Cybersecurity and Examinations
|
|
- Dortha Mitchell
- 5 years ago
- Views:
Transcription
1 Tim Segerson, Deputy Director NCUA E&I Cybersecurity and Examinations October 6, 2016 Chicago, IL
2 Connected Devices Declining costs + increased bandwidth + powerful algorithms will spur a new information revolution as everything connects and interconnects 2
3 Banking s UBER Moment ** New and Evolving Risks Digital World Requires Digital Risk Management Strategy Public Demands and Expectations Evolve Our Responsibilities Evolve **Citi GPS; Digital Disruption, How FinTech is Forcing Banking to a Tipping Point, March 2016 pg
4 Changing Threat Environment 4
5 Recent Report on Breaches by Security Firm (July 2016) Hacking and Malware Caused Breaches in Banks and CUs 27% 43% % all breaches in Fin. Inst. < $35mm total revenue 54% 81% Beazely Breach Insights (07/2016) Revenue Threshold 35,000,000 Gross Income to Average Assets all FICU 4.64% Estimated Target Asset Range 754,310,345 # CU > $750 mm = > 5,000 Small Institutions are increasingly attractive targets to hackers and fraudsters. Why? Ransomware attacks rising sharply Twice the number of breach responses in first 6 months as in all of Small = $750mm; most CU can be considered targets of choice 5
6 Changing Threat Environment Back Office Systems 6
7 Risk Trends Existing vulnerabilities continue to be exploited. New platforms create new ways to exploit Financial Institutions and consumers. Lines between cyber actors are blurring as attack tools are commercialized. Interconnectivity is expanding the sources of risk. Technology advances speed transactions and minimize intermediaries. 7
8 Defining Critical Infrastructure 8
9 CU Technology CU Technology 03/31/ % 18% 72% 98% Website No Website Transaction Website Internet Access # total % total 9
10 CU Technology Core Processing Systems in Credit Unions In-House Turnkey 3604 Managed Service (online) Inhouse developed Manual Other # total % total 70.00% 60.00% 50.00% % 30.00% % % 37.10% 0.34% 0.59% 1.43% 10.00% 0.00% 10
11 Some Recent Outcomes Frequent Baseline Compliant Limited Evolving Inconsistent Range Use of CAT as Risk Assessment Work with CU staff to work through disparities Ransomware is everywhere train train train- backup backup - backup 11
12 FFIEC Cybersecurity Assessment Tool Objective To help institutions identify their risks and determine their cybersecurity maturity. The Assessment provides a repeatable and measureable process to inform management of their institution s risks and cybersecurity preparedness. Two Parts to the CAT Part One: Complete The Inherent Risk Profile Inventory and determine risk drivers in your organization Part Two: Complete the Cybersecurity Maturity Assessment. Benchmark your security program 12
13 FFIEC Cybersecurity Assessment Tool Part One: Complete The Inherent Risk Profile Inventory and determine risk drivers in your organization Part Two: Complete the Cybersecurity Maturity Assessment. Benchmark your security program 13
14 Cybersecurity Maturity Assessment Domain Assessment Factors 1 Cyber Risk Management & Oversight Governance Risk Management Resources Training and Culture 2 Threat Intelligence & Collaboration Intelligence Sourcing Monitoring and Analyzing Information Sharing 3 Cybersecurity Controls Preventative Controls Detective Controls Corrective Controls 4 External Dependency Management Connections Relationships Management 5 Cyber Incident Management & Resilience Incident Resilience Planning and Strategy Detection, Response and Mitigation Escalation and Reporting 14
15 Cybersecurity Maturity/Risk Relationship Highest Risk Institutions Innovative Experimental new and emerging technologies Advanced Intermediate Lowest Risk Institutions Evolving Baseline Minimum expected performance to comply with regulations and existing guidance 15
16 FFIEC Cybersecurity Assessment Tool Inherent Risk Levels Least Minimal Moderate Significant Most Cybersecurity Maturity Level for Each Domain Innovative Advanced Intermediate Evolving Baseline Elevated Investment Underinvestment 16
17 Additive Model Structure BASELINE Items to review List of threat intelligence resources (e.g. industry groups, consortiums, threat and vulnerability reporting services). Management reports on cyber intelligence. Verify FI has conducted interviews with vendors as needed. Threat Info Source(s) Active Monitoring Enhance Risk EVOLVING Analyze Tactics, Perform Risk Mitigation INTERMEDIATE Formal Threat Intelligence Program Collection Protocols Read-only repository ADVANCED Cyber Intelligence Model Multi-source Real- Time Threat Intelligence Threat Intel on Geopolitical Events INNOVATIVE Threat Analysis Team Investment in Transformational Threat Intelligence Technology 17
18 Cybersecurity Risk Exam Strategy So What is the Game Plan for NCUA? 18
19 NCUA s Tool Box GLBA Compliance (Part 748 Compliance Review) CAT Structured Cybersecurity Review NCUA Structured IT/IST Exam Work plans FFIEC Comprehensive IT Examination Handbooks Outsourced Expert Testing/Consultation Resources drive the frequency of tool application 19
20 Cyber/IT Examination Vision Cyber/IT Exam Program Vision - NCUA Advanced Review Specialized Areas Financial Examiner Review SME Review Specialist Review Outside Financial Examiner Scope Risk Profile Driven Risk Profile Driven NCUA/FFIEC Selected Reviews Risk Profile Driven Risk Profile Driven Risk Profile Driven CAT Structured Assessment Alternating Years Alternating Years Alternating Years Part 748 Review Periodic Periodic Periodic Procedures may vary based on individual credit union risk footprint and exam team staffing. CAT goal is periodic full coverage (across multiple exam cycles) Individual risk assessment by examiner will drive final review steps. Less Frequent Legend More Frequent Likely Improbable Unlikely Examiners scale the review in this area based on their understanding of risk (your risk profile). Under expected cyclical reviews, we plan to collect assessments on all institutions over a multiyear period to understand industry gaps and adjust exam strategies. 20
21 Structured Risk Management Review Policy, Strategy and Appropriateness Policy Compliance Management Controls, Reporting and Monitoring Policy Outcomes Inherent and Residual Risk Capital at Risk Well developed policies scaled to size and complexity fits business strategy Independence and cultural commitment (budget, training, data systems, tone at the top) Properly trained and experienced Resources Procedures and Internal Controls Internal Audit, validations, mitigation steps, quality control Robust reporting, measuring, mitigation and decision structure Actual levels and direction of risk Modeled outcomes under stressed conditions How well do you selfregulate? 21
22 FFIEC Agencies Use URSIT Audit Management Development and Acquisition Support and Delivery NCUA uses URSIT only on Specialized Examinations of IT Vendors consistent with FFIEC Policies 22
23 Key Risk Drivers Transaction Strategic Reputation Management Component CAMEL Composite Compliance Risk dimensions drive weighting of Component and Overall Composite. Severe deficiencies can affect the Composite rating 23
24 Exam Current State RISO Review Risk Focused Targeted Review SME Review Risk Focused Targeted Review Baseline Review 748 compliance + Payments review SME Review may layer over the existing 748 and Payments Reviews. RISO/SME may custom target broad risk management or focused risk area during review depending on risk drivers 24
25 CAT Review Vision Interactive Review Initial Information Request Joint exploration of the Information Modeling using the CAT structure Inherent Risk Identified Characteristics identified Discussion/Sharing Results Share/review with management 2017 Work with Management to Identify Opportunities 25
26 CAT Impact Pre-exam More data requested in advance Advance review of available information Initial risk classification Initial attribute identification During Exam New discussions in new areas Review of results verify output Observe and verify activity based attributes Post Exam Aggregate anonymized data across industry and institutional features Inform supervisory process and industry guidance. 26
27 Exam Future State Baseline* Cyclical 748/payment review Cyclical C.A.T. structured review Intermediate Periodic Baseline/CAT during apportioned cycles Resilience, Governance, External Dependency, Good Hygiene Deeper review likely in selected areas Advanced Team or multiple specialized staff performing more comprehensive and in depth review. Observe and evaluate *Baseline procedures will be completed on interchanging multiyear cycles, or when risk indicators warrant. 27
28 NCUA on Forward Plan Extensive Examiner Training Field Reviews and Data Collection through early 2017 Tool/Process improvement 2 nd qtr Process Rollout mid-2017 ish * *Commitment to Ensure Tight Process and Well Trained Examiner Before Rollout. 28
29 Questions? Tim Segerson, Dep. Dir. E&I, NCUA Phone
Interpreting the FFIEC Cybersecurity Assessment Tool
Interpreting the FFIEC Cybersecurity Assessment Tool Wayne H. Trout, CISA, CRISC, CBCA, CBRA, CBRITP NCUA Supervisor, Critical Infrastructure and Cybersecurity What We ll Cover Cyber risk management Cybersecurity
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationNCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen
NCUA IT Exam Focus By Tom Schauer, Principal CliftonLarsonAllen My Background and Experience Computer Science Degree - Puget Sound Information Security Professional for 30 years Consultant: Ernst & Young,
More informationSecurity Driven Compliance
Security Driven Compliance Using the FFIEC Cybersecurity Assessment Effectively Presented by Bryan Boam Azureity, Inc. Agenda Who is Azureity? Compliance Driven Security - Traditional Security Model Azureity
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationFFIEC Cybersecurity Assessment Tool
All About the ew FFIEC Cybersecurity Assessment Tool June 22, 2016 Susan Orr Consulting, Ltd. 1 FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Board Users Guide Inherent
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationCybersecurity for Service Providers
Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:
More informationCybersecurity Assessment Tool
FederalDepasitlnsuranceCarparation ~~d 1~~i 5yreet ~lw,uuashinyoon, D.C.2d42~-990 Financial Institution Letter FIL-28-2015 JUIy 2, 2015 Cybersecurity Assessment Tool Summary: The FDIC, in coordination
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationCYBER SECURITY TAILORED FOR BUSINESS SUCCESS
CYBER SECURITY TAILORED FOR BUSINESS SUCCESS KNOW THE ASIAN CYBER SECURITY LANDSCAPE As your organisation adopts digital transformation initiatives to accelerate your business ahead, understand the cyber
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationIT Risk: Cybersecurity
IT Risk: Cybersecurity Agenda Purpose of Presentation Define cybersecurity Describe the challenges unique to cyber risk Discuss how financial institutions have responded to cyber risk Describe supervisory
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationIn 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.
REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationCylance Axiom Alliances Program
Alliances Program Cylance Axiom Alliances Program Program Overview The Cylance Axiom Alliances Program is a community of cybersecurity solution providers working together to deliver a prevention-first
More informationCOMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards
November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance
More informationRegulatory Update Cyber Security
Regulatory Update Cyber Security Mr Brian Lee Division Head Hong Kong Monetary Authority 25 September 2015 Disclaimer This presentation is provided for training purposes and does not form part of the formal
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationEnterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018
Enterprise Risk Management (ERM) and Cybersecurity Na9onal Science Founda9on March 14, 2018 Agenda Guiding Principles for Implementing ERM at NSF (Based on COSO) NSF s ERM Framework ERM Cybersecurity Risk
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationREGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.
REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES Dynamic Solutions. Superior Results. PERSONALIZED HELP THAT RELIEVES THE BURDEN OF MANAGING COMPLIANCE The burden of managing risk and compliance is
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCybersecurity Supervising a Moving Target
Cybersecurity Supervising a Moving Target Seminar for Senior Bank Supervisors from Emerging Economies Federal Reserve Board of Governors October 21, 2016 Gwynne Williams Senior Examiner and IT Learning
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationEMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS
Information Technology Shared Service Team North Dakota Cyber Security Across North Dakota Threats and Opportunities 15 September 2018 EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS AGENDA SIRN / FirstNet
More informationCyber Attack: Is Your Business at Risk?
15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationHow to Underpin Security Transformation With Complete Visibility of Your Attack Surface
How to Underpin Security Transformation With Complete Visibility of Your Attack Surface YOU CAN T SECURE WHAT YOU CAN T SEE There are many reasons why you may be considering or engaged in a security transformation
More informationSPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES
SPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES Dear Executive, you requested more information, here are three quick questions Would you know if your company
More informationIT People has been offering end-to-end IT outsourcing & staffing solutions to companies since two decades.
Corporate Profile Company Profile IT People has been offering end-to-end IT outsourcing & staffing solutions to companies since two decades. As a resource partner, we offer personalized and professional
More informationBuilding a strong platform strategy: IT and cybersecurity implications November 15, 2018
Building a strong platform strategy: IT and cybersecurity implications November 15, 2018 Today s Presenters Craig Zampa Principal, technology consulting craig.zampa@plantemoran.com 248-223-3703 Learn more
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationCyber Protections: First Step, Risk Assessment
Cyber Protections: First Step, Risk Assessment Presentation to: Presented to: Mark LaVigne, Deputy Director NYSAC November 21, 2017 500 Avery Lane Rome, NY 13441 315.338.5818 www.nystec.com In this presentation
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationCybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank
Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank NJ Bankers Association Annual Convention May 19, 2017 Presented by: Jeremy Burris, Principal, S.R. Snodgrass,
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationFFIEC Cybersecurity Assessment Tool
All About the ew FFIEC Cybersecurity Assessment Tool August 25, 2015 Susan Orr Consulting, Ltd. FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Board Users Guide Inherent
More informationThe Windstream Enterprise Advantage for Banking
The Windstream Enterprise Advantage for Banking Creating trusted banking experiences with secure, cloud-optimized network and communications so you can focus on your customers. Customer centricity is a
More informationState Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017
State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and
More informationCyber Fraud What can you do about it?
Cyber Fraud What can you do about it? Eric Wright Shareholder June 10, 2014 What is Cyber Fraud? NetLingo definition: Cyber fraud refers to any type of deliberate deception for unfair or unlawful gain
More informationTaking a Business Risk Portfolio (BRP) Approach to Information Security
SESSION ID: GRC-F03 Taking a Business Risk Portfolio (BRP) Approach to Information Security Johna Till Johnson CEO and Founder Nemertes Research @johnatilljohnso - @nemertes Executive View of InfoSec ca.
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationA Comprehensive Guide to Remote Managed IT Security for Higher Education
A Comprehensive Guide to Remote Managed IT Security for Higher Education About EventTracker EventTracker enables its customers to stop attacks and pass IT audits. EventTracker s award-winning product suite
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationMachine-Based Penetration Testing
Always in Control CyBot Suite Machine-Based Penetration Testing CyBot PRODUCT SUITE Unique, patented Machine-based Penetration Testing Software with Global Attack Path Scenarios (APS) product suite: CyBot
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationDefensible and Beyond
TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More information2017 IT Examination Preparedness. Iowa Bankers 2017 Technology Conference October 24, 2017
2017 IT Examination Preparedness Iowa Bankers 2017 Technology Conference October 24, 2017 1 Disclaimer Materials designed to give general information on the specific subjects covered and are educational
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationSupply Chain Integrity and Security Assurance for ICT. Mats Nilsson
Supply Chain Integrity and Security Assurance for ICT Mats Nilsson The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print
More informationMachine-Based Penetration Testing
Always in Control CyBot Suite Machine-Based Penetration Testing www.cronus-cyber.com - April 2016 CyBot PRODUCT SUITE Unique, patented Machine-based Penetration Testing Software with Global Attack Path
More information