Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Size: px
Start display at page:

Download "Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise"

Transcription

1 February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO & Co-Founder Continuity

2 Our Focus for Today 1. How to align cybersecurity with the business 2. Identify why current response frameworks are incomplete 3. Avoid creating a security program silo 4. Create accountability across the organization 5. Create effective analytics that can speak to the business 6. Build an effective cyber response action plan The key: Accomplish the above by taking an integrated risk approach that leverages business continuity management

3 The Global Cyber Threat Landscape Continues to Increase in Velocity and Complexity In 2014, many consumers began feeling breach fatigue and 2015 is on another record setting pace ATTACKERS go undetected for 229 Days Source:2014 Mandiant Report CYBER ATTACKS could cost the global economy $3 TRILLION in lost productivity & growth Source:mckinsey& co report average cost of a data breach $3.5M increased 15% over the past year Source: 2014 study Phonemon Institute More than 140 Countries have some level of cyber weapon development program Source:fortune.com Data breaches tracked hit a record high in 2014 at 783 a 27.5% increase over ITRC 2014 Breach List

4 Understanding Your Threat Actors Evolution of Threats Cyber Espionage Well Funded, focused on high dollar assets like Intellectual Property Highly skilled/patient, State Sponsored Evolve with their targets Skilled Efficient Patient Motivated Pre-2009 Focus on defense against this scope of attackers Attackers looked for easy targets Address the basics Be better than the next company and they will move on Elite Attackers Skilled Aggressors Talented Bigger Agenda Enables Masses The Masses Use tools others develop Desire Status Want to be a part of something Cyber Espionage Cyber Warfare Cyber Crime Hacktivist Cyber Warfare Cyber Crime Hacktivist Internal Highly skilled and patient Focused on strategic targets Aligned with a much larger agenda Highly skilled and patient Focused on easily monetized assets Well versed in Global Cybercrime Laws Want to be a part of the cause Focused on embarrassment of target Less skilled, but organized and motivated Often Cyber Espionage related Data Leakage/Data Theft Inadvertent insider mistakes

5 The Need for Business-Driven Cyber Security Program Management Limited to IT Changing Role of the CISO Lack of Language Technology Lack of Financial Accountability Lack of Skills and Expertise Not Connected to Organizational Impact Planning Cyber Risk = Compliance Velocity of Change Lack of Mindset Lack of Process

6 What Should a Business-Driven Cyber Security Program Deliver? 1. Navigate away from the compliance check-box exercise with little regard to the real risks the organization faces 2. A modern communication approach that all stakeholders (board of directors, operations and IT) can understand: dollars and cents 3. Provide a decision-making framework for prioritizing risk mitigation, optimizing security investments and transferring risk 4. A financially-driven, risk based approach helps executives understand the business impact of decisions and select the controls that actually help the organization succeed

7 What Should a Business-Driven Cyber Security Program Deliver? 1. Navigating away from the compliance check-box exercise with little regard to the real risks the organization faces 2. A modern communication approach that all stakeholders (board of directors, operations and IT) can understand: dollars and cents 3. Provide a decision-making framework for prioritizing risk mitigation, optimizing security investments and transferring risk 4. A financially-driven, risk based approach helps executives understand the business impact of decisions and select the controls that actually help the organization succeed HOW DO WE ACHIEVE THIS?

8 Hey, Why not just use GRC

9 Challenges with GRC and Legacy Approaches Of the three promises of GRC, most organizations may be realizing only one: Compliance No standard cyber risk model and taxonomy Lack of timeframe estimates Misaligned likelihood and impact estimates Qualitative rating scale definitions Multiplying red, yellows and greens Does not help in a dynamic threat event

10 How about Integrate with your Business Continuity Program?

11 Benefits of Integrating with the Business Continuity Program 1. Cost savings 2. Connected to the business 3. Rich database of dependency relationships between people, process, technology, assets, product lines, and third parties 4. Focus on response plan development and testing 5. Continuous improvement process 6. Experience

12 The largest component of the total cost of a data breach is lost business Components of the $3.62 million cost per data breach Lost business cost $1.51 million Abnormal turnover of customers, increased customer acquisition cost, reputation losses, diminished goodwill $3.62 million Detection and escalation $0.99 million Forensics, root cause determination, organizing incident response team, identifying victims Ex-post response $0.93 million Help desk, inbound communications, special investigations, remediation, legal expenditures, product discounts, identity protection service, regulatory interventions Notification $0.19 million Disclosure of data breach to victims and regulators IBM Ponemon 2017 Cost of Data Breach Study

13 What you can do to help reduce the cost of a data breach Amount by which the cost-per-record was lowered Areas that can be supported by the Business Continuity Program Incident response team Extensive use of encryption Employee training Business Continuity Management involvement Participation in threat sharing Use of security analytics Use of DLP Data classification Insurance protection CISO appointed Board-level involvement CPO appointed $6.80 $6.20 $5.70 $5.40 $5.20 $5.10 $2.90 * $8.00 $12.50 $10.90 * $16.10 * $19.30 IBM Ponemon 2017 Cost of Data Breach Study Savings are higher than 2016 * No comparative data Currencies converted to US dollars

14 BCM reduces cost per day and total number of days in a cyber incident Lost Business is the biggest financial consequence of a data breach followed by detection and response BCM saves on average 43 days on identification and 35 days on containment per cyber incident BCM significantly reduces the cost per breach both record and incident BCM reduces the likelihood of a breach by 25% BCM reduces material disruptions to business by 28% and improves IT resilience by 23% BCM diminishes negative impact on brand reputation by 18% IBM Ponemon 2017 Cost of Data Breach Study

15 Business Continuity Requires Cross Functional Alignment and Business Ownership Oversight Authority Accountability Visibility Consistency Coordination BCM oversight Sponsor BIA refresh Align BCM with business strategy Provide BCM Governance Provide metrics and reporting Conduct training and awareness Drive BIA refresh ERM Team BCM Team Crisis Management Team BC/DR Plan Activation Crisis communications Command and control Assessment Management Responsibility IT Disaster Recovery Site Continuity Work Force Resilience Mitigation Reporting Maintenance Align DR with BC requirements Develop/update DR plans Coordinate DR Tests Report on DR status Site emergency response plans Coordinate with local authorities (PD, Fire, EMT) Conduct site tests Provide metrics and reporting Identification of Resources Cross Training Succession Planning Periodic Training/Update

16 Synergies Achieved through Alignment of Risk Management Programs Risk Stakeholders Cyber Security Program Deter Detect Respond Recover Enterprise Risk Privacy Program Data Protection Data Use Legal & Regulatory Compliance Crisis Management Team Incident Response Business Continuity Management Business Impact Analysis Disaster Recovery Site Continuity Workforce Resilience Intelligence Fusion Center Clear Delineation of Risks Becomes More Difficult Unifying Processes Drives Consistency and Preparedness

17 Shift from Qualitative to Quantitative Analysis Current Risk Approach is Qualitative (ie NIST CSF) Need to adding the economic dimension to your reporting

18 Shift from Qualitative to Quantitative Analysis BCP supports Quantitative (ie Business Impact Analysis) BCP adds an economic dimension to NIST CSF assessments by quantifying cybersecurity risk in financial terms, dollars and cents.

19 Shift from Qualitative to Quantitative Analysis Benefits The combination of both NIST and BCP enables organizations to: 1. Assess where the biggest loss exposures are 2. Conduct cost-benefit analyses for initiatives that improve risk activities 3. Prioritize risk mitigation initiatives based on business impact 4. Improve how you communicate to the business

20 By Integrating with BCP You Can Build the Cyber Resilient Enterprise Leverage a building mindset around resilience Enable ongoing business impact and threat assessment analysis Categorize threats, users, digital assets and locations into priority classifications Report against policy Build prevention and response plans with workflow and automation by threat category Empower Incident Response and ongoing testing and exercising to improve capabilities Enable security training and awareness in the same platform as the response plans Operationalize and unify multiple aspects of the enterprise security operations, governance & risk Integrate all sources of record and truth related to security operations and intelligence

21 A NEW APPROACH TO INTEGREATED RISK MANAGEMENT

Ponemon Institute s 2018 Cost of a Data Breach Study

Ponemon Institute s 2018 Cost of a Data Breach Study Ponemon Institute s 2018 Cost of a Data Breach Study September 18, 2018 1 IBM Security Speakers Deborah Snyder CISO State of New York Dr. Larry Ponemon Chairman and Founder Ponemon Institute Megan Powell

More information

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on

More information

How to Conduct a Business Impact Analysis and Risk Assessment

How to Conduct a Business Impact Analysis and Risk Assessment How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber

More information

Information Security Is a Business

Information Security Is a Business Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved. FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

What It Takes to be a CISO in 2017

What It Takes to be a CISO in 2017 What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge

More information

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER SECURITY AIR TRANSPORT IT SUMMIT CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER

More information

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

BCM s Role in Effective Risk Management: A Risk Manager s Point of View BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation

More information

Cybersecurity. Securely enabling transformation and change

Cybersecurity. Securely enabling transformation and change Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.

More information

Disaster Recovery and Business Continuity Planning (Mile2)

Disaster Recovery and Business Continuity Planning (Mile2) Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

Rethinking Information Security Risk Management CRM002

Rethinking Information Security Risk Management CRM002 Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design

More information

The State of Cybersecurity and Digital Trust 2016

The State of Cybersecurity and Digital Trust 2016 The State of Cybersecurity and Digital Trust 2016 Identifying Cybersecurity Gaps to Rethink State of the Art Executive Summary Executive Summary While the advent of digital technology has fueled new business

More information

Table of Contents. Sample

Table of Contents. Sample TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...

More information

Healthcare HIPAA and Cybersecurity Update

Healthcare HIPAA and Cybersecurity Update Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity

More information

SECURITY INCIDENT MANAGEMENT. Solution Primer. Jenn Black. Senior Research AnalystSolutions Research and Development Office of the CISO, Optiv

SECURITY INCIDENT MANAGEMENT. Solution Primer. Jenn Black. Senior Research AnalystSolutions Research and Development Office of the CISO, Optiv SECURITY INCIDENT MANAGEMENT Solution Primer Jenn Black Senior Research AnalystSolutions Research and Development Office of the CISO, Optiv Introduction Today, the capability to respond effectively to

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Advising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015

Advising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015 Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a

More information

NCSF Foundation Certification

NCSF Foundation Certification NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity

More information

Implementing a Global Business

Implementing a Global Business GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation

More information

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling

More information

Incident Response and Cybersecurity: A View from the Boardroom

Incident Response and Cybersecurity: A View from the Boardroom IT, Privacy & Data Security Webinar Incident Response and Cybersecurity: A View from the Boardroom Gerard M. Stegmaier, Reed Smith Partner IT, Privacy & Data Security Samuel F. Cullari, Reed Smith Counsel

More information

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance

More information

Convergence of BCM and Information Security at Direct Energy

Convergence of BCM and Information Security at Direct Energy Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc

More information

Continuous protection to reduce risk and maintain production availability

Continuous protection to reduce risk and maintain production availability Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading

More information

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

M&A Cyber Security Due Diligence

M&A Cyber Security Due Diligence M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and

More information

Building a BC/DR Control Library and Regulatory Response Program

Building a BC/DR Control Library and Regulatory Response Program Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance

More information

The Impact of Cybersecurity, Data Privacy and Social Media

The Impact of Cybersecurity, Data Privacy and Social Media Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus

More information

People risk. Capital risk. Technology risk

People risk. Capital risk. Technology risk Decode secure. People risk Capital risk Technology risk Cybersecurity needs a new battle plan. A better plan that deals with the full spectrum of your company s cybersecurity not just your technology.

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

2017 Cost of Data Breach Study

2017 Cost of Data Breach Study 2017 Cost of Data Breach Study South Africa Benchmark research sponsored by IBM Security Independently conducted by Ponemon Institute LLC June 2017 Ponemon Institute Research Report 2017 Cost of Data Breach

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Cybersecurity and HIPAA update Agenda Introductions Cybersecurity Overview

More information

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.

More information

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology

More information

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical

More information

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity

More information

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016 Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the

More information

GDPR COMPLIANCE REPORT

GDPR COMPLIANCE REPORT 2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.

More information

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

GUIDANCE NOTE ON CYBERSECURITY

GUIDANCE NOTE ON CYBERSECURITY GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope

More information

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants

More information

Forensics and Active Protection

Forensics and Active Protection Forensics and Active Protection Computer and Network Forensics Research Project 2003 Work Update Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Outline CNF Project Goal

More information

Protecting your next investment: The importance of cybersecurity due diligence

Protecting your next investment: The importance of cybersecurity due diligence Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

Enterprise GRC Implementation

Enterprise GRC Implementation Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest

More information

Angela McKay Director, Government Security Policy and Strategy Microsoft

Angela McKay Director, Government Security Policy and Strategy Microsoft Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

More information

You ve Been Hacked Now What? Incident Response Tabletop Exercise

You ve Been Hacked Now What? Incident Response Tabletop Exercise You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips

More information

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Moderator: Presenters: Ross Albert Damon D Levine

Moderator: Presenters: Ross Albert Damon D Levine SOA Antitrust Disclaimer SOA Presentation Disclaimer Session 7: Cyber Risk Management: From the Inside and the Outside Moderator: Presenters: Ross Albert Damon D Levine A Holistic Approach to Cyber Risk

More information

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber experts from Marsh & McLennan Companies and WomenCorporateDirectors hosted an engaging webcast on August 16 th entitled Cyber Risk A

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination

More information

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing

More information

GDPR: The Day After. Pierre-Luc REFALO

GDPR: The Day After. Pierre-Luc REFALO GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal

More information

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING

More information

Cybersecurity and the role of internal audit An urgent call to action

Cybersecurity and the role of internal audit An urgent call to action Cybersecurity and the role of internal audit An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could cost businesses

More information

Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program

Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program SESSION ID: GRC-W03 Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program Chris Houlder CISO Autodesk, Inc. @chrishoulder chris.houlder@autodesk.com Husam Brohi Director, Cybersecurity

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes New targets for cyberattacks New challenges for cybersecurity not only money transaction and bank accounts

More information

NEXT GENERATION SECURITY OPERATIONS CENTER

NEXT GENERATION SECURITY OPERATIONS CENTER DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting

More information

Incident Response Services

Incident Response Services Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and

More information

Adaptive & Unified Approach to Risk Management and Compliance via CCF

Adaptive & Unified Approach to Risk Management and Compliance via CCF SESSION ID: SOP-W08 Adaptive & Unified Approach to Risk Management and Compliance via CCF Vishal Kalro Manager, Risk Advisory & Assurance Services (RAAS) Adobe @awish11 Disclaimer All the views presented

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017 State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and

More information

WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA

WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY Integrating Resiliency into Our Culture and DNA Table of Contents Executive Summary.... 3 Background.... 4 Charter.................................................................4

More information

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an

More information

Secure the value chain. Risk management in the omnichannel consumer and retail environment

Secure the value chain. Risk management in the omnichannel consumer and retail environment Secure the value chain Risk management in the omnichannel consumer and retail environment Table of contents See the dark side 2 of security Review developing 2 security trends Address organizational 3

More information

Information Security Risk Strategies. By

Information Security Risk Strategies. By Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not

More information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF Virtual CISO SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten

More information