Cyber Security for the future of financial services
|
|
- Dinah Terry
- 5 years ago
- Views:
Transcription
1 Cyber Security for the future of financial services Thio Tse Gan May Deloitte & Touche Enterprise Risk Services Pte Ltd 1
2 Global trends & outlook 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 2
3 Cyber-attacks are on the rise $400B+ is the annual cost to the global economy from cybercrime [1] 15% o f i n c i d e n t s s t i l l t a k e d a y s t o d i s c o v e r [2] 55% o f i n c i d e n t s i n v o l v e a b u s e o f p r i v i l e g e d a c c e s s [2] Numbers denote industry wise breakup of 2014 data breach incidents Healthcare Financial Services Educational Government 50% recipients open s and click on phishing links within the first hour of receiving them [2] 90% chance that at least one person will fall prey to a phishing campaign with just 10 s [2] 99.9% of the exploited vulnerabilities were compromised more than a year after CVE * was published [2] 11% Per capita cost of data breach was highest in US in 2015 [4] $217 8% 18% 27.5% increase in the data breaches in various industries from 2013 [5] $154 63% 229 Average number of days attackers maintained presence after infiltration and before detection [3] $201 $217 Global Average 2014 [1] Net Losses: Estimating the Global Cost of Cybercrime by Center for Strategic and International Studies; [2] Verizon 2015 Data Breach Investigations Report; [3] Mandiant -Trends 2014: Beyond the Breach, published April 10, 2014; [4] Ponemon 2015 Cost of Data Breach Study: Global Analysis ; [5] ITRC Breach Statistics ; * CVE (Common Vulnerabilities and Exposures) is a dictionary of publically known information security vulnerabilities and exposures Deloitte & Touche Enterprise Risk Services Pte Ltd
4 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 4
5 Rampant cyber attacks observed around the world in 2015 and million personal details leaked in data breach in VTech 80 million records exposed in attack launched on Anthem Inc million records exposed in 3 attacks launched on TalkTalk Group $81 million stolen from Central Bank of Bangladesh in a bank heist National pension system hacked in Japan and 1.25 million people s personal data was exposed 19.7 million people s personal details stolen in attack launched on U.S. Office of Personnel Management U.S. IRS hacked 100,000 personal details stolen and used to generate PINS for Social Security numbers in 2 separate attacks 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 5
6 Complex regulatory requirements created to curb rise of cyber crime European Union EU Data Protection Directive 1995, EU Privacy and Electronic Communications Directive (as amended in 2011), Data Retention Directive Member states implement Directives as their own national laws. Regulation of Investigatory Powers Act 2000 Russia Federal Law No. 152-FZ on personal data 2006 Canada PIPEDA Privacy Act 1988 and Provincial privacy Laws US Federal HIPPA 1996, GLBA 1999, COPPA 1998, CAN-SPAM Do Not Call Improvement Act 2007, Safe Harbor Principles 2000, FCRA (as amended in 2003) Patriot Act 2001 Switzerland Federal Data Protection Act 1992 on personal data 2006 China Decision on strengthening Internet information protection, guideline for personal information protection South Africa Electronic Communications Act Singapore Personal Data Protection Act 2013 Dubai Data Protection Act 2007 Australia Australian Federal Privacy Act Anti-Spam Act 2004 Japan Personal Information Protection Act 2003 Philippines Data Privacy Act 2011 New Zealand Privacy Act 1993 Costa Rica Law No Undisclosed Information Law. Law No Protection in the Handling of the Personal Data of Individuals California California Online Privacy Protection Act 2003, Security Breach Notice (Civil Code 1798 Formerly SB 1386) 2003 Mexico Federal Law on the Protection of Personal Data Held by Private Parties 2010 Argentina Protection of Personal Data Law Deloitte & Touche Enterprise Risk Services Pte Ltd 6
7 Technology regulatory landscape Financial Services Vietnam Circular no. 01/2011/TT-NHNN Safety, secrecy guidelines of the information technology systems in banking operation Circular no. 12/2011/TT-NHNN Management and utilization of digital signatures, sigital certificates and SBV digital signature verification services Circular no. 29/2011/TT-NHNN Security and Secrecy of internet banking services Thailand BOT Notification No Guideline for the Preparation of IT Contingency Plan 2008 BOT Notification No. SorNorSor. 26/2552 Guidelines for Development of IT Contingency Plan 2008 BOT Notification No. SorNorSor.6/2557 Supervisory Guidelines on IT Outsourcing BOT Notification No. SorNorSor. 26/551 Supervisory Guidelines for Security of E-Banking Services 2008 Malaysia BNM Guidelines on Data Management and Management information Systems 2011 Guidelines on management of IT Environment (GPIS 1) 2004 Singapore Personal Data and Privacy Act MAS Notice 644 on Technology Risk Management SRD TR 01/2014 System vulnerability assessments and penetration testing SRD TR 02/2014 IT security risk posed by personal mobile devices SRD TR 01/2015 Early detection of cyber intrusions SRD TR 03/2015 Technology risk and cyber security training for Board MAS Notice 634 Bankig Secrecy Conditions for Outsourcing Guidelines on Outsourcing Consultation Paper on Notice on Outsourcing Consultation Paper on Guidelines on Outsourcing 2014 Business Continuity Management guidelines 2013 SRD TR 01/2011 Information technology outsourcing Indonesia Law of The Republic of Indonesia No. 11 of 2008 Concerning Electronic Information And Transactions OJK No. 1/POJK.05/2015 Risk Management in Non- Bank Financial Services No. 9/15/PBI/2007 Implementation of Risk Management in the Use of Information Technology by Commercial Banks 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 7
8 Organizations spent $75.4 billion on information security in 2015 according to Gartner Organizations are spending more money and paying more attention than they ever have but for many the problem seems to be getting worse Deloitte & Touche Enterprise Risk Services Pte Ltd 8
9 Moving into digitization
10 World Economic Forum report Glimpsing the future The Future of Financial Services: How disruptive innovations are reshaping the way financial services are structured, provisioned and consumed An Industry Project of the Financial Services Community Prepared in collaboration with Deloitte 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 10
11 What s the deal? Is cyber security a consideration in your plans innovate? 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 11
12 Failures & challenges 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 12
13 Failure & challenges Failure to include security as part of the design principles Businesses demand features, function and time to market Addressing the incident and failing to detect the campaigns Perpetrators strategise and take a longer term view Dont miss the forest for the trees. Shortage of competent cyber security professionals Demand is outstripping supply. Willingness to accept non security IT professionals as replacements. Ineffective threat analytics Use of technology with limited data sets and arcade rules sets. Limited value owing to the rush to implement and lacking integration Deloitte & Touche Enterprise Risk Services Pte Ltd 13
14 Cyber Security Deloitte & Touche Enterprise Risk Services Pte Ltd 14
15 Building a resilient cyber security organization This means having the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents Secure Vigilant Resilient Are controls in place to guard against known and emerging threats? Can we detect malicious or unauthorized activity, including the unknown? Can we act and recover quickly to minimize impact? Cyber governance Cyber threat intelligence Cyber threat mitigation Cyber incident response 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 15
16 Cyber security design 5 design principles Design principles: everything is a potential threat Build the requirement of security as a core. Actionable intelligence: threat-centric defense Correlation and inductive technique required. Look beyond just security data. Revamp information sharing Pepetrators share intelligence to effectively compromise organisation. Why aren t organisations sharing information about pepetrators? There is a need for situation awareness. Automation: what and how The shortage will continue. Tools and automation exist to create accuracy. 里应外合 Combating the issue together Internal cyber security, external cyber security providers, vendors Deloitte & Touche Enterprise Risk Services Pte Ltd 16
17 Cyber Security Trends The Integrity Conundrum Integrity is the forgotten security domain. Maintaining the integrity of data, business process, and people is going to be increasingly critical. Business Security Establishing security researchers across the business units that handle sensitive data (seen in big Tech companies to increase agility). Live-Fire Exercises Conducting sophisticated APT style attacks, emulation and cyber range testing against critical systems and people assets. Defining Normal Establishing accurate baselines in order to identify anomalous activity and behaviour for investigation. People Are Key Embedding the psychology of security in the business and finding the right SecOps analysts will be key for on-going management of cyber risk. Collaborative Security Recognising that this cyber can t be solved alone and developing and promoting a collaborative security environment across the business. Real-Time Security Ops Developing the next generation of SOC and reducing the time taken to detect and respond to an ever increasing threat landscape. Disruptive Technology Risks Recognising that new technologies like wearable's, 3D printing and inmemory computing all have security implications and planning for this. Auto-Corrective Security Automating security processes and tools using the latest security technology to free up people and time Deloitte & Touche Enterprise Risk Services Pte Ltd 17
18 No such thing as hacker-proof.. if you build it they will come
19 Cyber Security 3.0 Deloitte principles Cyber Security 3.0 Model Secure Vigilant Resilient Are controls in place to guard against known and emerging threats? Can we detect malicious or unauthorized activity, including the unknown? Cyber Governance Can we act and recover quickly to minimize impact? Design principles Actionable intelligence Intelligence sharing Automation Integration Design security into core IT infrastructure Develop a threatcentric defence Create situational awareness Increase accuracy in operational security Eliminate vulnerabilities by working together 2016 Deloitte & Touche Enterprise Risk Services Pte Ltd 19
20 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see for a more detailed description of DTTL and its member firms. Deloitte provides audit, consulting, financial advisory, risk management, tax and related services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s more than 225,000 professionals are committed to making an impact that matters. Deloitte serves 4 out of 5 Fortune Global 500 companies. This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication Deloitte & Touche Enterprise Risk Services Pte Ltd 20
Are we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationReal estate predictions 2017 What changes lie ahead?
Real estate predictions 2017 What changes lie ahead? Cyber Risk 2017. For information, contact Deloitte Consultores, S.A. Real Estate Predictions 2017 2 Cyber Risk Rising cyber risk in real estate through
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationCyber Risk Services Going beyond limits
Cyber Risk Services Going beyond limits Current Threat Environment Security breaches: 318 Scanned websites with vulnerabilities: 78% Average identities exposed per breach: 1.3 Million Email malware rate
More informationVulnerability Management. June Risk Advisory
June 2018 Risk Advisory Contents A Better Way To Manage Vulnerabilities 4 Business Challenge 6 Vulnerability Management as a Service 7 Robust Service Architecture 8 Our Differentiators 9 Vulnerability
More informationThe New Healthcare Economy is rising up
The New Healthcare Economy is rising up February 2017 The ever-rising costs of healthcare are fostering innovative solutions and disruptive business models Cybersecurity concerns come to medical technology
More informationCyber Espionage A proactive approach to cyber security
Cyber Espionage A proactive approach to cyber security #DeloitteRA To mitigate the risks of advanced cyber threats, organisations should enhance their capabilities to proactively gather intelligence and
More informationCyber Security: Are digital doors still open?
Cyber Security: Are digital doors still open? Introduction Security is becoming a rapidly evolving and complex issue that various organizations are contending with today. It continues to be one of the
More informationSafeguards on Personal Data Privacy.
Safeguards on Personal Data Privacy. Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Maverick Tam Associate Director, Enterprise Risk Services Deloitte Touche Tohmatsu Deloitte ERS
More informationCustomer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach
Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationManaging Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust
Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationMulti-factor authentication enrollment guide for Deloitte client or business partner user
Deloitte OnLine eroom Global Technology Services December 2017 Multi-factor authentication enrollment guide for Deloitte client or business partner user What is multi-factor authentication (MFA) and how
More informationDigital Directors: The board s role in the cyber world. Thio Tse Gan, Southeast Asia Leader - Cyber Security
Digital Directors: The board s role in the cyber world Thio Tse Gan, Southeast Asia Leader - Cyber Security Cyber security threats are not just for information technology specialists anymore. Today, cyber
More informationCFOs in a new global environment Sandy Cockrell, Deloitte
CFOs in a new global environment Sandy Cockrell, Deloitte CFOs in a new global environment 1 2 3 Background The CFO role CFOs Challenges Where does our data come from? How is the CFO role evolving in the
More informationAnticipating the wider business impact of a cyber breach in the health care industry
Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada,
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationPA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016
PA TechCon Cyber Wargaming: You ve been breached: Now what? April 26, 2016 Cyber attacks are on the rise $3.79M The average cost of a cyber incident [1] o f i n c i d e n t s 15% s t i l l t a k e d a
More informationCyber Security is it a boardroom issue?
Brisbane, 23 September 2014 Alistair Blake Director Cyber Security & Risk Services Today s session will cover Cyber Security and the Boardroom Executive sponsorship Organisational culture Operational readiness
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationCybersecurity and the role of internal audit An urgent call to action
Cybersecurity and the role of internal audit An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could cost businesses
More informationCyber Security. It s not just about technology. May 2017
Cyber Security It s not just about technology May 2017 Introduction The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationPROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK
PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK 23.11.2015 DEFINITION OF CRITICAL INFRASTRUCTURE US EU The nation's
More informationThe Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory
The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal
More informationTHE CYBER SECURITY ENVIRONMENT IN LITHUANIA
Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit
More informationDeloitte Global Mobile Consumer Survey India data, 2015
Deloitte Global Mobile Consumer Survey India data, 2015 Deloitte Global Mobile Consumer Survey, 2015 1 Global Mobile Consumer Survey 2015: 6 continents, 31 countries, 49,500 respondents Norway Finland
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationWebcast title in Verdana Regular
Medical devices and the Internet of Things: A threelayer defense against cyber threats Webcast title in Verdana Regular The Dbriefs Industries series Veronica Lim, Principal, Deloitte & Touche LLP Russell
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationIP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice
IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice IP Risk Assessment & Loss Prevention Often when organizations are expanding rapidly, they do not give sufficient
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationMFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment
Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup
More informationHow to be cyber secure A practical guide for Australia s mid-size business
How to be cyber secure A practical guide for Australia s mid-size business Introduction The digital age has bred opportunity for mid-size business. From ecommerce to social media, agile organisations have
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationCybersecurity Fortification Initiative (CFI) infrastructure whitepaper
Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Recently, Cybersecurity Fortification Initiative (CFI) have been a hot topic in the Hong Kong banking industry and financial institutions
More informationCyber Security: Threat and Prevention
Expand Your Horizons Webinar Series Cyber Security: Threat and Prevention February 24, 2015 1:00 1:45pm The Webinar will begin shortly. You can ask a question in the box on the right hand side. We will
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationEU data security and privacy trends
EU data security and privacy trends Top issues for HR and global mobility 26 29 October 2014 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms of Ernst
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationCYBER SECURITY TAILORED FOR BUSINESS SUCCESS
CYBER SECURITY TAILORED FOR BUSINESS SUCCESS KNOW THE ASIAN CYBER SECURITY LANDSCAPE As your organisation adopts digital transformation initiatives to accelerate your business ahead, understand the cyber
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationTHE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE
THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE International Maritime Organization Regulations IMO has given shipowners and managers until 2021 to incorporate cyber risk management into
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationNATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -
NATIONAL CYBER SECURITY STRATEGY - Version 2.0 - CONTENTS SUMMARY... 3 1 INTRODUCTION... 4 2 GENERAL PRINCIPLES AND OBJECTIVES... 5 3 ACTION FRAMEWORK STRATEGIC OBJECTIVES... 6 3.1 Determining the stakeholders
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationBuilding an informed community New cyber threat landscape makes sharing intelligence imperative
Building an informed community New cyber threat landscape makes sharing intelligence imperative 2 This page has been intentionally left blank. The complexity of cyber threats has evolved rapidly in recent
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationIncident Response. Tony Drewitt Head of Consultancy IT Governance Ltd
Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationISACA West Florida Chapter - Cybersecurity Event
ISACA West Florida Chapter - Cybersecurity Event Presented by Sri Sridharan Managing Director & Chief Operating Officer Florida Center for Cybersecurity CURRENT TRENDS Top Cybersecurity Trends of 2015
More informationAdopting SSAE 18 for SOC 1 reports
Adopting SSAE 18 for SOC 1 reports Overview Since its adoption in 2011, service auditor reports issued in accordance with SSAE 16 have become increasingly common in the marketplace. In April 2016, the
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More information20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics
Global Privacy and Data Protection: Practical Risk Assessment and Governance 9 October 2013 Robert Bond, BA, CCEP, HonMIEx Head of Data Protection and Info Security, Speechly Bircham Marti Arvin, CHC-F,
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationAgenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.
Agenda Agenda Security essentials Year in review College/university challenges Recommendations 2 About me Matt Franko Director, Risk Advisory Services matthew.franko@rsmus.com (216) 927-8224 11+ years
More informationSWIFT Customer Security Programme
www.pwc.ch/cybersecurity SWIFT Customer Security Programme Mandatory controls: what you have to do to protect your local SWIFT infrastructures SWIFT Customer Security Programme (CSP) The growing number
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationTrough a cyber security lens
Trough a cyber security lens 2015 Global Audit Survey kpmg.ch/cyber What the 2015 survey tells us Short of a crisis, the issues on the audit committee s radar don t change dramatically from year to year
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More informationStanding Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015
Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report November 19, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario QD3 results
More informationWORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe
WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS Okechukwu Emmanuel Ibe INTRODUCTION The Intelligence and Security Committee (ISC) is a Unit in the Office of the Chairperson of the
More informationDigital Forensics - Global Market Outlook ( )
Report Information More information from: https://www.wiseguyreports.com/reports/456593-digital-forensics-global-market-outlook-2015-2022 Digital Forensics - Global Market Outlook (2015-2022) Report /
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationYOU VE GOT 99 PROBLEMS AND A BUDGET S ONE
YOU VE GOT 99 PROBLEMS AND A BUDGET S ONE Rebekah Brown @PDXBek Threat Intelligence Lead at Rapid7 But before that Gunnery Sergeant United State Marine Corps Chinese Crypto linguist and Network Warfare
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More information