Cyber Risk Having better conversations on cyber
|
|
- Phyllis Fletcher
- 5 years ago
- Views:
Transcription
1 Cyber Risk Having better conversations on cyber
2 Contents Putting Cyber Security into perspective 3 Engaging C-Suite executives on cyber security 8 C-Suite key messages & discussion points Chief Executive Officer 9 Chief Financial Officer 11 Chief Risk Officer 13 Chief Audit Executive 15 Chief Information Security Officer 17 Chief Privacy Officer 19 Chief Compliance Officer 21 Chief Technology Officer 23 Chief Administrative Officer 25 Securing your digital future 27 Cyber risk is not a technical/technology problem, it is a business issue and is a significant board agenda. Organisations are taking steps to fundamentally shift how their information security function operates in light of cyber risks. PwC
3 Environmental Economic Your digital world just got bigger and the new business ecosystem must remain protected. Customer Consumer Industry/ Competitors Enterprise Suppliers Service Providers JV/ Partners Technology
4 At a glance Cyberattacks are accelerating at an unprecedented rate and your approach to cybersecurity must keep pace. Here s how businesses are adapting to the new reality: Historical IT Security Perspectives Scope of the challenge Limited to your four walls and the extended enterprise Today s Leading Cybersecurity Insights Spans your interconnected global business ecosystem Ownership and accountability IT led and operated Business-aligned and owned; CEO and board accountable Adversaries characteristics One-off and opportunistic; motivated by notoriety, technical challenge, and individual gain Organized, funded, and targeted; motivated by economic, monetary, and political gain Information asset protection One-size-fits-all approach Prioritize and protect your crown jewels Defense posture Protect the perimeter; respond if attacked Plan, monitor, and rapidly respond for when attacked Security intelligence and information sharing Keep to yourself Public/private partnerships; collaboration with industry working groups PwC
5 Putting cybersecurity into perspective Cybersecurity represents many things to many different people Key characteristics and attributes of cybersecurity: Broader than just information technology and not limited to just the enterprise Increasing attack surface due to technology connectivity and convergence An outside-in view of the threats and potential impact facing an organization Shared responsibility that requires cross functional disciplines in order to plan, protect, defend and respond PwC 5
6 Profiles of Cyber threat actors Adversary Motives Targets Impact Nation State Economic, political, and/or military advantage Trade secrets Sensitive business information Emerging technologies Critical infrastructure Loss of competitive advantage Disruption to critical infrastructure Organized Crime Immediate financial gain Collect information for future financial gains Financial / Payment Systems Personally Identifiable Information Payment Card Information Protected Health Information Costly regulatory inquiries and penalties Consumer and shareholder lawsuits Loss of consumer confidence Hacktivists Influence political and /or social change Pressure business to change their practices Corporate secrets Sensitive business information Information related to key executives, employees, customers & business partners Disruption of business activities Brand and reputation Loss of consumer confidence Insiders Personal advantage, monetary gain Professional revenge Patriotism Sales, deals, market strategies Corporate secrets, IP, R&D Business operations Personnel information Trade secret disclosure Operational disruption Brand and reputation National security impact PwC 6
7 The adversaries conducting cyber attacks and what they target Adversary Cyber Attacks What s most at risk? Economic, political and or military advantage Influence political and/or social change Immediate or future financial gain Industrial Control Systems (SCADA) $ Payment card and related information / financial transactions Military technologies Healthcare, pharmaceuticals, and related technologies Emerging technologies Advanced materials and manufacturing techniques Business deals information R&D and / or product design data Personal advantage, revenge or patriotism Health records and other personal data Information and communication technology and data Input from Office of the National Counterintelligence Executive, Report to Congress on the Foreign Economic Collection and Industrial Espionage, , October PwC
8 Engaging C-Suite executives on Cyber Security Why cyber threats have become business risks When CEOs and Boards evaluated their market threats or competitors, few previously considered cyber threats. Today, the sheer volume and concentration of data, coupled with easy global access throughout the business ecosystem, magnifies the exposure from cyber attacks. Put security on your agenda before it becomes an agenda Executives who ignore security not only gamble with their company s brand and good name, they also lose an opportunity to set themselves apart from the rest. Who s behind this massive loss of data? There are very savvy criminals out there looking to profit from the sale of your customer data and your proprietary information. Compliance does not equal security or does it? Unfortunately, most executives don t think about security beyond complying with security regulations. Do you think antivirus is fool proof security? The scary thing about cyber risks today is the companies that completely ignore security may have already been breached and do not even know it. 1
9 Talking Cyber Does your cyber security strategy support your long term goals? PwC CEO Chief Executive Officer
10 CEO s Cyber Agenda? Key message Questions to Consider A single successful attack could destroy an organisation s financial standing or reputation. Is security part of your board agenda? Is cyber security an integral part of your business model and strategy? Are you aware of the top risks and threats that your organisation is exposed to? Are you aware of major security incidents the industry has experienced in the last year? Is your organisation prepared to respond to such incidents? Is your organisation able to identify and respond to emerging cyber threats while keeping pace with the ever evolving regulatory environment? Cyber attacks were rated the sixth most likely global risk to occur of the key 50 potential risks that we ve surveyed. How PwC can Help We can help assess your existing capabilities and cyber security maturity enabling you to prioritise your investment. Our key services include: Cyber security strategy and roadmap development aligned to your wider business strategy Cyber security diagnostic and maturity assessment services Threat assessment and modelling Privacy and cyber security legal assessment 3
11 Talking Cyber Are your current investments safeguarding you from future losses? PwC CFO Chief Financial Officer
12 CFO s Cyber Agenda? Key message Questions to Consider How PwC can Help Are you aware of the financial impact of cybercrime activities and are you able to rightly prioritise your security investments? Do you know your average cyber crime cost and the frequency of your attacks? Do you understand the cost of recovery vs. the benefit of cyber security investments? Are you aware of the correlation between the lack of security investment and the increase in fraud? Are you aware of your gross vs. net fraud losses? How is cyber resilience managed for new systems, projects or product launches? Is it cost effective? Are your cyber operations cost effective? How can you correctly prioritise your investments? We can help you prioritise your security investments, assess the effectiveness of your current security framework and technology landscape and enable you to drive cost efficiency across your cyber programme. Our services include: Security assessment services and service improvement Threat intelligence, detection and response maturity assessment Fraud and ecrime data analytics Managed vulnerability assessment services enabling detection and remediation of key security weakness through appropriate investments 600k m is the average cost to a large organisation of its worst security breach recorded this year (up from k a year ago). 5
13 Talking Cyber Cyber crime risk is on the rise. Are you safe? PwC CRO Chief Risk Officer
14 CRO s Cyber Agenda? Key message Questions to Consider Do you have a cyber risk framework in place enabling you to adapt to the rapidly evolving threat landscape? Are you able to keep up with the rapidly evolving threat landscape? Do you have a cyber risk appetite? How do you identify and measure cyber security related risks and compare them with other business risks? Are you confident that you have an effective cyber risk management framework in place? Do you regularly reassess your cyber risk appetite? Have you assessed the full impact of business disruption, and do you understand your reliance on critical systems, service providers and suppliers? 93% of large organisations and 87% of small businesses had a security breach in the last year. How PwC can Help We can assess your cyber risk appetite and help develop an appropriate cyber risk management framework aligned to your business needs and threat landscape. Key services include: Cyber threat assessment and modelling Cyber security risk appetite assessment and risk management framework development Third party security assurance services Cyber security programme assurance 7
15 Talking Cyber Is your Internal Audit function able to thoroughly assess and help strengthen your cyber security posture? PwC CAE Chief Audit Executive
16 CAE s Cyber Agenda? Key message Questions to Consider How PwC can Help Is your IA function able to assess and respond to the increasing speed and frequency of cyber risks threatening your business? Are you aware of the threat landscape that your organisation is exposed to? Is your organisation able to identify and respond to emerging cyber threats while keeping pace with the ever evolving regulatory environment? Are your cyber operations efficient and effective? Is your controls and monitoring capability robust and able to keep pace with emerging requirements? Are you able to demonstrate compliance to existing legal regulatory requirements? Are your cyber processes designed for the future? Are you confident that you have an effective cyber risk management framework in place? We can help you assess your security posture, identify potential weak areas and help determine the appropriate remediation roadmap through a focused audit service offering including: Cyber security audit services, including penetration testing Cyber security controls testing and optimisation eg identity & access Cyber security diagnostic and cyber maturity assessments Privacy and cyber security legal assessment services, including policy and contract review services Cyber security programme assurance Threat assessment and modelling IA is already heavily involved in security audits with 84% of organisations covering data privacy, 72% focusing on identity and access management and 69% having addressed threat intelligence and vulnerability management. 9
17 Talking Cyber Are you able to prevent and withstand cyber attacks? PwC CISO Chief Information Security Officer
18 CISO s Cyber Agenda? Key message Questions to Consider How PwC can Help Are you able to successfully protect your critical assets and easily adapt to the evolving cyber security threat landscape? Are your cyber operations efficient and cost effective? Is your monitoring capability flexible and scalable? How do you prioritise your investments? When you experience a cyber incident, how do you fix the problem so it won t happen again? Are you prepared? Are you leveraging analytics to understand incidents and identify systemic issues and root causes? How do you know when you have a breach? Are your cyber resilience skills broad, scalable and flexible to deal with spikes in business demand? What are the protocols when responding to cyber threats or incidents? Are you leveraging security best practices, tools and standards? We can help you build an intelligence led security defence system, enabling rapid detection and containment of security incidents. Our services include but arenot limited to: Cyber security diagnostic, breach discovery assessment and remediation Cyber incident management, response and forensic investigation Advanced threat detection and monitoring, and threat intelligence services Integrated managed security services, including vulnerability management Cyber security programme delivery and cyber defence team augmentation Security technologies, SOC setup, operations and crisis management 20% of the large organisations detected that outsiders had successfully penetrated their network in the last year (up from 15% a year ago). Detection has improved, but the risks are still imminent. 11
19 Talking Cyber Are you able to safeguard your business and your clients data? PwC CPO Chief Privacy Officer
20 CPO s Cyber Agenda? Key message Questions to Consider Are you protected against both internal and external data leakage? Do you understand what information is most valuable, where it is located, and how it impacts the customer and business experience? Are you confident that you meet all your data protection requirements? Are you aware of the insider data threats you are exposed to? Are you employing the correct data loss prevention mechanisms to protect your business? What would happen if you had a major systems outage or customer information breach? Are you prepared? Do you have a plan to respond? Are you leveraging analytics to understand incidents and identify systemic issues and root causes? Over last one year, data protection breaches occurred in almost half of all large organisations and roughly one in ten small businesses. How PwC can Help We can help you determine your critical data assets enabling you to secure and protect your intellectual property alongside your clients and business data through a focused service offering including: Privacy and cyber security legal compliance services Data leakage monitoring and assessment service Security advisory services including data loss prevention services Security intelligence and analytics Fraud and ecrime data analytics, e-discovery and disclosure 19
21 Talking Cyber Are you able to keep pace with emerging cyber and information security regulations? PwC CCO Chief Compliance Officer
22 CCO s Cyber Agenda? Key message Questions to Consider How PwC can Help Are you effectively meeting cyber security regulatory requirements and enabling the adoption of new regulations and standards? Are you able to demonstrate compliance to existing legal and regulatory requirements around cyber? How will you ensure compliance with the emerging Information Security regulations and standards, whilst not losing sight of other important Information Security issues? Is you compliance assessment process able to reveal potential weaknesses? How can you begin to stabilise and simplify your regulatory reporting, risk and compliance activities to reduce barriers to growth? Have you effectively embedded good Information Security behaviours into your organisation s culture? We can help you navigate the complex regulatory landscape, enabling you to promptly respond to emerging cyber security regulations and standards. Our service offering include: Providing legal support and general counsel on regulatory proceedings Advising on the latest regulatory requirements and potential implementation of cyber security best practices Cyber security assessments against security standards and best practices Culture & behaviours programme delivery; cyber security awareness and training Given the increasing legal and regulatory focus on cyber security, monitoring the level of regulatory compliance has become essential. 13
23 Talking Cyber Is your technology investment enabling cyber resilience? PwC CTO Chief Technology Officer
24 CTO s Cyber Agenda? Key message Questions to Consider Are you able to leverage technology to your advantage, deriving maximum return from your security technology investments for cyber? What are the appropriate technologies to invest in and when is the right time to invest? Have you assessed the full impact of business disruption, and do you understand your reliance on critical systems? How are you protecting these systems? How is cyber resilience managed for new systems, projects or product launches? Is it cost effective? Are you using your resources in a secure way by employing the correct blend of technology security controls? How are you measuring the effectiveness and efficiency of your controls framework? 60 million banking transactions were lost by a major bank due to a system malfunction suffered in 2010; all transactions had to be manually recovered. How PwC can Help We can help you use technology to your advantage, enabling you to prioritise you investments in information technology, operations technology and consumer technology. Our key service offering consists of: Technology and security risk assessment services enabling an in depth review of your critical systems/ applications and technology processes Controls framework design, implementation and testing services (including penetration testing) Business resilience and IT continuity services Identity and access management, aswell as security integration services 15
25 Talking Cyber Can you effectively manage your interconnected business ecosystem? PwC CAO Chief Administrative Officer
26 CAO s Cyber Agenda? Key message Questions to Consider How PwC can Help Can you effectively manage your suppliers and are your supporting functions enabling you to conduct your business securely? Are you able to effectively manage your suppliers? Are you managing your contract lifecycles effectively? Are you aware of the outsourcing risks and are you able to manage them? How do you know your service providers effectively manage cyber risks? Do you understand the potential impact of your supplier breaches and are you prepared to respond to them? Do you have a culture of cyber resilience and are your internal processes aligned to prevent and address potential cyber risks? We can help you understand and manage risk in your interconnected business ecosystem, assisting you to secure your digital channels, enabling partner and supplier management. Our key service offering are as follows: Defining security policies and the mandatory requirements that your business users, and third parties must adhere to Help you assess/ develop and maintain your outsourcing strategy to enable effective risk mitigation Privacy and cyber security legal assessment services, including policy and contract review services Third party security assurance services, litigation and dispute services 78% of the organisations claim that they have effective security behaviours instilled into their culture, yet fewer than half require suppliers to comply with privacy policies. 17
27 We can help secure your digital future We provide a comprehensive range of integrated cyber security services that help you assess, build and manage your cyber security capabilities, and respond to incidents and crises. Our services are designed to help you build confidence, understand your threats and vulnerabilities, and secure your environment. Our cyber security service delivery team includes incident response, legal, risk, technology and change management specialists. You can t secure everything We will help assess your cyber priorities: Enterprise security architecture Protect what matters Strategy, organisation and governance Threat intelligence Priorities Risk Seize the advantage Our security assessment will help you identify digital opportunity with confidence as we will assess key aspects of your cyber strategy: Digital trust embedded in the strategy Privacy and cyber security legal compliance Risk management and risk appetite It s not if but when The assessment will cover: Continuity and resilience Crisis management Incident response and forensics Monitoring and detection Fix the basics The cyber assessment will critically evaluate your security foundation: Identity and access management Information technology, operations technology and consumer technology IT security hygiene and controls alignment to your business processes Security intelligence and analytics Crisis Technology People Connection Their risk is your risk Our assessment will review existing cyber risk and provide recommendations to help manage risk in your interconnected business ecosystem. Digital channels Partner and supplier management Robust contracts People matter The assessment will evaluate your cyber maturity in the following key areas: Insider threat management People and moments that matter Security culture and awareness 21
28 Find out more Tan Shong Ye Partner Kyra Mattar Partner Jimmy Sng Partner Ervin Jocson Partner This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it PricewaterhouseCoopers LLP. All rights reserved. In this document, PwC refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.
RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationand managed. It took the crisis for business leaders to fully appreciate the extent of their exposure within the interconnected global
10Minutes on the stark realities of cyber-risk September 2014 Cyber-risk is more than an IT challenge it s a business imperative Highlights Business leaders must recognize the exposure and business impact
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationCYBER INSURANCE: MANAGING THE RISK
CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationCybersecurity Protecting your crown jewels
Cybersecurity Protecting your crown jewels Our cyber security services We view cybersecurity through a series of interconnected lenses. This rounded approach is designed to provide you with confidence:
More informationSafeguarding company from cyber-crimes and other technology scams ASSOCHAM
www.pwc.com Safeguarding company from cyber-crimes and other technology scams ASSOCHAM Rahul Aggarwal - Director The new digital business ecosystem is complex and highly interconnected The new business
More informationGoverning cyber security risk: It s time to take it seriously Seven principles for Boards and Investors
www.pwc.co.uk Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors Dr. Richard Horne Cyber Security Partner PwC January 2017 Board governance is often
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationTHE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK
THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step
More informationEngaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationTAN Jenny Partner PwC Singapore
1 Topic: Cybersecurity Risks An Essential Audit Consideration TAN Jenny Partner PwC Singapore PwC Singapore is honoured to be invited to contribute to the development of this guideline. Cybersecurity Risks
More informationCyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response
Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1 2 Today, no Canadian business is immune from a potential attack. It s no longer
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationSECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives
SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016 2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationCyber Security: An Internal Audit Perspective Eoin Hayes
Cyber Security: An Internal Audit Perspective By Eoin Hayes Senior Manager Technology and Cyber Group Internal Audit Insurance Australia Group (IAG) Sydney, Australia Agenda 2.00-3.30 Insurance Australia
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationBREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE
BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE 31st Annual SoCal ISSA Security Symposium Wendy T. Wu Vice President Agenda + CISO: Then and Now + Who are the Stakeholders and What Do They Care About?
More informationM&A Cyber Security Due Diligence
M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationProtecting your next investment: The importance of cybersecurity due diligence
Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationCybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference
www.pwc.com 2016 ISACA Atlanta Chapter Geek Week Conference Highlights from surveys 38% Amount of security incidents In 2015, 38% more security incidents were detected than in 2014. $4.9M Cost of security
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationMoving from Prevention to Detection March 2017
www.pwc.com Moving from Prevention to Detection Le Tran Hai Minh Manager Cyber Security 29 Agenda Slide Cyber Security Statistics 3 How to Stay Confidence 8 Contact 19 2 Cyber Security Statistics 3 Cyber
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationLeading our discussion today
Defending the Digital Retailer for NRFTech 2014 July 22, 2014 Leading our discussion today Security Leadership and Points of Contact Security and Infrastructure Services Leadership Kevin Richards NA Security
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationHow to be cyber secure A practical guide for Australia s mid-size business
How to be cyber secure A practical guide for Australia s mid-size business Introduction The digital age has bred opportunity for mid-size business. From ecommerce to social media, agile organisations have
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationEnterprise resilience and the role of Standards
www.pwc.co.uk Enterprise resilience and the role of Standards Why do we have Standards? Globalisation Consistency Quality Supply chain and outsourcing Marketing value Slide 2 Stakeholder value Ultimately,
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationChanging the Game: An HPR Approach to Cyber CRM007
Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationClarity on Cyber Security. Media conference 29 May 2018
Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26
More informationHacking and Cyber Espionage
Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge
More informationInternet of Things (IoT) Securing the Connected Ecosystem
Internet of Things (IoT) Securing the Connected Ecosystem June 2018 Making sense of the buzzwords: What is the Internet of Things Internet of Things (IoT) refers to a world of intelligent, connected devices
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationThe Cyber Savvy CEO Getting to grips with today s growing cyber-threats
www.pwc.co.uk/informationsecurity The Cyber Savvy CEO Getting to grips with today s growing cyber-threats Unprecedented opportunities The cyber domain is a world of opportunity yet media coverage of attacks
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationGDPR: The Day After. Pierre-Luc REFALO
GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal
More informationPeople risk. Capital risk. Technology risk
Decode secure. People risk Capital risk Technology risk Cybersecurity needs a new battle plan. A better plan that deals with the full spectrum of your company s cybersecurity not just your technology.
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationIMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES
IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationSecure your company s Crown Jewels. workshop
Secure your company s Crown Jewels 1 Your company s Crown Jewels The most valuable data, intellectual property (IP) and trade secrets form the heart of an organization s identity. The theft, misuse or
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationCyber Due Diligence: Understanding the New Normal in Corporate Risk
Cyber Due Diligence: Understanding the New Normal in Corporate Risk Gillian Stacey, Davies Ward Phillips & Vineberg LLP Donald Good, Navigant Consulting Peter Gronvall, Navigant Consulting 8:30 to 10:00
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationEXECUTIVE SUMMARY JUNE 2016 Multifamily and Cybersecurity: The Threat Landscape and Best Practices
Multifamily and Cybersecurity: The Threat Landscape and Best Practices By CHRISTOPHER G. CWALINA, ESQ., KAYLEE A. COX, ESQ. and THOMAS H. BENTZ, JR., ESQ. HOLLAND & KNIGHT Overview Cyber policy is critical
More informationHow will cyber risk management affect tomorrow's business?
How will cyber risk management affect tomorrow's business? The "integrated" path towards continuous improvement of information security Cyber Risk as a Balance Sheet Risk exposing Board and C-Levels 2018
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationHow to Underpin Security Transformation With Complete Visibility of Your Attack Surface
How to Underpin Security Transformation With Complete Visibility of Your Attack Surface YOU CAN T SECURE WHAT YOU CAN T SEE There are many reasons why you may be considering or engaged in a security transformation
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationPhysical security advisory services Securing your organisation s future
Physical security advisory services Securing your organisation s future August 2018 KPMG.com/in Physical security threats on the rise In a dynamic geo-political, economic and social environment, businesses
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationDoes someone else own your company s reputation? EY Global Information Security Survey 2018
Does someone else own your company s reputation? EY Global Information Security Survey 2018 Perspectives for technology, media and entertainment, and telco companies Risking cyber reputations Are TMT companies
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationIncident Response. Tony Drewitt Head of Consultancy IT Governance Ltd
Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationSteps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.
Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m. The cyber threats are no longer a question of if, but when, a breach will occur. It is important
More informationAdaptive & Unified Approach to Risk Management and Compliance via CCF
SESSION ID: SOP-W08 Adaptive & Unified Approach to Risk Management and Compliance via CCF Vishal Kalro Manager, Risk Advisory & Assurance Services (RAAS) Adobe @awish11 Disclaimer All the views presented
More informationCyber COBIT. Ophir Zilbiger, CEO SECOZ Shay Zandani, CEO CyberARM. December 2013
Cyber COBIT Ophir Zilbiger, CEO SECOZ Shay Zandani, CEO CyberARM December 2013 1 Agenda 1. Background & Definitions 2. Applying COBIT5 to Cybersecurity Governance 3. Cybersecurity Management 4. Cybersecurity
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More information