ISACA Kenya Annual Conference - Secure Kenya II. Data Protection, Privacy and Cyber Security. SONY ANTHONY RISK CONSULTING July 2015
|
|
- Hugh Walker
- 6 years ago
- Views:
Transcription
1 ISACA Kenya Annual Conference - Secure Kenya II Data Protection, Privacy and Cyber Security SONY ANTHONY RISK CONSULTING July 2015
2 Cyber Security and Technology How many of you Bank Online? How many of you receive Banking Statements on ? What file format do you Most Trust? (EXE, PDF, JPG, Doc, JPG) 1
3 Central Bank of India.Sending me an .Wow. 2
4 A little digging.banker, Professor, Therapist..? 3
5 Initiate a Scan and a Pop-Up for Credentials Appear But No RISK 4
6 Maybe my Antivirus is old, Lets Update Still No Risk (Properties) 5
7 Lets focus on the Properties. 6
8 Cyber Security and Technology At this Point My Gut feel: I am hacked..!! My Latest Updated Antivirus Says : I am Safe..!! What do you think?? 7
9 Digging further The Front end Unsuspecting Word Document. The Back end Embedded evil code that will steal all data from the victim 8
10 An EXE that copies, multiplies and renames itself.aaaarrrggghhh Code Stored Location at victim computer Evil code disguised and executed by word macro. 9
11 Cyber Security and Technology Status: Victim has been completely compromised by just opening a word document. And is under complete control of the attacker. 10
12 On the Attacker Screen Multiple people like me across geographies. BOTS waiting for Commands and you are one of them Attacker sees what users are currently doing on their systems 11
13 Cyber Security and Technology Attacker obtains access to all shares of the victim s computer. 12
14 Cyber Security and Technology Attacker is able to search for files on victim s computer remotely.. 13
15 Smile Please.and Clear your Voice.Your on Stage Attacker is able to take control of victim s camera and view the victim without his/her knowledge Attacker is able to listen and record all voice calls (Skype) from the victim s mic or sound card. 14
16 Cyber Security and Technology Attacker is able to extract all passwords stored in browser and cookie files. Attacker is able to install key loggers for all or transactions, chats, s, document or xls edits. 15
17 Cyber Security and Technology Attacker is able take control of the victim s screen when victim is not in front of the computer. 16
18 Cyber Security and Technology Attacker is able to attack other systems on the network. Attacker is able to extract network shares and compromise other machines via the Victim computer. 17
19 Cyber Security and Technology Attacker is able to shutdown and conduct other maintenance activity on the victim computer. Attacker is able to remotely update and upgrade the evil code for continuous and undetected access. 18
20 Malware detected (Day 1 and Day 30) The CRYPTER: Crypters can be used to encrypt viruses, RAT,key loggers, spywares etc to make them undetectable from antiviruses. When these exe files are encrypted with Fud crypters they become undetectable with antiviruses 19
21 The Service on the Internet are Growing and So are Hack Attacks 20
22 The Service on the Internet are Growing and So are Hack Attacks 21
23 The Service on the Internet are Growing and So are Hack Attacks It is a media library that processes several popular media formats. Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification (and that can be masked too,if required) 22
24 The Service on the Internet are Growing and So are Hack Attacks 23
25 The Service on the Internet are Growing and So are Hack Attacks 24
26 Cyber Security and Technology 25
27 Cyber Security - Leader Ship Brewery Case study 26
28 Cyber Security - Human Resourcing Banking Case study. 27
29 Cyber Security - Third Party / Suppliers Retail Case study. 28
30 Cyber Security - Business Continuity & Management Product Case Product Release delayed!!! 29
31 Cyber Security - Operations and Technology Telecom Customer Data Network Rogue Website Detection Identify Rogue Websites such as Phishing sites, scam sites, etc. Cybersquatting domains and websites detection Site takedown App Store Monitoring Monitoring of various App stores for detection of counterfeit software / scam apps hampering the brand. Use of unauthorized brand name and or logos, company goodwill, reputation. Social Media Listening / Monitoring Detection of Private, confidential or any secret information shared over social media platform Sharing of threats against facilities, employees or any information leading to corporate security compromise Anti-counterfeit Monitoring of products and brand in various marketplace including but not limited to gray market, unauthorized product distribution channels. Maintain compliance and trust with distribution partners IPR / Informational Asset Leakage Detection Detect IPR Data and Documents shared over public domains and sharing sites. Detection of Unauthorized sharing of confidential information by vendors and or employees over public domains Detection of leakage Informational assets such as Financial details, Network diagrams, Technological data, etc. 30
32 Cyber Security - Regulations/ Compliance Sony executives bowed in apology today for a security breach in the company's PlayStation Network that caused the loss of personal data of some 77 million accounts on the online service. 31
33 Cyber Security How KPMG can Assist? We believe Cyber Security should be about What you can do not what you can t Principles of our Approach 1. Driven by Business Aspirations 2. Razor Sharp Insight 3. Shoulder to Shoulder Boards today are required to have enhanced roles and responsibilities that focus on (a) providing confidence to investors (b) adhering to regulators (c) working with insurers and (d) working towards minimizing potential litigants 32
34 KPMG Global Cyber Maturity Framework Cyber Security SIX Domains Within this Cyber Maturity framework, a strong communication plan is focussed on the details and complexity of ongoing communication and directions between the board and the management. This helps achieve a reliable flow of information among a broad mix of stakeholders. It is not only the frequency of communication that needs to be reassessed, but also, improving the appropriate and efficient quality of communication when addressing risks. This framework keeps in mind that security is as strongly as your weakest link and the weakest link most often is people, whether due to someone on the inside, human error, or another human factor. Our transformative framework, with a proactive approach, helps shape proper dialogue and overall, improves the information flow to become more transparent and sustainable thus, closing the loop. 33
35 Cyber Security Transformation Overview Overview of Our Cyber Transformation Approach Prepare Help clients understand their vulnerabilities and improve their preparedness against cyber attack. Protect Help clients design and implement their cyber defense infrastructure. Integrate Embed cyber security in the culture and decision making of client organizations THREAT INTELLIGENCE Cyber Transformation Help clients design and deliver a wholesale program of change to improve cyber security capability. Threat Intelligence Help clients implement and use intelligence as a springboard for delivering effective cyber security. Detect & Respond Help clients respond to and investigate cyber attacks. 34
36 Cyber Security Transformation Our Core Service Offerings Within Each Phase 1 Prepare THREAT INTELLIGEN CE Help clients understand their vulnerabilities and improve their preparedness against cyber attack. Understanding the value of critical assets, cyber maturity and setting the cyber security strategy Cyber Maturity Assessment rapid assessment of your organization s readiness to prevent, detect, contain and respond to cyber threats Cyber Security Strategy assist in designing and implementing cyber security strategies and aid Governance, Risk and Compliance 35
37 Cyber Security Transformation Our Core Service Offerings Within Each Phase 2 Protect THREAT INTELLIGEN CE Help clients understand their vulnerabilities and improve their preparedness against cyber attack. Understanding the value of critical assets, cyber maturity and setting the cyber security strategy Security and technology assessments test and improve all elements of security and technology infrastructure including penetration and vulnerability testing Application security assurance understand, assess and address the critical application risks Information Management and Privacy - rapid assessment of your current privacy and records management practices to identify / address issues that may result in non-compliance Certification services certification against international information security standards (ISO27x, NIST) Identity and access management enterprise system access is aligned to roles / privileges 36
38 Cyber Security Transformation Our Core Service Offerings Within Each Phase THREAT INTELLIGEN CE 3Detect and Respond Help clients respond to and investigate cyber attacks. Understanding the value of critical assets, cyber maturity and setting the cyber security strategy Cyber attack detection assist in deployment of monitoring and sophisticated data analytics on client s networks Rapid response teams assist to contain, manage and recover from current cyber attacks Forensic evidence recovery and investigation provide advanced digital forensics capability to gather, preserve and interpret large data sets, deleted or ephemeral data in order to prove a chain of events Advanced training and cyber response capability development 37
39 Cyber Security Transformation Our Core Service Offerings Within Each Phase 4 Integrate THREAT INTELLIGEN CE Embed cyber security in the culture and decision making of client organizations Integrating cyber into the enterprise risk framework and wider business operations. Board training awareness and scenario based training Enterprise risk management policy - design and implementation Business continuity planning reduce exposure, build plans, build capability Behavioral change management 38
40 Cyber Security Transformation Our Core Service Offerings Within Each Phase THREAT INTELLIGEN CE 5 6 Threat Cyber Intelligence Transformation Help clients implement and use intelligence as a springboard for delivering effective cyber security. Help clients design and deliver a wholesale program of change to improve cyber security capability. Build capability to make intelligence-based decisions and deploy organization-wide cyber security Threat intelligence operating models Assist in development and implementation of threat models across people, process and technology required to make intelligence-led decisions Cyber security transformation programs assist in design and delivery of organization-wide cyber security transformation programs Security Operations Centers Assist in design and implementation 39
41 Cyber Security Threats/ Events in the Region Cyber Security Realities in the Region Uganda annual Police crime and traffic report Mobile money and Automated Teller Machine (ATM) fraud was responsible for the loss of about USH 1.5 billion* Kenya Cyber Security Report 2014 Ranked Kenya among the top countries for most incidents of cybercrime, alongside the United States (US), Brazil, China and South Korea Ministry of Information Communication and Technology Government of Kenya developed Cyber security Strategy Feb 2014 Bank of Tanzania (BoT) statistics TZS 1.3bn has been stolen across the country through cyber fraud* The African Union (AU) has adopted the African Union Convention on Cyberspace Security and Protection of Personal Data in July, 2014 Kenya is drafting Cyber-Crime and Computer Related Offences Bill to tackle cyber crime and data breaches Cybercrime is said to have cost nearly KES 2 billion (USD 23 million) to the Kenyan economy in 2013** The Northern Corridor Integration Project member states (the Republics of Kenya Rwanda, South Sudan and Uganda) have developed a Memorandum of Understanding on Cyber Security Framework for cooperation and corroboration in prevention and responding to evolving cyber security threats. (The memorandum is scheduled for signing in mid May 2015 during the next Northern Corridor Integration Summit in Kampala) Source : * Kenya Cyber Security Report 2014 ** 40
42 KPMG Global Cyber Maturity Framework Board Oversight and Engagement I. LEADERSHIP AND GOVERNANCE II. HUMAN FACTORS III. INFORMATION RISK MANAGEMENT Management demonstrating due diligence, ownership and effective management of risk How should boards engage? Understand governance structure and have open dialogue with executive leadership team Review output of capability assessment Review and approve of strategy and funding requests Participate in general board education Request periodic updates of program Communication Define ownership and governance structure Identify sensitive data assets and critical infrastructure Inventory third party supplier relationships Perform assessment of current capabilities Define a strategy and approach Direction Educate the board and executive management What should management do? The level and integration of security culture that empowers and helps to ensure the right people, skills, culture and knowledge How should boards engage? Set the tone for the culture Review patterns/ trends of personal issues Understand training and awareness protocols Communication Direction Define culture and expectations Implement general training and awareness programs Implement personal security measures Define talent management and career architecture Develop specific learning paths for key personnel What should management do? The approach to achieve thorough and effective risk management of information throughout the organization and its delivery and supply partners How should boards engage? Understand risk management approach and linkage to enterprise risk Review and approve risk tolerance Understand third party supplier program Review and question program metrics Communication Develop risk management approach and policies Identify risk tolerance and communicate Link risks to sensitive data assets Perform risk assessments and measures Perform third-party supplier accreditation Report relevant metrics What should management do? Direction 41
43 KPMG Global Cyber Maturity Framework Board Oversight and Engagement IV. BUSINESS CONTINUITY AND CRISIS MANAGEMENT Preparation for a security event and ability to prevent or reduce the impact through successful crisis and stakeholder management How should boards engage? Understand current responses capability Review status of overall plan maturity Meet with communication personnel Participate in table-top exercises Communication Assess current ability to manage cyber events Perform analysis of risks and financial requirements Develop robust plans Assign resources and develop training Integrate with corporate communications Perform testing of plans Direction What should management do? V. OPERATIONS AND TECHNOLOGY The level of control measures implemented to address identified risks and reduce the impact of compromise How should boards engage? Understand current maturity of control structure Review relevancy of selected control framework Review relevant incident trend metrics Meet with CIO or equivalent to understand integration of cyber and information technology trends Communication Direction Understand current maturity of control structure Review relevancy of selected control framework Review relevant incident trend metrics Meet with CIO or equivalent to understand integration of cyber and information technology trends What should management do? VI. LEGAL AND COMPLAINCE Regulatory and international certification standards as relevant How should boards engage? Understand the regulatory landscape impacting the organization Clarify audit committee requirements for Cyber Review litigating inventory trends Review and approve cyber insurance funding (if relevant) Communication Direction Catalog all relevant compliance metrics Link compliance requirements to control framework Formalize the role of the audit committee Identify risk tolerance and communicate Develop litigation inventory and trending Analyze and recommend need for cyber insurance What should management do? 42
44 KPMG Global Cyber Maturity Framework KPMG Cyber Security Maturity Assessment Maturity Levels KPMG will compile a report that provides a breakdown of maturity against the six key dimensions. Client Maturity Level Description Cyber Security Requirements INITIAL Ad-hoc, unpredictable, poorly controlled, reactive REPEATABLE Basic processes management, repeatable tasks DEFINED Defined & documented processes, proactive MANAGED Processes integrated, measured and controlled OPTIMISED Continual improvement, organisational alignment No clear understanding and ownership of the cyber risks within the leadership team. Cyber security approach is not risk based and very ad-hoc in nature Basic technical capability: perimeter security like firewalls, and endpoint security like antivirus The leadership team has an understanding of how the cyber risks can impact their business and Risk appetite is defined. Enterprise wide, co-ordinated approach to security. Mid tier technical capability: Operating system hardening, application hardening and other relevant preventive controls. The leadership team has directed and resourced work needed to address cyber security risks. A well defined security architecture that meets the business needs. Effective information risk management processes in place. Enhanced technical capability: Defence in depth architecture with logging enabled. Governance framework to monitor the embedding information security within the culture of the organisation. Security controls are implemented in a co-ordinated manner to ensure compliance with the defined security architecture. Extended technical capability: Capability of correlating events to identify and preempt malicious activities. The need to protect information assets owned by both the internal and external stakeholders of an organisation as key business assets is embedded within the culture of the organisation. The information and cyber security program is subject to a continuous improvement regime. Leading edge security solutions: Big data based security analytics The Client Overall Maturity Rating Recommended Maturity Rating for The Client Financial Services Sector Average Maturity Rating Insurance Sector Average Maturity Rating 43
45 Thank You 2015 KPMG India, a Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International Cooperative ("KPMG International"). Sony Anthony Director KPMG India santhony@kpmg.com
10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.ca
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.ca Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More information2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG
1 1 Cyber Security A game changer? Cyber Risk in Internet of everything age April 7th, 2016 3 3 What is disruptive technology? 4 What if our «things» turn against us? Sources: sfglobe.com, wired.com, forbes.com
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationCYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World
CYBER CAMPUS THE CYBER SCHOOL FOR THE REAL WORLD. KPMG BUSINESS SCHOOL The Business School for the Real World In the real world, cyber security applies to all: large firms and small companies, tech experts,
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationSFC strengthens internet trading regulatory controls
SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationClarity on Cyber Security. Media conference 29 May 2018
Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationGoverning cyber security risk: It s time to take it seriously Seven principles for Boards and Investors
www.pwc.co.uk Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors Dr. Richard Horne Cyber Security Partner PwC January 2017 Board governance is often
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationPhysical security advisory services Securing your organisation s future
Physical security advisory services Securing your organisation s future August 2018 KPMG.com/in Physical security threats on the rise In a dynamic geo-political, economic and social environment, businesses
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.com
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.com 1 Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom Connecting the dots:
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationDIGITAL TRUST Making digital work by making digital secure
Making digital work by making digital secure MARKET DRIVERS AND CHALLENGES THE ROLE OF IT SECURITY IN THE DIGITAL AGE 2 In today s digital age we see the impact of poor security controls everywhere. Bots
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationSECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives
SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016 2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationCyber Security. It s not just about technology. May 2017
Cyber Security It s not just about technology May 2017 Introduction The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum
More informationGUIDANCE NOTE ON CYBERSECURITY
GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationCyber Security and Data Protection: Huge Penalties, Nowhere to Hide
Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationIT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA
IT Security Mandatory Solutions Andris Soroka 2nd of July, 2014 @LPS, RIGA Data Security Solutions business card Specialization IT Security IT Security services (consulting, audit, pen-testing, market
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationभ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)
Annex-2 Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Introduction 1 - Banking Industry in India has evolved technologically over the years and currently delivering innovative
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationEffective Cyber Incident Response in Insurance Companies
August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCYBER SECURITY TAILORED FOR BUSINESS SUCCESS
CYBER SECURITY TAILORED FOR BUSINESS SUCCESS KNOW THE ASIAN CYBER SECURITY LANDSCAPE As your organisation adopts digital transformation initiatives to accelerate your business ahead, understand the cyber
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationUN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security
UN General Assembly Resolution 68/243 GEORGIA General appreciation of the issues of information security Widely publicized cyber attacks and, to some expert opinions, cyber war - conducted against Georgia
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationPREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice
PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationSafeguarding company from cyber-crimes and other technology scams ASSOCHAM
www.pwc.com Safeguarding company from cyber-crimes and other technology scams ASSOCHAM Rahul Aggarwal - Director The new digital business ecosystem is complex and highly interconnected The new business
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationTRANSFORMING WEST MIDLANDS POLICE A BOLD NEW MODEL FOR POLICING
TRANSFORMING WEST MIDLANDS POLICE A BOLD NEW MODEL FOR POLICING In 2014, West Midlands Police (WMP) committed to a striking transformation programme that would help the force meet current and future policing
More informationChanging the Game: An HPR Approach to Cyber CRM007
Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end
More informationCybersecurity: Pre-Breach Preparedness and Post-Breach Duties
Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties Thursday, October 5, 2017 Presented by: Gerrit Nel, Senior Manager, Cyber Security, KPMG Sunny Handa, Partner, Montreal Cathy Beagan Flood,
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More information