THE POWER OF TECH-SAVVY BOARDS:
|
|
- Nancy Jefferson
- 5 years ago
- Views:
Transcription
1 THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1
2 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES COMPANIES FACE Economic conditions may restrict growth Regulatory changes and scrutiny may increase affecting products and services Organizations are insufficiently prepared for cyber threats Privacy, identify and information security risks are not being addressed with sufficient resources Succession challenges and ability to attract top talent may limit ability to achieve operational targets Anticipated volatility in global financial markets/currencies may create significant challenges 9 10 Resistance to change could restrict orgs from making necessary adjustments to business model and core operations. Sustaining customer loyalty and retention may be increasingly difficult as customer demographics and needs change. Source: NACD 2017 Public Company Governance Survey 4 Rapid speed of disruptive innovations and new technologies may outpace organizations ability to compete or manage risk 8 Org. culture may not sufficiently encourage identification and escalation of risk issues Highlighted Text is information and technology governance-related 2
3 WHO IS LEADING DIGITAL TRANSFORMATION? SNAPSHOT RESULTS OF MIT/ISACA SURVEY, 2017 CEO BOARD EXECUTIVE COMMITTEE CIO CTO COO CDO CMO ANOTHER EXECUTIVE NO ONE TOO MANY PEOPLE /15/2017
4 BRIDGING THE (GOVERNANCE) GAP
5 LEVERAGING TECHNOLOGY ISN T OPTIONAL IN TODAY S DIGITAL ECONOMY For businesses looking to compete in our global digital economy, information and technology, as well as cybersecurity professionals, are vital assets Effective leadership and governance in all of these areas are enterprise-level concerns Cultivating cybersecurity talent is like growing anything of importance within the business world; it requires the right environment and the right leadership 5
6 THERE S ONLY ONE PROBLEM IF THE LEADERSHIP S NOT OPTIMAL, THE ENVIRONMENT NEEDED TO CULTIVATE CYBERSECURITY TALENT WON T BE, EITHER THE GOVERNANCE DISCONNECT 6 11/15/2017
7 CYBERSECURITY POLICIES AND DEFENSES ARE THE #1 CORPORATE GOVERNANCE TECHNOLOGICAL CHALLENGE yet only and only of organizational leaders are briefed on risk topics at every senior leadership meeting of leaders plan on increasing spending on data security training for Board members 7 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business
8 of leaders believe they re doing everything they can to safeguard digital assets yet only continuously assess the risk related to technology use 8 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business
9 ORGANIZATIONAL LEADERS AGREE THAT THE BEST WAY TO DEMONSTRATE IT LEADERSHIP IS TO ENSURE ALIGNMENT BETWEEN IT AND STAKEHOLDER NEEDS yet say they still need to establish a clearer connection between business and IT goals 9 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business
10 89% of organizational leaders believe that better technology governance improves business agility 1 in 5 yet nearly and 92% don t use a governance framework of those leaders believe it benefits economic outcomes 10 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business
11 of organizations believe that malicious attacks are on the rise, as compared to last year, but don t feel confident in their teams ability to address complex attacks 11 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business
12 In a digital economy, the whole company is responsible for generating value from digital investments. We see three key components: DEFENSIVE (e.g. cyber, privacy, regulation etc.) OVERSIGHT (making sure the major investments and organizational change are on track) STRATEGIC (e.g. how will we operate in the future e.g. business models, ecosystems, partnerships). How good you are at each of these will predict your likely success in the digital economy. DR. PETER WEILL DIRECTOR, MIT CENTER FOR INFORMATION RESEARCH 12
13 of C-suite executives think their boards are not fully knowledgeable about the risks the organization is taking and the measures that are in place. Source: EY s 19th Global Information Security Survey /15/ ISACA. All Rights Reserved.
14 of board members and C-level executives have said they lack confidence in their organization s level of cybersecurity Source: EY s 19th Global Information Security Survey /15/ ISACA. All Rights Reserved.
15 of enterprises have had a recent significant cybersecurity incident, which shows that there is still more work to do to strengthen the corporate shield. Source: EY s 19th Global Information Security Survey /15/ ISACA. All Rights Reserved.
16 DIGITAL TRANSFORMATION HIRING QUALIFIED PERSONNEL CYBER: PART OF A LARGER PUZZLE ENTERPRISE- LEVEL RISK MANAGEMENT GETTING THE RIGHT ROI FROM TECHNOLOGY INVESTMENTS NEED TO ASSESS CAPABILITY MATURITY SOLID FOUNDATION IN ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY 16
17 BOARDS/C-SUITE WANT ANSWERS AND ASSURANCE ELEVATING CYBERSECURITY RISK TO ENTERPRISE RISK CREATING SITUATIONAL AWARENESS DEFINING CRITICAL CAPABILITIES AND MATURING ESTABLISHING COMMITMENT 17
18 CYBER SECURITY MATURITY ASSESSMENT BENEFITS AND IMPACT WE PRESENT OUR RESULTS IN BUSINESS TERMS SIMPLE GRAPHICS TO SUPPORT BOARD COMMUNICATION STANDARDIZED MATURITY Defines maturity for people, process and technology; includes hygiene; enables industry benchmarking COMPANY RISK-BASED Defines company s risk profile and sets maturity targets ROADMAP DEVELOPMENT Provides risk-based prioritization of gaps in maturity to support roadmap development COMPLIANCE VIEWS Provides views into compliance with ISO27001, NIST CSF, CMMI Threat Kill Chain, ASD, etc. OUR COMPREHENSIVE SCOPE LEVERAGES LEADING FRAMEWORKS, STANDARDS AND CONTROLS 18
19 SELECT THE COMPANY S UNIQUE RISK PROFILE RISK EVENT Sensitive customer related electronic data is wrongfully disclosed POTENTIAL VULNERABILITIES Improper assignment of user permissions Unauthorized physical access to restricted location Undetected attack through 3 rd party partner Confidential data not destroyed properly Disclosure modification due to authentication issue Failed SLA compliance due to poorly defined availability / recovery objectives Internal breach due to inadequate network segmentation L VH VH VL H H - - Improperly tested and/or vulnerable application leads to malicious activity For each Potential Vulnerability, users will assign the likelihood of each Risk Event resulting from Security Scenario Sensitive customer related electronic data is modified without authorization H H VH H VH H - - VL VERY LOW L LOW H HIGH VH VERY HIGH Sensitive customerrelated electronic data is wrongfully deleted Sensitive proprietary - specific electronic data is wrongfully disclosed Sensitive proprietaryrelated electronic data is modified without authorization Sensitive proprietaryspecific electronic data is wrongfully deleted Sensitive customerrelated physical records are H L VL VL H VL VL - - VH - - H H H VL VH VH L L L - - L VL Once likelihood of Security Scenarios have been assigned, users will assign an impact for each Risk Event 19
20 COMMITTING TO CYBERSECURITY RESILIENCE SITUATIONAL AWARENESS CAPABILITY MATURITY ENTERPRISE RISK MGMT WORKFORCE READINESS 20
21 COMMITTING TO CYBERSECURITY RESILIENCE SITUATIONAL AWARENESS CAPABILITY MATURITY Focusing on riskbased capabilities is foundational to building resilience ENTERPRISE RISK MGMT WORKFORCE READINESS 21
22 COMMITTING TO CYBERSECURITY RESILIENCE Cyber situational awareness involves three key areas SITUATIONAL AWARENESS CAPABILITY MATURITY COMPUTING / NETWORKING COMPONENTS ENTERPRISE RISK MGMT THREAT INFORMATION MISSION DEPENDENCIES WORKFORCE READINESS 22
23 COMMITTING TO CYBERSECURITY RESILIENCE SITUATIONAL AWARENESS ENTERPRISE RISK MGMT CAPABILITY MATURITY 60% of all attacks were carried out by insiders. 75% involved malicious intent. The workforce is our greatest point of vulnerability and opportunity. SOURCE: 2016 Cyber Security Intelligence Index WORKFORCE READINESS 23
24 ARE WE HIRING THE RIGHT PEOPLE IN THE FACE OF A SHORTAGE OF CYBER SKILLS? 24
25 of enterprises have said it is taking more than three months to find and hire qualified information and cybersecurity professionals Source: ISACA s 2017 State of Cybersecurity survey 25 11/15/ ISACA. All Rights Reserved.
26 of enterprises have said that fewer than 1 in 4 applicants are qualified for the position(s) available Source: ISACA s 2017 State of Cybersecurity survey 26 11/15/ ISACA. All Rights Reserved.
27 of organizations think that having practical experience is the most important qualification for a cybersecurity candidate Source: ISACA s 2017 State of Cybersecurity survey 27 11/15/ ISACA. All Rights Reserved.
28 SAFEGUARDING YOUR ENTERPRISE When choosing those who will defend your organization choose wisely.
29 THE PACE OF CHANGE CREATES THE PAIN Skills gap, near-term: embrace diversity, hands-on training, and performance-based assessment. Enterprises must be able to self-assess to effectively maintain cyber resilience. We can t win Cyber without good governance of enterprise information and technology 29 Cyber is everybody s business; it s a matter of global and local economic security and public safety.
30 THANK YOU 30
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationAngela McKay Director, Government Security Policy and Strategy Microsoft
Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationState Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017
State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationThe State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016 Identifying Cybersecurity Gaps to Rethink State of the Art Executive Summary Executive Summary While the advent of digital technology has fueled new business
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationBusiness resilience in the face of cyber risk. By Roger Ostvold and Brian Walker
Business resilience in the face of cyber risk By Roger Ostvold and Brian Walker When it comes to experiencing failure of at least part of an enterprise s digital environment, it is a matter of when rather
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments, diagnosis and audits of your organization, the protection mechanisms
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationA New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO
A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationSECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives
SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016 2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationOrganizational Readiness for Digital Transformation
IVI Community Event Organizational Readiness for Digital Transformation Dr. Marian Carcary June 22nd 2017 Introduction Digital business transformation goes beyond traditional process optimization, to leveraging
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationSECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust
SECURING THE DIGITAL ECONOMY Reinventing the Internet for Trust The Internet Just Can t Keep Up Companies Are Increasingly Dependent on the Internet for Business Growth 90% 76% 18% 35% to rank business
More informationThe Deloitte-NASCIO Cybersecurity Study Insights from
The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationIBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation
IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to:
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationClarity on Cyber Security. Media conference 29 May 2018
Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationGEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards
GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov
More informationCOST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE
2017 COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE NUMBER OF SECURITY BREACHES IS RISING AND SO IS SPEND Average number of security breaches each year 130 Average
More informationCyber Security in Timothy Brown Dell Fellow and CTO Dell Security
Cyber Security in 2016 Timothy Brown Dell Fellow and CTO Dell Security 2016 The middle of a perfect storm Technology Driving Innovation Advanced Adversaries Limited Resources Dell Secureworks Underground
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationLeading our discussion today
Defending the Digital Retailer for NRFTech 2014 July 22, 2014 Leading our discussion today Security Leadership and Points of Contact Security and Infrastructure Services Leadership Kevin Richards NA Security
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationDefense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility
Strategic Plan 2020 Addendum, April 2017 Our Agency, Our Mission, Our Responsibility [2] DSS Strategic Plan Addendum 2020 Addendum The DSS Strategic Plan 2020 is designed to support the agency s continuous
More informationHealthcare IT Modernization and the Adoption of Hybrid Cloud
Healthcare IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Executive Summary The healthcare industry is facing unprecedented changes brought about by a
More informationDoes someone else own your company s reputation? EY Global Information Security Survey 2018
Does someone else own your company s reputation? EY Global Information Security Survey 2018 Perspectives for technology, media and entertainment, and telco companies Risking cyber reputations Are TMT companies
More informationMission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS
Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber
More informationEvolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha
Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,
More informationDIGITAL TRANSFORMATION IN FINANCIAL SERVICES
DIGITAL TRANSFORMATION IN FINANCIAL SERVICES Global Priorities, Progress, and Obstacles Insights from business and IT executives at financial services institutions worldwide reveal that while digital transformation
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationEnterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018
Enterprise Risk Management (ERM) and Cybersecurity Na9onal Science Founda9on March 14, 2018 Agenda Guiding Principles for Implementing ERM at NSF (Based on COSO) NSF s ERM Framework ERM Cybersecurity Risk
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More informationA Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework
A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University
More informationCreating a Cybersecurity Culture: (ISC)2 Survey Responses
10/3/18 Creating a Cybersecurity Culture: (ISC)2 Survey Responses Dr. Keri Pearlson (ISC)2 Conference October 8, 2018 CAMS - (IC)3 https://cams.mit.edu 1 200,000Security events The average company handles
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationModern Database Architectures Demand Modern Data Security Measures
Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing
More informationTransformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationState of South Carolina Interim Security Assessment
State of South Carolina Interim Security Assessment Deloitte & Touche LLP Date: October 28, 2013 Our services were performed in accordance with the Statement on Standards for Consulting Services that is
More informationRethinking Cybersecurity from the Inside Out
Rethinking Cybersecurity from the Inside Out An Engineering and Life Cycle-Based Approach for Building Trustworthy Resilient Systems Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationWhat is ISO ISMS? Business Beam
1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )
ISACA Pasitikėjimas informacinėmis sistemomis ir jų nauda Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) Dainius Jakimavičius, CGEIT ISACA Lietuva tyrimų ir metodikos koordinatorius
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationFramework for Improving Critical Infrastructure Cybersecurity. and Risk Approach
Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 and Risk Approach June 9, 2016 cyberframework@nist.gov Executive Order: Improving Critical Infrastructure
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationU.S. Customs and Border Protection Cybersecurity Strategy
42% U.S. Customs and Border Protection Cybersecurity Strategy Enabling the Mission Through Secure Technology 19% 42% 19% 42% 41% 9% 19% 1% Table of Contents Message from the Commissioner Executive Summary
More informationThe UK s National Cyber Security Strategy
The UK s National Cyber Security Strategy 2016 2021 Vision for 2021: The UK is secure and resilient to cyber threats, prosperous and confident in the digital world 1 National Cyber Security Strategy 2016
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationRobert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group
Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Presentation Objectives Introductions Cyber security context Cyber security in the maritime sector Developing cybersecurity
More informationCyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber
CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber Initiatives 30 January 2018 1 Agenda Federal Landscape Cybersecurity
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationA Methodology to Build Lasting, Intelligent Cybersecurity Programs
EBOOK Risk-Centric Cybersecurity Management : A Methodology to Build Lasting, Intelligent Cybersecurity Programs A Brinqa ebook Think InfoSec is ready to keep your enterprise secure through the next transformative
More informationNZTECH ADVANCE SECURITY SUMMIT: ADDRESSING A CRITICAL
NZTECH ADVANCE SECURITY SUMMIT: ADDRESSING A CRITICAL SKILLS SHORTAGE BRIEFING PAPER CONNECT PROMOTE ADVANCE @NZTechIA PREPARED BY THE NEW ZEALAND TECHNOLOGY INDUSTRY ASSOCIATION Published: November 2016
More informationThe new cybersecurity operating model
The new cybersecurity operating model Help your organization become more resilient and reach its business goals. 1 slalom.com Struggling to meet security goals While the digital economy is providing major
More informationRESOLVING HIGH-TECH'S SECURITY CHALLENGE
RESOLVING HIGH-TECH'S SECURITY CHALLENGE CONFIDENCE MASKS VULNERABILITY: ASSESSING CYBERSECURITY PERCEPTIONS Steeped in innovation and cutting-edge technology, the high-tech sector attracts serious attention
More informationThe Fine Art of Creating A Transformational Cyber Security Strategy
SESSION ID: CXO-R11 The Fine Art of Creating A Transformational Cyber Security Strategy Jinan Budge Principal Security & Risk Analyst Forrester Research Andrew Rose Chief Security Officer Vocalink, A Mastercard
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More information