Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD)

Similar documents
Why you should adopt the NIST Cybersecurity Framework

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

MITIGATE CYBER ATTACK RISK

What It Takes to be a CISO in 2017

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Background FAST FACTS

THE POWER OF TECH-SAVVY BOARDS:

Incident Response and Cybersecurity: A View from the Boardroom

TSC Business Continuity & Disaster Recovery Session

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

People risk. Capital risk. Technology risk

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Securing Digital Transformation

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Cybersecurity in Higher Ed

John Snare Chair Standards Australia Committee IT/12/4

HP Fortify Software Security Center

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Building a Resilient Security Posture for Effective Breach Prevention

Cybersecurity Risk Management:

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Cyber Semantic Landscape Ontology and Taxonomy

ACF Interoperability Human Services 2.0 Overview. August 2011 David Jenkins Administration for Children and Families

NISTCSF Enterprise Training Solutions. By David Nichols & Rick Lemieux December 2018

Securing Your Digital Transformation

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Defensible and Beyond

Angela McKay Director, Government Security Policy and Strategy Microsoft

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Background FAST FACTS

Cyber Partnership Blueprint: An Outline

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

NCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Copyright 2016 EMC Corporation. All rights reserved.

How will cyber risk management affect tomorrow's business?

SOC 3 for Security and Availability

Survey Report Industry Survey. Data Governance, Technology & Analytics Trends Q1 2014

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Cyber Risks in the Boardroom Conference

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

INTELLIGENCE DRIVEN GRC FOR SECURITY

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Moving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Service Provider Consulting

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Kent Landfield, Director Standards and Technology Policy

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

WHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

LEADING WITH GRC. Common Controls Framework. Sundar Venkat, Sr. Director Technology Compliance Salesforce

Services for Smart Solutions: Delivering Innovations & Efficiency Surendran Vangadasalam

CCISO Blueprint v1. EC-Council

NCSF Foundation Certification

locuz.com SOC Services

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Improving Cybersecurity through the use of the Cybersecurity Framework

10 Cloud Myths Demystified

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Incident Response Services

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

State of South Carolina Interim Security Assessment

DeMystifying Data Breaches and Information Security Compliance

Higher Education in Texas: Serving Texas Through Transformational Education, Research, Discovery & Impact

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Convergence of BCM and Information Security at Direct Energy

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

New Zealand Government IBM Infrastructure as a Service

Maximising Energy Efficiency and Validating Decisions with Romonet s Analytics Platform. About Global Switch. Global Switch Sydney East

Accelerate Your Enterprise Private Cloud Initiative

How to Establish Security & Privacy Due Diligence in the Cloud

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Rethinking Information Security Risk Management CRM002

Introduction to AWS GoldBase

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Cybersecurity Protecting your crown jewels

M365 Powered Device Proof of Concept

Reinvent Your 2013 Security Management Strategy

Cognizant Cloud Security Solution

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

1. You should attempt all 40 questions. Each question is worth one mark.

Data Management and Security in the GDPR Era

Aviation & Airspace Solutions MODERNIZING SYSTEMS TRANSFORMING OPERATIONS DELIVERING PERFORMANCE

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Transcription:

Randall Sandone, CCISO Executive Director Critical Infrastructure Resilience Institute rsandone@illinois.edu Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD)

Market Needs Target Customers: Got cyber? Market Needs: Better assessment and management of risk (cyber) Cyber Financial Legal

Market Needs Cyber Risk: How do we achieve all of organization cyber security culture? How do we leverage that culture to reduce our financial/legal risk? How do we establish and maintain cyber security as a process? Financial Risk: What is the financial risk of the most likely breach? How likely is such a breach? How much financial risk should we transfer (insurance)? Legal Risk: What is our exposure to third-party liability claims? Will my insurance cover my losses?

Market Needs Cyber Risk: How do we achieve all of organization cyber security culture? How do we leverage that culture to reduce our financial/legal risk? How do we establish and maintain cyber security as a process? Financial Risk: What is the financial risk of the most likely breach? How likely is such a breach? How much financial risk should we transfer (insurance)? Legal Risk: What is our exposure to third-party liability claims? Will my insurance cover my losses?

Cyber Risk Solution: Design, develop, deploy a toolset: Operationalizes a sound, standardized cyber risk management process Intuitive, affordable, accessible tools to help manage that process Harmonization of activities Centralization of information, references, artifacts Unified communications framework for internal and external stakeholders Supports multiple cybersecurity requirements and standards DFARS/800-171 CSF Core Manufacturing Profile Other NIST Profiles Other standards (ISO, HIPAA, etc.)

Approach Cyber Secure Dashboard Collaborate to build and deploy a cloud-based SaaS* Learn-by-doing design Address market need: Facilitate implementation of a sound, standardized cyber risk management process Intuitive, affordable, accessible tool to help manage that process * Hosted at cybersecuredashboard.com and available for in-house deployment via Docker

Key Features: Cyber Secure Dashboard Operationalize Standards Map requirements to controls Collaboration Centralizes and harmonizes efforts for internal & external stakeholders (e.g., Supply Chain) Provides centralized repository for all compliance artifacts Provides access for easy third-party validation Resources Best practices Policy templates Links to external resources (incl. educational tools), etc. Plan of Action and Milestones (POAM) Scope and prioritize activities and investments in cyber security Serves as foundation for long-term maintenance and improvement of cyber security culture

Benefits Competitive/alternative approaches: Status quo: ad hoc and reactive approach to cyber risk management Spreadsheet-based checklists Outsource to cybersecurity services provider Dashboard differentiators: Holistic, all-in-one platform: assessment, implementation, training, project management Facilitates communication and fosters common understanding Facilitates growth of fluency, cyber maturity, all of company approach

Transition Activities: Business consulting engagement Illinois Business Consulting Additional technical enhancements Identification of industry partners Implement novel sales & distribution models Access at https://cybersecuredashboard.com

Market Needs Cyber Risk: How do we achieve all of organization cyber security culture? How do we leverage that culture to reduce our financial/legal risk? How do we establish and maintain cyber security as a process? Financial Risk: What is the financial risk of the most likely breach? How likely is such a breach? How much financial risk should we transfer (insurance)? Legal Risk: What is our exposure to third-party liability claims? Will my insurance cover my losses?

Financial Risk Solution: Target Customers: businesses; insurance companies SaaS that helps firms identify financial risks and predict future risks based on empirical and event analysis of: Historical and real-time cyber incident databases Historical and real-time financial and capital losses

Approach - CIPAR Use cyber incident data + predictive models to perform cyber risk assessment; forecast future cyber risk based on information provided by the user. Identifying major trends in cyber risk helps prioritize risk management tasks Estimating the frequency and severity of cyber incidents provides insights Better management of insurance portfolios Access CIPAR at https://ciri-cyber.shinyapps.io/web_app

Estimating Cyber Loss CIPAR provides risk assessment information in detail for sophisticated users. For example, the figure on the left shows the distribution of incident frequency and the probability corresponding to each number of incidents. The probability of no incident is 0.104, the probability of one incident is 0.162 The figure on the right shows the distributions of losses resulting from various types of incidents.

Estimating Cyber Loss (Cont d) CIPAR forecasts the incident frequency and severity in a future year, say 2019, and provides intuitive summary statistics. E.g., CIPAR provides an estimation that in 2019, a large financial institution has a 79.27% probability of suffering a loss from cyber incidents, and there is a 5% probability that the loss will exceed $148.79 million.

Distinguishing Risks CIPAR makes it easier for insurers to compare the cyber risk of different companies. A large financial institution with more than 500 employees A small financial institution with fewer than 10 employees

Transition Activities: Further data collection to refine use cases Live updates Optimize policy design Insurance policy recommendation engine Engagement with potential business partners

Market Needs Cyber Risk: How do we achieve all of organization cyber security culture? How do we leverage that culture to reduce our financial/legal risk? How do we establish and maintain cyber security as a process? Financial Risk: What is the financial risk of the most likely breach? How likely is such a breach? How much financial risk should we transfer (insurance)? Legal Risk: What is our exposure to third-party liability claims? Will my insurance cover my losses?

Legal Risk Solution: Affordable, accessible SaaS that allows businesses to identify legal risks and legal outcomes based on: Historical court rulings on all cyber-relevant insurance litigations at state and federal level Our analyses and interpretations of these litigations

Approach - CLAD Build an extensive legal repository of cyber insurance lawsuits Analyze these lawsuits and study all the court filings by the parties and the rulings by the court Code these lawsuits across a large number of relevant variables (e.g., parties, issues raised, duration, outcomes across issues, etc ) Check out CLAD at: https://ciri-cyber.shinyapps.io/clad/

Benefits Fills a gap no other current database addresses cyber insurance litigation Provides SMEs with detailed and accurate information to: Inform insurance policy design Prepare for litigation Inform enhancements to internal company processes Long term: more mature cyber insurance market Better policies Less uncertainties More affordable premiums

Transition Activities: Validate market and value proposition Examine go-to-market strategies Explore appropriate business model Engagement with potential business partners

Exemplar Project: Integrating Tech Transition & Workforce Development

Technology Transition Research & Development National Impact Education & Workforce Development

Nationwide Impact: Training- Augmented Cybersecure Dashboard Training Curriculum & Content Dashboard used as training tool Community Colleges & SBDCs SLTT Governments Business Enterprises

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback