Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

Size: px
Start display at page:

Download "Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative"

Transcription

1 Helping the C-Suite Define Cyber Risk Appetite The executive Imperative

2 Welcome Steve Schlarman GRC Strategist CISSP,

3 Executive Priorities Growth is the highest priority. 54 % 25 % Technology initiatives are second priority. Business Growth & Technology From Gartner s report The 2015 CEO and Senior Executive Survey: Committing to Digital

4 Risk Convergence The business relies on technology like never before. Business and Digital strategies are intertwined. To be successful in today s market, organizations must address cyber risk and business risk together. Technology risk is a board level topic.

5 The Imperative According to Deloitte Cyber Risk Services: The fundamental things that organizations undertake in order to drive performance and execute on their business strategies happen to also be the things that actually create cyber risk. Executive decision-makers should understand the nature and magnitude of those risks, consider them against the benefits a strategic shift would deliver and then make more informed decisions.

6 Appetite Calorie offset Explaining Cyber Risk Appetite Appetite a natural desire to satisfy a need Snacks Dinner Lunch Calorie intake Boxing Weight Lifting Running Breakfast Walking

7 Appetite Residual Risk What is Cyber Risk Appetite? Cyber Risk the potential of loss or harm related to technical infrastructure or the use of technology within an organization. Appetite the aggregate level of cyber risk that an organization is willing to accept, or to avoid, in order to achieve its business objectives Business Tech Shadow IT Cloud IT Infrastructure Inherent Risk GRC IT Services Resiliency Security

8 The 4 Quadrants of Cyber Risk Internal Malicious Unintentional External

9 The 4 Quadrants of Cyber Risk Internal Malicious: Deliberate acts of sabotage, theft or other malfeasance committed by employees and other insiders. Internal Unintentional: Acts leading to damage or loss stemming from human error committed by employees and other insiders. External Malicious: The most publicized cyber risk; pre-meditated attacks from outside parties, including criminal syndicates, hacktivists and nation states External Unintentional: Accidental, non-deliberate, incidents involving external parties that cause loss or damage to business.

10 The 4 Quadrants of Cyber Risk Internal Malicious: Deliberate acts of sabotage, theft or other malfeasance committed by employees and other insiders. Monitoring and Detection External Malicious: The most publicized cyber risk; pre-meditated attacks from outside parties, including criminal syndicates, hacktivists and nation states Internal Unintentional: Acts leading to damage or loss stemming from human error committed by employees and other insiders. Risk Treatments & Internal Controls External Unintentional: Accidental, non-deliberate, incidents involving external parties that cause loss or damage to business. Environment

11 RSA Strategic Focus: the capabilities that matter most now Monitoring and Detection VISIBILITY & ANALYTICS Detect threats / make responders faster RISK INTELLIGENCE Understand business impact / prioritize effectively Risk Treatments & Internal Controls IDENTITY & ACCESS ASSURANCE Environment Address the most consequential attack vector

12 RSA Strategic Focus: the capabilities that matter most now VISIBILITY & ANALYTICS Detect threats / make responders faster RISK INTELLIGENCE Understand business impact / prioritize effectively IDENTITY & ACCESS ASSURANCE Address the most consequential attack vector

13 Cybersecurity Poverty Index Risk Findings: RSA Cybersecurity Poverty Index % MATURE 45 % AD HOC The least developed capability across the survey is an organization s ability to catalog, assess, and mitigate risk. 45% of those surveyed described their capabilities in this area as nonexistent or ad hoc, with only 24% believing that they have mature or mastered capabilities in this domain. 12

14 Which technology strategies are creating risk? How does our security strategy scale? Where is cyber risk in the big picture? Who is in the discussion? What should the risk culture of the organization be? What risks am I willing to accept? CISO CEO CIO CRO Business Operations

15 Principles of Cyber Risk Appetite Common risk taxonomy Vernacular of risk Tone from the top Prioritization and understanding of assets Technology & Business infrastructure Relationships between Business and Technology What is most important? Thresholds and Tolerance Acceptable levels of risk Sign-off/delegated authority for risk acceptance Exception monitoring Preparation for Cyber events Security Incident Response Disaster Recovery and Business Continuity Crisis Management

16 Planning Your Journey Siloed point solutions, multiple management consoles, basic reporting Managed integrated security, expanded visibility, improved analysis/metrics Advantaged fully risk aware, identify opportunity Meet regulatory obligations Compliance Manage known & unknown risks Risk Make risk-based decisions Opportunity

17 Final Thoughts Discuss and define appetites and tolerances Understand and prioritize assets Plan your journey

18 Thank You Steve Schlarman GRC Strategist CISSP,

19 EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

RSA Advanced Cyber Defence Summit

RSA Advanced Cyber Defence Summit Lee Edge Head Archer Business UK&I RSA Advanced Cyber Defence Summit London 30-April-2015 1 64% 8% 2014 Gartner CEO and Senior Executive Survey: 'Risk-On' Attitudes Will Accelerate Digital Business. 2

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

RSA Cybersecurity Poverty Index : APJ

RSA Cybersecurity Poverty Index : APJ RSA Cybersecurity Poverty Index : APJ 2016 Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed

More information

RSA Cybersecurity Poverty Index

RSA Cybersecurity Poverty Index RSA Cybersecurity Poverty Index 2016 RSA Cybersecurity Poverty Index Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another

More information

FOR FINANCIAL SERVICES ORGANIZATIONS

FOR FINANCIAL SERVICES ORGANIZATIONS RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

What matters in Cyber Security

What matters in Cyber Security What matters in Cyber Security A CTO perspective Dr. Robert W. Griffin Chief Security Architect #RSAemeaSummit 1 What CEOs say Cyber Risk matters! Cyber rated #3 risk in survey of 588 C- and Board-level

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1 RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

Enterprise GRC Implementation

Enterprise GRC Implementation Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest

More information

TAKING COMMAND OF YOUR GRC JOURNEY WITH RSA ARCHER

TAKING COMMAND OF YOUR GRC JOURNEY WITH RSA ARCHER TAKING COMMAND OF YOUR GRC JOURNEY WITH RSA ARCHER Inspire Everyone to Own Risk ABSTRACT Organizations must implement a cohesive risk management program to protect against loss while remaining agile to

More information

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more

More information

Next Generation Policy & Compliance

Next Generation Policy & Compliance Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...

More information

Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program

Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program SESSION ID: GRC-W03 Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program Chris Houlder CISO Autodesk, Inc. @chrishoulder chris.houlder@autodesk.com Husam Brohi Director, Cybersecurity

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

Table of Contents. Sample

Table of Contents. Sample TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...

More information

Cyber Security Technologies

Cyber Security Technologies 1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales

More information

A Data-Centric Approach to Endpoint Security

A Data-Centric Approach to Endpoint Security A Data-Centric Approach to Endpoint Security September 28, 2017 Eric Ogren Senior Analyst, Security 451 Research Bill Bradley Director of Product Marketing Digital Guardian About Eric Ogren Eric Ogren

More information

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

CISO as Change Agent: Getting to Yes

CISO as Change Agent: Getting to Yes SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque, NM

David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque, NM Effective Practices for The Protection of Transportation Infrastructure From Cyber Incidents: Executive Briefing Pilot David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque,

More information

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER SECURITY AIR TRANSPORT IT SUMMIT CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity

More information

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information

More information

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.

More information

Moving Workloads to the Public Cloud? Don t Forget About Security.

Moving Workloads to the Public Cloud? Don t Forget About Security. Whitepaper Moving Workloads to the Public Cloud? Don t Forget About Security. Key considerations for developing a cloud-ready cybersecurity strategy Introduction For many organizations today, it s not

More information

SECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Copyright 2014 EMC Corporation. All rights reserved.

SECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Copyright 2014 EMC Corporation. All rights reserved. SECURITY REDEFINED Managing risk and securing the business in the age of the third platform 1 BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices

More information

SIEM: Five Requirements that Solve the Bigger Business Issues

SIEM: Five Requirements that Solve the Bigger Business Issues SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered

More information

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager 2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on

More information

Operationalizing the Three Principles of Advanced Threat Detection

Operationalizing the Three Principles of Advanced Threat Detection SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

Introducing Cyber Observer

Introducing Cyber Observer "Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition

More information

A View From the Top. Mark Hughes BT Group Security Director

A View From the Top. Mark Hughes BT Group Security Director A View From the Top Mark Hughes BT Group Security Director Global Issues End to End Global Solutions = Global Coverage Standards & Technologies Threats Mergers & Acquisitions Markets Outsourcing & Supply

More information

Changing the Game: An HPR Approach to Cyber CRM007

Changing the Game: An HPR Approach to Cyber CRM007 Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments, diagnosis and audits of your organization, the protection mechanisms

More information

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC TOP RISKS: THE WORLD WITHOUT GRC LACK OF ENTERPRISE-WIDE VISIBILITY Every organizational unit has some level of risk it must address.

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

Business Context: Key for Successful Risk Management

Business Context: Key for Successful Risk Management Business Context: Key for Successful Risk Management Philip Aldrich, CISSP, CISM, CISA, CRISC, CIPP Program Director, Risk Management EMC Event Alert Finding Incident Law Vulnerability Regulation Audit

More information

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE Ralf Kaltenbach, Regional Director RSA Germany 1 TRUSTED IT Continuous Availability of Applications, Systems and Data Data Protection with Integrated

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool FFIEC Cybersecurity Assessment Tool Cybersecurity Controls & Incidence Mappings for Splunk Enterprise, Enterprise Security, User Behavior Analytics Curtis Johnson Senior Sales Engineer & Security SME September

More information

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018 Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your

More information

The Deloitte-NASCIO Cybersecurity Study Insights from

The Deloitte-NASCIO Cybersecurity Study Insights from The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith

More information

Kent Landfield, Director Standards and Technology Policy

Kent Landfield, Director Standards and Technology Policy Kent Landfield, Director Standards and Technology Policy How would you represent your entire risk landscape to your senior management? And how would you get there? A Changing Landscape Drives Security

More information

Advanced IT Risk, Security management and Cybercrime Prevention

Advanced IT Risk, Security management and Cybercrime Prevention Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy

More information

Dell EMC Isolated Recovery

Dell EMC Isolated Recovery Dell EMC Isolated Recovery Andreas El Maghraby Advisory Systems Engineer DPS @andyem_si GLOBAL SPONSORS Incident Response: Categories of Cybercrime Activity April to June 2016 37% 27% 12% 9% 7% 7% 5% 2

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker Business resilience in the face of cyber risk By Roger Ostvold and Brian Walker When it comes to experiencing failure of at least part of an enterprise s digital environment, it is a matter of when rather

More information

Cybersecurity. Securely enabling transformation and change

Cybersecurity. Securely enabling transformation and change Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why

More information

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance DIGITAL ACCOUNTANCY FORUM CYBER SESSION Sheila Pancholi Partner, Technology Risk Assurance Section 1: The background World s biggest data breaches 10 years ago 2007 2006 accidentally published hacked inside

More information

Level Access Information Security Policy

Level Access Information Security Policy Level Access Information Security Policy INFOSEC@LEVELACCESS.COM Table of Contents Version Control... 3 Policy... 3 Commitment... 3 Scope... 4 Information Security Objectives... 4 + 1.800.889.9659 INFOSEC@LEVELACCESS.COM

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

RSA IT Security Risk Management

RSA IT Security Risk Management RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity

More information

The Fine Art of Creating A Transformational Cyber Security Strategy

The Fine Art of Creating A Transformational Cyber Security Strategy SESSION ID: CXO-R11 The Fine Art of Creating A Transformational Cyber Security Strategy Jinan Budge Principal Security & Risk Analyst Forrester Research Andrew Rose Chief Security Officer Vocalink, A Mastercard

More information

Cybersecurity Session IIA Conference 2018

Cybersecurity Session IIA Conference 2018 www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that

More information

RSA ADVANCED SOC SERVICES

RSA ADVANCED SOC SERVICES RSA ADVANCED SOC SERVICES Consulting services to improve threat detection and response EXECUTIVE SUMMARY A holistic approach to enhanced cybersecurity operations This service is for organizations needing

More information

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016 PA TechCon Cyber Wargaming: You ve been breached: Now what? April 26, 2016 Cyber attacks are on the rise $3.79M The average cost of a cyber incident [1] o f i n c i d e n t s 15% s t i l l t a k e d a

More information

Doxxing, Dissidents, And. Digital Extortion. Fortify Your Digital Risk Defenses. Nick Hayes, Senior Analyst

Doxxing, Dissidents, And. Digital Extortion. Fortify Your Digital Risk Defenses. Nick Hayes, Senior Analyst Doxxing, Dissidents, And Digital Extortion Fortify Your Digital Risk Defenses Nick Hayes, Senior Analyst A different type of threat Snippets From Mueller Indictment Of Russian Operatives 2018 Forrester

More information

Cybersecurity and the Board of Directors

Cybersecurity and the Board of Directors Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education

More information

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing

More information

Are You Protected. Get Ahead of the Curve

Are You Protected. Get Ahead of the Curve Are You Protected Get Ahead of the Curve DEMOGRAPHICS INTERVIEWED 2,200 IT DECISION- MAKERS IN 3 REGIONS: 500 Americas 1,100 Europe, Middle East, and Africa 600 Asia Pacific Japan INDEPENDENT RESEARCH

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust

More information

Cyber risk Getting the boardroom focus right

Cyber risk Getting the boardroom focus right Cyber risk Getting the boardroom focus right Cyber attacks have become substantially more malicious and larger scale over last few years, causing much greater harm to organisations and elevating cyber

More information

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security Cyber Resiliency Minimizing the impact of breaches on business continuity Jean-Michel Lamby Associate Partner - IBM Security Brussels Think Brussels / Cyber Resiliency / Oct 4, 2018 / 2018 IBM Corporation

More information

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

Cyber Resilience: Developing a Shared Culture. Sponsor Guide

Cyber Resilience: Developing a Shared Culture. Sponsor Guide Lead : Cyber Resilience: Developing a Shared Culture Guide ISfL Annual Cyber Security Conference This ISfL Conference has been made possible by the exhibitors who kindly sponsored the event. Please show

More information

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC

More information

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind

More information

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE 31st Annual SoCal ISSA Security Symposium Wendy T. Wu Vice President Agenda + CISO: Then and Now + Who are the Stakeholders and What Do They Care About?

More information

Cyber Information Sharing

Cyber Information Sharing Cyber Information Sharing Renault Ross CISSP, MCSE, CHSS, VCP5 Chief Cybersecurity Business Strategist Ian Schmertzler President Know Your Team Under Pressure Trust Your Eyes Know the Supply Chain Have

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

Building a BC/DR Control Library and Regulatory Response Program

Building a BC/DR Control Library and Regulatory Response Program Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance

More information

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY WHITEPAPER PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY CONTENTS Executive Summary........................................ 3 The Cybersecurity and Business Risk Survey..........................

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Closing the Hybrid Cloud Security Gap with Cavirin

Closing the Hybrid Cloud Security Gap with Cavirin Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Closing the Hybrid Cloud Security Gap with Cavirin Date: June 2018 Author: Doug Cahill, Senior Analyst Abstract: Most organizations

More information

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology It s a hot topic!! Executives are asking their CISOs a LOT of questions about it Issues are costly, from a financial and a reputational

More information

Emerging Technologies The risks they pose to your organisations

Emerging Technologies The risks they pose to your organisations Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things

More information