The Cyber Problem – Where are we today?
• Chapter 2: Cyber: Not your everyday risk!
• Chapter 3: Leadership from the Top – Board and Executive Issues
• Chapter 4: Real time Cyber Intelligence – Preparing and Prevention
• Chapter 5: Attacked and Breached – Now What?
• Chapter 6: Cyber Information Sharing
• Chapter 7: Government Activities in Cyber
• Chapter 8: Information Resources
• Chapter 9: A Standardized Approach can streamline the future
• Chapter 10: The Future of Cyber Security
• Chapter 11: Final Conclusions
• Appendix A: Sample Incident Response Checklist
• Appendix B: Executive Order on Cyber and NIST Framework
6. Today’s Situation
• Victims of our own success – incredible growth
• Opportunity expands the attack surface:
– Clouds linked to legacy systems
– Internet of Things (IOT) means more entry points
– Bring Your Own Devices (BYOD)
• We’re not doing all we can:
– Boards and C-Suite largely delegating/ignoring
– Poor info sharing even at basic levels, not real-time
– Eliminating/upgrading legacy systems
– “Tone at the Top” by the board and C-Suite
– Government – no legislation since 2002, poor grades
7. Cyber is not a Normal Risk!
• Cyber defies conventional metrics
– Non-quantifiable
– Non-predictable
– Global, not local
– Can put the entire organization at complete risk
• Examples of normal risks:
– Weather - business interruption
– Employee and customer lawsuits
– Theft of a trailer full of cell phones
8. Executive Leadership
• Set the organizational “Tone at the Top”
• Responsible for oversight and priorities
• The board sets the risk tolerance level
• People should be vetted and monitored
• Outside resources should be identified
• Cross organization response should be
planned and exercised
• The threat is much broader than just IT issues
9. What to worry about today
• Customer payment information - Target
• Intellectual property theft – 20 year impact –
Lockheed-Martin
• Malicious insiders - Snowden
• Critical Infrastructure attack – power,
communications
• Emerging threats – important to stay current
• Device loss or theft – multiple scenarios
10. Board & C-Suite
Preparation/Proactive Efforts
• Set the “Tone at the Top”
• Understand executive vulnerabilities
• Consider a technical board
member/committee
• Hire the right people and partners
• Detailed risk, resilience and plan review
• Exercise the full plan across the enterprise
11. People – Critical at all Levels
• Industry shortage means higher Bozo % at all
levels
• Validating through outside expertise
• Finding, training, retaining and motivating
• Standing guard 24/7 very difficult
• Great can turn malicious for outside reasons
• 360 degree communications for team success
• Entire organization – this is not just an IT issue
12. Future Trends
• Threat is expanding with new vulnerabilities
• Mobile, Cloud, and Internet of Things (IOT)
enabling new vulnerabilities
• Sharing is still an under-utilized defense
• Law enforcement will have to improve cross-
jurisdictional investigations and prosecution
• Market of services and solutions growing rapidly
in response to the threat
• Likely will be years before a downturn in risk
13. About the Author – Pete O’Dell
• Current: author, board member, consultant
• Past: Multiple roles, multiple industries
– President of software division – Autodesk
– CIO: Microwarehouse, Autodesk, UCA
– COO: Online Interactive, Supertracks
– Co-founded Swan Island Networks
• Contact:
– Peterlodell@gmail.com
– Skype: Peterlodell