10 Cybersecurity Questions for Bank CEOs and the Board of Directors
|
|
- Madeline Hodges
- 6 years ago
- Views:
Transcription
1 4 th Annual UBA Bank Executive Winter Conference February, Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors and Management Team is Responsible for Security On a scale of 1 to 10, grade your board s ability to: Understand cyber risks Give attention and resources to cyber risks 2 1
2 What Can You Do? 3 Layered Security Approach 4 2
3 Top Security Threats 1. Hacking 2. Data Leakage 3. Social Engineering 4. Corporate Account Takeover 5. ATM Most threats involve installing MALWARE Small and medium sized banks are in the cross-hairs of the cyber criminal Howard Schmidt, Cybersecurity Secretary for the White House 5 Hacking Threat #1 6 3
4 Hacker Tools Examples Tools to hack your bank are downloadable Default passwords are all available Economy is available to sell stolen data ( underground markets ) 7 Data Leakage Threat #2 8 4
5 Data Leakage Data Leakage is about insiders leaking customer information out of your bank Most attention is paid to outsiders breaking into your network (aka hackers) Malicious Behavior Accidental 9 Misuse of Bank Computers 10 5
6 Social Engineering Threat #3 11 Social Engineering What is Social Engineering? Exploitation of human nature for the gathering of sensitive information. Tool attackers use to gain knowledge about employees, networks, vendors or other business associates. 12 6
7 Sample Social Engineering Methods Phishing/Pharming Telephone (Remote Impersonation) Dumpster Diving Impersonation Scams USB Sticks 13 Corporate Account Takeover Threat #4 14 7
8 Small Business Security 70% lack basic security controls Conduct a risk assessment looking for these basic security controls Firewall, Strong passwords, Malware Protection Etc. 15 Finger Pointing? 16 8
9 Bottom Line: You Lose Customers 17 ATM Fraud Threat #5 18 9
10 Skimmer Camera 19 Question How long does it take to install a skimmer?
11 21 ATM Cyber Heists 22 11
12 Question for Boards & Mgmt Team What is your bank doing to mitigate the risks of: Hacking Data Leakage Social Engineering Corporate Account Takeover ATM Fraud Answer Should Be: 1.Layered Security Program 2.Risk Assessment 3.Customer Awareness and Education 4.Effective Auditing 23 Layered Information Security Program for Your Bank I.T. Risk Assessment Asset Management Vendor Management Penetration Testing Vulnerability Assessment Security Awareness Business Continuity Incident Response I.T. Audit Documentation Boards & Committees 24 12
13
14 2014 FFIEC Cybersecurity Assessments Cybersecurity & Critical Infrastructure Working Group (CCWIG) Targeted Regulatory Exams June 2013, the FFIEC established the Cybersecurity and Critical Infrastructure Working Group (CCWIG) Approximately 500 assessments with $1 billion or less in assets Information gathering and learning mode Finalized report in mid 2014 for all exams moving forward 28 14
15 Cybersecurity Assessment Scope Exams build upon key aspects of existing supervisory expectations addressed in the FFIEC IT Handbook Assesses the complexity of an institution s operating environment. Assesses an institution s current practices and overall cybersecurity preparedness, with a focus on the following key areas: Risk Management and Oversight Threat Intelligence and Collaboration Cybersecurity Controls External Dependency Management Cyber Incident Management and Resilience Cybersecurity-Assessment-Overview.pdf 29 Summary of Results Strong risk management program Enhanced vulnerability assessment program Share and collaborate cyber security information with other institutions Enhanced vendor management program Enhanced incident response plans Training and education on information (cyber) security is going to be emphasized Board participation and education involving information security is going to be EXAMINED and REGULATED Are you keeping your Boards appraised of cyber security issues and how your institution is responding? 30 15
16 Cybersecurity Training 1. Routinely discussing cybersecurity issues in board and senior management meetings will help the financial institution set the tone from the top and build a security culture. Boards are going to be held to a higher standard! Do you review loans at Board meetings? Better start reviewing Information Security items as well! 2. While most financial institutions understand the need to train employees on cybersecurity risk management, the outcome and benefits improve when training and awareness programs are kept current and are provided on a routine basis. The more educated and knowledgeable your people are, the more risk you reduce! 31 Section 1 Cybersecurity Inherent Risk Findings and Concerns Regulators are concerned that you don t have all your connections, systems, and products inventoried Regulators are concerned that every connection, system, and product is not hardened Regulators are concerned that your risk assessment process is inadequate Regulators are concerned that your enterprise risk management program does not accurately reflect cyber risk 32 16
17 Section 1 Cybersecurity Inherent Risk FFIEC Questions 1. What type of connections does your bank have? 2. How are you managing these connections to deal with evolving threats and vulnerabilities? 3. Do you need all your connections? 4. How do you evaluate evolving threats and vulnerabilities in your risk assessment process? 5. How do your connections and technologies collectively affect your bank s risk posture? 33 Section 1 Cybersecurity Inherent Risk Management Actions Expand your bank s network diagram to include all bank connections Update your risk assessment to reflect the additional inherent risk these connections introduce Automate risk assessment to calculate inherent risk metrics and measurements Mature bank s enterprise risk management program to include cybersecurity inherent risk Ensure next I.T. audit thoroughly examines cybersecurity inherent risk 34 17
18 Section 2 Cybersecurity Preparedness FIVE Topics 1. Risk Management and Oversight 2. Threat Intelligence and Collaboration 3. Cybersecurity Controls 4. External Dependency Management 5. Cyber Incident Management & Resilience 35 Section 2 Cybersecurity Preparedness Topic 1 - Risk Management & Oversight 1. Involves risk assessment and management 2. Involves allocating human and financial resources 3. Includes governance and compliance 4. Includes awareness, training and education 36 18
19 Section 2 Cybersecurity Preparedness Topic 1-Risk Management & Oversight Findings and Concerns 1. Board and senior management is not regularly discussing cyber threats. 2. Board and senior management is not setting the tone at the top 3. Board and senior management is not properly trained to do their jobs to manage cyber risks 4. Training must be current and regular (not once a year) 5. Banks are vulnerable to social engineering attacks 37 Section 2-Cybersecurity Preparedness Topic 1-Risk Management & Oversight FFIEC Questions 1. What is the process to ensure ongoing and routine discussions by the board and senior management about cyber threats to your bank? 2. How is accountability determined for managing cyber risks across the bank? Does this include management s accountability for business decisions that may introduce new cyber risks? 3. What is the process for ensuring ongoing employee awareness and effective response to cyber risks? 38 19
20 Section 2-Cybersecurity Preparedness Topic 1-Risk Management & Oversight Management Actions Draft information security strategy and have all management and board members sign off Have standing item on board agenda: cybersecurity Set the tone from the top 39 Section 2-Cybersecurity Preparedness Topic 1-Risk Management & Oversight Management Actions Automate risk assessment to calculate residual risk metrics and measurements Mature bank s enterprise risk management program to include cybersecurity residual risk 40 20
21
22
23 Section 2-Cybersecurity Preparedness Topic 1-Risk Management & Oversight Management Actions Ensure next I.T. audit thoroughly examines cybersecurity residual risk Conduct social engineering tests each quarter: Q1 : Dumpster Dive Q2 : Phishing Scam Q3 : Pretext Calling Q4 : Physical Impersonation Ensure next I.T. audit thoroughly examines security awareness program, management/board credentials, and roles/responsibilities 45 What Can You Do? Focus on a program Get good at risk assessment Focus them on the big 5 threats Put information in a form they can understand Involve Board members in your bank s security awareness program Train them 46 23
24 Section 2-Cybersecurity Preparedness Topic 2-Threat Intelligence/Collaboration FFIEC Questions 1. What is the process to gather and analyze threat? 2. How is accountability determined for managing cyber risks across the bank? Does this include management s accountability for business decisions that may introduce new cyber risks? 3. What is the process for ensuring ongoing employee awareness and effective response to cyber risks? 47 Section 2-Cybersecurity Preparedness Topic 2-Threat Intelligence/Collaboration Findings and Concerns 1. Threat intelligence is lacking in banks 2. Banks rely on media reports which is reactionary and insufficient 3. Monitoring of event logs is insufficient 48 24
25 Section 2-Cybersecurity Preparedness Topic 2-Threat Intelligence/Collaboration Management Actions 1. Build threat intelligence capability 2. Build relationships with FS-ISAC, InfraGard, and other threat intelligence groups 3. Improve monitoring of event logs to identify patterns and problems 4. Build relationships with law enforcement prior to an incident occurring 49 InfraGard Certification Training program for staff on information security The InfraGard Awareness information security awareness course is FREE to all individuals and small businesses with 25 or fewer employees. Send your Board thru this program! Tweleve lessons (4-9 minutes each) Optional certificate to hang in the workplace 50 25
26 Section 2-Cybersecurity Preparedness Topic 3-Cybersecurity Controls Findings and Recommendations 1. Preventative controls have been the focus 2. Detective and corrective controls are lacking 3. Vulnerability assessments are insufficient 4. Penetration testing is insufficient 5. Banks should take an enterprise view to IT risk 6. Vulnerability remediation is lacking 51 Section 2-Cybersecurity Preparedness Topic 3-Cybersecurity Controls FFIEC Questions 1. What is the process for determining and implementing controls? 2. Does the process call for a review and update of controls when changing the I.T. environment? 3. What is the process for classifying data and determining appropriate controls based on risk? 4. What is the process for ensuring that risks identified are remediated? 52 26
27 Section 2-Cybersecurity Preparedness Topic 3-Cybersecurity Controls Management Actions 1. Improve detective and corrective controls 2. More frequent and deeper vulnerability assessments 3. More frequent and deeper penetration testing 4. Implement/mature enterprise risk management 5. Improve vulnerability remediation 53 Action Tracking 54 27
28 Section 2-Cybersecurity Preparedness Topic 4-Vendor Management Findings and Recommendations 1. Many banks have processes in place to manage vendors 2. Many banks lack documented roles & responsibilities in the contract/incident response plan 55 Section 2-Cybersecurity Preparedness Topic 4-Vendor Management FFIEC Questions 1. How is bank connecting to third parties and ensuring that are managing cybersecurity controls? 2. What are third parties responsibilities during a cyber attack? Are they outlined in an incident response plan? 56 28
29 Section 2-Cybersecurity Preparedness Topic 4-Vendor Management Management Actions 1. Documents how the bank is connecting to third parties and ensuring that are managing cybersecurity controls 2. Document in the contract/incident response plan the roles & responsibilities of third parties during a cyber attack 57 Section 2-Cybersecurity Preparedness Topic 5-Incident Management Findings and Recommendations 1. Internal and external communication is often lacking to handle a cyber incident 2. Cyber incident scenarios are inadequately incorporated into bank s business continuity and disaster recovery plans 3. BCP/DR plans are often not sufficiently tested 58 29
30 Section 2-Cybersecurity Preparedness Topic 5-Incident Management FFIEC Questions 1. In the event of a cyber attacks, how will bank respond internally and with customers, third parties, regulators and law enforcement? 2. How are cyber incident scenarios incorporated into bank s business continuity and disaster recovery plans? 3. Have BCP/DR plans been tested? 59 Section 2-Cybersecurity Preparedness Topic 5-Incident Management Management Actions 1. Work to improve internal and external communication to handle a cyber incident 2. Incorporate Cyber incident scenarios into bank s business continuity and disaster recovery plans 3. Sufficiently test BCP/DR plans 60 30
31 SBS Certified Board Member 61 Risk Assessment Schedule 62 31
32 Auditing Results 63 U.S. Department of Treasury Press Release December, Is cyber risk part of our current risk management framework? 2. Do we follow the NIST Cybersecurity Framework? 3. Do we know the cyber risks that our vendors and third-party service providers expose us to, and do we know the rigor of their cybersecurity controls? 4. Do we have cyber risk insurance? 5. Do we engage in basic cyber hygiene? 6. Do we share incident information with industry groups? If so, when and how does this occur? 7. Do we have a cyber-incident playbook and who is the point person for managing response and recovery? 8. What roles do senior leaders and the board play in managing and overseeing the cyber incident response? 9. When and how do we engage with law enforcement after a breach? 10. After a cyber incident, when and how do we inform our customers, investors, and the general public? 32
33 False Sense of Security 65 Contact Info Dr. Kevin Streff Dakota State University Secure Banking Solutions, LLC
Emerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationInterpreting the FFIEC Cybersecurity Assessment Tool
Interpreting the FFIEC Cybersecurity Assessment Tool Wayne H. Trout, CISA, CRISC, CBCA, CBRA, CBRITP NCUA Supervisor, Critical Infrastructure and Cybersecurity What We ll Cover Cyber risk management Cybersecurity
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCybersecurity and Examinations
Tim Segerson, Deputy Director NCUA E&I Cybersecurity and Examinations October 6, 2016 Chicago, IL Connected Devices Declining costs + increased bandwidth + powerful algorithms will spur a new information
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationLecture Materials MANAGING SECURITY RISK IN BANKING
Lecture Materials MANAGING SECURITY RISK IN BANKING Kevin Streff Professor of Cybersecurity Dakota State University kevin.streff@dsu.edu 605-270-0790 & Founder SBS Cybersecurity, LLC Kevin.streff@sbscyber.com
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationCybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank
Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank NJ Bankers Association Annual Convention May 19, 2017 Presented by: Jeremy Burris, Principal, S.R. Snodgrass,
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationCLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016
CLE Alabama Banking Law Update Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 Best Practices on Managing Cyber-Security Risks J.T. Malatesta III and Sarah S. Glover Maynard Cooper
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationCybersecurity Assessment Tool
FederalDepasitlnsuranceCarparation ~~d 1~~i 5yreet ~lw,uuashinyoon, D.C.2d42~-990 Financial Institution Letter FIL-28-2015 JUIy 2, 2015 Cybersecurity Assessment Tool Summary: The FDIC, in coordination
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationCybersecurity- A Regulatory Perspective. Robert J. Lipot, CRISC Senior Financial Institutions Examiner Department of Business Oversight
Cybersecurity- A Regulatory Perspective Robert J. Lipot, CRISC Senior Financial Institutions Examiner Department of Business Oversight 1 Cybersecurity Issues Executive Order 13636 Key Areas of Focus Cyber
More informationREGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.
REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES Dynamic Solutions. Superior Results. PERSONALIZED HELP THAT RELIEVES THE BURDEN OF MANAGING COMPLIANCE The burden of managing risk and compliance is
More information2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along
2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle
More informationMANAGING SECURITY RISK IN BANKING. Kevin F. Streff Managing Partner SBS CyberSecurity, LLC Madison, SD
MANAGING SECURITY RISK IN BANKING Kevin F. Streff Managing Partner SBS CyberSecurity, LLC Madison, SD kevin.streff@sbscyber.com 605-270-0790 August 8-10, 2018 IT Risk Assessment 2018 Graduate School of
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationCyber Risk in the Marine Transportation System
Cyber Risk in the Marine Transportation System Cubic Global Defense MAR'01 1 Cubic.com/Global-Defense/National-Security 1 Cubic Global Defense Global Security Team Capabilities Program Management Integration
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationCyber Fraud What can you do about it?
Cyber Fraud What can you do about it? Eric Wright Shareholder June 10, 2014 What is Cyber Fraud? NetLingo definition: Cyber fraud refers to any type of deliberate deception for unfair or unlawful gain
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationA New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO
A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationECCouncil EC-Council Certified CISO (CCISO) Download Full Version :
ECCouncil 712-50 EC-Council Certified CISO (CCISO) Download Full Version : http://killexams.com/pass4sure/exam-detail/712-50 QUESTION: 330 Scenario: You are the newly hired Chief Information Security Officer
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationIT Security Update on Practical Risk Mitigation Strategies
IT Security Update on Practical Risk Mitigation Strategies Bonnie Bastow, CIA, CISA, CISM Director May 2016 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete
More informationGUIDANCE NOTE ON CYBERSECURITY
GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationCyber Security Updates and Trends Affecting the Real Estate Industry
Cyber Security Updates and Trends Affecting the Real Estate Industry What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways
More informationCybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.
Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m. It is crucial that small financial firms take proper cybersecurity measures to protect their customers and their firm. During
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationToday s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches
Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Chris Bucolo, PCIP, MBA Today s Speaker Chris Bucolo Sr. Manager, Sikich
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationEffective Cyber Incident Response in Insurance Companies
August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance
More informationCyber Resilience - Protecting your Business 1
Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationACHIEVING FIFTH GENERATION CYBER SECURITY
ACHIEVING FIFTH GENERATION CYBER SECURITY A Survey Research Report of IT and Security Professionals MARCH 2018 INTRODUCTION The pursuit of the highest level of cyber security is a top priority for IT and
More informationDefensible and Beyond
TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationIT Security Update on Practical Risk Mitigation Strategies
IT Security Update on Practical Risk Mitigation Strategies Bonnie Bastow, CIA, CISA, CISM Director, Risk Advisory Services, IT Audit & Security April 2016 Elliott Davis Decosimo, LLC Elliott Davis Decosimo,
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationCYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW
CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public
More informationRegulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
More informationTHE EVOLUTION OF CYBERSECURITY: IDENTIFICATION OF BEST PRACTICES
THE EVOLUTION OF CYBERSECURITY: IDENTIFICATION OF BEST PRACTICES Ron Hulshizer Managing Director IT Risk Services State IA Advisory Board October 26, 2016 Technology The Dark Side 3 Objectives Cybersecurity
More informationSecurity Note. BlackBerry Corporate Infrastructure
Security Note BlackBerry Corporate Infrastructure Published: 2017-03-02 SWD-20170302091637541 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations... 8 Cyber Security
More informationInsider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey
Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com
More informationForensics and Active Protection
Forensics and Active Protection Computer and Network Forensics Research Project 2003 Work Update Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Outline CNF Project Goal
More informationNYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services
NYS DFS Cybersecurity Requirements Stephen Head Senior Manager Risk Advisory Services December 5, 2017 About Me Stephen W. Head Mr. Head is a Senior Manager with Experis Finance, and has over thirty-five
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More information