CSE: Among the Guide’s ‘Tenet 3: Build and Practice Strong Cyber Hygiene’, it recommends that organisations ‘develop a detailed inventory and a confi guration management system’ and ‘Secure the Active Directory’. It assumes that these IT security terms will be understood by non-technical executives. Is this the case? GDM: This report is fi rst and foremost targets any corporate offi cer accountable for cyber security within the organisation which is often the CISO, but could also be the CIO, CRO or any other relevant c-suite stakeholder. This Corporate Offi cer is expected to understand some of key technical concepts and help translate them in more business-friendly terms to the non-technical c-suite and other board members. He/She should also ensure that [they] disseminate the information that will help the c-suite and board members make better-informed decisions regarding cyber risks involved and prioritise their investments accordingly.


CSE: The World Economic Forum Centre for Cybersecurity is working with the investment community to develop a set of high-level principles and a standard due-diligence framework that will provide guidance on how investors can evaluate and benchmark their investment portfolio companies and their cyber security preparedness. Can you briefl y explain how this initiative came into being and how it will work in practice? GDM: In July 2019 the WEF published a report covering ‘Incentivising responsible and secure innovation: Principles and guidance for Investors’2 , and then in June 2020, a ‘Framework for entrepreneurs and investors’3 , to put these principles in practice. These two reports were the result of a collaboration with a purpose-driven community led by investors and with the aim to amplify and help accelerate the adoption and implementation of the best practices in organisational and product security, particularly for the technology innovation companies.


Cyber criminals have exploited the fragmented co-operation eff orts between private and public sectors.


CSE: A group of private-sector leaders from a number of cyber security vendors, service providers and global corporations, along with Interpol and Europol, agreed to work together with the WEF through 2020 to foster a global public-private alliance to fi ght against cyber crime. Can you outline the broad aims and objectives of this initiative? GDM: Cyber crime cannot be systemically addressed without a combined approach that aims to reduce the fi nancial gain and make the risk of prosecution real to off enders. To achieve this, and help benefi t organisations across the world, we need to enable better convergence of transnational public-private eff orts and resources, since cyber criminals have to date been quite apt to exploit the rather fragmented co-operation eff orts between governments and private-sector actors. The WEF launched the Partnership against Cybercrime initiative to identify ways to enable stronger public-private collaboration, improve the eff ectiveness of cyber crime investigations, and enhance the potential of disruptive actions against cyber criminal infrastructures.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62