Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Size: px
Start display at page:

Download "Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,"

Transcription

1 Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1

2 Speaker Introduction Sanjeev Sah Chief Information Security Officer (CISO) Texas Children's Hospital Jimmy Joseph, CISSP, PMP Senior Manager Deloitte & Touche LLP 2

3 Conflict of Interest Sanjeev Sah Jimmy Joseph, CISSP, PMP Has no real or apparent conflicts of interest to report. 3

4 Agenda Cyber Threat Landscape and Drivers for Cyber Risk Management The Need and Catalysts for Executive & Board Support What Hampers Executive & Board Involvement What Executives & Boards are Interested in Talking to Executives & Boards about Cyber Executive & Board Messaging Framework Case In Point Texas Children s Hospital Effective Executive & Board Engagement Measures 4

5 Learning Objectives Develop a cybersecurity program successfully Construct a successful business case for an organization's cybersecurity program Recognize how to obtain senior executive and board support for the cybersecurity program Identify how to partner for success with organizational assurance functions Analyze how to address legal, privacy and compliance obligations 5

6 Benefits Realized for STEPS TM Categories Data is a critical asset of every organization Ultimate responsibility of the Board and Executives to protect it Boards accountable for breaches due to insecure electronic data 6

7 Cyber Threat Landscape Cybersecurity and the healthcare industry Recent trends 125% Increase in criminal attacks on healthcare organizations over last 5 years [1] Average Per day Ransomware attacks in the first quarter of % increase from per day no. over 2015 [3] 10x Average payout for a medical identity theft as compared to regular identity theft [2] US $209 million monetary losses suffered by enterprises in 2016 Q1 due to Ransomware [3] [1] Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2015; [2] EMC2 Cybercrime and Healthcare Industry, 2015; [3] Trend Labs, The Reign of Ransomware, 2016; 7

8 Drivers for Cyber Risk Management E.g., HIPAA/HITECH, HITRUST, PCI DSS Changing regulatory environment Cyber Crime, Organized Crime Hacktivism State-Sponsorship Espionage Evolving threats Changing IT environment Consumerization of IT Cloud Mobile Apps/ Computing Internet of Things (IoT) Revenge, Personal Gain Shadow IT 8

9 The Need for Executive & Board Support Executives should set risk appetite and increase focus on what matters 9

10 Catalysts for Executive and Board Support Non-Profit Boards Management Accountability Fiduciary Responsibility Duty of Care Heightened Cyber Awareness Large Scale Data Breaches 10

11 What Hampers Executive & Board Involvement Complexity of cybersecurity Executives & Boards do not understand the complexities and the language of cybersecurity Cybersecurity is believed to be the responsibility of security and technical personnel Lack of effective messaging Breach impact unawareness Meaningful and effective messaging about cybersecurity are not conveyed to Executives & the Board. Cost and ramifications of security breaches are not fully understood. 11

12 What Executives & Boards are Interested in? CISO responses to the following questions posed by Executives & Boards can make or break their cybersecurity agenda: How does cybersecurity support our business priorities, such as attracting and retaining customer, maintaining or growing competitive advantage, and fostering innovation? If the worst happened, could we honestly tell our customers, partners and regulators that we had done everything that was expected? Are we prepared for the future? 4 5 How can we validate our understanding of our information risks and how they re managed? Should we as an organization or as a Board or Executives be changing our approach? 12

13 Talking to Executives & Boards about Cyber CISO s should bring out three (3) core messages while communicating with Executives & the Board: Shortlist top cyber risks Identify risk trends Management of cyber risks Shortlist top 4-6 cyber risks faced E.g., Risk of data breach, intellectual property theft Illustrate strengths and weaknesses of the company s security posture Identify risk indicator trends (i.e., up, down or flat) quarter on quarter Explain the causes of shifts in trends, if any Explain how cyber risks are being managed and kept within acceptable limits 13

14 Executive & Board Messaging Framework Who might attack? What are they after, and what are the key risks I need to mitigate? What tactics might they use? Cyber risk program and governance SECURE VIGILANT RESILIENT Cyber criminals, hactivists, competitors. Reputation damage, business disruption, threats to health and safety.. Spear phishing, multi-channel attacks, stolen credentials.. Measures: Data Protection, Asset Management, Threat Intelligence, Security Monitoring, Incident Response, Forensics 14

15 Cyber Evolution Case in Point - Texas Children s Hospital Obtaining Executive & Board support and partnering with external entities/organizational assurance functions has helped TCH establish a successful cybersecurity program HITECH, Obamacare Cyber Insurance HIPAA External Partnerships HITRUST Deloitte Accudata 15 Our response Internal Partnerships Audit ITRAC ERMEC HIPAA: Health Insurance Portability and Accountability Act HITECH: Health Information Technology for Economic and Clinical Health * Patient Protection and Affordable Care Act (ACA) ITRAC: Information Technology Risk Assessment Committee ERMEC: Enterprise Risk Management Executive Committee Time

16 Effective Executive & Board Engagement Measures Executive & Board Sponsorship Metrics & Dashboard Transparency Benchmarking Trusted Advisors Strategic Hiring 3Ps - Playbook -> Plan -> Program Vision- structure-resources Security Framework Customized Message to Executives 16

17 Summary of Benefits for STEPS Categories INCREASED AWARENESS What the vulnerabilities are, what measures are in place to minimize the potential of a breach or attack of electronic data DECREASED RISK Involved Executives & Boards lead to the appropriate measures taken to improve security posture and reduce the risk of data breaches 17

18 For any further queries you may contact; Sanjeev Sah Jimmy Joseph Any Questions? Please complete the online session evaluation 18

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on

More information

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber

More information

Healthcare HIPAA and Cybersecurity Update

Healthcare HIPAA and Cybersecurity Update Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Bored with Your Board s Involvement with Privacy/Security Program?

Bored with Your Board s Involvement with Privacy/Security Program? Bored with Your Board s Involvement with Privacy/Security Program? Marti Arvin, Cynergistek Joseph A. Dickinson, Tucker Ellis March 28, 2017 1 Initial Exercise: CISO Board Update Board of Directors/Trustees

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association

More information

HIPAA Compliance is not a Cybersecurity Strategy

HIPAA Compliance is not a Cybersecurity Strategy HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

The Impact of Cybersecurity, Data Privacy and Social Media

The Impact of Cybersecurity, Data Privacy and Social Media Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus

More information

Cybersecurity. Securely enabling transformation and change

Cybersecurity. Securely enabling transformation and change Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,

More information

FDA & Medical Device Cybersecurity

FDA & Medical Device Cybersecurity FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US

More information

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved. HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated

More information

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals

More information

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved. Agenda Agenda Security essentials Year in review College/university challenges Recommendations 2 About me Matt Franko Director, Risk Advisory Services matthew.franko@rsmus.com (216) 927-8224 11+ years

More information

HPH SCC CYBERSECURITY WORKING GROUP

HPH SCC CYBERSECURITY WORKING GROUP HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Cybersecurity and HIPAA update Agenda Introductions Cybersecurity Overview

More information

Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim. Michael Overly and Chanley Howell.

Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim. Michael Overly and Chanley Howell. Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim Michael Overly and Chanley Howell February 29, 2016 Attorney Advertising Prior results do not guarantee a similar

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER SECURITY AIR TRANSPORT IT SUMMIT CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data

More information

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche T11: Incident Response Clinic Kieran Norton, Deloitte & Touche Incident Response Clinic Kieran Norton Senior Manager, Deloitte First Things First Who am I? Who are you? Together we will: Review the current

More information

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria Digital Healthcare Yordan Iliev Director R&D Healthcare Regional Cybersecurity Forum, 29-30 November 2016, Grand Hotel Sofia, Bulgaria AGENDA Introduction Security challenges in healthcare IT Change ahead

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

Cyber Risk Having better conversations on cyber

Cyber Risk Having better conversations on cyber www.pwc.com/sg/risk-assurance Cyber Risk Having better conversations on cyber Contents Putting Cyber Security into perspective 3 Engaging C-Suite executives on cyber security 8 C-Suite key messages & discussion

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

ISACA West Florida Chapter - Cybersecurity Event

ISACA West Florida Chapter - Cybersecurity Event ISACA West Florida Chapter - Cybersecurity Event Presented by Sri Sridharan Managing Director & Chief Operating Officer Florida Center for Cybersecurity CURRENT TRENDS Top Cybersecurity Trends of 2015

More information

GDPR: The Day After. Pierre-Luc REFALO

GDPR: The Day After. Pierre-Luc REFALO GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal

More information

Art of Performing Risk Assessments

Art of Performing Risk Assessments Clinical Practice Compliance Conference Art of Performing Risk Assessments October 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AGENDA Cyber Risk = Disruptive Business Risk Breaches:

More information

Executive Insights. Protecting data, securing systems

Executive Insights. Protecting data, securing systems Executive Insights Protecting data, securing systems February 2018 Protecting data, securing systems Product and information security is a combination of education, policies and procedures, physical security

More information

Security Awareness Training Courses

Security Awareness Training Courses Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.

More information

CYBER INSURANCE: MANAGING THE RISK

CYBER INSURANCE: MANAGING THE RISK CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt

More information

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain

More information

HIMSS 15 Doing Better Business in the Era of Data Security and Privacy

HIMSS 15 Doing Better Business in the Era of Data Security and Privacy HIMSS 15 Doing Better Business in the Era of Data Security and Privacy Michael D. Stovsky, Esq. Partner and Chair, Innovations, Information Technology and IP Group Cleveland Columbus Indianapolis Philadelphia

More information

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity and Hospitals: A Board Perspective Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,

More information

Speakers. Shellie Zavatsky Director of Internal Audit at Hurley Medical Center. Trent Long Director of Managed Privacy Services at FairWarning, Inc

Speakers. Shellie Zavatsky Director of Internal Audit at Hurley Medical Center. Trent Long Director of Managed Privacy Services at FairWarning, Inc View the Replay Speakers Shellie Zavatsky Director of Internal Audit at Hurley Medical Center Trent Long Director of Managed Privacy Services at FairWarning, Inc Agenda What are the new advanced threats

More information

DeMystifying Data Breaches and Information Security Compliance

DeMystifying Data Breaches and Information Security Compliance May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts

More information

Establishing a Credible Cybersecurity Program. September 2016

Establishing a Credible Cybersecurity Program. September 2016 Establishing a Credible Cybersecurity Program September 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AFTERNOON PLENARY SESSION AGENDA Cyber Risk = Disruptive Business Risk Breaches:

More information

Cyber Threat Landscape April 2013

Cyber Threat Landscape April 2013 www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve

More information

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare Strategy is Key: How to Successfully Defend and Protect Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare 1 Speaker Introduction Karl West Chief Information Security Officer Intermountain

More information

Advising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015

Advising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015 Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Cybersecurity and the role of internal audit An urgent call to action

Cybersecurity and the role of internal audit An urgent call to action Cybersecurity and the role of internal audit An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could cost businesses

More information

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs Dominic Cussatt Acting Deputy Assistant Secretary / Chief Information Security Officer (CISO) February 20, 2017 The Cyber

More information

Hacking and Cyber Espionage

Hacking and Cyber Espionage Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

On the board s agenda US Cyber risk in the boardroom: Accelerating from acceptance to action

On the board s agenda US Cyber risk in the boardroom: Accelerating from acceptance to action February 2018 On the board s agenda US Cyber risk in the boardroom: Accelerating from acceptance to action Cyber risk is a top-level business risk that boards may find challenging to oversee and difficult

More information

CYBER RISK MANAGEMENT

CYBER RISK MANAGEMENT CYBER RISK MANAGEMENT AND BEST PRACTICES Heather Fields, JD, CHC, CCEP (414) 298-8166 hfields@reinhartlaw.com 1000 North Water Street, Suite 1700, Milwaukee, WI 53202 www.reinhartlaw.com 0 Agenda Role

More information

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO June 28, 2017 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Cybersecurity Session IIA Conference 2018

Cybersecurity Session IIA Conference 2018 www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that

More information

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers AUSTRALIA Building Digital Trust with Australian Healthcare Consumers Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust 2 Consumers in Australia trust healthcare organisations

More information

Webcast title in Verdana Regular

Webcast title in Verdana Regular Medical devices and the Internet of Things: A threelayer defense against cyber threats Webcast title in Verdana Regular The Dbriefs Industries series Veronica Lim, Principal, Deloitte & Touche LLP Russell

More information

Secure your company s Crown Jewels. workshop

Secure your company s Crown Jewels. workshop Secure your company s Crown Jewels 1 Your company s Crown Jewels The most valuable data, intellectual property (IP) and trade secrets form the heart of an organization s identity. The theft, misuse or

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

What It Takes to be a CISO in 2017

What It Takes to be a CISO in 2017 What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge

More information

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Recently, Cybersecurity Fortification Initiative (CFI) have been a hot topic in the Hong Kong banking industry and financial institutions

More information

Anticipating the wider business impact of a cyber breach in the health care industry

Anticipating the wider business impact of a cyber breach in the health care industry Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada,

More information

Cyber Insurance: What is your bank doing to manage risk? presented by

Cyber Insurance: What is your bank doing to manage risk? presented by Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

Cybersecurity and the Board of Directors

Cybersecurity and the Board of Directors Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education

More information

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016 PA TechCon Cyber Wargaming: You ve been breached: Now what? April 26, 2016 Cyber attacks are on the rise $3.79M The average cost of a cyber incident [1] o f i n c i d e n t s 15% s t i l l t a k e d a

More information

The Evolving Threat to Corporate Cyber & Data Security

The Evolving Threat to Corporate Cyber & Data Security The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches

More information

CISO View: Top 4 Major Imperatives for Enterprise Defense

CISO View: Top 4 Major Imperatives for Enterprise Defense CISO View: Top 4 Major Imperatives for Enterprise Defense James Christiansen Chief Information Security Officer Evantix, Inc. Gary Terrell CIPP Chief Information Security Officer Adobe Session ID: Star

More information

Cybersecurity for Service Providers

Cybersecurity for Service Providers Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:

More information

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services 0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION

More information

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe Copyright 2017 Protocol 46, Inc. All Rights Reserved Copyright 2017 Protocol 46, Inc.

More information

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING

More information

Protecting your next investment: The importance of cybersecurity due diligence

Protecting your next investment: The importance of cybersecurity due diligence Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,

More information

mhealth SECURITY: STATS AND SOLUTIONS

mhealth SECURITY: STATS AND SOLUTIONS mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported

More information

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group Complete

More information

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017 State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Cloud Communications for Healthcare

Cloud Communications for Healthcare Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization

More information

GUIDANCE NOTE ON CYBERSECURITY

GUIDANCE NOTE ON CYBERSECURITY GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative Helping the C-Suite Define Cyber Risk Appetite The executive Imperative Welcome Steve Schlarman GRC Strategist CISSP, CISM @steveschlarman Executive Priorities Growth is the highest priority. 54 % 25 %

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

CISO as Change Agent: Getting to Yes

CISO as Change Agent: Getting to Yes SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch

More information

Incident Response and Cybersecurity: A View from the Boardroom

Incident Response and Cybersecurity: A View from the Boardroom IT, Privacy & Data Security Webinar Incident Response and Cybersecurity: A View from the Boardroom Gerard M. Stegmaier, Reed Smith Partner IT, Privacy & Data Security Samuel F. Cullari, Reed Smith Counsel

More information

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean? Cyber Security One of the Most Critical Risk Mitigation Efforts to Bridge the Gap Between Compliance and Ethics Charly Shugg, Brigadier General, USAF, Retired Partner Chief Operating Officer Sylint Group,

More information