#CLUS

Continuous cyber risk

management for
financial services and
retail
Al Slamecka, Mark Scanlan, Philippe Garcia
and Danny Vicente
PSOGEN-1023

#CLUS
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#PSOGEN-1023

by the speaker until June 16, 2019.

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
The race is on to digitize

By 2020 Only

75%
of businesses will
30%
of these digitization
become fully digital efforts will be successful

#1
Failure to Innovate
reason
companies don’t
succeed

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Transformation for survival
Company life span in fortune 500 index
61
60

50
Years Old

40

30
25
18
20

10

1958 1980 2014

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Security Challenges

2 in 5 Executives say privacy and security restrict IoT investment

Reducing
Changing Dynamics Speeding Innovation Talent Shortage
Complexity

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
 Public

TODAY’S
Clouds
Mobile
Users

SaaS SECURE,
Branches
VIRTUAL
Customers,

ARCHITECTURE
Partners,
Suppliers
IoT
Devices
Private
Data Center

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Cyber Risk - A More Holistic Approach
RiskGovernance
Risk Governance
Employee Skillsets
Organization

External Validation (e.g. Insurance)

Processes
Process

Security Controls
Controls
Organizational Assets
Assets

Other 3rd Party

Applications Endpoints

Data

People/Users Infrastructure

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Cisco Cyber Resiliency

Cyber Risk Roadmap and Implementation Services

(FAIR) Cyber Risk Security Mitigation

Cyber Insurance Automation
Analysis

2 1 1 3

Industry Cyber Risk Blueprints / Industry Best Practice

1

Cyber Risk Posture

1 = Core offer 2 = Enhance with Cyber Insurance 3 = Enhance with Continuous assessment

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 (Based on Cisco SAFE Methodology)

Blueprint Example

Industry Lens Align to Existing Focus Solution

Key Business Flows  Frameworks Expected Threats Cisco Products

&  Best Practice & &
Specific Use Cases  Regulations Mitigation Methods Partners

Repeatable best practice information to design and implement

secure infrastructure for a particular industry and/or
environment
#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
 Note: Offer in development

Automating and quantifying cyber risk

Cisco 3rd Party Risk Management Cyber Risk Security

Frameworks: eg. NIST, Insurance Ratings
Cyber Risk Software Quantification ISO, COBIT, IEC etc. Companies Companies

Cisco 3rd Party Platform providers, eg. Panaseer

Frameworks: NIST CSF, ISO,
Industry Risk Management

Security Software Automation Layer

COBIT, IEC etc.

Connector Layer

Network StealthWatch ISE NetFlow MDT 3rd Party AppDynamics Tetration 3rd Party

Passive/Active Asset Visibility Security Data Source Layer

Industry Cyber Risk Blueprints

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 Note: Offer in development

Continuous controls monitoring against risk posture

1 First Phase 2 Second Phase 3 Third Phase 4 Fourth Phase
Industrials often lack accurate asset inventories; gain Identify prudent Establish regimen to gauge Establish continuous assessment aligned to most
comprehensive asset visibility, configuration data, security control efficacy aligned to critical processes and assets to mature and reduce
criticality. controls. relevant framework. risks over time.

Collection Unification Inventory Controls Measurement Frameworks Continuous

Value

Automatic Data Produce Check Automatically Automatically assessment

data cleaning, trusted control populate populate any Continuously monitor,
collection of correlation, inventories coverage for measures security or measure and report
technical normalization from multiple asset against SLA self-defined on controls against
controls into and data sources inventories and threshold framework at SLAs
central aggregation against best targets any time
repository practice
blueprint Continuous cyber risk assessment

Risk frameworks

Cyber risk measurement

Security controls

Normalized inventories

Data unification

Automatic data collection

Maturity
#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Key
Takeaways
& Next Steps

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Continue your education

Demos in the
Walk-in labs
Cisco campus

Meet the engineer

Related sessions
1:1 meetings

#CLUS PSOGEN-1023 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Thank you

#CLUS
#CLUS