Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

Similar documents
Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Ahead of the next curve

Cyber security and awareness for non-financial services. 24/25 May 2017

Cyber Security. It s not just about technology. May 2017

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

IT Audit Auditing IT General Controls

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Defensible Security DefSec 101

The GDPR Are you ready?

What Directors and C-Suite professionals need to know kpmg.ca/insuranceconference2017

How to avoid storms in the cloud. The Australian experience and global trends

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities

Physical security advisory services Securing your organisation s future

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Cybersecurity Auditing in an Unsecure World

Must Have Items for Your Cybersecurity or IT Budget in 2018

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Changing the Game: An HPR Approach to Cyber CRM007

Survey - Governance, Risk and Compliance

SFC strengthens internet trading regulatory controls

Why you should adopt the NIST Cybersecurity Framework

CYBER INSURANCE: MANAGING THE RISK

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Designing and Building a Cybersecurity Program

Les joies et les peines de la transformation numérique

Sage Data Security Services Directory

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.ca

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Vulnerability Assessments and Penetration Testing

Cyber Security Incident Response Fighting Fire with Fire

Strengthening your fraud and cyber-crime protection controls. March 2017

Safeguarding unclassified controlled technical information (UCTI)

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

FDIC InTREx What Documentation Are You Expected to Have?

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

The Impact of Cybersecurity, Data Privacy and Social Media

Jeff Wilbur VP Marketing Iconix

Cyber Risks in the Boardroom Conference

CISO as Change Agent: Getting to Yes

CYBERSECURITY RESILIENCE

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Building a Resilient Security Posture for Effective Breach Prevention

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties

Turning Risk into Advantage

CyberSecurity: Top 20 Controls

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cyber Resilience - Protecting your Business 1

A new approach to Cyber Security

Healthcare HIPAA and Cybersecurity Update

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Auditing IT General Controls

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Are we breached? Deloitte's Cyber Threat Hunting

Cyber Hygiene: A Baseline Set of Practices

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

HIPAA Privacy, Security and Breach Notification

Automating the Top 20 CIS Critical Security Controls

Introducing Cyber Observer

K12 Cybersecurity Roadmap

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

External Supplier Control Obligations. Cyber Security

Navigate IT Security with a Framework as Your Guide

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Information Security Risk Strategies. By

Vulnerability Management. If you only budget for one project this year...

What It Takes to be a CISO in 2017

Overview of the. Computer Security Incident Response Plan. Process Resource Center

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cybersecurity Today Avoid Becoming a News Headline

Addressing the elephant in the operating room: a look at medical device security programs

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Cybersecurity and the role of internal audit An urgent call to action

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016

CYBERSECURITY MATURITY ASSESSMENT

Subject: University Information Technology Resource Security Policy: OUTDATED

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Post-Secondary Institution Data-Security Overview and Requirements

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Transcription:

Security Hygiene Be in a defensible position. Be cyber resilient. November 8 th, 2017

Agenda Getting defensive How will we do it? Basic hygiene stuff Getting started Questions

Introductions Over 20 years Cybersecurity experience Vice-President, ISACA Victoria Chapter Guy Rosario Manager, KPMG Office: (250) 480-3608 grosario@kpmg.ca Manager, IT Advisory and Cyber Security Local cyber security SME (TV, Radio, public courses, etc.) a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 3

Getting defensive We re going to talk about getting here Why are we going to do it? Often the basics aren t done Here s some examples: Network Social Engineering, etc. a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 4

How will we do it? Finding and maintaining a Cyber defensible position Link the three most frequently asked questions on Cyber security to an organization s maturity for preventing, detecting & reacting to Cyber security incidents Questions Impact Phase 1.Where are we regarding cyber security Identify business specific cyber risks & threats Identify compliance requirements (legal & regulatory) Identify crown jewel data Assessment Defensible position status None Typical action Basic hygiene and compliance Cyber maturity assessment / cyber security review Red teaming+ Proactive breach compromise assessment 2.Where do we want to be regarding cyber security? Complete a business impact assessment Complete a gap assessment GAP analysis & facilitated discussion Defined Facilitated discussion to consciously accept or remediate risks 3.How do we get there? Sign off budget Decide on metrics to track progress (KPIs) Cyber security strategy & transformation program Plan created Cyber security strategy & transformation plan Execute & verify progress (ongoing) Achieved Delivery of a risk based security programs & ongoing assessments a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 5

Basic hygiene stuff... Cybersecurity is recognized by the executives? InfoSec roles are identified and assigned? Critical Systems and Data are identified? Risks appetite and Risk register is regularly reviewed? Security assessments are done on a regular basis for new and existing systems? a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 6

Basic hygiene stuff (cont d) What if I told you, the first part is done. You just need to get it in writing from the Executives? Don t have the docs?.. No worries Don t know how to actually do it?.. We have it covered. Don t have the time for it?.. It can be initially built in a day Automated in a week! a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 7

Basic hygiene stuff (cont d) Windows SCCM PowerShell Python (for Windows 10) Linux Bash Python a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 8

Basic hygiene stuff (cont d) Windows SCCM PowerShell Python (for Windows 10) Linux Bash Python a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 9

Getting started There are best practices and policies from: The Canadian Government CERT CIS(SANS) Top 20 ISACA ISO NIST SANS a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 10

Getting started (cont d) Readily configured: IDS/IPS ADHD and BRO Asset and Inventory Management PowerShell, CMD.EXE, Python, BASH, etc. Vulnerability Scanners OpenVAS and NMAP Logging and Monitoring Systems Backup and Recovery Systems Readily downloadable: Policy templates Best Practices and Standards a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 11

Questions? a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 12

Thank you KPMG s Cyber Team works with organizations to prevent, detect and respond to cyber threats. We can help your organization be cyber resilient in the face of challenging conditions. Contact us Guy Rosario Manager, Cyber Security T: 250 589 2538 E: grosario@kpmg.ca 2017 KPMG LLP, a Canadian limited 2017 KPMG liability LLP, partnership a Canadian and limited a member liability firm partnership of the KPMG and network a member of independent firm of the member KPMG network firms affiliated of independent with KPMG member International firms affiliated Cooperative with KPMG ( KPMG International International ), Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 13 KPMG name and logo are registered trademarks or trademarks of KPMG International.

Detail Heading Detail Heading Detail Heading Detail Heading kpmg.ca/cyber 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPM G International Cooperative ( KPM G International ), a S wiss entity. All rights reserved. The KPM G name and logo are registered trademarks or trademarks of KPM G International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback