Secrets to Success! Accountability in Global Organizations. Marisa Rogers & Jenifer Garone, Microsoft Ruby Zefo, Intel
|
|
- Rodger Flowers
- 5 years ago
- Views:
Transcription
1
2 Secrets to Success! Accountability in Global Organizations Marisa Rogers & Jenifer Garone, Microsoft Ruby Zefo, Intel
3 AGENDA Accountability at the top Accountability across the business Assessments & Reporting Gaining Buy-In for Resources Remediation & Incident Response
4 PRIVACY ACCOUNTABILITY FROM THE TOP Tone from the top vs. Privacy Security.
5 PRIVACY ACCOUNTABILITY ACROSS THE BUSINESS Policies, Tools & Training vs.
6 PRIVACY ACCOUNTABILITY AT MICROSOFT Microsoft governs its privacy program using the hub & spoke model, with the corporate privacy team and Privacy Managers, Leads, & Champs in the organizations across the company. The hub, Trustworthy Computing, is responsible for: Policies, Standards & Procedures (PSPs) Training Tools Reporting Capacity Comms Sales & Marketing Services TwC Privacy Engineering Groups The spokes are responsible for implementation and compliance with PSPs. IT HR, Finance, Legal
7 BRINGING A MATRIXED ORGANIZATION TOGETHER Engineering Groups Business Groups Corporate Functions Services Privacy Managers Privacy Leads Sales & Marketing TwC Privacy Engineering Groups Privacy Champs IT HR, Finance, Legal
8 TwC Privacy BRINGING A MATRIXED ORGANIZATION TOGETHER Engineering Groups Business Groups Corporate Functions Privacy Managers Privacy Leads Privacy Champs Privacy Managers Privacy Leads Privacy Champs Privacy Managers Privacy Leads Privacy Champs Privacy Steering Committee Privacy Councils (e.g. marketing, advertising, enterprise, vendor) Privacy Committees (e.g. training, career development, controls)
9 Business Privacy Manager PRIVACY ROLES Scenario: Business is working with MSIT SBU to create, design, deliver applications & tools. Requirements Testing Go/No Go Deployment Review Approve Attest Consult Validation Test Plans UAT Attend Vote Review Approve Certify Consult Validation MSIT Privacy Manager Requirements Risk Mitigation Deployment Operate&Maintain Issue Resolution Consultation Validation Consultation Approve Attest Consultation Validation Risk Assessments SLT Reporting Contract Reviews Exceptions Policies&Standards Consultation Validation Escalations TwC Privacy Requirements Risk Mitigation Deployment Operate&Maintain Issue Resolution Consultation Exceptions Policies&Standards Act as Business Privacy manager when gap exists MSIT and Business Privacy jointly approach TwC for guidance Consultation Consultation PERFs Consultation Exceptions Policies&Standards Consultation Validation Escalations MSIT and Business Privacy jointly approach TwC for guidance
10 PRIVACY TOOLS PAM PAGO review tool IMS Incident & Inquiry management tool Contacts Tool Coverage report by org PrivPub EGRC Archer Streamlined Risk Assessment (SRA)
11 PRIVACY TOOLS HOW DO I HANDLE AN EXCEPTION REQUEST?
12 QUIZ - TONE AT THE TOP If you have something that you don t want anyone to know maybe you shouldn t be doing it in the first place. You have zero privacy anyway. Get over it. In reality, we wouldn't share your information in a way you wouldn't want... The trust you place in us as a safe place to share information is the most important part of what makes this work.
13 ASSESSMENTS/METRICS REPORTING Everyone can do some metrics! Yes, you.
14 EXAMPLE ASSESSMENT: PRIVACY ACCOUNTABILITY Key: Green = Completed; Yellow = In Process; Red = At Risk
15 Privacy Policies Accountability Identify and Classify Incident and Breach Response Notice Use Access & Accuracy Training Privacy by Design 3rd party transfer International transfer Retention & Disposal Security Subsidiary EXAMPLE PRIVACY MATURITY ASSESSMENT Current Status Current = ~2 Status Goal State = 2 Goal = 3 State = 3 High 5 - Optimized 4 - Managed 3 Defined x Recommended minimum for processing XYZ data x 2 - Repeatable x x x x x x Low 1 Ad hoc x x
16 Creating a PAM Assessment EXAMPLE PRIVACY IMPACT ASSESSMENT Policy Approval Manager 16
17 EXAMPLE PRIVACY PROGRAM METRICS Metrics via Score carding
18 EXAMPLE PRIVACY PROGRAM METRICS Org Engagement - June 2013 Privacy Review volume - YOY
19 EXAMPLE PRIVACY PROGRAM METRICS Volume YTD July Aug Sept Oct Nov Dec Jan Feb Mar April May June Privacy Program Monitoring Privacy Inquiries/Reviews
20 OBTAINING RESOURCES What do all these have in common?
21 REMEDIATION & INCIDENT RESPONSE
22 MANAGING INCIDENTS
23 KEY TAKEAWAYS Privacy as a business enabler Measure, measure, measure people do what they re measured on Leveraging like-minded roles Have a privacy elevator pitch!
Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationHow to Derive Value from Business Continuity Planning
How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, 2011 1 BCM Challenges BCM funding is limited
More informationMHBE Compliance Program SECOND QUARTER FY 2019 REPORT. TO MHBE BOARD OF TRUSTEES January 22, 2019
MHBE Compliance Program SECOND QUARTER FY 2019 REPORT TO MHBE BOARD OF TRUSTEES January 22, 2019 Presented by: Caterina Pañgilinan Audit Status Report Total Audit Findings Open Findings (3) SMART PY17
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationSME License Order Working Group Update - Webinar #3 Call in number:
SME License Order Working Group Update - Webinar #3 Call in number: Canada Local: +1-416-915-8942 Canada Toll Free: +1-855-244-8680 Event Number: 662 298 966 Attendee ID: check your WebEx session under
More informationDefensible and Beyond
TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial
More informationGDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018
GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into
More informationMicrosoft Technical Training Public Class Schedules Year 2019
Microsoft Technical Training View Class Schedules by Categories Below 1. Windows Server 2016 2. Windows Server 2012 3. Azure Windows 10 Skype for Business 2015 Power BI 4. SQL Server 5. Exchange Server
More informationOrganizational Privacy Transformation: A case study from Critical Issues to Award Winning Success
Organizational Privacy Transformation: A case study from Critical Issues to Award Winning Success Norine Primeau-Menzies VP Customer Services, Chief Privacy Officer May 2012 Agenda Overview of OTN Setting
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationHow To Build or Buy An Integrated Security Stack
SESSION ID: PDIL-W03 How To Build or Buy An Integrated Security Stack Jay Leek CISO Blackstone Haddon Bennett CISO Change Healthcare Defining the problem 1. Technology decisions not reducing threat 2.
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationIT Updates. Maryland Health Benefit Exchange Board Meeting April 15, Presented by: Isabel FitzGerald Secretary, DoIT
IT Updates Maryland Health Benefit Exchange Board Meeting April 15, 2014 Presented by: Isabel FitzGerald Secretary, DoIT A service of Maryland Health Benefit Exchange Agenda Overview of process for CT
More informationJune 2012 First Data PCI RAPID COMPLY SM Solution
June 2012 First Data PCI RAPID COMPLY SM Solution You don t have to be a security expert to be compliant. Developer: 06 Rev: 05/03/2012 V: 1.0 Agenda Research Background Product Overview Steps to becoming
More informationBest Practices & Lesson Learned from 100+ ITGRC Implementations
Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview
More informationCompTIA CASP (Advanced Security Practitioner)
CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationThe Future Is SECURITY THAT MAKES A DIFFERENCE. Implementing the 20 Critical Controls
The Future Is SECURITY THAT MAKES A DIFFERENCE Implementing the 20 Critical Controls Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical controls
More informationCPD Summary Guide Version:3.1
CPD Summary Guide 2018 Version:3.1 Objective Investor Assurance That the UAE capital market professionals satisfy the fit and proper criteria That they are capable to perform their functions effectively,
More informationReady, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan
Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals
More informationSecurity Incident Management in Microsoft Dynamics 365
Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationCLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016
CLE Alabama Banking Law Update Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 Best Practices on Managing Cyber-Security Risks J.T. Malatesta III and Sarah S. Glover Maynard Cooper
More informationDan Lobb CRISC Lisa Gable CISM Katie Friebus
Dan Lobb CRISC Lisa Gable CISM Katie Friebus AGENDA Meet the speakers Compliance between QSA visits - Dan Lobb Transitioning from PCI DSS 3.1-3.2 - Katie Friebus Tips for Managing a PCI Compliance Program
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationCloud Security Alliance Quantum-safe Security Working Group
Don Hayford 3rd ETSI/IQC Workshop on Quantum-Safe Cryptography Seoul, Korea October 5, 2015 Session 3: Joint Global Efforts Cloud Security Alliance Quantum-safe Security Working Group 1 Cloud Security
More informationReading the Tea Leaves of the 2015 RSA Conference Submissions
Reading the Tea Leaves of the 2015 RSA Conference Submissions Hugh Thompson RSA Conference 2015 Program Committee Chairman Britta Glade RSA Conferences Senior Content Manager Agenda Quick submission &
More informationEmbedding Privacy by Design
Embedding Privacy by Design Metric Stream Customer Conference May 12, 2015 TRUSTe Data Privacy Management Solutions 1 Today s Agenda Privacy in the Context of GRC Data Privacy Management and Top Privacy
More information2018 CALENDAR OF ACTIVITIES
2018 CALENDAR OF ACTIVITIES WHO WE ARE AND WHAT WE OFFER Ý Public Trainings Technical Sessions Reviews GMM Other Chapter Activities Conferences Professionals Night ISACA was incorporated by individuals
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationThe CIS Security Metrics & Benchmarking Service. Clint Kreitner The Center for Internet Security
The CIS Security Metrics & Benchmarking Service Clint Kreitner The Center for Internet Security The Center for Internet Security (CIS) Formed - October 2000 As a not-for-profit public-private partnership
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationOregon Fire Service Conference Enterprise Security Office Update. October 26, 2018
Oregon Fire Service Conference Enterprise Security Office Update October 26, 2018 2 State CIO Update Terrence Woods Interim State CIO Slide presented at August OAGTIM 3 Information Security Unify cybersecurity
More informationCOUNTY OF RIVERSIDE ENTERPRISE SOLUTIONS FOR PROPERTY TAXATION
COUNTY OF RIVERSIDE ENTERPRISE SOLUTIONS FOR PROPERTY TAXATION PRESENTERS PANEL GUESTS DON KENT RIVERSIDE COUNTY TREASURER- TAX COLLECTOR LARRY WARD ASSESSOR - COUNTY CLERK - RECORDER KAN WANG PROPERTY
More informatione-sens Nordic & Baltic Area Meeting Stockholm April 23rd 2013
e-sens Nordic & Baltic Area Meeting Stockholm April 23rd 2013 Objectives of the afternoon parallel tracks sessions 2 Meeting objectives High level: Identification of shared interests with emphasis on those
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationSOC Reporting / SSAE 18 Update July, 2017
SOC Reporting / SSAE 18 Update July, 2017 Agenda SOC Refresher Overview of SSAE 18 Changes to SOC 1 Changes to SOC 2 Quiz / Questions Various Types of SOC Reports SOC for Service Organizations (http://www.aicpa.org/soc4so)
More informationIT Governance: Shared IT Infrastructure Advisory Committee (SIAC)
IT Governance: Shared IT Infrastructure Advisory Committee (SIAC) Notes Members Attending: Blanchard, Cromer, Kirmse (Chair), Frey, Lander, Robinson, Sallot Others Attending: Burdette, P. Cook, Easley,
More informationPrivacy by Design Brendon Lynch, Microsoft Trevor Hughes, IAPP
Privacy by Design Brendon Lynch, Microsoft Trevor Hughes, IAPP Session ID: ASEC-304 Session Classification: Privacy by Design What is it? Why now? Building it. Microsoft Example Getting Support. Where
More informationCertificate in Security Management
Certificate in Security Management Page 1 of 6 Why Attend This course will provide participants with an insight into the fundamentals of managing modern and effective security operations. It will address
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationNo More Security Empires The CISO as an Individual Contributor
SESSION ID: STR-R02 No More Security Empires The CISO as an Individual Contributor Jim Maloney CISO AvidXchange, Inc. @cyberrisks What if your security program had no staff, except you no budget, except
More informationAuditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley
Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips
More informationPractical Guide to Cloud Computing Version 2. Read whitepaper at
Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables
More informationIT General Controls and Why We Need Them -Dennis McLaughlin, CISA (Cyber AIT) Dennis McLaughlin - Cyber AIT 1
IT General Controls and Why We Need Them -Dennis McLaughlin, CISA (Cyber AIT) 1 Agenda Background ICOFR need for IT General Controls IT General Control Areas Financial Process Example Project Governance
More informationUIS Monthly Update May 2015
IT Governance UIS Monthly Update May 2015 Scott Munson 5/19/2015 UIS May 2015 Enterprise Services Update Projects Update era Updates MUNSON IT GOVERNANCE MAY 2015 UIS UPDATE 5/19/2015 2 IT GOVERNANCE MAY
More informationWhat's New in CTPAT. Logo and Abbreviation Current Membership Trusted Trader Best Practices Minimum Security Criteria Outreach/Training
What s New Our Mission Detect and prevent terrorists and terrorist weapons from entering the United States, while facilitating the orderly and efficient flow of legitimate trade and people at and through
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More information113 BSIMM Activities at a Glance
113 BSIMM Activities at a Glance (Red indicates most observed BSIMM activity in that practice) Level 1 Activities Governance Strategy & Metrics (SM) Publish process (roles, responsibilities, plan), evolve
More informationSecurity Metrics Establishing unambiguous and logically defensible security metrics. Steven Piliero CSO The Center for Internet Security
Security Metrics Establishing unambiguous and logically defensible security metrics Steven Piliero CSO The Center for Internet Security The Center for Internet Security (CIS) Formed - October 2000 As a
More informationISO Professional Services Guide to Implementation and Certification AND
ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR
More informationFood service training & certification
Food service training & certification Required by the State of South Dakota Training Schedule 2012 South Dakota Retailers Association Serving safe food is not an option... The state of South Dakota requires
More informationInformation Security Procedures and Privacy Protection
Information Security Procedures and Privacy Protection Michele Dow, Associate Marketing Consultant Eli Lilly & Company Monday, February 25, 2008 Email Environment Today CAN SPAM Increased Privacy Needs
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationERS IT Portfolio Report
Administration and Operations Committee ERS IT Portfolio Report January 21 st, 2014 1 Agenda Information Technology Projects Summary 2013 End of Year Metrics Project Management Office CMERS Website Applications
More informationPrivacy and Proxy Service Provider Accreditation. ICANN58 Working Meeting 11 March 2017
Privacy and Proxy Service Provider Accreditation ICANN58 Working Meeting 11 March 2017 Agenda 13:45-15:00 15:00-15:15 15:15-16:45 Timeline Check; Policy Document Update; Third- Party Requests Break PSWG
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationCSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD
More informationData Governance Quick Start
Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry
More informationBuilding YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services
Building YOUR Privacy Program: One Size Does Not Fit All Justine Gottshall Partner, InfoLawGroup, LLP Chief Privacy Officer, Signal Jgottshall@infolawgroup.com Adam Nelson Executive Consultant Global Data
More informationAdministration and Data Retention. Best Practices for Systems Management
Administration and Data Retention Best Practices for Systems Management Agenda Understanding the Context for IT Management Concepts for Managing Key IT Objectives Aptify and IT Management Best Practices
More informationCouncil, 26 March Information Technology Report. Executive summary and recommendations. Introduction
Council, 26 March 2014 Information Technology Report Executive summary and recommendations Introduction This report sets out the main activities of the Information Technology Department since the last
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationAgile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners
Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,
More informationA NEW MODEL FOR AUTHENTICATION
All Rights Reserved. FIDO Alliance. Copyright 2016. A NEW MODEL FOR AUTHENTICATION ENABLING MORE EFFICIENT DIGITAL SERVICE DELIVERY Jeremy Grant jeremy.grant@chertoffgroup.com Confidential 5 The world
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationGDPR: The Day After. Pierre-Luc REFALO
GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationThe Resilient Incident Response Platform
The Resilient Incident Response Platform Accelerate Your Response with the Industry s Most Advanced, Battle-Tested Platform for Incident Response Orchestration The Resilient Incident Response Platform
More informationPERFORMANCE DASHBOARDS
ASOA 2017 Bring Focus Using PERFORMANCE DASHBOARDS KAY COULSON, PRESIDENT ELECTIVE MEDICAL MARKETING A BIT ABOUT ME IN THE BEGINNING LIFE BEFORE EYES CENTER OPENED CONSULTING WORLDWIDE FINANCIAL DISCLOSURES
More informationAdaptive & Unified Approach to Risk Management and Compliance via CCF
SESSION ID: SOP-W08 Adaptive & Unified Approach to Risk Management and Compliance via CCF Vishal Kalro Manager, Risk Advisory & Assurance Services (RAAS) Adobe @awish11 Disclaimer All the views presented
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationINFORMATION TECHNOLOGY ONE-YEAR PLAN
INFORMATION TECHNOLOGY ONE-YEAR PLAN 2016-2017 Information and Communications Technology One-year Plan 2016-2017 The purpose of this document is to identify the activities being undertaken this year by
More information2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Casie D. Collignon Partner Denver 303.764.4037 ccollignon@bakerlaw.com
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationCurrent Cloud Certification Challenges Ahead and Proposed Solutions
Current Cloud Certification Challenges Ahead and Proposed Solutions Daniele Catteddu, CTO Cloud Security Alliance AGENDA 3 Challenges 1 Framework 3 Key Requirements 3 Solutions Copyright 2011 2016 Cloud
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationREAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY
SEPTEMBER 11 13, 2017 BOSTON, MA REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY HealthcareSecurityForum.com/Boston/2017 #HITsecurity Brian Selfridge Partner, Meditology Services https://www.meditologyservices.com/
More informationInformation Technology (CCHIT): Report on Activities and Progress
Certification Commission for Healthcare Information Technology Certification Commission for Healthcare Information Technology (CCHIT): Report on Activities and Progress Mark Leavitt, MD, PhD Chair, CCHIT
More informationBringing Cybersecurity to the Boardroom Bret Arsenault
SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT AND BEST PRACTICES Heather Fields, JD, CHC, CCEP (414) 298-8166 hfields@reinhartlaw.com 1000 North Water Street, Suite 1700, Milwaukee, WI 53202 www.reinhartlaw.com 0 Agenda Role
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationCertification Standing Committee (CSC) Charter. Appendix A Certification Standing Committee (CSC) Charter
Appendix A A1 Introduction A1.1 CSC Vision and Mission and Objectives Alignment with Boundaryless Information Flow: Our vision is a foundation of a scalable high integrity TOGAF certification programs
More informationCyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology
Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology 8 December 2016 The Matrix (1999) 1 / L_LIVE_APAC1:5433168v1 World Internet
More informationISO/IEC JTC 1 Special Working Group on Accessibility (SWG-A)
ISO/IEC JTC 1 Special Working Group on Accessibility (SWG-A) JTC 1 SWG-A N 274 2007-06-06 Replaces: SWG-A N 262 Title: Source: SWG-A Project Plan Ken Salaets, Project Plan Editor Due Date: Requested Action:
More informationIntegrating 3rd Party Scoring Services into your Enterprise KRIs
Integrating 3rd Party Scoring Services into your Enterprise KRIs A Year of Lessons Learned Joe Corsi Sr. Manager, Enterprise Security Paychex Inc. Tony Karakashian Project Lead, Enterprise Security Paychex
More informationMinimizing the PCI Footprint: Reduce Risk and Simplify Compliance
SESSION ID: GRC-F02 Minimizing the PCI Footprint: Reduce Risk and Simplify Compliance Troy Leach CTO PCI Security Standards Council Agenda Today s Landscape Reducing the Card Holder Data Footprint How
More informationLEADING WITH GRC. Common Controls Framework. Sundar Venkat, Sr. Director Technology Compliance Salesforce
LEADING WITH GRC Common Controls Framework Sundar Venkat, Sr. Director Technology Compliance Salesforce Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995:
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationTerms of Reference (ToR) for ICAT support to MRV in the Energy Sector in Kenya
Terms of Reference (ToR) for ICAT support to MRV in the Energy Sector in Kenya The Agreement sets forth the terms and conditions of the cooperation between the Consultant and UNEP DTU Partnership for achieving
More information