CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

Similar documents
Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Effective Strategies for Managing Cybersecurity Risks

Altius IT Policy Collection Compliance and Standards Matrix

Exploring Emerging Cyber Attest Requirements

Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017

Les joies et les peines de la transformation numérique

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Altius IT Policy Collection Compliance and Standards Matrix

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Next Generation Policy & Compliance

Navigate IT Security with a Framework as Your Guide

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

INTERNAL AUDIT S ROLE IN CYBER SECURITY

Cyber Risks in the Boardroom Conference

Compliance Is Security. Presented by: Jeff Hall Optiv Security

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

BHConsulting. Your trusted cybersecurity partner

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW

Building a Resilient Security Posture for Effective Breach Prevention

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Protecting vital data with NIST Framework

Compliance & Security in Azure. April 21, 2018

Cyber, Information Security, and Data Protection

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

The Evolution of Data Governance Regulations and What IA Departments Need to Know FEBRUARY 27, 2018

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Incident Response Plans: The Emergency Shutoff Control for Cyber Risk. Tabitha Greiner, Acumera Chris Lietz, Coalfire

Strategies for Deriving Maximum Benefit From Audit. Allan Boardman CyberAdvisor.London

COBIT 5 With COSO 2013

Establishing a Credible Cybersecurity Program. September 2016

HITRUST CSF: One Framework

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Locking Down the Cloud Security is Not a Myth

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

NCSF Foundation Certification

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

Mohammad Shahadat Hossain

ISE North America Leadership Summit and Awards

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

BHConsulting. Your trusted cybersecurity partner

Business Context: Key for Successful Risk Management

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

SSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Run the business. Not the risks.

ISACA International Perspective

Building a Security & Compliance Strategy with the Cloud

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

CISO as Change Agent: Getting to Yes

SOC Lessons Learned and Reporting Changes

Auditing the Cloud. Paul Engle CISA, CIA

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cloud Transformation Program Cloud Change Champions June 20, 2018

Cybersecurity & Privacy Enhancements

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Cybersecurity for Service Providers

GDPR Update and ENISA guidelines

PCI compliance the what and the why Executing through excellence

Hot Topics in Privacy

Hot Topics in Privacy

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Cybersecurity Auditing in an Unsecure World

Tips for Passing an Audit or Assessment

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

K12 Cybersecurity Roadmap

GLBA, information security and incident response a compliance perspective

Interpreting the FFIEC Cybersecurity Assessment Tool

COPE-ing with Cyber Risk Exposures

IT Audits at Penn. IT Orientation

From Russia With Love

locuz.com SOC Services

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

The Open Group. Cybersecurity Risk Management

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

HITRUST Common Security Framework - Are you prepared?

Cloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Designing and Building a Cybersecurity Program

DUNS CAGE 5T5C3

Transcription:

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

WELCOME Have a question for the speaker? Text it in using the Ask A Question button! Audio is streamed over your computer Technical issues? Click the? button Use the Feedback button to share your feedback about today s event Questions or suggestions? Email them to elearning@isaca.org Use the Attachments Button to find the following: PDF Copy of today s presentation Link to the Event Home Page where ISACA members can find the CPE Quiz Upcoming ISACA Events More assets from today s webcast 2

TODAY S ROUNDTABLE Moderator: Laszlo S. Gonc, CISSP Partner MVP Advisory Group, LLC Panelist 1: Michelle Mikka-Van Der Stuyf President & CEO BizStrat Technology Corporation Panelist 2: Panelist 3: Sally Smoczynski, CISSP Managing Partner Radian Compliance, LLC Diana Salazar, CISM, CISA, CRISC, CGEIT Executive Security Advisor (ESA) Magellan Group 3

AGENDA Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. Cybersecurity Living with the new reality Strategic Investments to mitigate cyber risk Corporate and government alignment challenges Is there a false sense of security? From zero tolerance to full acceptance what does the future hold Key differences with infrastructure, software, and mobility 4

CYBERSECURITY WHO IS AT RISK Is the risk real Will I be hacked Can someone get in Is my CC safe Its just a phone I bought Antivirus I have passwords 5 Source: www.enigmasoftware.com

CYBERSECURITY WHO IS IMPACTED EVERYONE IS Home Depot Retail & financial/personal data Apple Data Privacy & sensitive content Target Retail & financial/personal data Sony Entertainment/Personal JP Morgan Chase Finance/Personal/Identity 6 Source: http://www.colocationamerica.com/blog/worst-cyber-security-hacks-of-2014

CYBERSECURITY WHAT HAPPENED?? WHY Home Depot Lack of encryption/security Sensitive Data not encrypted Sensitive Data stored in full The major factors of security breaches generally come down to just three words. What are they? The first one is bad, the second is security, and the third is policy. Apple Cloud Security Not up to Par Data Privacy & sensitive content Target 3 rd Party POS system Multi-step attack Sony Politically motivated? Poor data storage policies! JP Morgan Chase Limited Damage, large access 7 Source: https://business.kaspersky.com/apparent-reasons-a-few-examples-of-why-it-security-breaches-happen/3804/

CYBERSECURITY HOW COULD IT HAVE BEEN PREVENTED A LITTLE MORE Most Secure? Home Depot Encrypt or Truncate Data Apple Protection in the cloud Target Checkpoints/Alerts Criteria for 3 rd party access Don t store more than you have to! Sony Layered to limit data access JP Morgan Chase Server without recent updates 8 Source(s): http://www.colocationamerica.com/blog/worst-cyber-security-hacks-of-2014 http://dealbook.nytimes.com/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/?_r=0

CYBERSECURITY FRAMEWORK - REGULATIONS Regulations Landscape Jurisdictions adopt different approaches United States Industry-specific requirements European Union Broader data protection coverage General use of frameworks: COBIT, PCI-DSS, ISO 27001/2, HIPAA, HITECH, SOX, HITRUST, COSO (Governance), Privacy, SSAE16, NIST, Cybersecurity Controls (CsC) 9

CYBERSECURITY BEST PRACTICES Electronic Home Over tolerance with mobile/online Review installation and lock down Data Security Proactive Privacy Risk New OPT-IN adoption, text, app, email Remove unused apps, programs Destroy what you can Shred paper records and equipment Use wipe computers and storage devices 10 Plan Ahead Take steps to reduce vulnerabilities Store only what you need to Develop contingency plans for a security breach

WHAT CAN YOU DO? Think before you click Monitor transactions Credit card data backed up User training and awareness Keep software updated Have backups Utilize frameworks Audit and review processes Develop an Incident Response 11

12 QUESTIONS?

THANK YOU FOR ATTENDING THIS WEBINAR LEARN MORE @ WWW.ISACA.ORG/WEBINARS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback