Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Size: px
Start display at page:

Download "Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI"

Transcription

1 Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 1

2 CAE Communications and Common Audit Committee Questions about Cybersecurity YULIA GURMAN DIRECTOR, INTERNAL AUDIT& CORPORATE SECURITY RYAN HOPKINS ASSISTANT DIRECTOR, INTERNAL AUDIT PACKAGING CORPORATION OF AMERICA (PCA) Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 2

3 BIOS Yulia Gurman Director, Internal Audit and Corporate Security Packaging Corporation of America Yulia has over 17 years of work experience in internal audit and compliance in the US. She also serves on the Board of Governors (Chicago Chapter) and Committee of Research and Education Advisors for the IIA. She specializes in internal audit, compliance, risk and control advisory, project management as well as financial and operational audits. She has worked in real estate, manufacturing and retail sectors. Yulia has considerable experience in managing business risks and improving operational efficiencies. She is known for providing forward-thinking insights to management ensuring challenges are tackled. Ryan Hopkins Assistant Director, Internal Audit Packaging Corporation of America Ryan is an Assistant Director of Internal Audit with over 13 years of audit and consulting experience. Ryan began his career in public accounting at Grant Thornton where he provided audit and consulting services to more than 35 national and multi-national clients. Ryan s previous work experience also includes Accenture s Internal Audit team where he supervised and executed operational and compliance audits of emerging areas of risk, IT controls, and pre-implementation and post-implementation reviews of multi-million dollar ERP and custom application projects. Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 3

4 Discussion Topics Current Cybersecurity Trends Understanding the Needs Reporting Educating Boards and Audit Committees Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 4

5 Polling Question What's your current role within your organization? a. CAE or Internal Audit (IA) Department Head b. IA Manager or Sr. Manager c. Staff or Senior Auditor d. Other role outside of Internal Audit Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 5

6 Packaging Corporation of America (PCA) PCA: Domestic company headquartered in Lake Forest, IL One of the largest manufacturers of containerboard and corrugated packaging 2018 revenue $7 billion Decentralized environment with facilities located across the United States Audit Committee: 5 seasoned members Industry and IT expertise All independent Board member Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 6

7 Current Cybersecurity Trends Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 7

8 Polling Question Does your Audit Committee include members with IT/Cybersecurity expertise? a. Yes b. No Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 8

9 Audit Committee Questions About Cybersecurity and Director Survey Results Only 50% of directors* are confident that their companies are properly secured against cyberattacks. To gain confidence, boards are asking questions about Resource Allocation, Vulnerabilities & Risk, and Cyber Risk Management Approaches. In what areas of the cybersecurity program are investments being made? Only 30% of directors surveyed* indicated that their organizations evaluate security of mergers, acquisitions and new product development, yet the What Cyber Risk Management Approaches are in use today? What percentage of your** cybersecurity budget is devoted to the five key cybersecurity functions identified by NIST? Please estimate for each time period. Which areas of your** organization s IT infrastructure do you believe are most vulnerable to risk? Which of the following statements apply to your** organization s cyber risk management approach? Source: (*) NACD Public Company Governance Survey; (**) Wall Street Journal The Cybersecurity Imperative Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI 9

10 Recent Security Incidents Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

11 Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

12 Discussion How do you react to the news? Do you provide comments on the breaches in the news to your Audit Committees (ACs)? Do you update the AC on controls in place to prevent and detect a similar breach? Breach response protocol? Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

13 Understanding the Needs of the Audit Committee Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

14 Understanding the Needs Talk to Management and the Audit Committee and seek feedback on the areas of most interest Understand the level of detail needed Too much vs. too little Frequency of updates Deliverables, reporting and metrics Examples: Number of system vulnerabilities Length of time to identify and respond to a breach Formal and/or informal communication Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

15 What are your Crown Jewels? Questions to consider when identifying your organizations crown jewels: What are our company s most critical data assets? Where do they reside? Are they located on one or multiple systems? How are they accessed? Who has permission to access them? Cyber criminals target companies of all sizes and from every industry, seeking anything that might be of value, including: Sensitive consumer data, such as credit card numbers or medical information Sensitive employee data Social Security Numbers, drivers' license numbers, and bank account numbers Business plans, including merger or acquisition strategies Contracts with customers, suppliers, distributors, joint venture partners Product designs Source code Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

16 Common Questions Asked About Cybersecurity Are we adequately protected? Do we know our biggest threats? Do we have sufficient and effective IT resources? Are cybersecurity disclosures sufficient? Do we have the right resources to address our concerns? Are roles & responsibilities clear? How do we identify new threats? What is Internal Audit s role? What is the level of External Auditor oversight? Is an incident response plan in place and tested periodically? What are the breach costs and impact? What is our cybersecurity insurance coverage? Common exclusions? Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

17 Reporting Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

18 Polling Question Who is responsible on updating the Audit Committee on Cybersecurity matters? a. Internal Audit only b. IA and Management (IT) Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

19 How and What to Report? Each organization is unique and we should consider cybersecurity risk and maturity with context in the following areas: Senior Management perspectives: Risk tolerance Maturity goals Peer organizations maturity benchmarking: Industry peers Peers with similar organizational structure Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

20 NIST Cybersecurity Framework In 2014, the National Institute of Standards and Technology (NIST) released a framework for improving the cybersecurity of critical infrastructure in response to the President s 2013 executive order on cybersecurity. The NIST framework is a voluntary, risk-based approach that companies can use to assess their cybersecurity exposure and respond to cyber risk. The current framework version includes a set of cybersecurity activities expressed through five functions that provide a high-level, strategic view of the management of cybersecurity. These five functions are further divided into 23 categories and 108 subcategories that describe the cybersecurity activities and desired outcomes in more granularity. Each of the NIST CSF functions, categories, and subcategories can be assigned implementation tier ratings designating the maturity level in each area. The tiers range from tier 1 (least mature) to tier 4 (most mature) and describe the extent to which cybersecurity risk management is guided by business needs and its integration into an organization s overall risk management practices. Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

21 Roles and Responsibilities Are reporting roles and responsibilities clearly defined for reporting: Cybersecurity breaches Maturity assessment results Network security assessment results Cybersecurity awareness training and results What else are you reporting on? Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

22 Example Communications/Deliverables Cybersecurity maturity assessment results (using a framework) Enhancements to cybersecurity practices Compared to prior year? Network security assessment Employee cybersecurity training and awareness Social Engineering test results Other? Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

23 Educating Boards and Audit Committees Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

24 What Can CAEs Do? Educate Management and the Board about trends and emerging risks and share innovative practices on how to mitigate certain cyber risks As Internal Auditors, we know our organization's environment and also know what our peers are facing and we can help the Audit Committees and Management understand which risks are more predominant for our industry We should also be able to explain which risks are critical and relevant vs. some that are remote to your organization Not everyone is created equally in terms of cyber risk vulnerabilities! Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

25 Resources A lot of information available!!! SEC: Interpretive Guidance on Public Company Cybersecurity Disclosures IIA: Internal Audit s Growing Engagement in Cyber Management Internal Auditors: More Than Cybersecurity Police And much more NACD: Resource Center: Cyber-Risk Oversight Consulting firms: white papers, newsletters, webinars, etc. Your PEERS! Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

26 Questions and Answers? Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

27 Thank you for your time and attention! IIA CHAPTER CHICAGO 59 TH ANNUAL SEMINAR Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager 2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National

More information

SOC for cybersecurity

SOC for cybersecurity April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory

More information

2017 RIMS CYBER SURVEY

2017 RIMS CYBER SURVEY 2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

A Global Look at IT Audit Best Practices

A Global Look at IT Audit Best Practices A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

M&A Cyber Security Due Diligence

M&A Cyber Security Due Diligence M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security

More information

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group Complete

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

Bringing Cybersecurity to the Boardroom Bret Arsenault

Bringing Cybersecurity to the Boardroom Bret Arsenault SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity

More information

Cybersecurity and the Board of Directors

Cybersecurity and the Board of Directors Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education

More information

Larry Clinton President & CEO Internet Security Alliance

Larry Clinton President & CEO Internet Security Alliance Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 Sr. Management & Cyber Security Good News!!! Pricewaterhouse Coopers survey of 9,000 executives

More information

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every

More information

Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017

Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017 Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017 Presenters: Allie Russell, Conexxus Kara Gunderson, DSSC Chair, CITGO Petroleum Chris Lietz & Bob Post, Coalfire Housekeeping

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an

More information

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to:

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

InfoSec Risks from the Front Lines

InfoSec Risks from the Front Lines InfoSec Risks from the Front Lines Adam Brand, Protiviti Orange County IIA Seminar Who I Am Adam Brand IT Security Services Some Incident Response Experience Lead Breach Detection Audits @adamrbrand Who

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

CYBERSECURITY AND THE BOARD OF DIRECTORS TIPS FOR SECURING SUPPORT FOR YOUR CYBER RISK MANAGEMENT PROGRAM

CYBERSECURITY AND THE BOARD OF DIRECTORS TIPS FOR SECURING SUPPORT FOR YOUR CYBER RISK MANAGEMENT PROGRAM WHITE PAPER CYBERSECURITY AND THE BOARD OF DIRECTORS TIPS FOR SECURING SUPPORT FOR YOUR CYBER RISK MANAGEMENT PROGRAM NICK SON VICE PRESIDENT, CYBER RISK & PUBLIC SECTOR CHRISTOPHER LIETZ PRINCIPAL, CYBER

More information

CYBER RISK MANAGEMENT

CYBER RISK MANAGEMENT CYBER RISK MANAGEMENT AND BEST PRACTICES Heather Fields, JD, CHC, CCEP (414) 298-8166 hfields@reinhartlaw.com 1000 North Water Street, Suite 1700, Milwaukee, WI 53202 www.reinhartlaw.com 0 Agenda Role

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2019 NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate

More information

Larry Clinton President & CEO (703)

Larry Clinton President & CEO (703) For information about membership opportunities, please contact: Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information about the Internet Security Alliance, please visit

More information

FDIC InTREx What Documentation Are You Expected to Have?

FDIC InTREx What Documentation Are You Expected to Have? FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the

More information

CYBERSECURITY AND THE MIDDLE MARKET

CYBERSECURITY AND THE MIDDLE MARKET CYBERSECURITY AND THE MIDDLE MARKET The Importance of Cybersecurity and How Middle Market Companies Manage Cyber Risks IN COLLABORATION WITH 2 Concerns about cybersecurity are not matched by plans. IMPORTANCE

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

Rethinking Information Security Risk Management CRM002

Rethinking Information Security Risk Management CRM002 Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design

More information

Cybersecurity. Securely enabling transformation and change

Cybersecurity. Securely enabling transformation and change Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why

More information

How to get the Enterprise to Understand the Value of Security

How to get the Enterprise to Understand the Value of Security PART 1 of 2 Insight into Security Leader Success How to get the Enterprise to Understand the Value of Security A SEC Research Finding Intended Audience This presentation is intended for security leaders

More information

Effective Cyber Incident Response in Insurance Companies

Effective Cyber Incident Response in Insurance Companies August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Department of Management Services REQUEST FOR INFORMATION

Department of Management Services REQUEST FOR INFORMATION RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President

More information

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology Branch Organization of Cyber Security Technical Standard Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

Cybersecurity & Privacy Enhancements

Cybersecurity & Privacy Enhancements Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their

More information

Managing Cybersecurity Risk

Managing Cybersecurity Risk Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for

More information

The Evolving Threat to Corporate Cyber & Data Security

The Evolving Threat to Corporate Cyber & Data Security The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary

More information

NERC Staff Organization Chart Budget 2018

NERC Staff Organization Chart Budget 2018 NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate

More information

Cyber Security. It s not just about technology. May 2017

Cyber Security. It s not just about technology. May 2017 Cyber Security It s not just about technology May 2017 Introduction The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum

More information

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2019 NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate

More information

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology It s a hot topic!! Executives are asking their CISOs a LOT of questions about it Issues are costly, from a financial and a reputational

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cyber security, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

COBIT 5 With COSO 2013

COBIT 5 With COSO 2013 Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT

More information

Academic Medical Centers & Vendor Security: Most Comprehensive Study to Date

Academic Medical Centers & Vendor Security: Most Comprehensive Study to Date Academic Medical Centers & Vendor Security: Most Comprehensive Study to Date NCHICA Meeting June 2018 Michelle Allar, Quality and Risk Management Manager Wake Forest Baptist Medical Center MAllar@WakeHealth.edu

More information

Cybersecurity Session IIA Conference 2018

Cybersecurity Session IIA Conference 2018 www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that

More information

Security Awareness Training Courses

Security Awareness Training Courses Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security

More information

Changing the Game: An HPR Approach to Cyber CRM007

Changing the Game: An HPR Approach to Cyber CRM007 Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end

More information

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University

More information

Defensible and Beyond

Defensible and Beyond TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial

More information

BRING EXPERT TRAINING TO YOUR WORKPLACE.

BRING EXPERT TRAINING TO YOUR WORKPLACE. BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique

More information

How Secure is Blockchain? June 6 th, 2017

How Secure is Blockchain? June 6 th, 2017 How Secure is Blockchain? June 6 th, 2017 Before we get started... This is a 60 minute webcast For better viewing experience, close all other applications For better sound quality, please use headphones

More information

NERC Staff Organization Chart

NERC Staff Organization Chart NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability

More information

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015 ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO 27001 FRAMEWORK AUGUST 19, 2015 Agenda Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A 2 Presenters

More information

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber experts from Marsh & McLennan Companies and WomenCorporateDirectors hosted an engaging webcast on August 16 th entitled Cyber Risk A

More information

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

Assurance over Cybersecurity using COBIT 5

Assurance over Cybersecurity using COBIT 5 Assurance over Cybersecurity using COBIT 5 Special thanks to ISACA for supplying material for this presentation. Anthony Noble, VP IT Audit, Viacom Inc. Anthony.noble@viacom.com Disclamer The opinions

More information

Headline Verdana Bold

Headline Verdana Bold Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov

More information

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance

More information

Your CONNECTION to the CREDENTIALING COMMUNITY JOIN TODAY

Your CONNECTION to the CREDENTIALING COMMUNITY JOIN TODAY Your CONNECTION to the CREDENTIALING COMMUNITY JOIN TODAY ACHIEVE SUCCESS with ICE ICE has given me a real edge in knowing more about the intricacies of credentialing and connecting with others in the

More information

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles

More information

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation

More information

Developing a Model for Cyber Security Maturity Assessment

Developing a Model for Cyber Security Maturity Assessment Developing a Model for Cyber Security Maturity Assessment Tariq Al-idrissi, Associate Vice President IT, Trent University Ian Thomson, Information Security Officer, Trent University June 20 th, 2018 (8:45am

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power

More information

Building a Threat Intelligence Program

Building a Threat Intelligence Program WHITE PAPER Building a Threat Intelligence Program Research findings on best practices and impact www. Building a Threat Intelligence Program 2 Methodology FIELD DATES: March 30th - April 4th 2018 351

More information

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices mike.garcia@cisecurity.org The big three in their own words ISO 27000: family of standards to help organizations

More information

NERC Staff Organization Chart Budget

NERC Staff Organization Chart Budget NERC Staff Organization Chart 2013 2014 President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Senior Vice President and Chief Operating Officer (Dept. 2100) Senior Vice President General Counsel

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Real estate predictions 2017 What changes lie ahead?

Real estate predictions 2017 What changes lie ahead? Real estate predictions 2017 What changes lie ahead? Cyber Risk 2017. For information, contact Deloitte Consultores, S.A. Real Estate Predictions 2017 2 Cyber Risk Rising cyber risk in real estate through

More information

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

TAN Jenny Partner PwC Singapore

TAN Jenny Partner PwC Singapore 1 Topic: Cybersecurity Risks An Essential Audit Consideration TAN Jenny Partner PwC Singapore PwC Singapore is honoured to be invited to contribute to the development of this guideline. Cybersecurity Risks

More information

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security

More information

RSA Cybersecurity Poverty Index

RSA Cybersecurity Poverty Index RSA Cybersecurity Poverty Index 2016 RSA Cybersecurity Poverty Index Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

Business Continuity An Integral Part of Risk Management At Constellation Energy

Business Continuity An Integral Part of Risk Management At Constellation Energy Business Continuity An Integral Part of Risk Management At Constellation Energy World Disaster Management Conference Toronto, Canada June 19, 2006 Robert W. Cornelius Director Business Continuity Operating

More information

THE CYBERSECURITY LITERACY CONFIDENCE GAP

THE CYBERSECURITY LITERACY CONFIDENCE GAP CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks

More information

The Deloitte-NASCIO Cybersecurity Study Insights from

The Deloitte-NASCIO Cybersecurity Study Insights from The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith

More information

Could the BIGGEST Threat to Your Business be INSIDE Your Company?

Could the BIGGEST Threat to Your Business be INSIDE Your Company? Could the BIGGEST Threat to Your Business be INSIDE Your Company? Presented By: Cheryl W. Snead, Banneker Industries, Inc. Rick Avery, Securitas Security Inc. Cheryl W. Snead President/CEO/Facility Security

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams

More information

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016

More information

Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security Plenary Session: Cybersecurity the Current Regulatory Environment: Insight from Regulators and Industry Experts Thursday, February 22 3:45 p.m. 4:45 p.m. With recent high-profile data breaches, cybersecurity

More information

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &

More information

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning Week Six IT Audit Planning IT Audit Planning Process Institute of Internal Audit Standards - Section 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities

More information

How to Assess the Financial Impact of Cyber Risk

How to Assess the Financial Impact of Cyber Risk How to Assess the Financial Impact of Cyber Risk MODERATOR: Justin Somaini Symantec Corporation PANELISTS: Ty Sagalow Zurich North America Tom Jackson Phillips Nizer Larry Clinton Internet Security Alliance

More information

CYBER INSURANCE: MANAGING THE RISK

CYBER INSURANCE: MANAGING THE RISK CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt

More information

NERC Staff Organization Chart Budget 2017

NERC Staff Organization Chart Budget 2017 NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel

More information