The Quest to Measure Strength of Function for Authenticators: SOFA, So Good
|
|
- Gwendolyn Montgomery
- 5 years ago
- Views:
Transcription
1 SESSION ID: IDY-F02 The Quest to Measure Strength of Function for Authenticators: SOFA, So Good Dr. Elaine Newton Deputy Standards Liaison NIST ITL Dr. Colin Soutar Senior Manager Deloitte & Touche LLP
2 The Power of Convenience In a briefing held by Apple Inc. software security engineers:... Prior to the introduction of Touch ID, only 49 percent of users protected their iphones with a passcode. After the introduction of Touch ID... this figure almost doubled to 89 percent
3 Increasing Transactional Risk 3
4 Purpose & Scope of SOFA-B NIST is exploring a framework around Strength of Function for Authenticators - Biometrics (SOFA-B) for measuring and evaluating the strength of a biometric authentication on mobile devices to: Determine how effectively they mitigate different levels of transactional risk Understand how such biometric factors can be combined with, or substituted for, other authentication factors 4
5 Why Mobile Devices are Different: No More Hand-Holding! Mobile devices offer new challenges because of their nature: Travel with its user Different form factor Unattended, providing potential for artefacts 5
6 What Do We Know Already? Starting point: What generally accepted measurements exist around strength of authenticators? Entropy and the strength of passwords/key length Strength of Function: Common Criteria Inherent strength based on discrimination capability False Match Rate (FMR) False Non-Match Rate (FNMR) Biometrics, unlike passwords, are not secrets 6
7 Targeted Zero-Information Attacks on Passwords and Biometrics Biometrics Password/PIN Sample size and complexity Length and complexity Create artefacts Computational complexity of matching Shoulder surf Obtain biometric sample Notepads Create artefact 7
8 System Diagram - Enrollment 8
9 System Diagram - Authentication 9
10 System and Attack Analysis Override Database FMR & FNMR Modify Biometric Reference Presentation Attack Override Capture Device Extract/Modify Biometric Sample 4 Modify Probe 6 Override Comparator Override Signal Processor 10 Modify Score 10 Override Decision Engine Modify Decision
11 Recommendation: Use Baseline Security to Mitigate Many Attacks Many attacks can be mitigated by core security controls: e.g., encryption, mutual authentication, limiting of unsuccessful attempts Override Database FMR & FNMR Modify Biometric Reference Presentation Attack Override Capture Device Extract/Modify Biometric Sample 4 Modify Probe 6 Override Comparator Override Signal Processor 11 Modify Score 10 Override Decision Engine Modify Decision
12 Analyze and Quantify Factors Specific to Biometric Systems Comparison 6 Override Comparator FMR & FNMR PAD (Presentation Attack Detection) Error Rate Probability of a successful presentation attack. FMR (Matching Performance) Probability of a false match occurring FNMR (Matching Performance) Probability of a false reject occurring 12
13 Differentiate Attack Types and Incorporate Effort Effort = Level of effort required to attack specific components of an authentication system. Included in the SOFA equation as a factor that may serve as a shared, level-setting metric between different authenticator types. May be a combination of the time, knowledge, and resources needed to: Access a biometric pattern or data (samples) + Replicate the pattern and create a biometric spoof 13 + Runtime of the algorithm for a biometric system
14 Effort Example 14
15 Quantify SOFA for Zero-information Attacks Goal is to move towards developing metrics that can be compared and combined to better understand authentication systems Ultimately, we would be able to determine the same type of measure for most authentication systems SOFA Zero Info (Biometrics) α Effort (Factor, Attack) FMR x PADER SOFA Zero Info (PIN/PW) α Effort (Factor, Attack) x N L 15
16 Strength of Function for Authenticators: Biometrics (SOFA-B) Incorporating the FMR, PAD, and Effort into a single measure of strength could look something like this: SOFA %&'()*+( Biometrics = min Effort (;<=>?@, B>><=C) FMR x PADER M<>N@O<P In the case of targeted attacks, the measure of strength may look like: SOFA QR'S&T&U Biometrics = min Effort (;<=>?@, B>><=C) (1 FNMR) x PADER M<>N@O<P 16
17 Recap The purpose of SOFA is to develop a framework for assessing the strength of biometrics so that: Relying parties can determine what level of transactional risk they are willing to accept in a transaction Biometric technologies can be mixed and matched among themselves OR with other authentication technologies 17
18 The SOFA Story: Applying the Framework Review the SOFA-B draft on GitHub for further details: The SOFA-B discussion draft document is available at: [This is case-sensitive.] Please provide comments and proposed changes via GitHub or to Consider Effort as a factor and let us know your thoughts (Time? Knowledge? Money? Consequences?) Think about your industry s unique authentication requirements (and how biometrics could play or already have played a major part) Review your organization s authentication solution(s) and consider the corresponding risk(s) 18
19 Contributors NIST Dr. Elaine Newton National Institute of Standards and Technology Kevin Mangold National Institute of Standards and Technology Paul Grassi National Institute of Standards and Technology Contract support to NIST Dr. Colin Soutar Deloitte & Touche LLP Cyber Risk Services Ryan Galluzzo Deloitte & Touche LLP Cyber Risk Services Raj Dinh Deloitte & Touche LLP Cyber Risk Services Burak Sahin Deloitte & Touche LLP Cyber Risk Services Special guest contributions to NIST Cathy Tilton CSRA Inc. 19
20 Bibliography 1) ISO/IEC :2016, Information technology -- Biometric presentation attack detection -- Part 1: Framework, 7-1_2016.zip 2) ANSI X , Biometric Information Management and Security for the Financial Services Industry, 3) FIDO Alliance, 4) Draft NIST Special Pub , Digital Identity Guidelines - Public comment period closes March 31, 2017, 20
21 Q&A Thank you! Presenters: Dr. Elaine Newton, Dr. Colin Soutar, 21
22 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms. 21
From Dabbling to Doing The Age of the Intuitive Enterprise
GMA Executive Forum From Dabbling to Doing The Age of the Intuitive Enterprise The Clorox Company Unilever Deloitte Consulting LLP please welcome our panelists Frank Tataseo EVP, New Business Development
More informationMulti-factor authentication enrollment guide for Deloitte client or business partner user
Deloitte OnLine eroom Global Technology Services December 2017 Multi-factor authentication enrollment guide for Deloitte client or business partner user What is multi-factor authentication (MFA) and how
More informationSpiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP
Debi Mohanty Senior Manager Deloitte & Touche LLP Multi-factor (MFA) Authentication September 2018 Spiros Angelopoulos Principal Solutions Architect ForgeRock MFA Evolved Authentication Spiros Angelopoulos
More informationMFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment
Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationAnticipating the wider business impact of a cyber breach in the health care industry
Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada,
More informationBuilding and Testing an Effective Incident Response Plan
14th Annual Building and Testing an Effective Incident Response Plan John Gelinne Deloitte & Touche LLP jgelinne@deloitte.com www.linkedin.com/in/jgelinne No battle plan ever survives contact with the
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationRisk-based security in practice Turning information into smart screening. October 2014
Risk-based security in practice Turning information into smart screening October 2014 Organizations charged with securing our society s vital functions transit, commerce, communication have expansive missions
More informationGlobal Mobile Consumer Survey, US Edition Overview of results
Global Mobile Consumer Survey, US Edition Overview of results Smartphones front and center Mobile phones are still on the rise, in number and importance Smartphone ownership reached 85% (a YoY increase
More informationPreface. Operations within the EU. Serving the EU customers. Third parties operating in the EU
Cyber Risk EU General Data Protection Regulation (GDPR) I A Point of View for Global In-house Centres (GICs) in India Preface Does the EU GDPR impact organisations in India? Yes! This new law will have
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationHeadline Verdana Bold
Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary
More informationBharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP
Prioritizing & enabling internal during ERP/Cloud SaaS and other enterprise system implementations NASC Conference March 21, 2018 Introduction Moderator Presenters Jim Kennedy Senior Deputy Director of
More information#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA
#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA Deloitte In-Time in a Nutshell In-Time is the first and only SAP HANA optimization add-on that can analyze the effectiveness of SAP HANA usage
More informationBuilding Resilience to Denial-of-Service Attacks
Building Resilience to Denial-of-Service Attacks Building resilience to denial-of-service attacks Traditionally, organizations have relied on disaster recovery (DR) solutions to provide protection from
More informationAdopting SSAE 18 for SOC 1 reports
Adopting SSAE 18 for SOC 1 reports Overview Since its adoption in 2011, service auditor reports issued in accordance with SSAE 16 have become increasingly common in the marketplace. In April 2016, the
More informationThe Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory
The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal
More informationThe Deloitte-NASCIO Cybersecurity Study Insights from
The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith
More informationMassMEDIC s 21st Annual Conference
MassMEDIC s 21st Annual Conference Panel Discussion Moderators: William Greenrose and Mutahar Shamsi, Deloitte & Touche LLP May 3, 2017 Three critical regulatory issues facing MedTech Implementing the
More informationCyber Security is it a boardroom issue?
Brisbane, 23 September 2014 Alistair Blake Director Cyber Security & Risk Services Today s session will cover Cyber Security and the Boardroom Executive sponsorship Organisational culture Operational readiness
More informationVulnerability Management. June Risk Advisory
June 2018 Risk Advisory Contents A Better Way To Manage Vulnerabilities 4 Business Challenge 6 Vulnerability Management as a Service 7 Robust Service Architecture 8 Our Differentiators 9 Vulnerability
More informationHOMEPAGE. Start here to find content via search Login, register, or subscribe. Quick links to content
DART Help Overlays Updated May 2018 Navigate to full table of contents and a dynamic menu of action items applicable to a location Quick links to content HOMEPAGE Start here to find content via search
More information#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?
#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA? Deloitte In-Time in a Nutshell In-Time is the first and only SAP HANA optimization software that can analyze the effectiveness of
More informationCFOs in a new global environment Sandy Cockrell, Deloitte
CFOs in a new global environment Sandy Cockrell, Deloitte CFOs in a new global environment 1 2 3 Background The CFO role CFOs Challenges Where does our data come from? How is the CFO role evolving in the
More informationPrivacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018.
Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary For Private Circulation Only August 2018 Introduction Protection of of data principal* is at the core of the draft Personal
More informationReal estate predictions 2017 What changes lie ahead?
Real estate predictions 2017 What changes lie ahead? Cyber Risk 2017. For information, contact Deloitte Consultores, S.A. Real Estate Predictions 2017 2 Cyber Risk Rising cyber risk in real estate through
More informationAchieving third-party reporting proficiency with SOC 2+
Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,
More informationCyber Espionage A proactive approach to cyber security
Cyber Espionage A proactive approach to cyber security #DeloitteRA To mitigate the risks of advanced cyber threats, organisations should enhance their capabilities to proactively gather intelligence and
More informationAutobot - IoT enabled security. For Private circulation only October Risk Advisory
For Private circulation only October 2018 Risk Advisory Table of contents Background 02 Common Challenges 03 About the AutoBot 04 Capabilities of the AutoBot 05 Future of Autobot 06 The success story
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationCloud Computing Overview. The Business and Technology Impact. October 2013
Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility
More informationProtection of clients information in the age of IT ECBA Spring Conference Prague 2017 Jan Balatka, Analytic & Forensic Technology
Protection of clients information in the age of IT ECBA Spring Conference Prague 2017 Jan Balatka, Analytic & Forensic Technology Agenda 1 Information lifecycle 2 How to protect information 3 Is it enough?
More informationCyber risk Getting the boardroom focus right
Cyber risk Getting the boardroom focus right Cyber attacks have become substantially more malicious and larger scale over last few years, causing much greater harm to organisations and elevating cyber
More informationOverview of the ISO/IEC Project
Overview of the ISO/IEC 30107 Project Anti-Spoofing and Liveness Detection Techniques Elaine Newton, PhD NIST elaine.newton@nist.gov 1-301-975-2532 1 Authentication Use Case For law enforcement, immigration,
More informationUSER MANUAL OF THE APP. I. Access to the APP II. Profile III. Advanced scan: additional features IV. GDPR functionality: Pop-up V.
USER MANUAL OF THE APP I. Access to the APP II. Profile III. Advanced scan: additional features IV. GDPR functionality: Pop-up V. Reporting I. ACCESSING THE APP Introduce the Company Code in the input
More informationTechnical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services
Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services Organizations spend millions of dollars on disaster recovery (DR) solutions that rely on tight interconnectivity,
More informationCustomer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach
Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationStanding Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015
Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report November 19, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario QD3 results
More informationManaging Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust
Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!
More informationDeloitte Accounting Research Tool Frequently Asked Questions
Deloitte Accounting Research Tool Frequently Asked Questions Contents Accessing the Site 1 How do I log in to DART or reset my password? 1 Site Features 3 How do I add comments and highlights to DART content?
More informationError! No text of specified style in document.
Error! No text of specified style in document. Error! Use the Home tab to apply Section title to the text that you want to appear here. CFD Independent Auditor Report on CFD Allocation Round 2 4 September
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationMulti-factor authentication enrollment guide for Deloitte practitioners
Deloitte OnLine eroom Global Technology Services December 2017 Multi-factor authentication enrollment guide for Deloitte practitioners What is multi-factor authentication (MFA) and how does it impact the
More information2016 Global Identity Summit Pre-Conference Paper Hardening Authentication Technologies
2016 Global Identity Summit Pre-Conference Paper Hardening Authentication Technologies Paper development coordinated by Cathy Tilton, CSRA This is a community-developed document. Information and viewpoints
More informationDeloitte Accounting Research Tool Frequently Asked Questions
Deloitte Accounting Research Tool Frequently Asked Questions Contents Accessing the Site 1 How do I log in to DART or reset my password? 1 Site Features 3 How do I add comments and highlights to DART content?
More informationInternet of Things (IoT) Securing the Connected Ecosystem
Internet of Things (IoT) Securing the Connected Ecosystem June 2018 Making sense of the buzzwords: What is the Internet of Things Internet of Things (IoT) refers to a world of intelligent, connected devices
More informationBiometrics. Overview of Authentication
May 2001 Biometrics The process of verifying that the person with whom a system is communicating or conducting a transaction is, in fact, that specific individual is called authentication. Authentication
More informationLEAD RETRIEVAL BY FIRA BARCELONA
LEAD RETRIEVAL BY FIRA BARCELONA Summary 1. What is Lead Retrieval and how does it work? 2. When and how is used Lead Retrieval Mobile Scanner? 3. When and how is used Lead Retrieval Web Portal? 4. Why
More informationOttawa Central Library Development Project. P3 Screening Assessment Report
Ottawa Central Library Development Project P3 Screening Assessment Report December 2016 Contents Introduction... 1 Context... 1 Project Background... 1 Approach to Procurement Option Assessment... 2 Procurement
More informationEasy IT Audit Engagements
Easy IT Audit Engagements Fellen Yang Risk Advisory Services Senior Manager fellen.yang@elliottdavis.com Nikhila Shankar Risk Advisory Services Manager nikhila.shankar@elliottdavis.com Disclaimer This
More informationSpread your wings Professional qualifications and development at Deloitte. What impact will you make? careers.deloitte.com
Spread your wings Professional qualifications and development at Deloitte What impact will you make? careers.deloitte.com It s your future. How far will you take it? Do you want to make an impact in your
More informationWebcast title in Verdana Regular
Medical devices and the Internet of Things: A threelayer defense against cyber threats Webcast title in Verdana Regular The Dbriefs Industries series Veronica Lim, Principal, Deloitte & Touche LLP Russell
More informationStanding Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018
Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018 Contents Background 3 Exercise objectives 4 Day 1 Cyber-range exercise 5 Day 2 Cyberattack scenario 6-7
More informationDeloitte Foundation/FSA Faculty Consortium ASC 606 Implementation: SAB 74 Disclosures and First Quarter Adoption Rob Moynihan and Amy Park May 18,
Deloitte Foundation/FSA Faculty Consortium ASC 606 Implementation: SAB 74 Disclosures and First Quarter Adoption Rob Moynihan and Amy Park May 18, 2018 The right to use this material without explicit written
More informationThe value of visibility. Cybersecurity risk management examination
The value of visibility Cybersecurity risk management examination Welcome to the "new normal" Cyberattacks are inevitable. In fact, it s no longer a question of if a breach will occur but when. Cybercriminals
More informationP11D. System Integrators Guide
P11D System Integrators Guide Pre-Installation Checks Before installing the P11D software, please ensure that you have read and understood the following notes: Hardware requirements The P11D software requires
More informationDeloitte Discovery Caribbean & Bermuda Countries Guide
Deloitte Discovery Caribbean & Bermuda Countries Guide Deloitte Discovery Caribbean & Bermuda Countries Guide Caribbean & Bermuda Countries Our Region Deloitte CBC primarily serves businesses located or
More informationCyber Security: Are digital doors still open?
Cyber Security: Are digital doors still open? Introduction Security is becoming a rapidly evolving and complex issue that various organizations are contending with today. It continues to be one of the
More informationAssuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09
Assuring Identity The Identity Assurance Framework CTST Conference, New Orleans, May-09 Brett McDowell, Executive Director, Liberty Alliance email@brettmcdowell +1-413-652-1248 1 150+ Liberty Alliance
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More information8 Registering for a Call
8 Registering for a Call To formally participate in a Call, you must register for it. This step requires filling in your company details. If you wish to participate in a Call as an individual, you can
More informationCENTER for REGULATORY STRATEGY AMERICAS. Global cybersecurity compliance integrity A daunting but manageable challenge
Global cybersecurity compliance integrity A daunting but manageable challenge CENTER for REGULATORY STRATEGY AMERICAS Establishing an effective cybersecurity program is a major challenge for companies
More informationMore than just being signed-in or signed-out. Parul Jain, Architect,
More than just being signed-in or signed-out Parul Jain, Architect, Intuit @ParulJainTweety Why do we care? TRUST & SECURITY EASE OF ACCESS Can t eliminate friction? Delay it Authentication Levels to balance
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationMobile Biometric Authentication: Pros and Cons of Server and Device-Based
Mobile Biometric Authentication: Pros and Cons of Server and Device-Based Table of Contents 01 Introduction 01 The Ongoing Debate 02 Server-Centric Architecture 02 Device-Centric Architecture 02 Advantages
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationGDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018
GDPR Privacy Webinar Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018 Prioritizing Your Path to GDPR Compliance Presented by Half-Day Workshops Online
More informationThe New Healthcare Economy is rising up
The New Healthcare Economy is rising up February 2017 The ever-rising costs of healthcare are fostering innovative solutions and disruptive business models Cybersecurity concerns come to medical technology
More informationCreating your own payment card Joost Kremers MSc CEH
Joost Kremers MSc CEH Contents Who am I? Introduction Landscape Landscape elements Hardware Security Modules Key Management 1 Who am I? Joost Kremers MSc CEH 2007-2014: Computer Science @ RU/TU/e/Utwente
More informationHeadline Verdana Bold. Internet of Things Cyber threat intelligence
Headline Verdana Bold Internet of Things Cyber threat intelligence Lajos Antal, Deloitte Hungary, January 2018 Electronic embedded devices connected to the Internet They exist everywhere serving industrial
More informationHow Smart are You?: How Smart Phones and Tablets are Changing Financial Services. FIRMA National Risk Management Training Conference Julia Kirby
How Smart are You?: How Smart Phones and Tablets are Changing Financial Services FIRMA National Risk Management Training Conference Julia Kirby Las Vegas, NV May 2013 The future is here. It s all in the
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationSWAMID Person-Proofed Multi-Factor Profile
Document SWAMID Person-Proofed Multi-Factor Profile Identifier http://www.swamid.se/policy/assurance/al2mfa Version V1.0 Last modified 2018-09-12 Pages 10 Status FINAL License Creative Commons BY-SA 3.0
More informationImplementing Electronic Signature Solutions 11/10/2015
Implementing Electronic Signature Solutions 11/10/2015 Agenda Methodology, Framework & Approach: High-Level Overarching Parameters Regarding Electronic Service Delivery Business Analysis & Risk Assessment
More informationSmarteca Frequently Asked Questions. 8 December 2015
Smarteca Frequently Asked Questions 8 December 2015 1 These Frequently Asked Questions relate to the Deloitte specific aspects of the Deloitte manuals, downloading for offline use and obtaining support.
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 13335-1 First edition 2004-11-15 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for
More informationService Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017
Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Presenter Colin Wallace, CPA/CFF, CFE, CIA, CISA Partner Colin has provided management consulting and internal
More informationCitiManager. Registering for CitiManager, Enrolling in Paper-Free Statements, and Viewing Your Electronic Statement
CitiManager Registering for CitiManager, Enrolling in Paper-Free Statements, and Viewing Your Electronic Statement August 6, 2013 Table of Contents 1. Self-Registration in CitiManager (Cardholders) 3 2.
More informationMedical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.
Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations
More informationCybersecurity Fortification Initiative (CFI) infrastructure whitepaper
Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Recently, Cybersecurity Fortification Initiative (CFI) have been a hot topic in the Hong Kong banking industry and financial institutions
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationEU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.
EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Cyber Risk Preface Does the EU GDPR impact organisations in India? Yes! This
More informationIdentity Proofing Blinding the Eye of Sauron
SESSION ID: IDY-R02 Identity Proofing Blinding the Eye of Sauron Paul Grassi Senior Standards and Technology Advisor National Strategy for Trusted Identities in Cyberspace, National Program Office National
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationFIDO Alliance Response to the European Banking Authority (EBA)
FIDO Alliance Response to the European Banking Authority (EBA) Consultation on the Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationOn the board s agenda US Cyber risk in the boardroom: Accelerating from acceptance to action
February 2018 On the board s agenda US Cyber risk in the boardroom: Accelerating from acceptance to action Cyber risk is a top-level business risk that boards may find challenging to oversee and difficult
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationIntroduction of the Identity Assurance Framework. Defining the framework and its goals
Introduction of the Identity Assurance Framework Defining the framework and its goals 1 IAEG Charter Formed in August of 07 to develop a global standard framework and necessary support programs for validating
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationThe impact of digital transformation on industries
Headline Verdana Bold The impact of digital transformation on industries Tim Hanley, Deloitte Global Leader, Consumer & Industrial Products Industry group March 2017. Sao Paolo, Brazil What we will cover
More informationTítulo de portada NIVEL 1
Título de portada NIVEL 1 Título Anti-Ransomware de portada NIVEL services 2 Subtítulo Collaboration de portada between NIVEL 1 (Fechas) Deloitte Subtítulo and Panda de portada Security NIVEL 2 Content
More informationDeloitte Shared Services Conference 2018 Lab: Scaling RPA David Wright, Kim Burton, Dupe Witherick and Marina Gordeeva, Deloitte
Deloitte Shared Services Conference 2018 Lab: Scaling RPA David Wright, Kim Burton, Dupe Witherick and Marina Gordeeva, Deloitte Presenters and facilitators Dave Wright Dupe Witherick Kim Burton Marina
More information