Boardroom Cyber Watch Survey 2013 Report.
|
|
- Myles Bradley
- 5 years ago
- Views:
Transcription
1 Boardroom Cyber Watch Survey 2013 Report
2 Cyber-security is always a business issue, never just an IT one. An effective cyber-security strategy is one that addresses people, process, technology and compliance. IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is nongeek, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at
3 Introduction As an advocate for best practice in the field of IT governance, we recognise that cyber-security is about far more than investing in hardware and software. First and foremost, cyber-security is a business matter. We understand that the buck stops with top management, which is accountable for ensuring its organisation s IT strategy and deployment meet business objectives. Our business is committed to engaging with business leaders about developing and implementing IT regulatory compliance and security strategies, through which businesses can compete effectively in the global information economy. As part of our advocacy, we examine a range of IT governance, regulatory compliance and information security issues from the vantage point of the corporate boardroom. The Boardroom Cyber Watch 2013 is the first survey we have undertaken which specifically targets chief executives, board directors and IT professionals. Our aim is to shine new light on how company directors and board members currently perceive IT security issues. To maximise the response rate, we have used brief, direct questions that we believe not only help establish the respondents level of understanding of IT security challenges, but also identify key areas that need to be addressed. We are delighted that 260 respondents have taken part in the survey, representing a wide variety of industry sectors. The sample is truly international: while the majority are from organisations based in the UK and United States, respondents from South America, Central Europe, Africa, the Middle East, Asia, Australia and New Zealand have also contributed. It gives me great pleasure to share our report on the survey. This document summarises the key findings and provides practical guidance on how both board directors and senior IT managers can address relevant challenges. It may also bring a few surprises for business leaders in terms of how they tackle IT security now and in the future. Alan Calder Chief Executive IT Governance
4 Survey Participants By country UK USA Other By job role 67.7% 10.8% 11.2% 11.9% Chief executive/managing director Other board director or company officer IT director with board membership Other IT professional By company s revenue 26.9% 21.2% 11.2% 12.7% 28.1% Less than $5m $5m - $50m $50m - $100m $100m - $500m More than $500m 4
5 By industry sector Charities & Voluntary Organisations 2.3% Education 3.1% Energy & Utilities 3.5% Engineering 3.8% Financial Services 18.5% Government / Local Authorities 12.3% Healthcare 6.5% Law 0.8% Manufacturing 5.4% Retail 4.6% Technology 33.5% Telecommunications 6.0% 5
6 Key Findings At A Glance The threat from within Although businesses tend to focus mainly on the external cyber-threats facing organisations, more than half of respondents say that the greatest threat to their company s data and computer systems in fact comes from their own employees. Cyber-attacks A quarter of respondents say their organisation has received a concerted cyberattack in the past 12 months. However, the true total may be higher, as over 20% are unsure if their organisation has been subject to an attack. Cyber-security and the Board While a majority of respondents say their board receives regular reports on the status of their organisation s IT security, 52% say that such reports are received, at best, annually. Furthermore, despite cyber-threats potentially impacting many mission-critical aspects of a business, only 30% of respondents say an understanding of current IT security threats is a prerequisite for board-level job candidates. 6
7 Security spending A significant minority over 40% of respondents say their company is either making the wrong level of investment in information security or are unsure if their investment is appropriate. Demands for assurance There is clear recognition of the value of proven information security credentials. Fully 74% of respondents say their customers prefer dealing with suppliers with such credentials, while 50% say their company has been asked about its information security measures by customers in the past 12 months. The need for increased compliance Given the above findings, and the fact the existence of best practice information security standard ISO/IEC is known to 87% of respondents, it is striking that only 35% of responding organisations are apparently compliant with the standard. 7
8 Finding 1 More than half of the respondents believe the greatest threat to their company s data and computer systems is their own employees. Despite almost daily media headlines about cyber-threats from malign external forces, the reality is that a company s employees are the number one threat to corporate data security. This is the view of 54% of respondents, who place the infosecurity risk from employees ahead of criminals, competitors and statesponsored cyber-attackers. Certainly, internal threats to an organisation should be taken as seriously as external threats. Creating awareness amongst employees about the consequences of human error for corporate security can help significantly reduce the number of staff-related data breaches. It is also essential to develop policies for user security, covering acceptable and secure use of your organisation s information systems. This should be supported by a staff training programme and a method for maintaining userawareness of cyber-risks. Tip: Staff security-awareness e-learning courses are one of the most effective ways to impart security awareness to your organisation. This training method not only teaches staff the rules, but also enables managers to automatically maintain records of which staff members have completed a course. This systematic recordkeeping is essential for compliance purposes. More information is available at: Do you believe the greatest threat to your company s data and IT systems results from: Criminals 26.9% Competitors 7.7% State -sponsored cyber-attacks Your own employees 11.9% 53.5% 8
9 Finding 2 At least one in four respondents has received a concerted cyber-attack in the past 12 months. The high level of today s cyber-threat is clear: 25% of respondents confirm their organisation has been subject to an attack within the past 12 months. In fact, the true level of threat may be higher, as a further 21% of respondents do not know if their organisation has come under attack. (This high level of don t knows is interesting in itself. The primary respondents in this study are board directors, senior IT management and other information security professionals, all of whom might be expected to have detailed knowledge of their organisation s defences against the rising tide of cyber-threats. The fact that so many were unsure about actual incidents seems to indicate an area for improvement in IT governance.) Has your business received a concerted cyber-attack in the past 12 months? Yes No 25% 54.2% This high level of confirmed hostile online activity underlines that cyber-attacks are not what happens to other people, but are very real. Cyber-attacks are widespread, usually automated and often indiscriminate any organisation accessing the internet can potentially be targeted. Some prominent organisations may be prioritised because of their prestige, intellectual property or quantity of customer records. However, even small organisations may be subject to deliberate or opportunistic attacks: the respondents in our survey range from organisations with revenues of less than $5m to those turning over more than $500m. Tip: A notable weakness in corporate defences is the use of removable media, such as USB sticks, tablets and smartphones, through which malware can be transferred to a network. Ensure you use adequate software to detect and disable malware. Deploy one of the available range of data leakage prevention (DLP) and disk encryption tools. Use encryption software to manage access to removable media and documentation, as well as to prevent a data breach in the event of loss or theft of devices. More information is available at: aspx Don t know 20.8% 9
10 Finding 3 The majority of respondents say they have methods of detecting and reporting cyberattacks. The great majority (77%) of respondents say their organisation has a method for detecting and reporting cyber-attacks or cyber-incidents. Effective cyber security depends on coordinated, integrated preparations for rebuffing, responding to, and recovering from a range of possible attacks. In order to better protect themselves from cyber-attacks, organisations should: Implement a monitoring strategy and supporting policy Maintain a secure configuration for all ICT systems Establish anti-malware defences that are applicable and relevant to all business areas, supported by suitable policies and procedures Ensure that the network perimeter is suitably managed to minimise risk of penetration Regularly monitor and test their security controls Tip: A penetration test, or pen test, is the easiest and most effective way to ensure exploitable vulnerabilities in your internetfacing resources are adequately patched. The exercise also helps you implement appropriate technical security controls to guard against cyber-intrusions. More information is available at: Does your organisation have any method of detecting and reporting cyber-attacks or cyber-incidents? Yes 76.9% No 16.5% Don t know 6.5% 10
11 Finding 4 While more than half of respondents say their boards receive regular reports on IT security, more than half of such reports are delivered, at best, annually. Board commitment is vital to effective information security. Indeed, with information technology now integral to virtually every business process, it seems inconceivable that board directors should pay any less attention to cyber-defences than to the accuracy of financial statements, effectiveness of marketing or correct drafting of legal contracts. Superficially, our findings provide grounds for optimism, as 58% of respondents say board directors receive regular reports on the status of their company s IT security. However, a less reassuring picture is presented when respondents are asked about the frequency of such reporting. Given that cybercrime is one of the most dynamic and rapidly evolving fields of human activity, with fresh threats emerging almost daily, one would hope that board-level oversight would be carried out frequently. Yet, this appears to be the case in only a minority of organisations: only 5% say reports are submitted daily, with 11% being submitted weekly and 33% monthly. In fact, those saying reports are submitted only annually (17%) or less than annually (35%) together represent the majority of respondents in our study. Tip: Board directors should not only be obtaining frequent reports from their CIOs and CISOs, but they should be insisting on appropriate information security risk management strategies. Information security management decisions must be informed by a risk assessment of information assets. Such an assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures. More information is available at: Do your company s board directors receive regular reports on the status of your company s IT security? If yes, are these reports received: Daily 4.6% Yes 58.1% Weekly 10.8% No 29.6% Monthly 32.7% Don t know 12.3% Annually 17.3% Less than annually 34.6% 11
12 Finding 5 Less than a third of respondents believe an understanding of current security threats is a prerequisite for a board-level job candidate, although the majority consider their knowledge of IT governance to be adequate. Concern about the ability of current and future board directors to keep pace with the emerging cyber-threat environment is also supported by a further finding. Asked if an understanding of current IT security threats is required of a board-level job candidate, only 30% say Yes, while 50% said No and a further 20% do not know. Top-level managers have moved in a single generation from relying upon fax, telephone and paper to having to contend with sophisticated network architecture that forms the central nervous system of their business. The required skill-set for a board director has consequently expanded to include knowledge of technology that was once the preserve of socalled boffins in the IT department. My knowledge of IT governance is adequate given today s cyber threats. Agree Disagree 30.4% 69.6% Based on the findings in our study, it appears that many organisations have yet to implement the necessary training and candidate screening to ensure that current and future leaders are properly equipped to meet their IT governance obligations. However, we take a degree of comfort from the fact that 70% of survey respondents also indicate that their knowledge of IT governance is felt adequate. Tip: A number of issues prevent the board from exercising appropriate governance over information security. One significant factor is that CISOs, generally speaking, still do not have the understanding of business drivers they need to help boards fully assess the pros and cons of proposed information security strategies. CIOs and CISOs must be able to talk to the board about the need to reduce costs or generate business value out of an investment in information security. Unless they can do this, they will be unable to have a productive engagement with their senior colleagues. IT governance is a framework which deals with aligning corporate IT with an organisation s strategic objectives. Board directors, CIOs, CISOs and CTOs should therefore be expected to have a good understanding of IT governance. More information is available at: 12
13 Finding 6 Nearly half of respondents admit they don t make the right level of investment in information security or don t know. In addition, a quarter of respondents admit they have lost sleep worrying about their company s IT security. It is striking that a significant minority (43%) of respondents believe their organisation is not making the correct level of investment in IT security (31%), or do not know if it is correct (12%). Against this, 57% of respondents believe that their level of investment is appropriate. IT security seems expensive to some eyes, but, as the saying goes, just see how expensive it is not to invest in this area. Therefore, the key to ensuring business continuity and data protection is the ability to gauge just how much investment is necessary for your particular business. Tip: Conducting a cyber-security risk assessment, for example, will help identify the gaps and provide a better understanding of which areas need to be addressed. When equipped with a detailed report, the board and senior managers can then make an informed decision on how to spend their budget. More information is available at: A failure to maintain appropriate cyberdefences inevitably puts an organisation at risk. And yet, difficult investment decisions must, of course, be taken given that financial resources are limited. For our size of business, we are making the right level of investment in information security. I have lost sleep in the past 12 months because of worries about my company s IT security. Agree Disagree 57.3% Agree 25.8% 30.8% Disagree 74.2% Don t know 11.9% 13
14 Finding 7 Almost 75% of respondents say their customers prefer to deal with suppliers with proven IT security credentials. 50% say customers have enquired about their company s security measures in the past 12 months. When deciding on IT investments, it is important to recognise that information security should be seen as a competitive advantage, rather than an unwelcome cost. Asked whether their customers prefer to deal with suppliers who have proven IT security credentials, an overwhelming majority of our sample (74%) says Yes. ISO/IEC 27001, together with the international code of practice ISO/IEC 27002, provides a globally-recognised best practice framework for addressing the entire range of risks associated with systems, people and technology. Accredited certification to ISO gives an organisation internationally acknowledged proof that its system for managing information security is of an acceptable, independently audited and verified standard. Proof of the commercial value of ISO certification is apparent in the 50% of respondents who say they have been asked by customers about their company s IT security measures within the past 12 months. Tip: The serious customer demand for organisations with cast-iron security credentials underlines the importance of implementing and maintaining compliance with an internationallyrecognised information security standard such as ISO If you can show that your company is ISO compliant, this can open the door to more business - while also allowing you to sleep more soundly at night. Everything you need for understanding ISO and tackling your project is available at: Do your customers prefer to deal with suppliers with proven IT security credentials? Have any of your customers enquired about your company s IT security measures in the past 12 months? Yes 74.2% Yes 50.4% No 7.3% No 34.6% Don t know 18.5% Don t know 15% 14
15 Finding 8 There is a high level of awareness of ISO 27001, but only 35% of respondents are compliant. Organisations are increasingly seeing the direct benefits of ISO certification for their own operations, as well as the assurance it offers to their customers. The existence of the standard is clearly no secret, as 87% of respondents say they are aware of it. However, despite the considerable benefits of certification, only 35% of respondents said their organisation is compliant. For example, ISO certification enables an organisation in the UK to demonstrate to a potential customer in continental Europe, North America, Japan or elsewhere that its approach to selecting information security controls and managing its overall approach to information security is in line with internationally recognised best practice. In the current economic climate, many companies are inevitably focusing daily on maximising revenues, controlling overheads and managing cash-flow. However, unless you also focus on computer and data security, you are placing your entire business at risk. No organisation should delay in implementing an IT security improvement programme. Tip: If you are not really sure if your business is as secure as possible, there is every chance that you are actually far short of requirements. ISO is the default means for organisations to demonstrate compliance with data protection laws. Start implementation now by finding everything you need, from professional advice to books, tools, training and consultancy, at: Do you know what ISO is? Is your business compliant with ISO 27001? Yes 87.3% Yes 34.6% No 9.2% No 45.8% Unsure 3.5% No 19.6% 15
16 IT Governance Ltd Unit 3, Clive Court Bartholomew s Walk Cambridgeshire Business Park Ely, Cambs CB7 4EA T: + 44 (0) E: servicecentre@itgovernance.co.uk W: Protect Comply Thrive
Data Sheet The PCI DSS
Data Sheet The PCI DSS Protect profits by managing payment card risk IT Governance is uniquely qualified to provide Payment Card Industry (PCI) services. Our leadership in cyber security and technical
More informationCyber Security and Data Protection: Huge Penalties, Nowhere to Hide
Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationIncident Response. Tony Drewitt Head of Consultancy IT Governance Ltd
Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationSECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives
SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016 2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY
More informationINSIDE. 2 Introduction 15 Conclusion 4 Cyber: A Top-of-Mind Concern A Message From Morrison & Foerster s Global Privacy & Data Security Chair
INSIDE 1 A Message From Morrison & Foerster s Global Privacy & Data Security Chair 12 Operational Considerations 2 Introduction 15 Conclusion 4 Cyber: A Top-of-Mind Concern 16 7 Privacy: An Area of Growing
More informationTHE CYBERSECURITY LITERACY CONFIDENCE GAP
CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks
More information2015 VORMETRIC INSIDER THREAT REPORT
Research Conducted by Research Analyzed by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security GLOBAL EDITION #2015InsiderThreat EXECUTIVE PERSPECTIVE 1 INSIDER THREATS:
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationState of Cloud Survey GERMANY FINDINGS
2011 State of Cloud Survey GERMANY FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT staff
More informationNIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk
NIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk IT Matters Forum July 2017 Alan Calder Founder & Executive Chairman IT Governance Ltd Introduction Alan Calder Founder IT
More informationUncovering the Risk of SAP Cyber Breaches
Uncovering the Risk of SAP Cyber Breaches Research sponsored by Onapsis Independently Conducted by Ponemon Institute LLC February 2016 1 Part 1. Introduction Uncovering the Risks of SAP Cyber Breaches
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationSecurity-as-a-Service: The Future of Security Management
Security-as-a-Service: The Future of Security Management EVERY SINGLE ATTACK THAT AN ORGANISATION EXPERIENCES IS EITHER ON AN ENDPOINT OR HEADING THERE 65% of CEOs say their risk management approach is
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationTowards a cyber governance maturity model for boards of directors
Towards a cyber governance maturity model for boards of directors Professor Basie von Solms Centre for Cyber Security University of Johannesburg Johannesburg, South Africa Keywords Cyber Security, Boards,
More information2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:
More informationConducted by Vanson Bourne Research
Conducted by Vanson Bourne Research N o v e m b e r 2 0 1 3 1 3200 INTERVIEWS ALTOGETHER, 1600 IT & 1600 BUSINESS DECISION- MAKERS 100 & 100 IT BUSINESS DECISION- DECISION- MAKERS MAKERS COUNTRIES USA
More informationISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015
ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO 27001 FRAMEWORK AUGUST 19, 2015 Agenda Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A 2 Presenters
More informationAUSTRALIA Building Digital Trust with Australian Healthcare Consumers
AUSTRALIA Building Digital Trust with Australian Healthcare Consumers Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust 2 Consumers in Australia trust healthcare organisations
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationPosition Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED
Position Description Computer Network Defence (CND) Analyst Position purpose: Directorate overview: The CND Analyst seeks to discover, analyse and report on sophisticated computer network exploitation
More information2017 RIMS CYBER SURVEY
2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the
More informationAvanade s Approach to Client Data Protection
White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success
More informationBringing Cybersecurity to the Boardroom Bret Arsenault
SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity
More informationSEACEN Cyber Security Summit 2014 Demystifying Cyber Risks: Evolving Regulatory Expectations
SIARAN AKHBAR Ref. No.: 08/14/08 For immediate release SEACEN Cyber Security Summit 2014 Demystifying Cyber Risks: Evolving Regulatory Expectations Keynote Address by Dato Muhammad bin Ibrahim Deputy Governor,
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationISO in the world today
ISO 27001 in the world today 1 Agenda ISO 27001 worldwide Why ISO 27001 Framework to implement ISO 27001 2 ISO 27001 worldwide Source: ISO Annual Survey 3 ISO 27001 worldwide Number of Certificates Year
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationSkybox Security Vulnerability Management Survey 2012
Skybox Security Vulnerability Management Survey 2012 Notice: This document contains a summary of the responses to a June 2012 survey of 100 medium to large enterprise organizations about their Vulnerability
More informationNY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO
NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO June 28, 2017 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT
More informationUNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS
WHITE PAPER UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS While IT teams focus on other endpoints, security for corporate printers lags behind Printers make easy targets:
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationEffective Cyber Incident Response in Insurance Companies
August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationINFORMATION SECURITY & ISO 27001
INFORMATION SECURITY & ISO 27001 AN INTRODUCTION February 2013 Protect Comply Thrive INFORMATION SECURITY & ISO 27001 Introduction Information security is one of the central concerns of the modern organisation.
More informationSecuring Information Assets with ISO 27001
Securing Information Assets with ISO 27001 Alan Calder IT Governance Ltd AIFS 2009 16 January 2009 IT Governance Ltd 2008 Welcome Alan Calder my background and perspective Businessman, not a technologist
More informationClarity on Cyber Security. Media conference 29 May 2018
Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationRansomware piercing the anti-virus bubble
CONNECT Ransomware piercing the anti-virus bubble Better prevention is needed to protect organizations from the growing threat landscape 2 The WannaCry ransomware attack that had such a widespread and
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationSecurity Director - VisionFund International
Security Director - VisionFund International Location: [Europe & the Middle East] [United Kingdom] Category: Security Job Type: Open-ended, Full-time *Preferred location: United Kingdom/Eastern Time Zone
More informationReducing Cybersecurity Costs & Risk through Automation Technologies
Reducing Cybersecurity Costs & Risk through Automation Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: November 2017 Ponemon Institute Research
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationKNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals
KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY Perspectives from U.S. and ese IT Professionals Executive Summary The use of artificial intelligence (AI) and machine learning (ML) in cybersecurity
More informationDIGITAL TRUST Making digital work by making digital secure
Making digital work by making digital secure MARKET DRIVERS AND CHALLENGES THE ROLE OF IT SECURITY IN THE DIGITAL AGE 2 In today s digital age we see the impact of poor security controls everywhere. Bots
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationFTSE 350 Cyber Governance Health Check Tracker Report. November 2013
FTSE 350 Cyber Governance Health Check Tracker Report November 2013 Tracker Report Cyber Governance Health Check Contents Page No: Foreword 2 Executive Summary 3 Introduction 5 Report Findings 6 Annex
More informationClose the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle
Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationCLOSING IN FEDERAL ENDPOINT SECURITY
CLOSING IN FEDERAL ENDPOINT SECURITY More than half of agency IT officials worry about cyberattacks involving endpoint devices as a means of accessing agency networks. Yet many aren t taking advantage
More informationHOSTED SECURITY SERVICES
HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal
More informationReal estate predictions 2017 What changes lie ahead?
Real estate predictions 2017 What changes lie ahead? Cyber Risk 2017. For information, contact Deloitte Consultores, S.A. Real Estate Predictions 2017 2 Cyber Risk Rising cyber risk in real estate through
More informationfalanx Cyber ISO 27001: How and why your organisation should get certified
falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationWhat every IT professional needs to know about penetration tests
What every IT professional needs to know about penetration tests 24 th April, 2014 Geraint Williams IT Governance Ltd www.itgovernance.co.uk Overview So what do IT Professionals need to know about penetration
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationProtecting information across government
Report by the Comptroller and Auditor General Cabinet Office Protecting information across government HC 625 SESSION 2016-17 14 SEPTEMBER 2016 4 Key facts Protecting information across government Key facts
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationPosition Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.
Position Description Engagement Manager Business unit: Position purpose: Direct reports: Directorate overview: Business Unit Overview Remuneration indicator: Outreach & Engagement Information Assurance
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationEnhance your Information Security Strategy with ISO 27001:2013
Enhance your Information Security Strategy with ISO 27001:2013 Information technology - Security techniques - Information security management systems - Requirements Expert commentary by Rob Acker, LRQA
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationRobert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group
Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Presentation Objectives Introductions Cyber security context Cyber security in the maritime sector Developing cybersecurity
More information9 TH SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) THEME : EMERGING TECHNOLOGIES TO CREATE NEWER MARKETS
9 TH SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) THEME : EMERGING TECHNOLOGIES TO CREATE NEWER MARKETS INTRODUCTION Today s business environment is global and highly-interconnected, increasing an
More informationInformation Security Controls Policy
Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes
More informationAwareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB
Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB 2 OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB In today s digital world, safeguarding data, intellectual property, financial
More informationOctober 2018 ISPA CYBER SECURITY SURVEY 2018
ISPA CYBER SECURITY SURVEY 2018 October 2018 1 1 Executive summary... 3 1.1 Key findings... 3 1.2 Recommendations to Government... 5 2 Introduction... 5 3 Survey findings and analysis... 6 3.1 Investment
More informationData Loss Prevention - Global Market Outlook ( )
Report Information More information from: https://www.wiseguyreports.com/reports/826969-data-loss-prevention-global-market-outlook-2016-2022 Data Loss Prevention - Global Market Outlook (2016-2022) Report
More information2014 NETWORK SECURITY & CYBER RISK MANAGEMENT:
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION April 2014 Sponsored by: 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT:
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More information