Regulatory Update Cyber Security
|
|
- Nelson Martin
- 6 years ago
- Views:
Transcription
1 Regulatory Update Cyber Security Mr Brian Lee Division Head Hong Kong Monetary Authority 25 September 2015
2 Disclaimer This presentation is provided for training purposes and does not form part of the formal legal and regulatory requirements of the HKMA. The HKMA is the owner of the copyright and any other rights in the PowerPoint materials of this presentation. Such materials may not be reproduced for or distributed to third parties, or used for commercial purposes, without the HKMA s prior written consent.
3 Topics Landscape of cyber threats Supervisory guidance related to cyber security Onsite and offsite supervisory activities Industry initiatives
4 Topics Landscape of cyber threats Supervisory guidance related to cyber security Onsite and offsite supervisory activities Industry initiatives
5 Cyber Threats Landscape (1) How would your bank and you handle the following scenarios? What would be the impact? Massive data leakage of your bank s customers due to a hacking incident Prolonged disruptions to your bank s core banking system and online services caused by cyber attacks but recovery from the backup system has failed Locking of critical data of your bank by a ransomware of a hacker group, which holds your bank hostage
6 Cyber Threats Landscape (2) Cyber attacks are growing globally Cyber threat actors pose different risks Cyber criminals Hactivists Cyber terrorists State-sponsored hackers DDoS attacks of banks in Hong Kong are rising
7 Topics Landscape of cyber threats Supervisory guidance related to cyber security Onsite and offsite supervisory activities Industry initiatives
8 Supervisory Guidance (1) Information security has already been covered in the following guidelines SPM module TM-G-1 on technology risk management SPM module SA-2 on outsourcing Circular on Customer Data Protection Recent guidelines covering cyber security Revised SPM module TM-E-1 on e-banking Circular on cyber security risk management
9 Supervisory Guidance (2) TM-E-1 on e-banking Guidance covers various aspects such as customer security, system and network security for Internet banking and other controls Senior management should ensure that regular penetration tests are performed A penetration test should assess, at a minimum, the bank s Internet banking and any financial services delivered over the Internet or via a wireless network annually
10 Circular on Cyber Security (1) Board and senior management are expected to play a proactive role in ensuring effective cyber security risk management, covering at least Risk ownership and management accountability Periodic evaluations and monitoring of cyber security controls Industry collaboration and contingency planning Regular independent assessment and tests
11 Circular on Cyber Security (2) Risk ownership and management accountability Clear ownership and management accountability of cyber risks and measures, covering not only IT function Cooperation and strong security awareness and culture across a full spectrum of relevant users To include management, staff/contractors of banks or their banking group and relevant service providers Users at all levels should be alerted of their roles and responsibilities. They should be empowered and expected to escalate to the management their concerns
12 Circular on Cyber Security (3) Periodic evaluations and monitoring Senior management s periodic evaluations of cyber security controls, having regard to emerging threats and a credible benchmark endorsed by Board For any gaps identified out of periodic evaluations: Senior management s proper justifications and documentation of any risk acceptance Concrete implementation plan, supported by adequate staffing and financial resources, to uplift the cyber security controls
13 Circular on Cyber Security (4) Periodic evaluations and monitoring (cont d) The bank should determine benchmark that is endorsed by Board for periodic evaluations Benchmarks for more important banks should cover: Preventive and detective controls, such as registration, configuration and access controls of devices, software and networks; privileged user accounts; malware; application security; customer data; mobile devices; detection of unusual activities; service providers; user education Controls for dealing with contingency scenarios, such as incident management, system resilience and data recovery
14 Circular on Cyber Security (5) Periodic evaluations and monitoring (cont d) Board should demand periodic reports from senior management Overall situation and any significant risks identified out of periodic evaluations of banks cyber security controls Status of adherence to banks security policies by IT and other relevant functions on an ongoing basis
15 Circular on Cyber Security (6) Industry collaboration and contingency planning Senior management should designate relevant function(s) to explore appropriate opportunity of both sharing and gathering cyber threat intelligence in a timely manner Broader intelligence sharing among banks will enhance the industry s readiness Incident response mechanism and BCP that are properly enhanced and regularly tested, to deal with cyber attacks and even the more catastrophic ones
16 Circular on Cyber Security (7) Regular independent assessment and tests Sufficient cyber security expertise and resources for exercising effective and ongoing checks and balances Periodic evaluations and monitoring performed by senior management Contingency planning efforts Regular independent assessment Periodic penetration tests for more important banks
17 Circular on Cyber Security (8) Board and senior management should strengthen their oversight in those areas Some concrete progress (including periodic evaluations of cyber security controls) should start to be evidenced in Board meetings this year or early 2016 The HKMA will request banks to submit specific deliverables for assessing output or progress, if needed
18 Topics Landscape of cyber threats Supervisory guidance related to cyber security Onsite and offsite supervisory activities Industry initiatives
19 Onsite and Offsite Supervisory Activities (1) To reinforce the duties of Board and senior management and three lines of defense To seek documentary evidence and conduct sample checks to verify the representations made by Board, senior management and three lines of defense To look into oversight exercised by Board and senior management and why material deficiencies had remained undetected internally
20 Onsite and Offsite Supervisory Activities (2) To take supervisory actions if needed Prompt enhancement of Board and senior management oversight and the three lines of defense Review of accountability of the persons involved and appropriateness of disciplinary actions against the persons Slowdown or suspension of banks new IT-related initiatives External auditors validation of key rectification actions Other actions (e.g. review of CAMEL rating) as appropriate Supervisory consequences could be more costly than implementing the controls in the first place
21 Topics Landscape of cyber threats Supervisory guidance related to cyber security Onsite and offsite supervisory activities Industry initiatives
22 Industry Initiatives (1) Prevention, detection and responses to cyber attacks require collaboration within industry An industry-driven drill on general crisis management A table-top exercise to be held on 9 Oct 2015 Organized by Hong Kong Financial Services Business Continuity Management (HKFSBCM) Forum Not a regulatory exercise, and drill scenarios will not be disclosed before the exercise
23 Industry Initiatives (2) Further guidance may be needed for industry practitioners who conduct penetration tests Cooperation between the HKMA and Hong Kong Association of Banks: An industry minimum standard on Bring-Your-Own- Device (BYOD) issued in Oct 2014 to address the related information security risk Monitoring and addressing emerging cyber threats at the industry level, particularly in sharing threat intelligence
24 Q&A For further enquiries: Brian Lee and George Chou and Tsz-Wai Chiu and
Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationSFC strengthens internet trading regulatory controls
SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationLaunch of the Cybersecurity Fortification Initiative by the HKMA at Cyber Security Summit 2016
Launch of the Cybersecurity Fortification Initiative by the HKMA at Cyber Security Summit 2016 To further enhance the cyber resilience of the banking sector in Hong Kong, the Hong Kong Monetary Authority
More informationEffective Cyber Incident Response in Insurance Companies
August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance
More informationGUIDANCE NOTE ON CYBERSECURITY
GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationCyber Risk in the Marine Transportation System
Cyber Risk in the Marine Transportation System Cubic Global Defense MAR'01 1 Cubic.com/Global-Defense/National-Security 1 Cubic Global Defense Global Security Team Capabilities Program Management Integration
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationCybersecurity and Examinations
Tim Segerson, Deputy Director NCUA E&I Cybersecurity and Examinations October 6, 2016 Chicago, IL Connected Devices Declining costs + increased bandwidth + powerful algorithms will spur a new information
More informationTECHLAW AUSTRALIA. Update on cyber security and data protection. Thursday, 22 June Thursday, 22 June
TECHLAW AUSTRALIA Update on cyber security and data protection Thursday, 22 June 2017 www.dlapiper.com Thursday, 22 June 2017 0 Overview Current threat environment why now? What is required/expected? Scenarios:
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationBOT Notification No (1 September 2017)-check
Unofficial Translation This translation is for the convenience of those unfamiliar with the Thai language Please refer to Thai text for the official version -------------------------------------- Notification
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationBusiness Resilience & Incident Response Are You Ready?
HK Financial Services Business Continuity Management Forum 香港金融服務界業務持續管理協會 Business Resilience & Incident Response Are You Ready? April 2015 It is better to be prepared for an incident than to wait until
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017 PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory
More informationWhat Does the Future Look Like for Business Continuity Professionals?
What Does the Future Look Like for Business Continuity Professionals? October 26, 2016 Brian Zawada, FBCI President, US Chapter of the Business Continuity Institute Agenda and Objectives Change Standards
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationBring Your Own Device (BYOD)
Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSection One of the Order: The Cybersecurity of Federal Networks.
Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationThe Customer Relationship:
View the Replay on YouTube The Customer Relationship: Behind the Scenes with Managed Privacy Services September 10 th 2015 Executive Series Webinar Today s Speakers Ann Marie Harvey Privacy Manager Baptist
More informationExamining Cooperative Strategies through Cyber Exercises
Examining Cooperative Strategies through Cyber Exercises Presented to March Technical Colloquium Forum for Incident Response and Teams (FIRST) Ernest W. Drew, III March 26,2008 Tokyo, Japan Cyber Conflict
More informationBUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS
BUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS Dickenson Y. Africa, CPA, CISA, MBA, CBCLA Head of Business Continuity Office Bangko Sentral ng Pilipinas 16 March 2017
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationUnderstanding IT Audit and Risk Management
Understanding IT Audit and Risk Management Presentation overview Understanding different types of Assessments Risk Assessments IT Audits Security Assessments Key Areas of Focus Steps to Mitigation We need
More informationThe challenges of the NIS directive from the viewpoint of the Vienna Hospital Association
The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association page 1 Cybersecurity Strategy Essential Points The norms, principles and values that the City of Vienna and the
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationBYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013
BYOD Transformation April 3, 2013 Joe Leonard Director, Secure Networks Agenda Joe Leonard Introduction CIO Top 10 Tech Priorities What is BYOD? BYOD Trends BYOD Threats Security Best Practices HIPAA Security
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationFiscal 2015 Activities Review and Plan for Fiscal 2016
Fiscal 2015 Activities Review and 1. The Ricoh Group s Information Security Activities In response to changes emerging in the social environment, the Ricoh Group is promoting its PDCA management system
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationPeer Collaboration The Next Best Practice for Third Party Risk Management
SESSION ID: GRM-F02 Peer Collaboration The Next Best Practice for Third Party Risk Management Robin M. Slade EVP & COO The Santa Fe Group & Shared Assessments Program Introduction Q: How do we achieve
More informationSpecial Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)
Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) December 15, 2000 1. Goals of the Special Action Plan The goal of this action plan is to protect
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationFSOR. Cyber security in the financial sector VISION 2020 FINANCIAL SECTOR FORUM FOR OPERATIONAL RESILIENCE
FSOR FINANCIAL SECTOR FORUM FOR OPERATIONAL RESILIENCE DECEMBER 2016 Cyber security in the financial sector VISION 2020 The Danish financial sector should be best in class in Europe when it comes to countering
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationInformation Security and Cyber Security
Information Security and Cyber Security Policy NEC recognizes that it is our duty to protect the information assets entrusted to us by our customers and business partners as well as our own information
More informationCyber Security: Threat and Prevention
Expand Your Horizons Webinar Series Cyber Security: Threat and Prevention February 24, 2015 1:00 1:45pm The Webinar will begin shortly. You can ask a question in the box on the right hand side. We will
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationQualification Specification. Level 2 Award in Cyber Security Awareness For Business
Qualification Specification Level 2 Award in Cyber Security Awareness For Business ProQual 2016 Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates 4 Assessment
More informationTraining + Information Sharing: Pillars of enhancing cybersecurity posture
Training + Information Sharing: Pillars of enhancing cybersecurity posture Welland Chu VP, Professional Development & Secretary ISACA China Hong Kong Chapter June 2018 www.isaca.org Reported cyber incidents
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationCOPE-ing with Cyber Risk Exposures
COPE-ing with Cyber Risk Exposures Russ Cohen, Chubb Ron Bushar, Mandiant Consulting September 22, 2016 1 Agenda The Challenge Transforming COPE to Cyber COPE Evaluating Risk for Cyber COPE Questions 2
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationCYBER SECURITY TAILORED FOR BUSINESS SUCCESS
CYBER SECURITY TAILORED FOR BUSINESS SUCCESS KNOW THE ASIAN CYBER SECURITY LANDSCAPE As your organisation adopts digital transformation initiatives to accelerate your business ahead, understand the cyber
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationBusiness Continuity Policy
Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationCOMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards
November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationTangible Measures to Prepare for Intensified Regulatory Oversight of Cybersecurity in 2016
CLIENT ALERT: Tangible Measures to Prepare for Intensified Regulatory Oversight of Cybersecurity in 2016 August 4, 2016 Author: Hillard M. Sterling, Esq. I. SUMMARY Cybersecurity has taken center stage
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationCyber resilience, information security and operational continuity
Cyber resilience, information security and operational continuity Global Payments Week Torino, September 20/2016 Introduction The CPMI published earlier this year the Guidelines for cyber resiliency for
More informationImplementing a Global Business
GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More information