Please read below and attahed file with this. I want plagiarism free assignment. Plagiarism should be less than 6%. this assignment is the report. In the starting is like a letter to chairman Australian stock with proper subject. Make proper table of content. After that there should be a Introduction. This report must contain maximum points to clear the statement with maximum examples to clear the recommendations. All the example should be with recommendations with proper citation and referencing.
Future of Digital Economy and Society System Initiative January 2017 Advancing Cyber Resilience Principles and Tools for Boards In collaboration with The Boston Consulting Group and Hewlett Packard Enterprise World Economic Forum® © 2017 – All rights reserved. No part of this publication may be reproduced or Transmitted in any form or by any means, including Photocopying and recording, or by any information Storage and retrieval system. REF 110117 Contents Preface 3 1. Introduction 4 2. How to Use These Tools 6 2.1 Board Governance and Cyber Resilience 6 2.2 Using the Principles and Tools 7 3. Cyber Resilience Principles and Tools for Boards 8 3.1 Board Principles for Cyber Resilience 8 3.2 Cyber Principle Toolkits 9 3.3 Board Cyber Risk Framework 15 3.4 Board Insights on Emerging Technology Risks 24 4. The Future of Cyber Resilience 28 Appendix 1: Cyber Resilience Tools at a Glance 29 Appendix 2: Terms and Definitions 31 Appendix 3: Principles and Toolkits in Practice 32 Appendix 4: Future of Cyber Resilience – Risk Benchmarking for Boards 33 Acknowledgements 34 3Principles and Tools for Boards Preface Cyber resilience and cyber risk management are critical challenges for most organizations today. Leaders increasingly recognize that the profound reputational and existential nature of these risks mean that responsibility for managing them sits at the board and top level executive teams. Many organizations, however, do not feel that they are equipped with the tools to manage cyber risks with the same level of confidence that they manage other risks. Emerging leading practices have not yet become part of the standard set of board competencies. Beyond individual organizations, cyber risk is a systemic challenge and cyber resilience a public good. Every organization acts as a steward of information they manage on behalf of others. And every organization contributes to the resilience of not just their immediate customers, partners and suppliers but also the overall shared digital environment. Furthermore, continued technological adoption creates an urgency that cannot be ignored. In the coming years, several billions of everyday devices will be connected. As our virtual and physical worlds merge, the stakes are increased. This will require two things: 1) a significantly increased number of organizations adopting, sharing and iterating current leading practices; and 2) cross-sectoral collaboration to develop the new practices that will be required to deal with the unique attributes of managing cyber risks of physical assets. The second will be difficult without an informed body of leaders leveraging common tools and language. For these reason, as part of the World Economic Forum’s System Initiative on the Digital Economy and Society, the Forum has partnered with The Boston Consulting Group and Hewlett Packard Enterprise to develop an important new resource, Advancing Cyber Resilience: Principles and Tools for Boards. This report, which is the product of an extensive process of co-collaboration and consultation, has distilled leading practice into a framework and set of tools that boards of directors can use to smoothly integrate cyber risk and resilience into business strategy so that their companies can innovate and grow securely and sustainably. The Forum would like to thank The Boston Consulting Group and Hewlett Packard Enterprise for their leadership, the Expert Working Group for their contributions and all of the board members, chairs and CEOs who helped shape and adjust our efforts as we went along. This was truly a community effort, and we remain in debt for the energy and commitment of each member. We hope that you will join us in using these tools to help advance our shared cyber resilience. Rick Samans Member of the Managing Board 4 Advancing Cyber Resilience Cybersecurity features high on the agenda of leaders across all sectors, with business, governments and individuals rapidly taking advantage of faster, cheaper digital technologies to deliver an unprecedented array of social and economic benefits. The process of digitizing and connecting, however, introduces a range of new challenges. The World Economic Forum’s work on cybersecurity since 2011,1 along with global interest in cybersecurity issues, has gone a long way towards ensuring that businesses and leaders are aware of the risks inherent in the hyperconnected world. For this awareness to lead to understanding and action, the Forum has engaged with a diversity of stakeholders to develop new ways to empower oversight boards to ensure that their organizations can thrive in this new era. 1. Introduction Two ideas have served as touchstones of our approach since the beginning of the World Economic Forum’s engagement on the topic of cybersecurity and resilience. First, leadership has a vital role to play in securing resilience.2 Second, that in order to effectively deal with cyber challenges, organizational leaders need a mindset that goes beyond cybersecurity to build a more effective cyber strategy and incorporate it into overall strategic thinking. Cyber resilience is a leadership issue Those at the forefront of digital security thinking share the Forum’s view that cyber resilience is more a matter of strategy and culture than tactics.3 Being resilient requires those at the highest levels of a company, organization or government to recognize the importance of avoiding and proactively mitigating risks. While it is everyone’s responsibility to cooperate in order to ensure greater cyber resilience, leaders who set the strategy for an organization are ultimately responsible, and have increasingly been held accountable for including cyber resilience in organizational strategy.4 For businesses, this means that cyber strategy must be determined at the oversight board level. Going beyond cyber security Speaking only about cybersecurity is insufficient if the challenges of digitalization are to be effectively met. Protection is important, but organizations must also develop strategies to ensure durable networks and take advantage of the opportunities that digitalization can bring. While there are many broader definitions of cybersecurity,5 there is a difference between cybersecurity and the more strategic, long-term thinking cyber resilience should evoke. Additionally, since vulnerability in one area can compromise the entire network, resilience requires a conversation focused on systems rather than individual organizations.6 The Forum recognizes that integrating cyber strategy into business or organizational strategy is a significant challenge for any organization. The best way to combat the fear and uncertainty in this space is through tools and partnerships designed to develop understanding, create transparency, and find certainty in order to support much- needed action in this space. In our aim to normalize cyber risk, the Forum endeavours to make these risks as familiar to board members as any of the others risks they deal with on a regular basis. This document provides the first in a continuing series of tools that leaders have called for in order to support their efforts at integrating cyber resilience into overall business strategy. 5Principles and Tools for Boards The challenge of cyber resilience Countering cyber risk presents a significant strategic challenge to leaders across industries and sectors but one that they must surmount in order to take advantage of the opportunities presented by the vast technological advances in networked technology that are currently in their early stages. Over the past decade, we have significantly expanded our understanding of how to build secure and resilient digital networks and connected devices. However, board-level capabilities for strategic thinking and governance in this area have failed to keep pace with both the technological risks and the solutions that new innovations provide. We have recognized a clear desire on the part of forward- thinking and visionary leaders to improve capabilities in this important aspect of strategy and governance. As recent events and predictions for the future show, now is the time to fill capability gaps with regard to cybersecurity and resilience at the highest level of any organization. The rapid pace of innovation and network connectivity will only increase in the coming years, making board-level action on this topic absolutely urgent. In the next few years, billions of new devices will connect to the internet as well as to corporate and government networks. These networked devices bring with them the threat of new risks to the enterprise and, more importantly, to networked systems that affect millions of lives. The systematic nature of these threats requires a different set of responses from policy-makers and business leaders. It is no longer sufficient to subject network security to a trial-and-error or low-oversight approach, as has generally been the default for many organizations. Consider a well-publicized cyber-attack that occurred just as this report was in the drafting process. In the early morning of 21 October 2016, Dyn, a company that acts as a kind of switch-board operator for the internet as part of the Domain Name System (DNS), reported that many websites were inaccessible. Over the course of the day, users experienced the inability to access some of the most popular sites on the internet, including nytimes.com and Twitter. The reason for the outage was that Dyn’s servers were undergoing a massive Dedicated Denial of Service (DDoS) attack – that is an attack that uses up all available connections to a website, thereby rendering it inaccessible to legitimate users – instigated by actors who had taken control of thousands of internet-enabled devices, including webcams and DVRs. 7 Attackers in the Dyn DDoS attack took advantage of strategic choices that a variety of companies made in order to succeed. On the hardware side, manufacturers adopted a speed-to-market strategy rather than a security- by-design strategy, releasing a significant number of vulnerable devices that hackers could co-opt for DDoS attacks. Companies running websites made the strategic decision to concentrate their resources on one or a few DNS servers rather than spreading the load across several, which has implications for a site’s resilience.8 Considering practices across industries, it is likely that these decisions were made by default at a junior management level rather than after a thorough examination of their security and resilience implications at the