cyber

Managing Cyber Risk and the application of Cyber Insurance

 
UPDATE on the development of ISO 27102 ISO 27102 - Cyber Insurance
 
Ahead of the next meeting of the ISO Technical Committee for Information Security responsible for the development of the international standard for Cyber Insurance (27102) in Tel Aviv in April a meeting was held in London on 8th February to discuss the concerns and possible solutions as part of the Public Consultation phase of the standards development. 
 
Those attending the session represented a diverse group of stakeholders from across the Insurance Sector and included a number of significant endusers. Ahead of this meeting over 50 other stakeholders, representing a more diverse base of stakeholders, also provided feedback on the proposal for a cyber insurance standard.
 
During these discussions the overwhelming majority felt that the standard was currently not appropriate and rather duplicated guidance already available in the market. Further, the consensus was that the structure of the documents did not help either the user or the insurance sector. The group also strongly felt that there was too little practical advice for users on the insurance aspects that need to be considered and how best to engage and align their operations to optimise the benefits insurance can bring.
 
However, as the meeting developed it become clear that there was a way forward that could, if adopted by ISO, address the concerns and provide a powerful tool for users and the insurance sector to enhance and improve the efficiency of the process, improving the value for all.
 
In the next week or so the UK will be submitting comments and our recommendations to ISO for consideration in Tel Aviv.
 
We are hopeful that the recommendations will be received positively, as they directly address the needs of the market and support the wider work of the ISO Committee responsible for Information Security.
 
Critically, the recommendations to be submitted also directly address the concerns of the insurance sector and have garnered strong support from those active across the sector. By altering some aspects of the scope, revising certain sections and focusing on a more evolved set of outcomes this standard could end up driving considerable growth in the sector while also improving the quality and capabilities of Cyber Risk Management.
 
If you would like to know more please do get in touch with me at russell.price@continuityforum.org.
 

Major new British Standard for Cyber Risk and Resilience [Consultation]

BSI Cyber Risk and Resilience Standards BS 31111A major new British Standard [BS 31111] is in development to help senior executives and risk managers improve their cyber risk management and build the cyber resilience of their organizations.

Over the past year, the BSI Risk Management Committee has been working on developing new guidance that aims to help top executives better understand and manage the technology risks to their organizations.  

Cyber Security for Purchasing Professionals

Cyber Risk Management for Purchasing and supply
 
A new initiative to help build cyber security has been launched that focuses on the important role played by procurement and purchasing teams.
 
While schemes such as Cyber Essentials provides help with technical issues, the new government backed scheme provides free of charge training for procurement professionals.  The on-line course helps build understanding of the most common risks faced and how they can be addressed.
 

Cyber Risk - an animated short introducing cyber risk and the essentials programme

An Introduction to Cyber Risk and the Cyber Essentials Scheme - Video

This is a short 5 minute video that rather light heartedly provides a basic introduction to Cyber Risk.  It isn't technical and aims to help build awareness of Cyber Risk has evolved and introduces the UK Cyber Essentials Scheme.

 



If you would like to know more about our work covering Cyber Risk then get in touch.

You can also find out more about the special Cyber Risk and Insurance Forum by clicking on the link in the menu bar. 

 


Online Cyber Security course from the OU, Cabinet Office and BIS

Online Cyber security training from the Open University
Future Learn has launched 3 new free cyber security online training courses, funded by the National Cyber Security Programme.  
 
The courses are aimed at all levels, from young people through to existing employees, and represent an excellent opportunity to develop skills in the IA arena.
 

Government sets the bar for Cyber Risk with Cyber Essentials

Cyber essentials scheme Logo Department of Business, Innovation & Skills Minister, Right Hon David Willetts MP, has announced the certification framework for Cyber Essentials, the governments new initiative aimed at creating a minimum expected capability for cyber security.  

Government funding for SME and start up Computer Security

CESG innovation scheme provides £5000 for business cyber risk management The government has extended the Innovation Voucher scheme that supports SMEs, entrepreneurs and early stage start-ups by implementing or improving cyber security.

The scheme provides flexibility and allows firms to choose from a ange of approved suppliers.  Successful applicants will receive up to £5000 from the Innovation Scheme. 

HMG announces Cyber Essentials Scheme

 

 

As part of the UK government's long-term strategy to address the increasing threats around cyber risk HMG has announced its Cyber Essentials Scheme.

Department for Business, Innovation & Skills

The scheme identifies and focuses on five principal areas that businesses of all types and sizes must consider as "the essential" foundation of their cyber security.

Industry Award for the Cyber Essentials scheme

 
Cyber Essentials Scheme
 
The government backed Cyber Essentials scheme has been recognised with the Editors Award from SC Magazine. The scheme was developed by BIS and CESG to help businesses put in place practical measures that have been proven to help protect against cyber risk following an extensive period of industry consultation. 
 

Cyber | There's a good time coming...

 
...but it's a good time in coming.
 
‘solitary, poor, nasty, brutish, and short; is not a description of the career of the average cyber security officer. It’s a treatise on a life in a constant state of war by Thomas Hobbes (1588 – 1679).
 

UK Government to help Lawyers and Accountants protect against Cyber Attack

Department of Business, Innovation and Skills helps Lawyers and Accountants develop Cyber Risk knowledge Digital Economy Minister Ed Vaizey has announced a new free online training course to help members of the legal and accountancy professions develop the skills they need to protect themselves and their clients from cyber-attacks.
 
Developed by government and industry, the on-line training will also enable lawyers and accountants to advise their clients on the cyber risks to their business. This will help UK businesses protect themselves from information breaches and other threats that could potentially cost them millions of pounds.
 

Staples joins the list of hacked retailers

Office supplies firm Staples joins the list of Hacked retailersReports are emerging of another credit card security breach this time concerning the Office supplies firm Staples.
 
They are the latest in a growing list of familiar retail names to have had their security breached.  The breach came to light following the detection of fraud patterns across the North Eastern United States.
 

Another retailer suffers data theft - Morrisons payroll data stolen


Morrisons suffers data theftWm. Morrison, one of the UK's largest supermarket chains, has had the details of more than 100,000 staff stolen. While far fewer people have been affected by this data theft than in others recently reported.
 
The theft covers the payroll records of staff employed by the company and the firm has stated no customer records have been compromised.
 

BIS Cyber Hygiene Profile - CALL FOR REVIEW

BIS CYBER HYGIENE PROFILE DRAFT REVIEW - COMMENTS NEEDEDFeedback is needed from industry on the first draft of the Cyber Hygiene Profile developed by BIS and intended to identify the basic cyber controls that should be present in business.
 
The current draft can be viewed and comments submitted through the BSI’s Draft Review System and the review will close on the 16th March, 2014.

Managing Cyber Risk from the top down

 

Connecting Cyber & Information Security with Business at the Top 

Each month seems to bring us a new report showing that business needs to be doing more on the threats to their IT.  Almost daily there are media reports of companies systems being breached by hackers, of data being lost and increasingly sophisticated criminal activity.  The Internet has become ever more part of our business processes around the world bringing new dimensions of communication, information sharing and performance. Our companies IT systems are critical, not just to business performance, but to organisational survival. 

Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...