THE POWER OF TECH-SAVVY BOARDS:

Size: px
Start display at page:

Download "THE POWER OF TECH-SAVVY BOARDS:"

Transcription

1 THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1

2 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES COMPANIES FACE Economic conditions may restrict growth Regulatory changes and scrutiny may increase affecting products and services Organizations are insufficiently prepared for cyber threats Privacy, identify and information security risks are not being addressed with sufficient resources Succession challenges and ability to attract top talent may limit ability to achieve operational targets Anticipated volatility in global financial markets/currencies may create significant challenges 9 10 Resistance to change could restrict orgs from making necessary adjustments to business model and core operations. Sustaining customer loyalty and retention may be increasingly difficult as customer demographics and needs change. Source: NACD 2017 Public Company Governance Survey 4 Rapid speed of disruptive innovations and new technologies may outpace organizations ability to compete or manage risk 8 Org. culture may not sufficiently encourage identification and escalation of risk issues Highlighted Text is information and technology governance-related 2

3 WHO IS LEADING DIGITAL TRANSFORMATION? SNAPSHOT RESULTS OF MIT/ISACA SURVEY, 2017 CEO BOARD EXECUTIVE COMMITTEE CIO CTO COO CDO CMO ANOTHER EXECUTIVE NO ONE TOO MANY PEOPLE /15/2017

4 BRIDGING THE (GOVERNANCE) GAP

5 LEVERAGING TECHNOLOGY ISN T OPTIONAL IN TODAY S DIGITAL ECONOMY For businesses looking to compete in our global digital economy, information and technology, as well as cybersecurity professionals, are vital assets Effective leadership and governance in all of these areas are enterprise-level concerns Cultivating cybersecurity talent is like growing anything of importance within the business world; it requires the right environment and the right leadership 5

6 THERE S ONLY ONE PROBLEM IF THE LEADERSHIP S NOT OPTIMAL, THE ENVIRONMENT NEEDED TO CULTIVATE CYBERSECURITY TALENT WON T BE, EITHER THE GOVERNANCE DISCONNECT 6 11/15/2017

7 CYBERSECURITY POLICIES AND DEFENSES ARE THE #1 CORPORATE GOVERNANCE TECHNOLOGICAL CHALLENGE yet only and only of organizational leaders are briefed on risk topics at every senior leadership meeting of leaders plan on increasing spending on data security training for Board members 7 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business

8 of leaders believe they re doing everything they can to safeguard digital assets yet only continuously assess the risk related to technology use 8 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business

9 ORGANIZATIONAL LEADERS AGREE THAT THE BEST WAY TO DEMONSTRATE IT LEADERSHIP IS TO ENSURE ALIGNMENT BETWEEN IT AND STAKEHOLDER NEEDS yet say they still need to establish a clearer connection between business and IT goals 9 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business

10 89% of organizational leaders believe that better technology governance improves business agility 1 in 5 yet nearly and 92% don t use a governance framework of those leaders believe it benefits economic outcomes 10 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business

11 of organizations believe that malicious attacks are on the rise, as compared to last year, but don t feel confident in their teams ability to address complex attacks 11 Source: 2017 ISACA Tech Governance Research: Better Tech Governance is Better for Business

12 In a digital economy, the whole company is responsible for generating value from digital investments. We see three key components: DEFENSIVE (e.g. cyber, privacy, regulation etc.) OVERSIGHT (making sure the major investments and organizational change are on track) STRATEGIC (e.g. how will we operate in the future e.g. business models, ecosystems, partnerships). How good you are at each of these will predict your likely success in the digital economy. DR. PETER WEILL DIRECTOR, MIT CENTER FOR INFORMATION RESEARCH 12

13 of C-suite executives think their boards are not fully knowledgeable about the risks the organization is taking and the measures that are in place. Source: EY s 19th Global Information Security Survey /15/ ISACA. All Rights Reserved.

14 of board members and C-level executives have said they lack confidence in their organization s level of cybersecurity Source: EY s 19th Global Information Security Survey /15/ ISACA. All Rights Reserved.

15 of enterprises have had a recent significant cybersecurity incident, which shows that there is still more work to do to strengthen the corporate shield. Source: EY s 19th Global Information Security Survey /15/ ISACA. All Rights Reserved.

16 DIGITAL TRANSFORMATION HIRING QUALIFIED PERSONNEL CYBER: PART OF A LARGER PUZZLE ENTERPRISE- LEVEL RISK MANAGEMENT GETTING THE RIGHT ROI FROM TECHNOLOGY INVESTMENTS NEED TO ASSESS CAPABILITY MATURITY SOLID FOUNDATION IN ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY 16

17 BOARDS/C-SUITE WANT ANSWERS AND ASSURANCE ELEVATING CYBERSECURITY RISK TO ENTERPRISE RISK CREATING SITUATIONAL AWARENESS DEFINING CRITICAL CAPABILITIES AND MATURING ESTABLISHING COMMITMENT 17

18 CYBER SECURITY MATURITY ASSESSMENT BENEFITS AND IMPACT WE PRESENT OUR RESULTS IN BUSINESS TERMS SIMPLE GRAPHICS TO SUPPORT BOARD COMMUNICATION STANDARDIZED MATURITY Defines maturity for people, process and technology; includes hygiene; enables industry benchmarking COMPANY RISK-BASED Defines company s risk profile and sets maturity targets ROADMAP DEVELOPMENT Provides risk-based prioritization of gaps in maturity to support roadmap development COMPLIANCE VIEWS Provides views into compliance with ISO27001, NIST CSF, CMMI Threat Kill Chain, ASD, etc. OUR COMPREHENSIVE SCOPE LEVERAGES LEADING FRAMEWORKS, STANDARDS AND CONTROLS 18

19 SELECT THE COMPANY S UNIQUE RISK PROFILE RISK EVENT Sensitive customer related electronic data is wrongfully disclosed POTENTIAL VULNERABILITIES Improper assignment of user permissions Unauthorized physical access to restricted location Undetected attack through 3 rd party partner Confidential data not destroyed properly Disclosure modification due to authentication issue Failed SLA compliance due to poorly defined availability / recovery objectives Internal breach due to inadequate network segmentation L VH VH VL H H - - Improperly tested and/or vulnerable application leads to malicious activity For each Potential Vulnerability, users will assign the likelihood of each Risk Event resulting from Security Scenario Sensitive customer related electronic data is modified without authorization H H VH H VH H - - VL VERY LOW L LOW H HIGH VH VERY HIGH Sensitive customerrelated electronic data is wrongfully deleted Sensitive proprietary - specific electronic data is wrongfully disclosed Sensitive proprietaryrelated electronic data is modified without authorization Sensitive proprietaryspecific electronic data is wrongfully deleted Sensitive customerrelated physical records are H L VL VL H VL VL - - VH - - H H H VL VH VH L L L - - L VL Once likelihood of Security Scenarios have been assigned, users will assign an impact for each Risk Event 19

20 COMMITTING TO CYBERSECURITY RESILIENCE SITUATIONAL AWARENESS CAPABILITY MATURITY ENTERPRISE RISK MGMT WORKFORCE READINESS 20

21 COMMITTING TO CYBERSECURITY RESILIENCE SITUATIONAL AWARENESS CAPABILITY MATURITY Focusing on riskbased capabilities is foundational to building resilience ENTERPRISE RISK MGMT WORKFORCE READINESS 21

22 COMMITTING TO CYBERSECURITY RESILIENCE Cyber situational awareness involves three key areas SITUATIONAL AWARENESS CAPABILITY MATURITY COMPUTING / NETWORKING COMPONENTS ENTERPRISE RISK MGMT THREAT INFORMATION MISSION DEPENDENCIES WORKFORCE READINESS 22

23 COMMITTING TO CYBERSECURITY RESILIENCE SITUATIONAL AWARENESS ENTERPRISE RISK MGMT CAPABILITY MATURITY 60% of all attacks were carried out by insiders. 75% involved malicious intent. The workforce is our greatest point of vulnerability and opportunity. SOURCE: 2016 Cyber Security Intelligence Index WORKFORCE READINESS 23

24 ARE WE HIRING THE RIGHT PEOPLE IN THE FACE OF A SHORTAGE OF CYBER SKILLS? 24

25 of enterprises have said it is taking more than three months to find and hire qualified information and cybersecurity professionals Source: ISACA s 2017 State of Cybersecurity survey 25 11/15/ ISACA. All Rights Reserved.

26 of enterprises have said that fewer than 1 in 4 applicants are qualified for the position(s) available Source: ISACA s 2017 State of Cybersecurity survey 26 11/15/ ISACA. All Rights Reserved.

27 of organizations think that having practical experience is the most important qualification for a cybersecurity candidate Source: ISACA s 2017 State of Cybersecurity survey 27 11/15/ ISACA. All Rights Reserved.

28 SAFEGUARDING YOUR ENTERPRISE When choosing those who will defend your organization choose wisely.

29 THE PACE OF CHANGE CREATES THE PAIN Skills gap, near-term: embrace diversity, hands-on training, and performance-based assessment. Enterprises must be able to self-assess to effectively maintain cyber resilience. We can t win Cyber without good governance of enterprise information and technology 29 Cyber is everybody s business; it s a matter of global and local economic security and public safety.

30 THANK YOU 30

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities

More information

Angela McKay Director, Government Security Policy and Strategy Microsoft

Angela McKay Director, Government Security Policy and Strategy Microsoft Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018 Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.

More information

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,

More information

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing

More information

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017 State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and

More information

Cybersecurity. Securely enabling transformation and change

Cybersecurity. Securely enabling transformation and change Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

The State of Cybersecurity and Digital Trust 2016

The State of Cybersecurity and Digital Trust 2016 The State of Cybersecurity and Digital Trust 2016 Identifying Cybersecurity Gaps to Rethink State of the Art Executive Summary Executive Summary While the advent of digital technology has fueled new business

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker Business resilience in the face of cyber risk By Roger Ostvold and Brian Walker When it comes to experiencing failure of at least part of an enterprise s digital environment, it is a matter of when rather

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments, diagnosis and audits of your organization, the protection mechanisms

More information

Rethinking Information Security Risk Management CRM002

Rethinking Information Security Risk Management CRM002 Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information

More information

CYBERSECURITY MATURITY ASSESSMENT

CYBERSECURITY MATURITY ASSESSMENT CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016 2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

Organizational Readiness for Digital Transformation

Organizational Readiness for Digital Transformation IVI Community Event Organizational Readiness for Digital Transformation Dr. Marian Carcary June 22nd 2017 Introduction Digital business transformation goes beyond traditional process optimization, to leveraging

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

Securing Digital Transformation

Securing Digital Transformation September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated

More information

SECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust

SECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust SECURING THE DIGITAL ECONOMY Reinventing the Internet for Trust The Internet Just Can t Keep Up Companies Are Increasingly Dependent on the Internet for Business Growth 90% 76% 18% 35% to rank business

More information

The Deloitte-NASCIO Cybersecurity Study Insights from

The Deloitte-NASCIO Cybersecurity Study Insights from The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith

More information

align security instill confidence

align security instill confidence align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed

More information

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to:

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce

More information

Clarity on Cyber Security. Media conference 29 May 2018

Clarity on Cyber Security. Media conference 29 May 2018 Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26

More information

Cybersecurity and the Board of Directors

Cybersecurity and the Board of Directors Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education

More information

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov

More information

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE 2017 COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE NUMBER OF SECURITY BREACHES IS RISING AND SO IS SPEND Average number of security breaches each year 130 Average

More information

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security Cyber Security in 2016 Timothy Brown Dell Fellow and CTO Dell Security 2016 The middle of a perfect storm Technology Driving Innovation Advanced Adversaries Limited Resources Dell Secureworks Underground

More information

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.

More information

Leading our discussion today

Leading our discussion today Defending the Digital Retailer for NRFTech 2014 July 22, 2014 Leading our discussion today Security Leadership and Points of Contact Security and Infrastructure Services Leadership Kevin Richards NA Security

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination

More information

FOR FINANCIAL SERVICES ORGANIZATIONS

FOR FINANCIAL SERVICES ORGANIZATIONS RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly

More information

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility Strategic Plan 2020 Addendum, April 2017 Our Agency, Our Mission, Our Responsibility [2] DSS Strategic Plan Addendum 2020 Addendum The DSS Strategic Plan 2020 is designed to support the agency s continuous

More information

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Healthcare IT Modernization and the Adoption of Hybrid Cloud Healthcare IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Executive Summary The healthcare industry is facing unprecedented changes brought about by a

More information

Does someone else own your company s reputation? EY Global Information Security Survey 2018

Does someone else own your company s reputation? EY Global Information Security Survey 2018 Does someone else own your company s reputation? EY Global Information Security Survey 2018 Perspectives for technology, media and entertainment, and telco companies Risking cyber reputations Are TMT companies

More information

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber

More information

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,

More information

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES DIGITAL TRANSFORMATION IN FINANCIAL SERVICES Global Priorities, Progress, and Obstacles Insights from business and IT executives at financial services institutions worldwide reveal that while digital transformation

More information

CYBERSECURITY RESILIENCE

CYBERSECURITY RESILIENCE CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,

More information

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity

More information

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018 Enterprise Risk Management (ERM) and Cybersecurity Na9onal Science Founda9on March 14, 2018 Agenda Guiding Principles for Implementing ERM at NSF (Based on COSO) NSF s ERM Framework ERM Cybersecurity Risk

More information

To Audit Your IAM Program

To Audit Your IAM Program Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

Implementing Executive Order and Presidential Policy Directive 21

Implementing Executive Order and Presidential Policy Directive 21 March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy

More information

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University

More information

Creating a Cybersecurity Culture: (ISC)2 Survey Responses

Creating a Cybersecurity Culture: (ISC)2 Survey Responses 10/3/18 Creating a Cybersecurity Culture: (ISC)2 Survey Responses Dr. Keri Pearlson (ISC)2 Conference October 8, 2018 CAMS - (IC)3 https://cams.mit.edu 1 200,000Security events The average company handles

More information

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Charting the Course... Certified Information Systems Auditor (CISA) Course Summary Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business

More information

NCSF Foundation Certification

NCSF Foundation Certification NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

Modern Database Architectures Demand Modern Data Security Measures

Modern Database Architectures Demand Modern Data Security Measures Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing

More information

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018 Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new

More information

State of South Carolina Interim Security Assessment

State of South Carolina Interim Security Assessment State of South Carolina Interim Security Assessment Deloitte & Touche LLP Date: October 28, 2013 Our services were performed in accordance with the Statement on Standards for Consulting Services that is

More information

Rethinking Cybersecurity from the Inside Out

Rethinking Cybersecurity from the Inside Out Rethinking Cybersecurity from the Inside Out An Engineering and Life Cycle-Based Approach for Building Trustworthy Resilient Systems Dr. Ron Ross Computer Security Division Information Technology Laboratory

More information

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

What is ISO ISMS? Business Beam

What is ISO ISMS? Business Beam 1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4

More information

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT

More information

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) ISACA Pasitikėjimas informacinėmis sistemomis ir jų nauda Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) Dainius Jakimavičius, CGEIT ISACA Lietuva tyrimų ir metodikos koordinatorius

More information

Driving Global Resilience

Driving Global Resilience Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute

More information

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use

More information

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity

More information

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 and Risk Approach June 9, 2016 cyberframework@nist.gov Executive Order: Improving Critical Infrastructure

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

U.S. Customs and Border Protection Cybersecurity Strategy

U.S. Customs and Border Protection Cybersecurity Strategy 42% U.S. Customs and Border Protection Cybersecurity Strategy Enabling the Mission Through Secure Technology 19% 42% 19% 42% 41% 9% 19% 1% Table of Contents Message from the Commissioner Executive Summary

More information

The UK s National Cyber Security Strategy

The UK s National Cyber Security Strategy The UK s National Cyber Security Strategy 2016 2021 Vision for 2021: The UK is secure and resilient to cyber threats, prosperous and confident in the digital world 1 National Cyber Security Strategy 2016

More information

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing

More information

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements

More information

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud. PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness

More information

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Presentation Objectives Introductions Cyber security context Cyber security in the maritime sector Developing cybersecurity

More information

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber Initiatives 30 January 2018 1 Agenda Federal Landscape Cybersecurity

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

A Methodology to Build Lasting, Intelligent Cybersecurity Programs EBOOK Risk-Centric Cybersecurity Management : A Methodology to Build Lasting, Intelligent Cybersecurity Programs A Brinqa ebook Think InfoSec is ready to keep your enterprise secure through the next transformative

More information

NZTECH ADVANCE SECURITY SUMMIT: ADDRESSING A CRITICAL

NZTECH ADVANCE SECURITY SUMMIT: ADDRESSING A CRITICAL NZTECH ADVANCE SECURITY SUMMIT: ADDRESSING A CRITICAL SKILLS SHORTAGE BRIEFING PAPER CONNECT PROMOTE ADVANCE @NZTechIA PREPARED BY THE NEW ZEALAND TECHNOLOGY INDUSTRY ASSOCIATION Published: November 2016

More information

The new cybersecurity operating model

The new cybersecurity operating model The new cybersecurity operating model Help your organization become more resilient and reach its business goals. 1 slalom.com Struggling to meet security goals While the digital economy is providing major

More information

RESOLVING HIGH-TECH'S SECURITY CHALLENGE

RESOLVING HIGH-TECH'S SECURITY CHALLENGE RESOLVING HIGH-TECH'S SECURITY CHALLENGE CONFIDENCE MASKS VULNERABILITY: ASSESSING CYBERSECURITY PERCEPTIONS Steeped in innovation and cutting-edge technology, the high-tech sector attracts serious attention

More information

The Fine Art of Creating A Transformational Cyber Security Strategy

The Fine Art of Creating A Transformational Cyber Security Strategy SESSION ID: CXO-R11 The Fine Art of Creating A Transformational Cyber Security Strategy Jinan Budge Principal Security & Risk Analyst Forrester Research Andrew Rose Chief Security Officer Vocalink, A Mastercard

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information