Larry Clinton President & CEO (703)

Similar documents
Larry Clinton President & CEO (703)

Larry Clinton President & CEO Internet Security Alliance

How to Assess the Financial Impact of Cyber Risk

LARRY CLINTON PRESIDENT & CEO INTERNET SECURITY ALLIANCE office (703) cell (202)

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cybersecurity and the Board of Directors

THE POWER OF TECH-SAVVY BOARDS:

Section One of the Order: The Cybersecurity of Federal Networks.

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Cyber Crime Seminar 8 December 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Bringing Cybersecurity to the Boardroom Bret Arsenault

NCSF Foundation Certification

Turning Risk into Advantage

Cyber Resilience. Think18. Felicity March IBM Corporation

CYBER RISK MANAGEMENT

NERC Staff Organization Chart Budget 2019

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Cybersecurity and Data Protection Developments

RISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

ECCouncil EC-Council Certified CISO (CCISO) Download Full Version :

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

NERC Staff Organization Chart Budget 2018

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

NERC Staff Organization Chart Budget 2019

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program

Cyber Risks in the Boardroom Conference

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Security and Privacy Governance Program Guidelines

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary

The Deloitte-NASCIO Cybersecurity Study Insights from

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Department of Management Services REQUEST FOR INFORMATION

Rethinking Information Security Risk Management CRM002

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

UNB S CYBERSECURITY PROGRAM

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Cybersecurity & Privacy Enhancements

Cybersecurity in Higher Ed

Cybersecurity Best Practices

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Emerging Issues: Cybersecurity. Directors College 2015

NCSF Foundation Certification

Cybersecurity, safety and resilience - Airline perspective

to Enhance Your Cyber Security Needs

Data to Decisions Terminate, Tolerate, Transfer, or Treat

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

CISO as Change Agent: Getting to Yes

Improving Cybersecurity through the use of the Cybersecurity Framework

The Evolving Threat to Corporate Cyber & Data Security

Media Kit. California Cybersecurity Institute

A CFO s Guide to Cyber Security in the Coming Year

SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

U.S. State of Cybercrime

CCISO Blueprint v1. EC-Council

Clarity on Cyber Security. Media conference 29 May 2018

NERC Staff Organization Chart Budget 2017

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

Larry Clinton President Internet Security Alliance

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

DHS Cybersecurity: Services for State and Local Officials. February 2017

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

CYBERSECURITY AND THE BOARD OF DIRECTORS TIPS FOR SECURING SUPPORT FOR YOUR CYBER RISK MANAGEMENT PROGRAM

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

NERC Staff Organization Chart Budget 2017

Computing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

Combating Cyber Risk in the Supply Chain

The Business Value of including Cybersecurity and Vendor Risk in ERM

What It Takes to be a CISO in 2017

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Security Director - VisionFund International

Transcription:

For information about membership opportunities, please contact: Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information about the Internet Security Alliance, please visit www.isalliance.org

The Cybersecurity Story 2

The Cyber Security Story The Problem Urgency Barriers to Resolution The Champion The Resolution 3

Problem 4

In the last minute.. 5,500 records were lost due to cyber crime $4,400 dollars were lost due to cyber crime 832 versions of new malware were created 5

How Good are our defenses? The military s computer networks can be compromised by low to middling skilled attacks. Military systems do not have a sufficiently robust security posture to repel sustained attacks. The development of advanced cyber techniques makes it likely that a determined adversary can acquire a foothold in most DOD systems and be in a position to degrade DOD missions when and if they choose. Pentagon Annual Report Jan 2015. 6

Barriers 7

We don t understand the problem Hackers? Just Credit Cards and PII I m safe or They Don t Care about me Breaches? Firewalls and passwords? Networks? Perimeter Defense---keep the bad guys out If your thinking just IT..

We don t understand the problem 80% of CEOs are very confident but successful compromises up 66% 71% of attacks are on firms w/less than $2 billion who don t have the economies of scope and scale CEOs still prioritize keeping the bad guys out We don t have enough people The solutions are making the problem worse 9

Additional Barriers The system is inherently weak Our laws and systems were not designed for the digital age We can t secure ourselves (interconnection) We don t want to pay for security All the economic incentives favor the attacker We are not cyber structured 10

Urgency 11

Things are going to get worse much worse The system is getting even weaker The attackers are getting much better The real crazies could become a real threat 12

Champion 13

Government 14

Kremlinology

Trumpology Steven Bannon Lt. Gen. H.R. McMaster National Security Advisor Donald McGahn General Counsel General Keith Kellogg National Security Council Mike Pence Vice President Tom Bossert Homeland Security Advisor Gen. James Mattis Sec of Dep. of Defense Gen. John Kelly (USMC Ret.) Sec of Dep. of Homeland Security Josh Steinman President Donald Trump Karen Evans Governor Rick Perry Sec. of Dep. of Energy Rudy Guiliani Former Mayor of NYC Adm. Mike Rogers Director of National Intelligence

ISA s Cybersecurity Social Contract Copies of ISA s Cybersecurity Social Contract can be obtained online at Amazon.com. 17

ISA/NACD Cyber-Risk Oversight Handbook Copies of the ISA/NACD Cyber-Risk Oversight Handbook can be obtained at: http://www.isalliance.org/ cyber-risk-handbook 18

5 NACD Principles Cyber Security is not an IT issue You must understand your unique legal responsibilities You need to have access to adequate cyber security expertise Management must have a cyber security framework (a plan) You must systematically analyze your cyber risks (what to you accept, eliminate, mitigate, transfer?) 19

50 Questions Every CFO Should Ask It is not enough for the information technology workforce to understand the importance of cyber security; leaders at all levels of government and industry need to be able to make business and investment decisions based on knowledge of risks and potential impacts. President s Cyberspace Policy Review. ISA-ANSI Project on Financial Risk Management of Cyber Events: 50 Questions Every CFO Should Ask ----including what they ought to be asking their General Counsel and outside counsel. Also, HR, Bus Ops, Public and Investor Communications & Compliance.

Financial Management of Cyber Risk

ANSI-ISA Program Outlines an enterprise-wide process to attack cyber security broadly and economically CFO strategies HR strategies Legal/compliance strategies Operations/technology strategies Communications strategies Risk Management/insurance strategies

Appendices/Tools for the Board of Directors Questions to ask Management Supply Chain Risk (Vendor Management) Metrics M&A Risks What to Expect from Government Sample Dashboard Building a Relationship with the CISO Insider Threats 23

Corporate Boards are getting involved Guidelines from the NACD advise that Boards should view cyber-risks from an enterprise- wide standpoint and understand the potential legal impacts. They should discuss cybersecurity risks and preparedness with management, and consider cyber threats in the context of the organization s overall tolerance for risk. -- PWC 2016 Global Information Security Survey 24

Boards are taking action Boards appear to be listening to this advice. This year we saw a double-digit uptick in Board participation in most aspects of information security. Deepening Board involvement has improved cybersecurity practices in numerous ways. As more Boards participate in cybersecurity budget discussions, we saw a 24% boost in security spending. --- PWC 2016 Global Information Security Survey 25

Actual Cyber Security Improvements Notable outcomes cited by survey respondents include identification of key risks, fostering an organizational culture of security and better alignment of cybersecurity with overall risk management and business goals. Perhaps more than anything, Board participation opened the lines of communication between the cybersecurity function and top executives and directors -- PWC 2016 Global Information Security Survey 26

AICPA Re-thinking the cyber security audit process 1. These proposed engagements are assessments, not audits. 2. Measuring cyber assessments should use a maturity model. 3. Cybersecurity is not all about IT. 4. Assessment tools need to focus primarily on techniques with proven effectiveness and cost effectiveness. 5. The assessment tool needs to be a voluntary model really voluntary. 6. We need to assure there will be adequate Talent Availability to perform the assessments. 27

Resolution 28

All We Need to Do is Understand the problem better Alter the fundamentals of digital economics Modernize our laws and law enforcement efforts Develop a Cyber aware work force Change our corporate structures and evaluation methods Engage our government partners in a joint effort against the bad guys 29

Champion 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback