Cybersecurity- A Regulatory Perspective. Robert J. Lipot, CRISC Senior Financial Institutions Examiner Department of Business Oversight
|
|
- Steven Cameron
- 6 years ago
- Views:
Transcription
1 Cybersecurity- A Regulatory Perspective Robert J. Lipot, CRISC Senior Financial Institutions Examiner Department of Business Oversight 1
2 Cybersecurity Issues Executive Order Key Areas of Focus Cyber Assessment Cyber Insurance Discussion Topics States and Federal Regulators Promote Awareness Awareness & Information Activities
3 Cybersecurity Issues Heightened Attacksmany commercial & financial services Accessibility of systems via Internet or wireless activity More mobile society wanting on-line access 24 x 7 from anywhere Global nature of the financial business arena
4 President s Executive Order (02/12/2013) Executive Order (EO) Improving Critical Infrastructure Cybersecurity The EO has gotten the attention of Congress and regulators regarding ability to protect technology and manage cyber risks Why?- Many business have not properly addressed this
5 Cybersecurity Awareness- Importance Cyber criminals are becoming more active towards financial entities and/or its customers Break-ins and attempted/actual thefts more prevalent Not a matter of if, but when There has to be a method of determining awareness and preparedness of financial institutions
6 Key Areas to Focus On Web Facing Devices and Apps Security Monitoring Connection Security Mobile Devices/IoT DLP- What a hacked PC/ means to a hacker Privileged Accounts
7 Web Facing Devices and Applications Key Hacker targets: Websites All Mobile Devices Online Banking Mobile Banking App Stores Internet of Things (IoT)
8 Security Monitoring-Internal & External Threats Continuous monitoring system and network activity from sensors, devices, tools, etc.: Firewalls Routers Intrusion Detection Systems Intrusion Prevention Systems Audit Logs Anti-Malware (viruses, spyware, etc.)
9 Connection Security Knowledge of logical and physical connections, e.g.: Core providers Internet Service Providers Wireless Networks Virtual Private Networks Wire Transfer/ACH Systems Network/Core Processor Devices Telecommunications Room
10 Mobile Devices are Targeted-DLP BYOD vs. Licensee-owned Types, e.g.: Smart/Mobile Phones Tablets/Notebooks Laptops Thumb Drives Internet of Things Data Permitted Applications Allowed Device Security
11 Hacked PC (Krebs on Security)
12 Hacked (Krebs on Security)
13 Privileged/Admin Access Skeleton Key - all access key Access to key functions such as add, delete, change, etc. employee rights and permissible activities- a key to gaining system control Access to key controls such as auditing, logging, etc. that would record a cyber event
14 Privileged/Admin Access Could also permit root access which allows them to change operating system controls Most of cyber theft is committed with privileged access
15 Cybersecurity Factors Common Security Mistakes Cybersecurity Assessment Tool (CAT) FFIEC Cyber Information Cyber Insurance Regulator Awareness FS-ISAC
16 Common Security/Cyber Mistakes/Examination Issues Not a once and done activity No knowing where the data is at all times Forgetting about all tech items employed Not ensuring security is entity-wide and everyone plays a roll
17 Common Security/Cyber Mistakes/Examination Issues Address different age groups and cultures Security is an afterthought Not knowing who is targeting the entity Not fully understanding the implications of thirdparty risks to the financial institution
18 Cybersecurity Assessment Assessment methodology: FFIEC has provided a Cyber Assessment methodology for financial institution use - information at It assists in determining how much cybersecurity effort has been performed by the Licensee Based on NIST (National Institution for Standards & Technology) Examiners are reviewing to ensure Licensees are at the Assessment Baseline IT Exam processes have been updated to account for cybersecurity
19 FFIEC Cybersecurity Assessment Tool Currently- voluntary Awareness of the Tool Examiners should inform management of FFIEC link As usual, expect more information- stay tuned (cont.)
20 FFIEC Cyber Web Page
21 Highlight- FFIEC s Cyber Maturity
22 Definitions of Maturity Levels
23 Risk/Maturity Relationship
24 FFIEC- CAT Domains
25 Cyber Risk Insurance Has been around for only a short time Used as a Transfer Risk option As of Jan 2015, most states have mandatory data breach notification standards Expenses of handling /covering such losses are increasing -may be an option for our Licensees Some states are looking at examinations to include cyber insurance, e.g. NY Is expected to grow substantially
26 Cyber Risk Ins. Coverage Theft or manipulation of sensitive or private information Computer viruses, malware, etc. Computer fraud Could have a high deductible and only a percentage of coverage after that May only be obtained from some insurance companies Ins. Coverage will require certain conditions
27 Cyber Insurance Summary Not all policies are created equal Certain cyber risks may be covered, some not Licensees need to shop around for terms, conditions, coverages, and deductibles Costs will vary depending on size and complexity of our Licensees along with items in bullet #2 Need due diligence in looking for appropriate coverage specific to the Licensee
28 Regulators Promote Awareness and Information Activities (some examples) FFIEC Cybersecurity webinar for Board and senior management and guidance FFIEC Cyber awareness (link on main web page)
29 Regulators Promote Awareness and Information Activities (some examples) State Example: Cybersecurity in the Golden State-Kamala Harris Cyber Doc: Conference of State Bank Supervisors (CSBS) Corporate Account Takeover (CATO) webinar and guidance (on CSBS website)
30 Financial Services- Information Sharing and Analysis Center Provides a wealth of information to financial institutions FFIEC encourages becoming a member for certain benefits Website: FS-ISAC
31 Quick Cybersecurity Recap Need for management to realize the importance of awareness, preparation, and ongoing alertness Thus, Cybersecurity efforts should be discussed at key management committees and reported to Board
32 Cybersecurity Summary IT systems need to be updated regularly Staff training and vigilance are key components for prevention Licensees can t be caught asleep at the switch!!
33 References
Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationCLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016
CLE Alabama Banking Law Update Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 Best Practices on Managing Cyber-Security Risks J.T. Malatesta III and Sarah S. Glover Maynard Cooper
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationInterpreting the FFIEC Cybersecurity Assessment Tool
Interpreting the FFIEC Cybersecurity Assessment Tool Wayne H. Trout, CISA, CRISC, CBCA, CBRA, CBRITP NCUA Supervisor, Critical Infrastructure and Cybersecurity What We ll Cover Cyber risk management Cybersecurity
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationCybersecurity Assessment Tool
FederalDepasitlnsuranceCarparation ~~d 1~~i 5yreet ~lw,uuashinyoon, D.C.2d42~-990 Financial Institution Letter FIL-28-2015 JUIy 2, 2015 Cybersecurity Assessment Tool Summary: The FDIC, in coordination
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationFFIEC Cybersecurity Assessment Tool
FFIEC Cybersecurity Assessment Tool Cybersecurity Controls & Incidence Mappings for Splunk Enterprise, Enterprise Security, User Behavior Analytics Curtis Johnson Senior Sales Engineer & Security SME September
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationInfoSec Risks from the Front Lines
InfoSec Risks from the Front Lines Adam Brand, Protiviti Orange County IIA Seminar Who I Am Adam Brand IT Security Services Some Incident Response Experience Lead Breach Detection Audits @adamrbrand Who
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationCyber-Threats and Countermeasures in Financial Sector
Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationFFIEC Cybersecurity Assessment Tool
All About the ew FFIEC Cybersecurity Assessment Tool June 22, 2016 Susan Orr Consulting, Ltd. 1 FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Board Users Guide Inherent
More informationPost-Secondary Institution Data-Security Overview and Requirements
Post-Secondary Institution Data-Security Overview and Tiina K.O. Rodrigue, EdDc, CISSP, CISM, PMP, CSM, CEA, ITIL, ISC2 Compliance Mapper, A+ Senior Advisor Cybersecurity - 2017 Agenda Who needs to worry
More informationToday s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches
Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Chris Bucolo, PCIP, MBA Today s Speaker Chris Bucolo Sr. Manager, Sikich
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationOverview Bank IT examination perspective Background information Elements of a sound plan Customer notifications
Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationNCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen
NCUA IT Exam Focus By Tom Schauer, Principal CliftonLarsonAllen My Background and Experience Computer Science Degree - Puget Sound Information Security Professional for 30 years Consultant: Ernst & Young,
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationFFIEC Cybersecurity Assessment Tool
All About the ew FFIEC Cybersecurity Assessment Tool August 25, 2015 Susan Orr Consulting, Ltd. FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Board Users Guide Inherent
More informationJune 2 nd, 2016 Security Awareness
June 2 nd, 2016 Security Awareness Security is the degree of resistance to, or protection from, harm. if security breaks down, technology breaks down Protecting People, Property and Business Assets Goal
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationGLBA, information security and incident response a compliance perspective
GLBA, information security and incident response a compliance perspective Introductions How many have experience with IT? How many have responsibilities involving IT? How many have responsibilities involving
More informationWelcome to Today s Web Seminar!
Welcome to Today s Web Seminar! December 12, 2014 1:00 PM ET Hosted By: MODERATOR: PENNY CROSMAN Editor in Chief, Bank Technology News Technology Editor, American Banker newspaper In her roles at BTN and
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationSFC strengthens internet trading regulatory controls
SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with
More informationREGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.
REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES Dynamic Solutions. Superior Results. PERSONALIZED HELP THAT RELIEVES THE BURDEN OF MANAGING COMPLIANCE The burden of managing risk and compliance is
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationCyber Security. It s not just about technology. May 2017
Cyber Security It s not just about technology May 2017 Introduction The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More information2017 RIMS CYBER SURVEY
2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationCyber Security Updates and Trends Affecting the Real Estate Industry
Cyber Security Updates and Trends Affecting the Real Estate Industry What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways
More informationNERC Staff Organization Chart Budget
NERC Staff Organization Chart 2013 2014 President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Senior Vice President and Chief Operating Officer (Dept. 2100) Senior Vice President General Counsel
More informationEffective Cyber Incident Response in Insurance Companies
August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationUnderstanding Cyber Insurance & Regulatory Drivers for Business Continuity
Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationASSESSMENT LAYERED SECURITY
FFIEC BUSINESS ACCOUNT GUIDANCE RISK & ASSESSMENT LAYERED SECURITY FOR ONLINE BUSINESS TRANSACTIONS New financial standards will assist banks and business account holders to make online banking safer and
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationManagement guide for fighting cyber predators
Management guide for fighting cyber predators 2017 all rights reserved Nagan Research Group LLC Table of Contents Introduction... 3 Existing Cyber Security Efforts... 4 Strategic Segmentation... 5 Managing
More information2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016
2016 Tri-State CF Partnership Webinar Series Cyber Crime Trends a State of the Union April 7, 2016 Presenter Mark Eich, Principal Information Security Services Group CliftonLarsonAllen 2014 CliftonLarsonAllen
More informationCritical Security Controls. COL Stef Horvath MNARNG Oct 21, 2015
Critical Security Controls COL Stef Horvath MNARNG Oct 21, 2015 Agenda Security Controls the Good, the Bad, the Ugly Emerging Security Controls Critical Security Controls Methodology and Contributors Supporting
More informationAchieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)
Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationTangible Measures to Prepare for Intensified Regulatory Oversight of Cybersecurity in 2016
CLIENT ALERT: Tangible Measures to Prepare for Intensified Regulatory Oversight of Cybersecurity in 2016 August 4, 2016 Author: Hillard M. Sterling, Esq. I. SUMMARY Cybersecurity has taken center stage
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationA Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationWhat to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationFrom Russia With Love
#ARDAWorld From Russia With Love Is your technology vulnerable to data theft? Do you know your own security protocols? Learn about auditing cyber-security processes and discover how to stay compliant and
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationUnderstanding IT Audit and Risk Management
Understanding IT Audit and Risk Management Presentation overview Understanding different types of Assessments Risk Assessments IT Audits Security Assessments Key Areas of Focus Steps to Mitigation We need
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationPROPOSED INTERPRETIVE NOTICE
August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC
More informationDigital Crime and Cybersecurity. Scott D. Ramsey, Managing Director May 2017
Digital Crime and Cybersecurity Scott D. Ramsey, Managing Director May 2017 Agenda I. Cybersecurity Issues, Trends & Compliance II. Public Private Partnerships III. FFIEC & NYDFS 500 Rule IV. Third Party
More informationsecurity FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have
More informationPCI Compliance: It's Required, and It's Good for Your Business
PCI Compliance: It's Required, and It's Good for Your Business INTRODUCTION As a merchant who accepts payment cards, you know better than anyone that the war against data fraud is ongoing and escalating.
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationNY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO
NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO June 28, 2017 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationCyber Security: What s the Big Deal?
Cyber Security: What s the Big Deal? (and why it matters to you!) Debasis Bhattacharya, UHMC Jodi Ito, CISO, UH ITS maui.hawaii.edu/cybersecurity What is Cybersecurity? cy ber: adjective of, relating to,
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationRegulatory Update Cyber Security
Regulatory Update Cyber Security Mr Brian Lee Division Head Hong Kong Monetary Authority 25 September 2015 Disclaimer This presentation is provided for training purposes and does not form part of the formal
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationKnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.
KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks. About Us The world s most popular integrated Security Awareness Training and Simulated
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationBuilding a Complete Program around Data Loss Prevention
To download today s materials (depending on your browser): www.experis.us/materials1108 or www.experis.us/materials1108.pdf Building a Complete Program around Data Loss Prevention Tuesday, November 8,
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationCyber Security and Data Protection: Huge Penalties, Nowhere to Hide
Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction
More information