GDPR: The Day After. Pierre-Luc REFALO

Size: px
Start display at page:

Download "GDPR: The Day After. Pierre-Luc REFALO"

Transcription

1 GDPR: The Day After Pierre-Luc REFALO

2 The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal ( ) Author 2013 Award Teacher Speaker 2

3 «Success consists of going from failure to failure without loss of enthusiasm!» Sir Winston Churchill 3

4 You ve been breached: just a question of time 201 days average time to detect a cyber incident. (1) 70 days average time to recover after a targeted attack. (1) The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. GDPR Recital #4 27 April 2016 $445bn estimated annual cost to the global economy from cyber crime. (2) 89% of breaches had a financial or espionage motive. (3) 90% of cyberespionage breaches capture trade secrets or proprietary information. (3) (1) Ponemon Institute - Research Report (2) Hiscox - Cyber Readiness Report 2017 (3) Verizon - DBIR

5 You ve been breached: impacts are real and maybe huge What? Operational impact Disrupted process, stress, etc. Reputation impact The nightly news, market brand, etc. Legal impact Contractual clauses, Law suits, Class actions, etc. Economic impact Loss of revenue, fines, additional costs, etc... 5

6 You ve been breached: you have to understand How? When? 6

7 You ve been breached: real life 40 millions of financial data stolen 70 millions of personal data stolen Target Corporation suffered one of the largest cyber breaches to date.. $252 millions: loss of revenue (Q4 2013) $57 millions: reduced taxes $90 millions: Insurance reimbursement John Mulligan (Target CFO) had to face a Senate judiciary committee for almost 3 hours. Net loss = $105 millions (0,1% of 2014 sales) Source: Columbia University, Benjamin Dean 7

8 Extracts from GDPR: Section 2 Security of Personal Data Article 32 8

9 Did you monitor your Systems and Crown Jewels? 9

10 Did you protected your data and assets (enough)? 10

11 Did you perform a Privacy Impact Assessment? 11

12 Did you perform a Privacy Impact Assessment? Three different PIA approaches 1. PIA on organization - scope: privacy governance & policies The organizational privacy impact assessment reviews basically all GDPR articles and gives insight to define the organizations privacy governance and policy framework. 2. PIA on operations scope: business processes, systems & people The operational privacy impact assessment is very much related to the responsibility of the controller (art.24, GDPR). It reviews the technical & organizational measures of the existing operations to be compliant with the GDPR. 3. PIA on new business initiatives scope: new product & service development, marketing programs, campaigns, etc. Data protection impact assessment (as described in art.35, GDPR) are required, where the usage of new technologies is likely to result in a high risk to the rights and freedoms of natural persons. Risk mitigating measures have to be designed into products by default (art.25, GDPR). It is not a one off exercise; privacy is here to stay! 12

13 Did you implement Data Discovery and Classification? 13

14 Did you implement Data Discovery and Classification? The new Digital Landscape IT & IoT Public Cloud App Private Cloud App Data Center Internet Data analysis Big Data Gateway Gateway Data aggregation Connected Objects (IoT Products) Sensors Object Hub of sensors Hub of sensors Object Data Acquisition 14

15 Did you implement Data Discovery and Classification? Collect Classify Connect to all relevant DB and systems Identify Profile data to get a structure and format overview Identify Personal Data, in DB, tables and fields Start looking at deduplication Catalogue findings on fields, table and DB level According to risks - the nature - The scope - the volume - the users - the access - the location - the process itself 15

16 Do you plan a Journey to the Cloud? Cloud services provide better security than many on premise infrastructures. 3 topics remain under data owner / controller accountability: Governance, Risk & Compliance Identity and Access Management Information & Data Protection Two key challenges: Internet of Things and connected objects Geo-strategy & Sovereignty 16

17 Customer Manages Customer Manages Customer Manages Customer Manages The type of cloud service drives how shared responsibility is assigned between the Cloud Service Provider and the organisation On-Premises Infrastructure (as a Service) Platform (as a Service) Software (as a Service) Governance Risk & Compliance Governance Risk & Compliance Governance Risk & Compliance Governance Risk & Compliance Identity & Access Management Identity & Access Management Identity & Access Management Identity & Access Management Information and Data Protection Information and Data Protection Information and Data Protection Information and Data Protection Applications Applications Applications Applications Data Data Data Data Runtime Middleware O/S Virtualization Servers Storage Networking Runtime Middleware O/S Virtualization Servers Storage Networking Cloud Supplier Manages Runtime Middleware O/S Virtualization Servers Storage Networking Cloud Supplier Manages Runtime Middleware O/S Virtualization Servers Storage Networking.while Governance, Risk and Compliance, Identity & Access Management and Information & Data Protection will always be the responsibility of the customer Cloud Supplier Manages 17

18 Data Protection is a long term challenge that Capgemini handles globally since : 2 key Group Initiatives Binding Corporate Rules 18

19 Low Strength of Security Framework High We release a new survey on Cybersecurity & Privacy for Financial Institutions The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer and More Secure Strength of data privacy policies vs. strength of security framework Privacy-passives Pace-setters 20% 29% 31% 20% Laggards Low Source: Capgemini s Digital Transformation Institute Cybersecurity and Privacy Survey Strength of Data Privacy Policies Banking Insurance Security-sloths High 19

20 We provide 12 «end to end services» to help our clients to comply with GDPR Capgemini is a trusted partner from a strategic / tactical / operational perspective Organize Privacy Impact Assessment 4 3 Strategic Organization Transformation & Professionalization Data Discovery 5 6 Operational Data Automatic Classification Data Protection Maturity Assessment & Roadmap 1 2 Awareness & Change Management Compliance Tracking 8 7 IAM Fast Track 1 2 Monitor 4 3 Protect SOC & SOCaaS Data Leak Prevention Data & Data Base Security * + Anonymization 10 9 IDaaS * Incl. Key Management System 20

21 Data Privacy & Protection is at the heart of our internal CySIP program Win More Become a leader in Cyber Security and Data Privacy by being exemplary within our organization Provide best-in-class cybersecurity, alongside technology solutions BUSINESS RISK COMPLIANCE Be Secure Protect digital assets within Capgemini Protect the personal data of Capgemini employees and customers Secure our delivery to clients Be Trusted Comply with the law Provide solid cyber security and data privacy solutions to our clients The CySIP Program aims at leveraging the Capgemini Cybersecurity Unit to protect Capgemini s digital assets and reputation; to secure delivery management; and to develop business 21

22 Takeaways: Challenges The last stretch: Data Privacy / Protection Transformation Program Make sure a proper Data Protection Governance is in place including a Data Protection Officer when required - working with CISO and DRO 1 Establish accountability (Controller and Processor) for Personal Data Processing Implement encryption and enhance IAM within Database Translate GDPR to make it understandable to IT Staff: Developers, architects, project managers, etc. Business Lines (Marketing, Sales, Supply chain, etc.) and central functions (HR, Purchase, etc.) Cloud services stakeholders Implement a «security AND privacy by design» process Set up or revise privacy impact assessment procedures and privacy-by-design methods Handle increased requirements for security of processing taking into account the risk profile of data processed (pseudonimization in particular) Think about a specific «Design Authority» (decision making body) for critical processes On a case by case basis, prepare or develop a «DLP 2» initiative Shadow IT controls Threat Hunting Deep / Dark Web monitoring 1- Digital Risk Officer 2- Data Leak Prevention 22

23 Takeaways: Data and People are structuring Digital Risk Management 23

24 Takeaways: Privacy vs Security is still a challenge «Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin

Data Management and Security in the GDPR Era

Data Management and Security in the GDPR Era Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments, diagnosis and audits of your organization, the protection mechanisms

More information

Big data privacy in Australia

Big data privacy in Australia Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that

More information

Run the business. Not the risks.

Run the business. Not the risks. Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER SECURITY AIR TRANSPORT IT SUMMIT CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER

More information

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN! General Data Protection Regulation May 25, 2018 DON T PANIC! PLAN! Protect the human behind the data record. On May 25, 2018 the General Data Protection Regulation (GDPR) is entering into force. It requires

More information

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation (GDPR) The impact of doing business in Asia SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Incident Response Services

Incident Response Services Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

How will cyber risk management affect tomorrow's business?

How will cyber risk management affect tomorrow's business? How will cyber risk management affect tomorrow's business? The "integrated" path towards continuous improvement of information security Cyber Risk as a Balance Sheet Risk exposing Board and C-Levels 2018

More information

M&A Cyber Security Due Diligence

M&A Cyber Security Due Diligence M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security

More information

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity

More information

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain Merritt and Martijn will share insights on Digital Transformation & Drivers

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

Cybersecurity Session IIA Conference 2018

Cybersecurity Session IIA Conference 2018 www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that

More information

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016 Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

PROTECTING BRANDS IN CYBERSPACE

PROTECTING BRANDS IN CYBERSPACE Speaker Profile Abhishek Agarwal, CIPP/US: Security & Privacy Leader at Kraft Foods Manage compliance programs to safeguard consumer, customers and employee information. Responsible for protecting brand

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

2017 RIMS CYBER SURVEY

2017 RIMS CYBER SURVEY 2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the

More information

Emerging Technologies The risks they pose to your organisations

Emerging Technologies The risks they pose to your organisations Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?

More information

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee

More information

GDPR COMPLIANCE REPORT

GDPR COMPLIANCE REPORT 2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.

More information

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.

More information

Internet of Things Toolkit for Small and Medium Businesses

Internet of Things Toolkit for Small and Medium Businesses Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors

More information

GDPR Update and ENISA guidelines

GDPR Update and ENISA guidelines GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

CISO as Change Agent: Getting to Yes

CISO as Change Agent: Getting to Yes SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch

More information

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber

More information

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean? Cyber Security One of the Most Critical Risk Mitigation Efforts to Bridge the Gap Between Compliance and Ethics Charly Shugg, Brigadier General, USAF, Retired Partner Chief Operating Officer Sylint Group,

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

The NIS Directive and Cybersecurity in

The NIS Directive and Cybersecurity in The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security

More information

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria Ian Speller CISM PCIP MBCS Head of Corporate Security at Sopra Steria Information Risk in the Real World Realistic security management on a tight budget Or some things I have done to make the security

More information

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data

More information

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats SELLING YOUR ORGANIZATION ON APPLICATION SECURITY Navigating a new era of cyberthreats Selling Your Organization on Application Security 01 It's no secret that cyberattacks place organizations large and

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

Avanade s Approach to Client Data Protection

Avanade s Approach to Client Data Protection White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions

More information

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE SESSION ID: SBX4W5 SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE Dara Such VP & Publisher, Security Networking and IoT TechTarget @darasuch What we ll cover today State of SecOps:

More information

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.

More information

falanx Cyber ISO 27001: How and why your organisation should get certified

falanx Cyber ISO 27001: How and why your organisation should get certified falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management

More information

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO The Race To Digitize Automotive Telematics In-vehicle entertainment

More information

Moving Workloads to the Public Cloud? Don t Forget About Security.

Moving Workloads to the Public Cloud? Don t Forget About Security. Whitepaper Moving Workloads to the Public Cloud? Don t Forget About Security. Key considerations for developing a cloud-ready cybersecurity strategy Introduction For many organizations today, it s not

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Presentation Objectives Introductions Cyber security context Cyber security in the maritime sector Developing cybersecurity

More information

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical

More information

The Etihad Journey to a Secure Cloud

The Etihad Journey to a Secure Cloud SESSION ID: CCS-T07 The Etihad Journey to a Secure Cloud Georges de Moura Head of Group Information Security, Risk & Compliance Etihad Aviation Group History: Before The Cloud Devolved IT Decision-Making

More information

Cyber-Threats and Countermeasures in Financial Sector

Cyber-Threats and Countermeasures in Financial Sector Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats

More information

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into

More information

European Union Agency for Network and Information Security

European Union Agency for Network and Information Security Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an

More information

What It Takes to be a CISO in 2017

What It Takes to be a CISO in 2017 What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge

More information

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand

More information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,

More information

In Accountable IoT We Trust

In Accountable IoT We Trust In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design

More information

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes New targets for cyberattacks New challenges for cybersecurity not only money transaction and bank accounts

More information

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582

More information

CYBER INSURANCE: MANAGING THE RISK

CYBER INSURANCE: MANAGING THE RISK CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt

More information

Canada Life Cyber Security Statement 2018

Canada Life Cyber Security Statement 2018 Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability

More information

Defensible and Beyond

Defensible and Beyond TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial

More information

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February, GDPR Impacts SEV GDPR Workshop Athens Giles Watkins, UK Country Leader Wednesday 7th February, 2018 Agenda What is the Privacy Opportunity? What is different under GDPR? Where organisations are focusing?

More information

EY s data privacy service offering

EY s data privacy service offering EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world Introduction Data privacy encompasses the rights and obligations

More information

Clarity on Cyber Security. Media conference 29 May 2018

Clarity on Cyber Security. Media conference 29 May 2018 Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26

More information

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Putting security first for critical online brand assets. cscdigitalbrand.services

Putting security first for critical online brand assets. cscdigitalbrand.services Putting security first for critical online brand assets cscdigitalbrand.services 2 As the most security conscious digital brand service provider, our clients trust us to take care of their businesses and

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Traditional Security Solutions Have Reached Their Limit

Traditional Security Solutions Have Reached Their Limit Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL

More information

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

More information

Information Security Forum Hvad er nyt fra ISF?

Information Security Forum Hvad er nyt fra ISF? Information Security Forum Hvad er nyt fra ISF? v. Christian Kjær, ISF Chapter Agent Danmark Sikkerhed & Revision 7. September 2018 1 Agenda Kort introduktion til Information Security Forum Hvad interesserer

More information

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager 2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

ISACA West Florida Chapter - Cybersecurity Event

ISACA West Florida Chapter - Cybersecurity Event ISACA West Florida Chapter - Cybersecurity Event Presented by Sri Sridharan Managing Director & Chief Operating Officer Florida Center for Cybersecurity CURRENT TRENDS Top Cybersecurity Trends of 2015

More information

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step

More information

Secure your company s Crown Jewels. workshop

Secure your company s Crown Jewels. workshop Secure your company s Crown Jewels 1 Your company s Crown Jewels The most valuable data, intellectual property (IP) and trade secrets form the heart of an organization s identity. The theft, misuse or

More information

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved. FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

The GDPR Are you ready?

The GDPR Are you ready? The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security Cyber Resiliency Minimizing the impact of breaches on business continuity Jean-Michel Lamby Associate Partner - IBM Security Brussels Think Brussels / Cyber Resiliency / Oct 4, 2018 / 2018 IBM Corporation

More information

Anticipating the wider business impact of a cyber breach in the health care industry

Anticipating the wider business impact of a cyber breach in the health care industry Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada,

More information

Legal Issues Surrounding the Internet of Things and Other Emerging Technology

Legal Issues Surrounding the Internet of Things and Other Emerging Technology Legal Issues Surrounding the Internet of Things and Other Emerging Technology ACC Houston Chapter Meeting September 12, 2017 Jonathan Ishee Vorys Sater Seymour and Pease, LLP Dean Fisher RigNet Overview

More information

Altitude Software. Data Protection Heading 2018

Altitude Software. Data Protection Heading 2018 Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this

More information

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.

More information

FOR FINANCIAL SERVICES ORGANIZATIONS

FOR FINANCIAL SERVICES ORGANIZATIONS RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly

More information

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!

More information