Cyber security and awareness for non-financial services. 24/25 May 2017
Size: px
Start display at page:

Download "Cyber security and awareness for non-financial services. 24/25 May 2017"

Transcription

1 Cyber security and awareness for non-financial services 24/25 May 2017

2 Agenda Robert Kirkby (Jsy) / Linda Johnson (Gsy): Introduction Sion Lloyd-Jones: Cyber Security The need for a cunning plan Teijo Peltoniemi: Have a safe journey to cloud Arthur Mainja (Jsy) / Matej Jurkic (Gsy): KPMG Cyber CAT Robert Kirkby (Jsy) / Linda Johnson (Gsy): Q&A 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 2

3 Cyber Security Direction of travel and the need for a cunning plan Sion Lloyd-Jones (Manchester)

4 Data and Wisdom 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 4 Document Classification: KPMG Confidential

5 The Challenge

6 A time of Uncertainty This is no time for complacency The threat is increasing in scale and complexity. It is also increasing at such pace that we must run simply to stand still (Rt Hon Matthew Hancock MP Minister for the Cabinet Office and Paymaster General, 2016) All business sizes and sectors are risk! 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 6 Document Classification: KPMG Confidential

7 Current Trends 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 7 Document Classification: KPMG Confidential

8 Business Impact Financial loss Share price Reputational damage Loss of investor, organisational and customer confidence CEO exposure Regulatory scrutiny Competitive advantage Missed business opportunities Significant disruption Management focus diverted Expensive transformation programme 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 8 Document Classification: KPMG Confidential

9 How to respond?

10 The Basics UNDERSTAND YOUR ASSETS MANAGE THE RISK UNDERSTAND THE THREAT! 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 10 Document Classification: KPMG Confidential

11 Good Practice PEOPLE Confidentiality THREATS PROCESS Integrity Availability CYBER RISK CROWN JEWELS TECHNOLOGY 1. Acknowledge critical assets VULNERABILITIES 2. Understand the risk exposure 3. Design Controls 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 11 Document Classification: KPMG Confidential

12 Leadership Approach

13 The Benefits Compliance Reduced Risk Increased Security Organisational confidence Discovery and understanding (ID efficiencies) Differentiate to the customer Improve trust Audit posture Commercial advantage versus slow adopters Developed organisational culture (eg H&S) 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 13 Document Classification: KPMG Confidential

14 What is your posture? KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ),a a Swiss entity. All rights reserved. 14 Document Classification: KPMG Confidential

15 Key Questions Ask yourself: Have we assessed the Cyber Security threats to our business? How well are our controls operating to protect assets against those threats? What are our gaps? Where are we most exposed and vulnerable? 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 15 Document Classification: KPMG Confidential

16 Key Questions Ask management: What is our Cyber Security Strategy? Do we understand who is responsible for protecting the business and who around this table is ultimately accountable? Do we have sufficient skills and knowledge regarding Cyber Security to help us make informed decisions? 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 16 Document Classification: KPMG Confidential

17 Client Issues 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 17 Document Classification: KPMG Confidential

18 GDPR / Privacy

19 Key GDPR changes Breach Notification Data Protection Officer Increased Fines Individual s Rights Explicit Consent 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 19 Document Classification: KPMG Confidential

20 Thank You

21 Have a safe journey to cloud Teijo Peltoniemi KPMG Channel Islands Limited

22 Agenda Cloud: background Risks in cloud Leading practices 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 22

23 What is cloud? There is no cloud! It s just someone else s computer 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 23

24 Why cloud? Innovation Lights on 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 24

25 What is cloud? Level of control/responsibility for Company and CSP across different service models On Premise Hosted Service Public IaaS Public PaaS Public SaaS Data Data Data Data Data App App App App App VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Company has control Company shares control Service provider has control 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 25

26 Example Warehouses Suppliers Private/dedicated Point of sale Enterprise Resource Planning Customer Data IDM Public cloud Web commerce Bricks & mortar Customers 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 26

27 A business challenge All in on cloud How do I integrate cloud platform with other tools and processes? Business CIO My data center is disappearing how to secure what s not in our data center? Where do I start? How do I achieve and demonstrate regulatory compliance on cloud platform? How do I build and operate securely on cloud platform, in a way that enables innovation and lower time to market? How do I audit the security controls on cloud platform? How do I operate and deliver securely on cloud platform and what should be my minimum security baseline for my workload? CISO/ Internal audit & legal GDPR..? 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 27

28 Leading practices to implementing a secure cloud API-based security Incident response Identity and access management Data-centric security Secured perimeter that spans the entire stack Integrated security monitoring and operations 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 28

29 Three takeaways 1 Cloud is used because of cost-efficiency and flexibility 2 It is a myth it s less secure 3 But you cannot outsource the responsibility for security 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 29

30 KPMG Cyber CAT Self-assessment of cyber risk exposure Arthur Mainja and Matej Jurkic KPMG Channel Islands Limited

31 Overview Mobile app for self-assessment of cyber security posture Based on leading industry practices and standards Work in an offline mode Assessment is questionnaire based Focuses on two key dimensions: Cyber risk exposure Cyber security preparedness Quantitative view of current cyber exposure Provides recommendations to strengthen cyber security posture 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 31

32 Assessment - Cyber Exposure Index (CEI) 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 32

33 Assessment - Cyber Preparedness Index (CPI) 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 33

34 Reporting - Executive dashboard 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 34

35 Accessing the app Google Play>Search KPMG Cyber CAT >Install App Store>Search KPMG Cyber CAT >Install 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 35

36 Q&A

37 Thank you

38 kpmg.com The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

Similar documents

The GDPR Are you ready?

The GDPR Are you ready? The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection

More information

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017 Security Hygiene Be in a defensible position. Be cyber resilient. November 8 th, 2017 Agenda Getting defensive How will we do it? Basic hygiene stuff Getting started Questions Introductions Over 20 years

More information

How to avoid storms in the cloud. The Australian experience and global trends

How to avoid storms in the cloud. The Australian experience and global trends How to avoid storms in the cloud The Australian experience and global trends Discussion Topics 1. Understanding Cloud and Benefits 2. KPMG research The Australian Experience and Global Trends 3. Considerations

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World CYBER CAMPUS THE CYBER SCHOOL FOR THE REAL WORLD. KPMG BUSINESS SCHOOL The Business School for the Real World In the real world, cyber security applies to all: large firms and small companies, tech experts,

More information

Cyber Security. It s not just about technology. May 2017

Cyber Security. It s not just about technology. May 2017 Cyber Security It s not just about technology May 2017 Introduction The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum

More information

Clarity on Cyber Security. Media conference 29 May 2018

Clarity on Cyber Security. Media conference 29 May 2018 Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26

More information

IT Attestation in the Cloud Era

IT Attestation in the Cloud Era IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction

More information

Physical security advisory services Securing your organisation s future

Physical security advisory services Securing your organisation s future Physical security advisory services Securing your organisation s future August 2018 KPMG.com/in Physical security threats on the rise In a dynamic geo-political, economic and social environment, businesses

More information

Cyber Security is it a boardroom issue?

Cyber Security is it a boardroom issue? Brisbane, 23 September 2014 Alistair Blake Director Cyber Security & Risk Services Today s session will cover Cyber Security and the Boardroom Executive sponsorship Organisational culture Operational readiness

More information

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding

More information

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference April 11, 2016 kpmg.com Agenda 1. Survey said 2. Leveraging ediscovery technology to audit risk a. IP threat assessment

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

A new approach to Cyber Security

A new approach to Cyber Security A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.

More information

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands HOW SAFE IS YOUR DATA? 16 November 2017 kpmg.ky Agenda Introduction Cyber Security presentation Q&A 3 Why this presentation? 4 The CIA Triad

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional

More information

IT Audit Auditing IT General Controls

IT Audit Auditing IT General Controls IT Audit Auditing IT General Controls Agenda Introduction IT Audit IT General Controls Overview Access to Programs and Data Program Change & Development Computer Operations Lessons Learned from Regulatory

More information

Ahead of the next curve

Ahead of the next curve Ahead of the next curve Clarity on Cyber Security 30 May 2017 #KPMG_Cyber Study results Work on what s now think about what s next Evolution of cyber risk in Switzerland No time to waste to discuss cyber

More information

Emerging Technologies The risks they pose to your organisations

Emerging Technologies The risks they pose to your organisations Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things

More information

Cloud Governance. ISACA Information Security & Risk Conference Halifax NS

Cloud Governance. ISACA Information Security & Risk Conference Halifax NS Cloud Governance ISACA Information Security & Risk Conference Halifax NS November 2017 a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

More information

CYBER INSURANCE: MANAGING THE RISK

CYBER INSURANCE: MANAGING THE RISK CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt

More information

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities January 25, 2018 Digital Governments From KPMG s Harvey Nash survey to a future of opportunities About the Survey 4,500 Responses 2 Decades $1-3trn IT budget 86 Countries 118 Government agencies 2 Digital

More information

Cyber Crime Seminar 8 December 2015

Cyber Crime Seminar 8 December 2015 Cyber Crime Seminar Cyber Security & Financial Services in a changing regulatory landscape John Salmon Partner, Pinsent Masons LLP @uktisa Cyber Security and Financial Services: A changing regulatory landscape

More information

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7 Testers vs Writers: Pen tests Quality in Assurance Projects 10 November 2016 @ Defcamp7 Contents INTRODUCTION CONTEXT WHAT ABOUT AUDITING STANDARDS WHAT ABOUT INDEPENDENCE PEN TEST BETWEEN REGULATORY AND

More information

HIPAA Privacy, Security and Breach Notification

HIPAA Privacy, Security and Breach Notification HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance

More information

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER

More information

Trough a cyber security lens

Trough a cyber security lens Trough a cyber security lens 2015 Global Audit Survey kpmg.ch/cyber What the 2015 survey tells us Short of a crisis, the issues on the audit committee s radar don t change dramatically from year to year

More information

Cybersecurity Protecting your crown jewels

Cybersecurity Protecting your crown jewels Cybersecurity Protecting your crown jewels Our cyber security services We view cybersecurity through a series of interconnected lenses. This rounded approach is designed to provide you with confidence:

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,

More information

Auditing IT General Controls

Auditing IT General Controls Auditing IT General Controls Amanthi Pendegraft and Nadine Yassine September 27, 2017 Agenda Introduction and Objectives IT Audit Fundamentals IT General Controls Overview Access to Programs and Data Program

More information

Cyber Risk for Maritime

Cyber Risk for Maritime Cyber Risk for Maritime Enabling a step-change in risk management for the maritime industry kpmg.no kongsberg.com/kdi 0 Cyber Risk for Maritime The international shipping industry is responsible for the

More information

Run the business. Not the risks.

Run the business. Not the risks. Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.

More information

Modern Database Architectures Demand Modern Data Security Measures

Modern Database Architectures Demand Modern Data Security Measures Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing

More information

SOC for cybersecurity

SOC for cybersecurity April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory

More information

Data Management and Security in the GDPR Era

Data Management and Security in the GDPR Era Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini

More information

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG 1 1 Cyber Security A game changer? Cyber Risk in Internet of everything age April 7th, 2016 3 3 What is disruptive technology? 4 What if our «things» turn against us? Sources: sfglobe.com, wired.com, forbes.com

More information

Cyber Risk Having better conversations on cyber

Cyber Risk Having better conversations on cyber www.pwc.com/sg/risk-assurance Cyber Risk Having better conversations on cyber Contents Putting Cyber Security into perspective 3 Engaging C-Suite executives on cyber security 8 C-Suite key messages & discussion

More information

Strengthening your fraud and cyber-crime protection controls. March 2017

Strengthening your fraud and cyber-crime protection controls. March 2017 Strengthening your fraud and cyber-crime protection controls March 2017 Audience question: What is your role within your institution? a) Payment operations / cash management / treasury services b) Compliance

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

Managing SaaS risks for cloud customers

Managing SaaS risks for cloud customers Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Building the trust to succeed in digital business

Building the trust to succeed in digital business www.pwc.ch/cybersecurity Building the trust to succeed in digital business Cybersecurity and Making your cyber journey a successful one Harnessing the advantages of digital technologies presents a whole

More information

EY s data privacy service offering

EY s data privacy service offering EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world Introduction Data privacy encompasses the rights and obligations

More information

Addressing the elephant in the operating room: a look at medical device security programs

Addressing the elephant in the operating room: a look at medical device security programs Addressing the elephant in the operating room: a look at medical device security programs Ernst & Young LLP Presenters Michael Davis Healthcare Leader Baltimore +1 410 783 3740 michael.davis@ey.com Esther

More information

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors www.pwc.co.uk Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors Dr. Richard Horne Cyber Security Partner PwC January 2017 Board governance is often

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology 8 December 2016 The Matrix (1999) 1 / L_LIVE_APAC1:5433168v1 World Internet

More information

Public vs private cloud for regulated entities

Public vs private cloud for regulated entities Public vs private cloud for regulated entities DC2: Restricted use The cloud is for everyone but not for everything 2 Opportunity enabler DC2: Restricted use Flexibility SAAS Public Accessibility Agility

More information

GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov.

GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov. You Trust IT Путь к безопасности бизнеса GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services Konstantin Sviridov Andrey Ivanov 06 September 2017 This presentation

More information

Survey - Governance, Risk and Compliance

Survey - Governance, Risk and Compliance Survey - Governance, Risk and Compliance 2018 emerging trends around GRC : SAP HANA, Continuous Control Monitoring & Data Analytics kpmg.fr KPMG SURVEY RESULTS PARTICIPANTS of CAC40 companies CFO Audit

More information

Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties

Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties Thursday, October 5, 2017 Presented by: Gerrit Nel, Senior Manager, Cyber Security, KPMG Sunny Handa, Partner, Montreal Cathy Beagan Flood,

More information

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business

More information

Moving from Prevention to Detection March 2017

Moving from Prevention to Detection March 2017 www.pwc.com Moving from Prevention to Detection Le Tran Hai Minh Manager Cyber Security 29 Agenda Slide Cyber Security Statistics 3 How to Stay Confidence 8 Contact 19 2 Cyber Security Statistics 3 Cyber

More information

Choosing the Right Security Assessment

Choosing the Right Security Assessment A Red Team Whitepaper Choosing the Right Security Navigating the various types of Security s and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding

More information

Moving Workloads to the Public Cloud? Don t Forget About Security.

Moving Workloads to the Public Cloud? Don t Forget About Security. Whitepaper Moving Workloads to the Public Cloud? Don t Forget About Security. Key considerations for developing a cloud-ready cybersecurity strategy Introduction For many organizations today, it s not

More information

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.ca

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.ca Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.ca Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:

More information

Security Readiness Assessment

Security Readiness Assessment Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS

More information

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance

More information

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security Cyber Resiliency Minimizing the impact of breaches on business continuity Jean-Michel Lamby Associate Partner - IBM Security Brussels Think Brussels / Cyber Resiliency / Oct 4, 2018 / 2018 IBM Corporation

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

An ICS Whitepaper Choosing the Right Security Assessment

An ICS Whitepaper Choosing the Right Security Assessment Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions

More information

GDPR: The Day After. Pierre-Luc REFALO

GDPR: The Day After. Pierre-Luc REFALO GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal

More information

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK Building resilience: 10 Steps to Cyber Security 1. Information Risk Management Regime 2. Secure

More information

What Directors and C-Suite professionals need to know kpmg.ca/insuranceconference2017

What Directors and C-Suite professionals need to know kpmg.ca/insuranceconference2017 Cyber Attacks What Directors and C-Suite professionals need to know kpmg.ca/insuranceconference2017 The threat landscape data breaches 2016 2015 2014 CarPhone Warehouse2.4M Michaels 3M Trip Advisor S 1.4M

More information

Big data privacy in Australia

Big data privacy in Australia Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security LTI Security Intelligent & integrated Approach to Cyber & Digital Security Overview As businesses are expanding globally into new territories, propelled and steered by digital disruption and technological

More information

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information CLOUD COMPUTING The Old Ways Are New Again Jeff Rowland, Vice President, USAA IT/Security Audit Services Public Information Who We Are Our Mission The mission of the association is to facilitate the financial

More information

Fabrizio Patriarca. Come creare valore dalla GDPR

Fabrizio Patriarca. Come creare valore dalla GDPR Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data

More information

What is ISO ISMS? Business Beam

What is ISO ISMS? Business Beam 1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4

More information

IT Security: Managing a New Reality

IT Security: Managing a New Reality IT Security: Managing a New Reality Kevin Lonergan #IDCDirections IDC You re Only as Strong as Your Weakest Link Locks Only Work if you Know How to Use Them IDC 2 Millions Canadian Security Market Forecast:

More information

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.

More information

Cyber Threat Landscape April 2013

Cyber Threat Landscape April 2013 www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve

More information

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP Prioritizing & enabling internal during ERP/Cloud SaaS and other enterprise system implementations NASC Conference March 21, 2018 Introduction Moderator Presenters Jim Kennedy Senior Deputy Director of

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE 31st Annual SoCal ISSA Security Symposium Wendy T. Wu Vice President Agenda + CISO: Then and Now + Who are the Stakeholders and What Do They Care About?

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments, diagnosis and audits of your organization, the protection mechanisms

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report. 2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

GDPR compliance: some basics & practical to do list

GDPR compliance: some basics & practical to do list GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations

More information

GDPR Update and ENISA guidelines

GDPR Update and ENISA guidelines GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure

More information

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain Merritt and Martijn will share insights on Digital Transformation & Drivers

More information

Compliance Audit Readiness. Bob Kral Tenable Network Security

Compliance Audit Readiness. Bob Kral Tenable Network Security Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support

More information

Security by Default: Enabling Transformation Through Cyber Resilience

Security by Default: Enabling Transformation Through Cyber Resilience Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,

More information

Securing Your Most Sensitive Data

Securing Your Most Sensitive Data Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way

More information

Data Sheet The PCI DSS

Data Sheet The PCI DSS Data Sheet The PCI DSS Protect profits by managing payment card risk IT Governance is uniquely qualified to provide Payment Card Industry (PCI) services. Our leadership in cyber security and technical

More information

What It Takes to be a CISO in 2017

What It Takes to be a CISO in 2017 What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge

More information

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services Cyber Diligence EY Deals Forum 2018 Ian McCaw EY Transaction Advisory Services Finance & Commercial Diligence 2 B COMPANY: Power Life INDUSTRY: ENERGY REVENUE: 192m EBITDA: 875k (35% growth in 5 years)

More information

Data Loss Prevention:

Data Loss Prevention: Data Loss Prevention: Considerations from an IT Audit Perspective ISACA November Luncheon 11 November 2010 Agenda What is data loss prevention (DLP)? Ernst & Young point of view on DLP Data loss risk assessment

More information

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime

More information

Technology and cyber risk management Protect and enable the business with a holistic risk and governance framework

Technology and cyber risk management Protect and enable the business with a holistic risk and governance framework Technology and cyber risk Protect and enable the business with a holistic risk and governance framework September 2018 kpmg.com Meet the authors Charlie Jacco Principal, KPMG LLP Cyber Security Services

More information

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER SECURITY AIR TRANSPORT IT SUMMIT CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback