ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015
|
|
- Carol Ward
- 5 years ago
- Views:
Transcription
1 ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015
2 Agenda Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A 2
3 Presenters Michael Fuller Michael has more than 20 years of business experience in Technology, Operations, Product Development, Marketing, Sales and Finance. He has been a consultant with Coalfire for the past two years and before Coalfire he was Co-Founder and Chief Compliance Officer at CRE Secure Payments, a venture-capital backed company, specializing in securing ecommerce transactions over the internet. In his many previous roles he has worked for Apple Inc, Time Warner and Cox Enterprises Autotrader.com, as well as several global interactive advertising agencies. Michael has worked in 13 countries around the world, has two teenage daughters and holds a Bachelor s Degree in Earth Science from Macquarie University in Sydney, Australia.
4 Customer Success Story: Identity International, multi-business unit, multi-channel specialty retailer. Challenge Extend successful security / compliance program beyond the cardholder environment, and reduce cyber risk across the enterprise. Approach Develop ISMS, pursue ISO certification Results 40% of security gaps closed within the first six months of the program (including all critical findings); cross-functional participation and support. 4
5 THREAT LANDSCAPE Our Environment is Changing 5
6 Cyber Incidents Are On the Rise In 2013, the FBI notified over 3,000 U.S. companies including money center banks, major defense contractors, and leading retailers that they had been the victims of cyber intrusions IBM estimates that over half a billion records of personally identifiable information (names, credit card information, social security numbers, etc.) were stolen in % of companies detected a security event in the past 12 months(1) Organizations on average detect 135 cybersecurity incidents each year(1) 7% of U.S. organizations lost $1 million or more and 19% of organizations lost at least $50k in 2013 due to cybercrime incidents(1) 84% of survey respondents believe the number of cyber attacks will increase (2) 75% of survey respondents expect cloud security budgets to increase dramatically(3) 1) Source: PWC, Managing Cyber Risks in an Interconnected World, Sept. 30, 2014 (2) Source: BAE Systems, Business and the Cyber Threat: the Rise of Digital Criminality, February 2014 (3) Source: IBM, 3rd Annual CISO Study, December 2014
7 Large Data Breaches Over the past 18 months, dozens of major cybersecurity breaches have been announced, collectively affecting hundreds of millions of people.
8 Increased Government Oversight Over the past 12 months, several Federal, state, and international government agencies have announced specific cybersecurity policies.
9 Cyber Risk is Now a Matter Corporate Governance Cybersecurity is a management issue, not a technology issue Boards need to understand legal implications of corporate risk Boards need access to cybersecurity expertise at timely and regular intervals Directors should set expectations that management will establish an enterprise-wide cyber-risk management framework with adequate staffing and budget
10 Cyber Risk Management Process Source: NIST Cybersecurity Framework v1.0
11 ISO ISO is a security management standard that specifies security management best practices and comprehensive security controls following the ISO best practice guidance. This is a widely-recognized international security standard in which many companies in the US are showing significant interest. Certification in the standard requires: Systematic evaluation of information security risks, taking into account the impact of company threats and vulnerabilities Design and implementation of a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks. Adoption of an overarching management process to ensure that the information security controls meet the organizations information security needs on an ongoing basis
12 About ISO Total worldwide certificates now excess of 20000, with East Asia/Pacific and Europe dominating the pack.
13 ISO in the US Total growth in US certificates has been consistent, with 566 being issued in 2013.
14 By Industry Rank Industrial Sectors # Certs 1 Information Technology Other Services Construction Transport, storage and communication Electrical and optical equipment 289 Total number of certifications issued in 2013 by industry sector (data approximate estimate by ISO/IEC) By far, the largest industry sector seeking certification every year has been Information Technology
15 So why ISO The ISO Standard provides the company with a solid yet flexible framework for the effective management of a rigorous, ongoing security program. The Information Security Management System (ISMS) required under the standard, defines how the company perpetually manages security in a holistic, comprehensive way. The Standard can apply to any type or size of business, big or small and is not hampered by adherence to externally driven forces such is the case for PCI. Which means the design of the ISMS can be driven entirely by the business needs of the particular company or business. Companies can adopt the standard as the blueprint for its information security program and choose whether they wish to go for full certification or not. Certification by an independent organization accredited as an official Certification Body (CB) such as Coalfire ISO, provides external validation that the organization conforms to the requirements of the international standard. ISO certification is recognized in over 60 countries around the world, in all membership countries of the International Accreditation Forum (IAF)
16 ISO Advantages A powerful combination ISO is not driven solely by external considerations as are standards like PCI Compliance and HIPAA. The combination of the business - driven, risk based management framework of 27001, and the cross over with IT controls required for business and other applicable compliance needs, provides the client with a powerful, organization - wide approach that can be more deeply integrated into client business goals and objectives. Wide applicability. ISO can be valuable as an operating framework for a small company laying the groundwork for information security in their business, or complex Fortune 500 s designing a sophisticated Risk based management framework for all information security in the company. The standard can be applied to virtually any business vertical, and wherever businesses have a concern about the security of information within the organization whether it relates to internal business assets or external customer information. Building Blocks ISO provides the blueprint for a risk-based information security management framework that is different from most of the compliance standards currently in use in the US as its scope can be designed entirely by the client based on business needs. The Standard provides rigorous guidance for the management of information security but does not mandate the specific IT controls required.
17 ISO Cycle Gap Analysis ISO Action Plan ISO Training Formation of ISMS Domain and Control Area Analysis Process Documentation Documentation Review Update and Revise Processes Training on Defined Processes Implementation of Defined Processes Asset Risk Assessment Perform Asset Risk Assessment Identify and Implement Controls Internal Audit Training Internal Audit Readiness Internal Audit Report Closure of findings Certification
18 ISO Certification - Cycle Three Year Cycle commencing from initial certification audit First year Initial Certification is in Two Stages: Stage one audit explanation Stage two audit Explanation One year out Surveillance Audit 1 Second year out Surveillance Audit 2 Third Year Full certification audit again, stage one and two.
19 Wrap-Up Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A
20 Questions Michael Fuller Director, Coalfire
4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW
April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group Complete
More informationBaker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Cybersecurity and HIPAA update Agenda Introductions Cybersecurity Overview
More informationISO Professional Services Guide to Implementation and Certification AND
ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationDefense in Depth Security in the Enterprise
Defense in Depth Security in the Enterprise Mike Mulville SAIC Cyber Chief Technology Officer MulvilleM@saic.com Agenda The enterprise challenge - threat; vectors; and risk Traditional data protection
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity Wednesday, March 18, 2015 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED
More informationBringing Cybersecurity to the Boardroom Bret Arsenault
SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity
More informationCYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD
CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)
More informationISO in the world today
ISO 27001 in the world today 1 Agenda ISO 27001 worldwide Why ISO 27001 Framework to implement ISO 27001 2 ISO 27001 worldwide Source: ISO Annual Survey 3 ISO 27001 worldwide Number of Certificates Year
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationData Security Standards
Data Security Standards Overall guide The bigger picture of where the standards fit in 2018 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a
More informationSWIFT Customer Security Programme
www.pwc.ch/cybersecurity SWIFT Customer Security Programme Mandatory controls: what you have to do to protect your local SWIFT infrastructures SWIFT Customer Security Programme (CSP) The growing number
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationCYBERSECURITY AND THE MIDDLE MARKET
CYBERSECURITY AND THE MIDDLE MARKET The Importance of Cybersecurity and How Middle Market Companies Manage Cyber Risks IN COLLABORATION WITH 2 Concerns about cybersecurity are not matched by plans. IMPORTANCE
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationSWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ
SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ 1 SWIFT Customer Security Controls Framework Why has SWIFT launched new security
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationOperationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results
Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec
More informationCyber Fraud What can you do about it?
Cyber Fraud What can you do about it? Eric Wright Shareholder June 10, 2014 What is Cyber Fraud? NetLingo definition: Cyber fraud refers to any type of deliberate deception for unfair or unlawful gain
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationNIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk
NIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk IT Matters Forum July 2017 Alan Calder Founder & Executive Chairman IT Governance Ltd Introduction Alan Calder Founder IT
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationNY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO
NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO June 28, 2017 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationReducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat?
Reducing Liability and Threats through Effective Cybersecurity Risk Measurement Does Your Security Posture Stand Up to Tomorrow s New Threat? Christopher Strand Security Compliance and Risk Officer 1 The
More informationAvanade s Approach to Client Data Protection
White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationDefensible Security DefSec 101
Defensible Security DefSec 101 Security Day November 2017 Information Security Branch Paul Falohun Senior Security Analyst Dan Lathigee Senior Project Manager Content 1 Introduction 2 DefSec for PSO 3
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationYou knew the job was dangerous when you took it! Defending against CS malware
You knew the job was dangerous when you took it! Defending against CS malware Presented By: Doug Cavit Microsoft Where PI geeks meet 9/23/2010 NERC HILF 6/10 Adequately addressing vulnerabilities will
More information2015 VORMETRIC INSIDER THREAT REPORT
Research Conducted by Research Analyzed by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security GLOBAL EDITION #2015InsiderThreat EXECUTIVE PERSPECTIVE 1 INSIDER THREATS:
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationSTEVE GOODING JUNE 15, 2018
ARMOR: THE STATE OF THE INDUSTRY STEVE GOODING JUNE 15, 2018 Agenda 1. Welcome 2. Introduction to Armor 3. Honeypot Report 4. Black Market Report 2 ARMOR IN THE CYBERSECURITY SPACE 3 About Armor DATA CENTERS:
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationGEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards
GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov
More informationBrian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center
Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center What to expect from today: The ugly truth about planning Why you need a plan that works Where
More informationPROFESSIONAL SERVICES (Solution Brief)
(Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard
More informationHacker Academy UK. Black Suits, White Hats!
Hacker Academy UK Black Suits, White Hats! Cyber Security Training and Services Do your devices Protect you against Cyber-attacks? Chinese hackers have allegedly stolen 50 terabytes of data on F-35 aircraft,
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationCybowall Solution Overview
Cybowall Solution Overview 1 EVOLVING SECURITY CHALLENGES 2 EXAMPLES OF CYBER BREACHES INCLUDING CARD DATA 2013: Adobe Systems Hackers raided an Adobe back-up server on which they found and published a
More informationSales Presentation Case 2018 Dell EMC
Sales Presentation Case 2018 Dell EMC Introduction: As a member of the Dell Technologies unique family of businesses, Dell EMC serves a key role in providing the essential infrastructure for organizations
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationProtecting vital data with NIST Framework
Protecting vital data with NIST Framework About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS About Cohesive Networks 2,000+ customers protect cloudbased applications User-controlled security
More informationEnhance your Information Security Strategy with ISO 27001:2013
Enhance your Information Security Strategy with ISO 27001:2013 Information technology - Security techniques - Information security management systems - Requirements Expert commentary by Rob Acker, LRQA
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationCybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.
Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m. It is crucial that small financial firms take proper cybersecurity measures to protect their customers and their firm. During
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationHow will cyber risk management affect tomorrow's business?
How will cyber risk management affect tomorrow's business? The "integrated" path towards continuous improvement of information security Cyber Risk as a Balance Sheet Risk exposing Board and C-Levels 2018
More informationThe Realities of Data Security and Compliance: Compliance Security
The Realities of Data Security and Compliance: Compliance Security Ulf Mattsson, CTO, Protegrity Ulf.mattsson @ protegrity.com Bio - A Passion for Sailing and International Travel 2 Ulf Mattsson 20 years
More informationUncovering the Risk of SAP Cyber Breaches
Uncovering the Risk of SAP Cyber Breaches Research sponsored by Onapsis Independently Conducted by Ponemon Institute LLC February 2016 1 Part 1. Introduction Uncovering the Risks of SAP Cyber Breaches
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationCISO View: Top 4 Major Imperatives for Enterprise Defense
CISO View: Top 4 Major Imperatives for Enterprise Defense James Christiansen Chief Information Security Officer Evantix, Inc. Gary Terrell CIPP Chief Information Security Officer Adobe Session ID: Star
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationCYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services
0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION
More informationAn Overview of TOGAF Version 9.1
An Overview of TOGAF Version 9.1 Robert Weisman MSc, PEng, PMP, CD CEO / Chief Enterprise Architect robert.weisman@buildthevision.ca 44 Montgomery Street 1168 Ste Therese Ottawa, Ontario Canada K1C2A6
More informationAngela McKay Director, Government Security Policy and Strategy Microsoft
Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au
More informationPolicy Session 4 Identifying Risk: An abundance of Potential Shock Waves
Policy Session 4 Identifying Risk: An abundance of Potential Shock Waves Ray Stanton Interim Group CiSO & Director Digital Risk, National Grid &, Group CiSO/CiRO, Redwood Technologies Group 9 th May 2017
More informationAwareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB
Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB 2 OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB In today s digital world, safeguarding data, intellectual property, financial
More informationPROTECTING BRANDS IN CYBERSPACE
Speaker Profile Abhishek Agarwal, CIPP/US: Security & Privacy Leader at Kraft Foods Manage compliance programs to safeguard consumer, customers and employee information. Responsible for protecting brand
More informationSERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?
WHITE PAPER SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY? JEFF COOK DIRECTOR CPA, CITP, CIPT, CISA North America Europe 877.224.8077 info@coalfire.com coalfire.com TABLE OF CONTENTS Summary...
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationData Sheet The PCI DSS
Data Sheet The PCI DSS Protect profits by managing payment card risk IT Governance is uniquely qualified to provide Payment Card Industry (PCI) services. Our leadership in cyber security and technical
More information