Webcast title in Verdana Regular
|
|
- Robert Richardson
- 6 years ago
- Views:
Transcription
1 Medical devices and the Internet of Things: A threelayer defense against cyber threats Webcast title in Verdana Regular The Dbriefs Industries series Veronica Lim, Principal, Deloitte & Touche LLP Russell Jones, Partner, Deloitte & Touche LLP Scott Read, Discovery Principal, Deloitte Transactions and Business Analytics LLP Terry Hisey, Principal, Deloitte Consulting LLP May 23, 2017
2 Agenda Life sciences and health care cyber threat landscape Medical devices and the IoT: A threelayer defense What might the next 5 years hold? Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 2
3 Life sciences and health care cyber threat landscape Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 3
4 Many medical devices are gaining new types of connectivity, making them potentially more vulnerable to cyber attacks Sensors A medical device is any health care product that does not make a chemical action or is metabolized A connected medical device is a medical device, which communicates via a private network, public Internet, or point-topoint connection (wired or wireless) or can be accessed in standalone mode via a user or machine interface Medical/ mobile apps Remote monitoring Implantable devices Connected medical device/ IoT ecosystem Health care IT Diagnostic devices Capital equipment Copyright 2017 Deloitte Development LLC. All rights reserved. 4
5 Hardware and software in medical devices have moved toward an increasingly connected environment over the last 50 years Evolution of the insulin pump 1960s/1970s s/1990s s/Present 3 Features: No connectivity No local data storage Low mobility Features: Limited connectivity Limited local data storage Limited mobility Features: Internet connectivity Local/cloud storage Highly mobile Future 4 Present day features, plus: Automated predictive care algorithms Connectivity that allows doctors to provide instant treatment updates Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 5
6 Polling question #1 In which part of the medical device/iot ecosystem does your organization operate? Medical device or component part manufacturer (i.e. implantables, diagnostic devices, capital equipment, etc.) Health care IT organization (i.e. mobile app/software developer, etc.) Medical device user (i.e. health care provider, device monitoring, etc.) Regulator Not in the medical device/iot ecosystem Don t know/na Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 6
7 Enabling technologies As medical device technology advances, the number of devices exposed to malicious threats increases Evolution of threats Before connectivity Internet age Connected age Common vulnerable components Device software Remote support/ maintenance Firmware Device hardware Removable media Network access/firewall Physical access Operating system Database and/or storage Ports/interface Clinical applications (e.g., treatment planning software) Source: OWASP Top 10, CWE/SANS Top 25 Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 7
8 There can be new cybersecurity and privacy implications for an increasingly connected world Cloud-based computing attacks Medtech security concerns Regulatory implications of cloud usage Ransomware Big data management Third-party access Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 8
9 Polling question #2 Has your organization experienced a cybersecurity incident during the past 12 months? Yes No Don t know Not applicable Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 9
10 The United States and international regulatory landscape United States FDA Premarket Guidance on Medical Device Cybersecurity FDA Postmarket Guidance on Medical Device Cybersecurity China Notice of the General Administration of the People's Republic of China on the Guidelines on the Publication of the Technical Guidelines for the Safety Registration of Medical Devices Networks (No. 13 of 2017) European Union Medical Device Regulation (MDR) Global Data Protection Regulation (GDPR) Japan Japanese Industry and Regulatory Activities on Medical Device Security Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 10
11 There are areas where the industry may be collectively maturing and there are areas of potential stagnation Industry appears to be maturing in terms of: Conducting technical security testing and security risk assessment on devices while in development Implementing coordinated vulnerability disclosure programs Proactively establishing relationships with customers to provide security information and assist in securing the devices during procurement Evolving to where health care providers can hold manufacturers more accountable to medical device security before purchasing devices Industry may be potentially stagnating in: Identifying and treating the risks of fielded and legacy devices Monitoring and responding to security events proactively Giving the proper amount of security training to product engineers and architects designing medical devices Addressing the full scope and quantity of the organization s medical devices Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 11
12 Integrated governance and oversight Enterprise information security can overlap with some components of product security Product security Information security Patient/customer/market services focus Security-by-Design Risk management/remediation Customer/patient threat/risk/ event response Security testing of products integrated into the product development process Regulatory compliance Control selection and implementation Security threat modeling Security event handling Secure development education and training Enterprise systems assets/ services focus Enterprise threat and vulnerability management Enterprise asset risk management/remediation Enterprise threat/risk/event response Information Security Operations Center (SOC) Create, manufacture & deliver secure products and services, per market demand Helps ensure confidentiality, integrity and availability of corporate information assets Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 12
13 Polling question #3 What do you think is the biggest challenge facing the medical device industry with regards to cybersecurity? Identifying and mitigating the risks of fielded and legacy devices Monitoring and responding to cybersecurity incidents Embedding vulnerability management into the design phase of medical devices Lack of collaboration on cyber threat management throughout connected medical device supply chain Meeting regulatory requirements Don t know/na Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 13
14 Medical devices and the IoT: A three-layer defense Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 14
15 Policies, security risk assessments, and forensic investigations can form a three-layer defense Policies address regulatory and compliance concerns related to securing connected devices Security risk assessments conducted throughout the product life cycle can help identify, measure, and mitigate cyber risks while informing the board and key stakeholders about the cyber risk landscape Forensic investigations can uncover breach sources to reduce exposure and reputational impact Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 15
16 Defense layer 1: A policy hierarchy can help organize and structure medical device security activities and governance Policy Product Security Policy Standards Security Risk Management, Security Event & Incident Handling, Security Education & Training, etc. Standard operating procedures Security Risk Assessment, Technical Security Testing, Security Event Handling, Security Incident Handling, etc. Work instructions and templates Security Risk Assessment, Technical Security Testing, Security Event Handling, Security Incident Handling, etc. Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 16
17 Security requirements procedure Security risk assessment procedure Technical security testing procedure Third-party component security procedure Threat intelligence procedure Patch & vulnerability management procedure Security event and incident handling procedure Vulnerability communication procedure Inquire response procedure Regulatory submission procedure Security authorization procedure Program process training procedure Product lifecycle training procedure Security awareness training procedure Secure development training procedure Key performance indicator procedure Product inventory procedure Program audit framework procedure Program assessment framework procedure Defense layer 1: Medical device security documentation maps to each component of the product security program and integrates into the QMS Product security policy Security risk management standard Security event & incident handling standard External communications standard Security education & training standard Program monitoring standard Work instructions and templates as appropriate Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 17
18 Defense Layer 2: Product security risk assessment A security risk assessment procedure should be utilized throughout the lifecycle of connected medical devices and medical apps to help identify security threats beyond the minimum medical device security requirements. Detailed breakdown of nine step end-to-end security risk assessment process, which aligns with FDA Guidance and AAMI TIR57: Identify mitigating controls Calculate the residual risk rating Calculate the risk rating of the vulnerabilities Identify vulnerabilities and pair with threats Conduct planning and information gathering Identify applicable device profiles Develop a component register Perform controls analysis Conduct threat modeling Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 18
19 Defense layer 3: The changing cyber landscape The investigation starts by gathering intelligence about the adversary including who attacked, why, and how? Who might attack? Cyber risk program and governance What are they after, and what are the key business risks I need to mitigate? What tactics might they use? SECURE Are controls in place to guard against known and emerging threats? VIGILANT Can we detect malicious or unauthorized activity, including the unknown? RESILIENT Can we act and recover quickly to minimize impact? Copyright 2017 Deloitte Development LLC. All rights reserved. 19
20 Defense layer 3: Data analysis for computer and cyber forensics Investigation Initial examination & data reduction Event analysis Data analysis Facts Copyright 2017 Deloitte Development LLC. All rights reserved. 20
21 Defense layer 3: Cyber forensic analysis also helps determine the type of attack that occurred and how to adapt in the future Advanced persistent threat A targeted attack from an individual or other credible organization with an intention to exfiltrate corporate data. Unauthorized access An individual gains logical or physical access without permission to a network, system, application, data, or other resource. Malicious code Successful installation of malicious software that infects an operating system or application. Improper usage Any incident resulting from violation of an organization s acceptable usage policies by an authorized user. Data breach The loss or theft of a computing device or media used by an employee. Post-incident activities Learning and fixing what went wrong in an incident is key to improving maturity. Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 21
22 What might the next 5 years hold? Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 22
23 What might the next five years hold? Potential threats to connected medical devices and its related ecosystem Organized crime targeting digital health data lakes for cyber attacks to perpetrate next generation medical identity theft. Hackers targeting a multi-state health care provider with ransomware resulting in thousands of patients being harmed due to unavailability of connected medical devices (e.g. smart infusion pumps) Hackers extorting a global medical device manufacturer due to a significant, patient safety impacting vulnerability in their Class 3 medical device that can be remotely exploited at scale Potential industry response The FDA may further strengthen their approval process for connected medical devices Industry development of an internationally recognized standard detailing cybersecurity and privacy requirements for connected medical devices Health care providers will likely require vulnerability assessments prior to procuring of connected medical devices The insurance industry factors cybersecurity into their product liability pricing for device manufacturers, product liability pricing could increase by 20 percent Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 23
24 Polling question #4 How prepared is your organization to address litigation, internal investigations or regulatory matters related to medical device cybersecurity incidents in the next 12 months? Very prepared Somewhat prepared Not prepared Other / no opinion Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 24
25 Considerations moving forward Life sciences Government Health plans Consumers Health care providers Technology companies Copyright 2017 Deloitte Development LLC. All rights reserved. 25
26 Polling question #5 Are you interested in subscribing to A View from the Center, Deloitte s Life Sciences & Health Care industry blog? Our blog provides weekly updates on the hottest trends and issues for health care providers, health plans, and life sciences companies. Yes, I would like to subscribe. No thanks. I already subscribe to receive updates on this blog. Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 26
27 Join us June 27 at 1 p.m. ET as our Life Sciences & Health Care series presents: M&A in health care: What s the forecast for 2017 and beyond? Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 27
28 Eligible viewers may now download CPE certificates. Click the CPE icon in the dock at the bottom of your screen. CPE Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 28
29 Contact information Terry Hisey Principal Deloitte Consulting LLP Connect with me on LinkedIn Veronica Lim Principal Deloitte & Touche LLP Connect with me on LinkedIn Russell Jones Partner Deloitte & Touche LLP Connect with me on LinkedIn Scott Read Discovery Principal Deloitte Transactions and Business Analytics LLP Connect with me on LinkedIn Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 29
30 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright 2017 Deloitte Development LLC. All rights reserved. Medical devices and the Internet of Things: A three-layer defense 30
31 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms. Copyright 2017 Deloitte Development LLC. All rights reserved. 36 USC
Cyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationMassMEDIC s 21st Annual Conference
MassMEDIC s 21st Annual Conference Panel Discussion Moderators: William Greenrose and Mutahar Shamsi, Deloitte & Touche LLP May 3, 2017 Three critical regulatory issues facing MedTech Implementing the
More informationManaging Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust
Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!
More informationMedical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.
Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationAnticipating the wider business impact of a cyber breach in the health care industry
Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada,
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationCyber Security: Are digital doors still open?
Cyber Security: Are digital doors still open? Introduction Security is becoming a rapidly evolving and complex issue that various organizations are contending with today. It continues to be one of the
More informationThe New Healthcare Economy is rising up
The New Healthcare Economy is rising up February 2017 The ever-rising costs of healthcare are fostering innovative solutions and disruptive business models Cybersecurity concerns come to medical technology
More informationPractical Guide to the FDA s Postmarket Cybersecurity Guidance
Practical Guide to the FDA s Postmarket Cybersecurity Guidance Presenter: Jarman Joerres Date: February 3, 2017 www.medacuitysoftware.com Agenda Introductions The Current Cybersecurity Landscape The FDA
More informationAddressing the elephant in the operating room: a look at medical device security programs
Addressing the elephant in the operating room: a look at medical device security programs Ernst & Young LLP Presenters Michael Davis Healthcare Leader Baltimore +1 410 783 3740 michael.davis@ey.com Esther
More informationInternet of Things (IoT) Securing the Connected Ecosystem
Internet of Things (IoT) Securing the Connected Ecosystem June 2018 Making sense of the buzzwords: What is the Internet of Things Internet of Things (IoT) refers to a world of intelligent, connected devices
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationFrom Dabbling to Doing The Age of the Intuitive Enterprise
GMA Executive Forum From Dabbling to Doing The Age of the Intuitive Enterprise The Clorox Company Unilever Deloitte Consulting LLP please welcome our panelists Frank Tataseo EVP, New Business Development
More informationCyber Espionage A proactive approach to cyber security
Cyber Espionage A proactive approach to cyber security #DeloitteRA To mitigate the risks of advanced cyber threats, organisations should enhance their capabilities to proactively gather intelligence and
More informationVulnerability Management. June Risk Advisory
June 2018 Risk Advisory Contents A Better Way To Manage Vulnerabilities 4 Business Challenge 6 Vulnerability Management as a Service 7 Robust Service Architecture 8 Our Differentiators 9 Vulnerability
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationBuilding and Testing an Effective Incident Response Plan
14th Annual Building and Testing an Effective Incident Response Plan John Gelinne Deloitte & Touche LLP jgelinne@deloitte.com www.linkedin.com/in/jgelinne No battle plan ever survives contact with the
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationEngaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev
More informationThe Deloitte-NASCIO Cybersecurity Study Insights from
The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response
Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1 2 Today, no Canadian business is immune from a potential attack. It s no longer
More informationHeadline Verdana Bold
Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary
More informationSpiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP
Debi Mohanty Senior Manager Deloitte & Touche LLP Multi-factor (MFA) Authentication September 2018 Spiros Angelopoulos Principal Solutions Architect ForgeRock MFA Evolved Authentication Spiros Angelopoulos
More informationCybersecurity Fortification Initiative (CFI) infrastructure whitepaper
Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Recently, Cybersecurity Fortification Initiative (CFI) have been a hot topic in the Hong Kong banking industry and financial institutions
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationCyber risk Getting the boardroom focus right
Cyber risk Getting the boardroom focus right Cyber attacks have become substantially more malicious and larger scale over last few years, causing much greater harm to organisations and elevating cyber
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationAutobot - IoT enabled security. For Private circulation only October Risk Advisory
For Private circulation only October 2018 Risk Advisory Table of contents Background 02 Common Challenges 03 About the AutoBot 04 Capabilities of the AutoBot 05 Future of Autobot 06 The success story
More informationReal estate predictions 2017 What changes lie ahead?
Real estate predictions 2017 What changes lie ahead? Cyber Risk 2017. For information, contact Deloitte Consultores, S.A. Real Estate Predictions 2017 2 Cyber Risk Rising cyber risk in real estate through
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationThe value of visibility. Cybersecurity risk management examination
The value of visibility Cybersecurity risk management examination Welcome to the "new normal" Cyberattacks are inevitable. In fact, it s no longer a question of if a breach will occur but when. Cybercriminals
More information2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Casie D. Collignon Partner Denver 303.764.4037 ccollignon@bakerlaw.com
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationAgenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.
Agenda Agenda Security essentials Year in review College/university challenges Recommendations 2 About me Matt Franko Director, Risk Advisory Services matthew.franko@rsmus.com (216) 927-8224 11+ years
More informationMFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment
Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationBharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP
Prioritizing & enabling internal during ERP/Cloud SaaS and other enterprise system implementations NASC Conference March 21, 2018 Introduction Moderator Presenters Jim Kennedy Senior Deputy Director of
More informationAchieving third-party reporting proficiency with SOC 2+
Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More information3/3/2017. Medical device security The transition from patient privacy to patient safety. Scott Erven. Who i am. What we ll be covering today
www.pwc.com Medical device security The transition from patient privacy to patient safety Scott Erven Who i am Scott Erven - Managing Director Healthcare Industries Advisory Cybersecurity & Privacy Medical
More informationMedical device security The transition from patient privacy to patient safety
www.pwc.com Medical device security The transition from patient privacy to patient safety Scott Erven Who i am Scott Erven - Managing Director Healthcare Industries Advisory Cybersecurity & Privacy Medical
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More informationBuilding Resilience to Denial-of-Service Attacks
Building Resilience to Denial-of-Service Attacks Building resilience to denial-of-service attacks Traditionally, organizations have relied on disaster recovery (DR) solutions to provide protection from
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationPOSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS
POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, 2017 14TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS 1 Fact vs. Myth Let s Play: Fact vs. Myth The FDA is the federal entity
More informationGlobal Mobile Consumer Survey, US Edition Overview of results
Global Mobile Consumer Survey, US Edition Overview of results Smartphones front and center Mobile phones are still on the rise, in number and importance Smartphone ownership reached 85% (a YoY increase
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationCustomer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach
Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationLegal Issues Surrounding the Internet of Things and Other Emerging Technology
Legal Issues Surrounding the Internet of Things and Other Emerging Technology ACC Houston Chapter Meeting September 12, 2017 Jonathan Ishee Vorys Sater Seymour and Pease, LLP Dean Fisher RigNet Overview
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationCFOs in a new global environment Sandy Cockrell, Deloitte
CFOs in a new global environment Sandy Cockrell, Deloitte CFOs in a new global environment 1 2 3 Background The CFO role CFOs Challenges Where does our data come from? How is the CFO role evolving in the
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationMulti-factor authentication enrollment guide for Deloitte client or business partner user
Deloitte OnLine eroom Global Technology Services December 2017 Multi-factor authentication enrollment guide for Deloitte client or business partner user What is multi-factor authentication (MFA) and how
More informationBREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response
BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone of cyber security,
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationStanding Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015
Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report November 19, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario QD3 results
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationCYBER INSURANCE: MANAGING THE RISK
CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationOn the board s agenda US Cyber risk in the boardroom: Accelerating from acceptance to action
February 2018 On the board s agenda US Cyber risk in the boardroom: Accelerating from acceptance to action Cyber risk is a top-level business risk that boards may find challenging to oversee and difficult
More informationMEDICAL DEVICE SECURITY. A Focus on Patient Safety February, 2018
MEDICAL DEVICE SECURITY A Focus on Patient Safety February, 2018 WHO I AM Adam Brand I Am The Cavalry Director Privacy and Security, Protiviti Focus on Medical Device Healthcare Security Custom EEG Manufacturing,
More informationCybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank
Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank NJ Bankers Association Annual Convention May 19, 2017 Presented by: Jeremy Burris, Principal, S.R. Snodgrass,
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationMEDICAL DEVICE CYBERSECURITY: FDA APPROACH
MEDICAL DEVICE CYBERSECURITY: FDA APPROACH CYBERMED SUMMIT JUNE 9TH, 2017 SUZANNE B. SCHWARTZ, MD, MBA ASSOCIATE DIRECTOR FOR SCIENCE & STRATEGIC PARTNERSHIPS CENTER FOR DEVICES AND RADIOLOGICAL HEALTH
More informationThe Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory
The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More informationSTAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response
STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationBack to the Future Cyber Security
Back to the Future Cyber Security A manifesto for Cyber Security and the Industrial Legacy Introduction Industrial facilities and infrastructure form the core of our economy and society. These advanced
More informationInstitute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11
AUDITING ROBOTICS AND THE INTERNET OF THINGS (IOT) APRIL 9, 2018 PRESENTERS Kara Nagel Manager, Information Security Accenture Ryan Hopkins Assistant Director, Internal Audit Services Packaging Corp. of
More information