CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

Transcription

1 CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

2 WELCOME Have a question for the speaker? Text it in using the Ask A Question button! Audio is streamed over your computer Technical issues? Click the? button Use the Feedback button to share your feedback about today s event Questions or suggestions? them to elearning@isaca.org Use the Attachments Button to find the following: PDF Copy of today s presentation Link to the Event Home Page where ISACA members can find the CPE Quiz Upcoming ISACA Events More assets from today s webcast 2

3 TODAY S ROUNDTABLE Moderator: Laszlo S. Gonc, CISSP Partner MVP Advisory Group, LLC Panelist 1: Michelle Mikka-Van Der Stuyf President & CEO BizStrat Technology Corporation Panelist 2: Panelist 3: Sally Smoczynski, CISSP Managing Partner Radian Compliance, LLC Diana Salazar, CISM, CISA, CRISC, CGEIT Executive Security Advisor (ESA) Magellan Group 3

4 AGENDA Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. Cybersecurity Living with the new reality Strategic Investments to mitigate cyber risk Corporate and government alignment challenges Is there a false sense of security? From zero tolerance to full acceptance what does the future hold Key differences with infrastructure, software, and mobility 4

5 CYBERSECURITY WHO IS AT RISK Is the risk real Will I be hacked Can someone get in Is my CC safe Its just a phone I bought Antivirus I have passwords 5 Source:

6 CYBERSECURITY WHO IS IMPACTED EVERYONE IS Home Depot Retail & financial/personal data Apple Data Privacy & sensitive content Target Retail & financial/personal data Sony Entertainment/Personal JP Morgan Chase Finance/Personal/Identity 6 Source:

7 CYBERSECURITY WHAT HAPPENED?? WHY Home Depot Lack of encryption/security Sensitive Data not encrypted Sensitive Data stored in full The major factors of security breaches generally come down to just three words. What are they? The first one is bad, the second is security, and the third is policy. Apple Cloud Security Not up to Par Data Privacy & sensitive content Target 3 rd Party POS system Multi-step attack Sony Politically motivated? Poor data storage policies! JP Morgan Chase Limited Damage, large access 7 Source:

8 CYBERSECURITY HOW COULD IT HAVE BEEN PREVENTED A LITTLE MORE Most Secure? Home Depot Encrypt or Truncate Data Apple Protection in the cloud Target Checkpoints/Alerts Criteria for 3 rd party access Don t store more than you have to! Sony Layered to limit data access JP Morgan Chase Server without recent updates 8 Source(s):

9 CYBERSECURITY FRAMEWORK - REGULATIONS Regulations Landscape Jurisdictions adopt different approaches United States Industry-specific requirements European Union Broader data protection coverage General use of frameworks: COBIT, PCI-DSS, ISO 27001/2, HIPAA, HITECH, SOX, HITRUST, COSO (Governance), Privacy, SSAE16, NIST, Cybersecurity Controls (CsC) 9

10 CYBERSECURITY BEST PRACTICES Electronic Home Over tolerance with mobile/online Review installation and lock down Data Security Proactive Privacy Risk New OPT-IN adoption, text, app, Remove unused apps, programs Destroy what you can Shred paper records and equipment Use wipe computers and storage devices 10 Plan Ahead Take steps to reduce vulnerabilities Store only what you need to Develop contingency plans for a security breach

11 WHAT CAN YOU DO? Think before you click Monitor transactions Credit card data backed up User training and awareness Keep software updated Have backups Utilize frameworks Audit and review processes Develop an Incident Response 11

12 12 QUESTIONS?

13 THANK YOU FOR ATTENDING THIS WEBINAR LEARN