Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Size: px
Start display at page:

Download "Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP"

Transcription

1 Prioritizing & enabling internal during ERP/Cloud SaaS and other enterprise system implementations NASC Conference March 21, 2018 Introduction Moderator Presenters Jim Kennedy Senior Deputy Director of Operations, State of Ohio Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP Jeff Goodwin Advisory Partner Deloitte & Touche LLP Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 2

2 Agenda Introduction System trends Compliance and control challenges Common security and control Project charter and functional Risk-based prioritization System considerations Cloud Risks and opportunity Cloud cyber risk management Shared responsibility Assess cloud cyber risk and assemble a prioritized action plan Questions? Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 3 System trends Cloud based ERP Consolidation and replacement of legacy systems Automation Workflow SAAS Identity and Access Management Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 4

3 Compliance and control challenges Numerous regulations, policies and standards may impact a new system and processes automated through it. Compliance Requirements A-133 IRS-1075 Federal Acquisition Regulations Institutional Controls GAAP PCI FASB GLBA Affordable Care Act OSHA OFAC Reputational risk aversion HIPAA Debarment and suspension Internal sensitivity Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 5 Common security and control At a minimum, existing security and control measures must be maintained during new system implementations. However, opportunities for improvement often exist through newer software features and functionality. Future environment Current environment Maintain existing level of Maintain existing security Convert key data Address known security and control gaps Rationalize security and through an updated risk-based approach Enhance/strengthen through automated/preventative features Clean data Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 6

4 Project charter and functional Proactive involvement during implementation efforts will help to prioritize and confirm key are implemented as required. Inputs Outputs Project charter Assess risk Prioritize control Test Streamlined Functional Greater automation Improved governance Regulatory and control Transparency System Implementation Efforts Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 7 Risk-based prioritization Proactively map, rationalize and prioritize regulatory and control to achieve a streamlined and effective control model. Gather the pieces Identify regulatory and compliance Assess risks Rationalize and prioritize Sort key regulations and operational Find common control Prioritize risks Achieve long term benefits Compliance and control are met in an efficient and logical fashion Future assessment efforts are streamlined A consolidated view of all is easily maintained Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 8

5 System considerations A holistic approach to addressing security and based on prioritized risks is beneficial. Compliance and Controls Management through ERP/SaaS Systems Risks ERP Control and Compliance Scope Rationalized and integrated control Outcomes Regulatory Portfolio of regulations Common IRS-1075 PCI A-133 R1 R2 R3 R4 Strong/ Preventative Financial reporting Consolidated activities and C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 Efficiency/ Consistency Operational ERP/SaaS Solution Business process Governance/ Ownership of Technology Data quality Application security Infrastructure/Network Greater transparency Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 9 Cloud Risks and opportunity There are a variety of cyber risks associated with moving to the cloud, yet there are also opportunities. Consumer/Shadow IT Business and consumers using cloud with or without cyber Third-party risk Enterprises are dependent on cloud providers Concentrated risk Cloud providers are a bigger target because that s where the data is Modern attack surface The walled enterprise is replaced by a hybrid, more complicated technology environment Controls gap Traditional cyber risk need to extend to the cloud at a time when many enterprises are barely keeping up with existing threats Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 10

6 Cloud cyber risk management Shared responsibility While cloud providers security is often a focus, managing cyber risk is a shared responsibility between the enterprise and the cloud provider. Private cloud (Self-hosted) Private cloud (Co-located) IaaS PaaS SaaS Security governance, risk and compliance (GRC) Data security Application security Platform security Infrastructure security Physical security Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 11 Assess cloud cyber risk and assemble a prioritized action plan A Cloud Cyber Risk Assessment provides a broad analysis of a client s current point in time state of cyber risks in the cloud and an actionable roadmap to address shortcomings. What is my actual cloud service inventory/use? Do my existing meet industry and organization standards? What is my inherent risk? What can I do to manage my risks and align to the goals of my business? BYOD and Remote Users Identity and Context Cloud Vigilance Public Internet Cloud Resilience Application Security Unsanctioned Cloud: Apps, Data and Infrastructure New Cloud Services: Custom & SaaS SaaS Traditional Apps and Databases in the Cloud IaaS Infrastructure Security Traditional Enterprise Applications Databases Infrastructure? Cloud Provider Cyber Risk Governance Cloud Data Protection On Premise Users Enterprise Networks and Legacy Data Centers Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 12

7 Questions? Copyright 2018 Deloitte Development LLC. All rights reserved. NASC Conference 13 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms. Copyright 2018 Deloitte Development LLC. All rights reserved.

Achieving effective risk management and continuous compliance with Deloitte and SAP

Achieving effective risk management and continuous compliance with Deloitte and SAP Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements

More information

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1 2 Today, no Canadian business is immune from a potential attack. It s no longer

More information

Building and Testing an Effective Incident Response Plan

Building and Testing an Effective Incident Response Plan 14th Annual Building and Testing an Effective Incident Response Plan John Gelinne Deloitte & Touche LLP jgelinne@deloitte.com www.linkedin.com/in/jgelinne No battle plan ever survives contact with the

More information

Vulnerability Management. June Risk Advisory

Vulnerability Management. June Risk Advisory June 2018 Risk Advisory Contents A Better Way To Manage Vulnerabilities 4 Business Challenge 6 Vulnerability Management as a Service 7 Robust Service Architecture 8 Our Differentiators 9 Vulnerability

More information

HOMEPAGE. Start here to find content via search Login, register, or subscribe. Quick links to content

HOMEPAGE. Start here to find content via search Login, register, or subscribe. Quick links to content DART Help Overlays Updated May 2018 Navigate to full table of contents and a dynamic menu of action items applicable to a location Quick links to content HOMEPAGE Start here to find content via search

More information

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b) AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft

More information

From Dabbling to Doing The Age of the Intuitive Enterprise

From Dabbling to Doing The Age of the Intuitive Enterprise GMA Executive Forum From Dabbling to Doing The Age of the Intuitive Enterprise The Clorox Company Unilever Deloitte Consulting LLP please welcome our panelists Frank Tataseo EVP, New Business Development

More information

Disaster recovery strategic planning: How achievable will it be?

Disaster recovery strategic planning: How achievable will it be? April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com

More information

Achieving third-party reporting proficiency with SOC 2+

Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,

More information

Anticipating the wider business impact of a cyber breach in the health care industry

Anticipating the wider business impact of a cyber breach in the health care industry Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada,

More information

The value of visibility. Cybersecurity risk management examination

The value of visibility. Cybersecurity risk management examination The value of visibility Cybersecurity risk management examination Welcome to the "new normal" Cyberattacks are inevitable. In fact, it s no longer a question of if a breach will occur but when. Cybercriminals

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA #DeloitteInnovation: In-Time Uncover the Potential of SAP HANA Deloitte In-Time in a Nutshell In-Time is the first and only SAP HANA optimization add-on that can analyze the effectiveness of SAP HANA usage

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

Cloud Computing in the enterprise: Not if, but when and how?

Cloud Computing in the enterprise: Not if, but when and how? The Dbriefs Technology Executives series presents: Cloud Computing in the enterprise: Not if, but when and how? John Hagel, Director, Deloitte Consulting LLP Chris Weitz, Director, Deloitte Consulting

More information

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

Cyber Risk and Networked Medical Devices

Cyber Risk and Networked Medical Devices Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with

More information

Integrated Multi-Cloud Management for the Federal Government. Doug Bourgeois and Sean VanDruff Deloitte Consulting LLP

Integrated Multi-Cloud Management for the Federal Government. Doug Bourgeois and Sean VanDruff Deloitte Consulting LLP Integrated Multi-Cloud Management for the Federal Government Integrated Multi-Cloud Management for the Federal Government Doug Bourgeois and Sean VanDruff Introduction In 2010, the federal CIO, in collaboration

More information

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!

More information

Webcast title in Verdana Regular

Webcast title in Verdana Regular Medical devices and the Internet of Things: A threelayer defense against cyber threats Webcast title in Verdana Regular The Dbriefs Industries series Veronica Lim, Principal, Deloitte & Touche LLP Russell

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

Agenda Integrated Multi-Cloud Management (imcm) TOPIC Context and Solution Overview Common Challenges and Opportunities 4-5 Key Elements and Features

Agenda Integrated Multi-Cloud Management (imcm) TOPIC Context and Solution Overview Common Challenges and Opportunities 4-5 Key Elements and Features MMC2623BU The Integrated Multi- Cloud Management Solution (imcm) Doug Bourgeois, Managing Director Sean Vandruff, Sr. Technology Fellow #VMworld #MMC2623BU Agenda Integrated Multi-Cloud Management (imcm)

More information

Copyright 2011 EMC Corporation. All rights reserved.

Copyright 2011 EMC Corporation. All rights reserved. 1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

Multi-factor authentication enrollment guide for Deloitte client or business partner user

Multi-factor authentication enrollment guide for Deloitte client or business partner user Deloitte OnLine eroom Global Technology Services December 2017 Multi-factor authentication enrollment guide for Deloitte client or business partner user What is multi-factor authentication (MFA) and how

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and Compliance Management Through the integration of AlgoSec

More information

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA? #DeloitteInnovation: In-Time How efficiently do you use your SAP HANA? Deloitte In-Time in a Nutshell In-Time is the first and only SAP HANA optimization software that can analyze the effectiveness of

More information

Cyber Espionage A proactive approach to cyber security

Cyber Espionage A proactive approach to cyber security Cyber Espionage A proactive approach to cyber security #DeloitteRA To mitigate the risks of advanced cyber threats, organisations should enhance their capabilities to proactively gather intelligence and

More information

Angela McKay Director, Government Security Policy and Strategy Microsoft

Angela McKay Director, Government Security Policy and Strategy Microsoft Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

Building Resilience to Denial-of-Service Attacks

Building Resilience to Denial-of-Service Attacks Building Resilience to Denial-of-Service Attacks Building resilience to denial-of-service attacks Traditionally, organizations have relied on disaster recovery (DR) solutions to provide protection from

More information

Cyber Security: Are digital doors still open?

Cyber Security: Are digital doors still open? Cyber Security: Are digital doors still open? Introduction Security is becoming a rapidly evolving and complex issue that various organizations are contending with today. It continues to be one of the

More information

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Recently, Cybersecurity Fortification Initiative (CFI) have been a hot topic in the Hong Kong banking industry and financial institutions

More information

Headline Verdana Bold

Headline Verdana Bold Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary

More information

Cloud Computing Overview. The Business and Technology Impact. October 2013

Cloud Computing Overview. The Business and Technology Impact. October 2013 Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

Real estate predictions 2017 What changes lie ahead?

Real estate predictions 2017 What changes lie ahead? Real estate predictions 2017 What changes lie ahead? Cyber Risk 2017. For information, contact Deloitte Consultores, S.A. Real Estate Predictions 2017 2 Cyber Risk Rising cyber risk in real estate through

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD)

Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD) Randall Sandone, CCISO Executive Director Critical Infrastructure Resilience Institute rsandone@illinois.edu Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

IT Attestation in the Cloud Era

IT Attestation in the Cloud Era IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction

More information

Are we breached? Deloitte's Cyber Threat Hunting

Are we breached? Deloitte's Cyber Threat Hunting Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the

More information

Capgemini Dynamic Services

Capgemini Dynamic Services Capgemini Dynamic Services Evolution and dynamics of Copyright Capgemini 2015. All Rights Reserved 2 GEN 1 Simple IT GEN 2 Full Outsourcing GEN 3 Tower Sourcing GEN NEXT Micro Sourcing Business IT Interface

More information

Oracle Buys Automated Applications Controls Leader LogicalApps

Oracle Buys Automated Applications Controls Leader LogicalApps Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is

More information

BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017 PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory

More information

Compliance & Security in Azure. April 21, 2018

Compliance & Security in Azure. April 21, 2018 Compliance & Security in Azure April 21, 2018 Presenter Bio Jeff Gainer, CISSP Senior Information Security & Risk Management Consultant Senior Security Architect Have conducted multiple Third-Party risk

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018 Building a strong platform strategy: IT and cybersecurity implications November 15, 2018 Today s Presenters Craig Zampa Principal, technology consulting craig.zampa@plantemoran.com 248-223-3703 Learn more

More information

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals

More information

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption Getting Hybrid IT Right A Softchoice Guide to Hybrid Cloud Adoption Your Path to an Effective Hybrid Cloud The hybrid cloud is on the radar for business and IT leaders everywhere. IDC estimates 1 that

More information

Supporting the Cloud Transformation of Agencies across the Public Sector

Supporting the Cloud Transformation of Agencies across the Public Sector SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter

More information

The Etihad Journey to a Secure Cloud

The Etihad Journey to a Secure Cloud SESSION ID: CCS-T07 The Etihad Journey to a Secure Cloud Georges de Moura Head of Group Information Security, Risk & Compliance Etihad Aviation Group History: Before The Cloud Devolved IT Decision-Making

More information

The Quest to Measure Strength of Function for Authenticators: SOFA, So Good

The Quest to Measure Strength of Function for Authenticators: SOFA, So Good SESSION ID: IDY-F02 The Quest to Measure Strength of Function for Authenticators: SOFA, So Good Dr. Elaine Newton Deputy Standards Liaison NIST ITL Dr. Colin Soutar Senior Manager Deloitte & Touche LLP

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP Debi Mohanty Senior Manager Deloitte & Touche LLP Multi-factor (MFA) Authentication September 2018 Spiros Angelopoulos Principal Solutions Architect ForgeRock MFA Evolved Authentication Spiros Angelopoulos

More information

Deloitte Shared Services Conference 2018 Lab: Scaling RPA David Wright, Kim Burton, Dupe Witherick and Marina Gordeeva, Deloitte

Deloitte Shared Services Conference 2018 Lab: Scaling RPA David Wright, Kim Burton, Dupe Witherick and Marina Gordeeva, Deloitte Deloitte Shared Services Conference 2018 Lab: Scaling RPA David Wright, Kim Burton, Dupe Witherick and Marina Gordeeva, Deloitte Presenters and facilitators Dave Wright Dupe Witherick Kim Burton Marina

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are

More information

Cyber crisis management: Readiness, response, and recovery

Cyber crisis management: Readiness, response, and recovery Bridging the data gap in the insurance industry Cyber crisis management: Readiness, response, and recovery Strategic & Reputation Risk Readiness, response, and recovery Hacked devices, crashed websites,

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Fundamental Concepts and Models 1 Contents 1. Roles and Boundaries 2. Cloud Delivery Models 3. Cloud Deployment Models 2 1. Roles and Boundaries Could provider The organization that provides the cloud

More information

Improving Cybersecurity through the use of the Cybersecurity Framework

Improving Cybersecurity through the use of the Cybersecurity Framework Improving Cybersecurity through the use of the Cybersecurity Framework March 11, 2015 Tom Conkle G2, Inc. Agenda Cybersecurity Framework Why it was created What is it Why it matters How do you use it 2

More information

Modern Database Architectures Demand Modern Data Security Measures

Modern Database Architectures Demand Modern Data Security Measures Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing

More information

Cybersecurity and the role of internal audit An urgent call to action

Cybersecurity and the role of internal audit An urgent call to action Cybersecurity and the role of internal audit An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could cost businesses

More information

Pave the way: Build a value driven SAP GRC roadmap March 2015

Pave the way: Build a value driven SAP GRC roadmap March 2015 www.pwc.be/erp Pave the way: Build a value driven SAP GRC roadmap March 2015 Agenda Introduction Measuring GRC Progression & Benchmarking GRC Program Roadmap Building a Business Case 2 Introduction Pave

More information

Security Readiness Assessment

Security Readiness Assessment Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS

More information

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

Autobot - IoT enabled security. For Private circulation only October Risk Advisory For Private circulation only October 2018 Risk Advisory Table of contents Background 02 Common Challenges 03 About the AutoBot 04 Capabilities of the AutoBot 05 Future of Autobot 06 The success story

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

JOURNEY TO CLOUD (J2C) CONSUMING TECHNOLOGY, NOT OWNING IT

JOURNEY TO CLOUD (J2C) CONSUMING TECHNOLOGY, NOT OWNING IT JOURNEY TO CLOUD (J2C) CONSUMING TECHNOLOGY, NOT OWNING IT CLOUD IS HERE. The conversation has changed from should we move to cloud to how do we move to cloud. We are at a tipping point there is an explosion

More information

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security LTI Security Intelligent & integrated Approach to Cyber & Digital Security Overview As businesses are expanding globally into new territories, propelled and steered by digital disruption and technological

More information

Rethinking Information Security Risk Management CRM002

Rethinking Information Security Risk Management CRM002 Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design

More information

Cloud solution consultant

Cloud solution consultant Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Level 18 Job family Professional services Date November 2017 Reports to Cloud services group

More information

The Business of Security in the Cloud

The Business of Security in the Cloud The Business of Security in the Cloud Dr. Pamela Fusco Vice President Industry Solutions Solutionary Inc. CISSP, CISM, CHSIII, IAM, NSA/CSS Adjunct Faculty Promises Promises The promise of cloud computing

More information

Enterprise GRC Implementation

Enterprise GRC Implementation Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest

More information

The New Healthcare Economy is rising up

The New Healthcare Economy is rising up The New Healthcare Economy is rising up February 2017 The ever-rising costs of healthcare are fostering innovative solutions and disruptive business models Cybersecurity concerns come to medical technology

More information

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services Cyber Diligence EY Deals Forum 2018 Ian McCaw EY Transaction Advisory Services Finance & Commercial Diligence 2 B COMPANY: Power Life INDUSTRY: ENERGY REVENUE: 192m EBITDA: 875k (35% growth in 5 years)

More information

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved. Agenda Agenda Security essentials Year in review College/university challenges Recommendations 2 About me Matt Franko Director, Risk Advisory Services matthew.franko@rsmus.com (216) 927-8224 11+ years

More information

MassMEDIC s 21st Annual Conference

MassMEDIC s 21st Annual Conference MassMEDIC s 21st Annual Conference Panel Discussion Moderators: William Greenrose and Mutahar Shamsi, Deloitte & Touche LLP May 3, 2017 Three critical regulatory issues facing MedTech Implementing the

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

GDPR Update and ENISA guidelines

GDPR Update and ENISA guidelines GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure

More information

Data Security: Public Contracts and the Cloud

Data Security: Public Contracts and the Cloud Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?

More information

Adopting SSAE 18 for SOC 1 reports

Adopting SSAE 18 for SOC 1 reports Adopting SSAE 18 for SOC 1 reports Overview Since its adoption in 2011, service auditor reports issued in accordance with SSAE 16 have become increasingly common in the marketplace. In April 2016, the

More information

Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services

Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services Organizations spend millions of dollars on disaster recovery (DR) solutions that rely on tight interconnectivity,

More information

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016 Defense in Depth Constructing Your Walls for Your Enterprise Mike D Arezzo Director of Security April 21, 2016 Defense in Depth Defense in Depth Coordinated use of multiple security countermeasures Protect

More information

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

Cyber Security is it a boardroom issue?

Cyber Security is it a boardroom issue? Brisbane, 23 September 2014 Alistair Blake Director Cyber Security & Risk Services Today s session will cover Cyber Security and the Boardroom Executive sponsorship Organisational culture Operational readiness

More information

Cloud solution consultant

Cloud solution consultant Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Job level 18 Job family Professional services Date 23/10/2017 Reports to Cloud services group

More information

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements

More information

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain

More information

falanx Cyber ISO 27001: How and why your organisation should get certified

falanx Cyber ISO 27001: How and why your organisation should get certified falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management

More information

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San

More information

Next Generation Policy & Compliance

Next Generation Policy & Compliance Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...

More information

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Customer Architecture for Securing Workloads on Cloud Services Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,

More information

Privacy By Design: Privacy smart from the start. Agenda. 1. About Deloitte. 2. Privacy Incidents Around the World. 3. Privacy Smart from the Start

Privacy By Design: Privacy smart from the start. Agenda. 1. About Deloitte. 2. Privacy Incidents Around the World. 3. Privacy Smart from the Start Privacy By Design: Privacy smart from the start. 13 June 2012 Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Agenda 1. About Deloitte 2. Privacy Incidents Around the World 3. Privacy

More information

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information