Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Similar documents
CYBER SECURITY AIR TRANSPORT IT SUMMIT

Why you should adopt the NIST Cybersecurity Framework

THE POWER OF TECH-SAVVY BOARDS:

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

NCSF Foundation Certification

Cyber Risks in the Boardroom Conference

Cybersecurity for Health Care Providers

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

TAN Jenny Partner PwC Singapore

Implementing Executive Order and Presidential Policy Directive 21

Governance Ideas Exchange

Cybersecurity. Securely enabling transformation and change

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Securing Your Digital Transformation

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Cybersecurity, safety and resilience - Airline perspective

Rethinking Information Security Risk Management CRM002

Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

MITIGATE CYBER ATTACK RISK

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Business continuity management and cyber resiliency

2017 Annual Meeting of Members and Board of Directors Meeting

The University of Queensland

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Bringing Cybersecurity to the Boardroom Bret Arsenault

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

External Supplier Control Obligations. Cyber Security

European Union Agency for Network and Information Security

Building a Resilient Security Posture for Effective Breach Prevention

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

SOLUTION BRIEF Virtual CISO

Defensible and Beyond

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

What It Takes to be a CISO in 2017

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

HIPAA Compliance is not a Cybersecurity Strategy

Department of Management Services REQUEST FOR INFORMATION

The NIST Cybersecurity Framework

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

NCSF Foundation Certification

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cybersecurity in Higher Ed

Larry Clinton President & CEO (703)

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

Cybersecurity Risk Management:

GUIDANCE NOTE ON CYBERSECURITY

align security instill confidence

Cybersecurity Auditing in an Unsecure World

CYBER RESILIENCE & INCIDENT RESPONSE

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Sage Data Security Services Directory

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

Cybersecurity The Evolving Landscape

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Securing Digital Transformation

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

The NIS Directive and Cybersecurity in

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

MANAGING CYBER RISK: THE HUMAN ELEMENTS OF CYBERSECURITY

The Business Value of including Cybersecurity and Vendor Risk in ERM

INTELLIGENCE DRIVEN GRC FOR SECURITY

CYBER INSURANCE: MANAGING THE RISK

Framework for Improving Critical Infrastructure Cybersecurity

HOSTED SECURITY SERVICES

How To Build or Buy An Integrated Security Stack

to Enhance Your Cyber Security Needs

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Background FAST FACTS

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Overview of the Cybersecurity Framework

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

CISM Certified Information Security Manager

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Security in India: Enabling a New Connected Era

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

ENISA EU Threat Landscape

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

Transcription:

Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented By Ingrid Fredeen, J.D. VP and Senior Product Manager, NAVEXEngage NAVEX Global Pamela Passman President and CEO CREATe Compliance Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 1

Agenda The rise of cyber risks: The threat landscape Elements of an effective enterprise-wide cyber security program: Address people, process and technology Addressing insider threats: Mitigating risks from employees, contractors and third parties Emerging trends: Assessing enterprise cyber security; training your workforce Cyber Compliance Training and Measurable Impact Q&A Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 2

CREATe Overview The Center for Responsible Enterprise and Trade (CREATe.org), and its wholly-owned subsidiary, CREATe Compliance Inc: two entities with a mission to promote leading practices to protect IP and trade secrets, advance cyber security and prevent corruption. Works with leading experts and organizations to develop best practice approaches, resources and tools Focus: to effectively address corruption prevention, cyber security, trade secret and IP protection Enabling enterprises to assess, build and strengthen programs via CREATe Leading Practices services: CREATe Leading Practices for Cybersecurity CREATe Leading Practices for Anti-Corruption CREATe Leading Practices for Intellectual Property Protection CREATe Leading Practices for Trade Secret Protection Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 3

Cyber Security: The Threat Landscape Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 4

Who at your organization is the primary owner of cyber risk? o IT o Human Resources o Ethics and Compliance o Legal Department o CRO/Enterprise Risk Management Owner o Multiple Groups Own It o No One Really Owns It o Other Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 5

Cyber Breaches are Multiplying Employees remain the most cited source of compromise Data breaches in 2016 exposed everything from social security numbers to user account log-in names and passwords. Attacks known as phishing, in which an employee is tricked into clicking an e-mailed link to give hackers access to a corporate network, accounted for about 56 percent of all breaches last year, according to the center. That s up from 38 percent in 2015. Current Employees: 34% Former Employees: 29% Incidents attributed to business partners climbed to 22% (from 18%) --PwC 2016 State of Information Security Survey --Identity Theft Resource Center Data Breach Report (2016) Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 6

Cyber Risk Threat Actors Source: CREATe.org PwC Report: Economic Impact of Trade Secret Theft: A framework for companies to safeguard trade secrets and mitigate potential thefts, February 2014 Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 7

Contractual Requirements are on the Rise Government contracts now regularly require: Particular cyber security controls Compliance with particular standards Risk assessment and risk management Reporting and remediation of breaches Commercial contract requirements are also on the increase: financial services, healthcare, defense, ICT, etc. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 8

Managing Cyber Risks AN ENTERPRISE-WISE APPROACH TO CYBER SECURITY Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 9

Cyber Security: Increasingly Complex Mobile Workforce Digital Information Global Organizations & Networks Key Takeaway: Need for Increased Cyber Security Protections Ransomware, New Attack Tactics Risks from Internet of Things (IoT) Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 10

How Companies Address Cyber Security Enterprise Risk Management Managing potential financial, operational and reputational risks Regulatory - Compliance Meeting rising regulatory and compliance requirements Information Technology Defending the perimeter; bolstering technical defenses Trend: Momentum for the NIST Cyber Security Framework Voluntary, riskmanagement approach; way to measure and assess gaps Increasingly a reference for contracts and compliance Cross-references leading standards and guidelines Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 11

The NIST Cybersecurity Framework By 2020, more than 50% of organizations will use the NIST Cybersecurity Framework, up from 30% in 2015. Gartner: Best Practices in Implementing the NIST Cybersecurity Framework, January, 21, 2016 The Framework creates a common language for the discussion of cybersecurity issues that can facilitate internal and external collaboration. Organizations that adopt the Framework at the highest possible risk-tolerance level may be better positioned to comply with future cybersecurity and privacy regulations. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 12

Bringing Consistency to Cyber Security Efforts OVERVIEW OF NIST CYBER SECURITY FRAMEWORK Strengths Common framework Shared terminology Target profiles Challenges to Users Defining scope of assessment Calibration of results benchmarking maturity Methods of verification Operationalizing results Scalability to use with third parties Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 13

Training Your Employees and Other Insiders Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 14

Which statement best describes your organization s approach to cyber security training? o We train on both information security and personal behavior related to reducing cyber risks o Our training focuses on information security practices only o We don t currently provide cyber security training in our organization o I don t know o Other Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 15

How often is your organization training employees on cyber security? [Select All That Apply] o During onboarding o Once a year o Multiple times a year o I don t know o Other [Please Chat] Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 16

Not All Training is Created Equal If you want to: Drive a culture of cyber-awareness, understanding and security best practices Inspire ethical employee behavior and reduce cynicism Protect and defend against carelessness, malicious activity, and poor practices Your training must be engaging and focus on the employee behaviors that can change your risk profile Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 17

Cyber Security Training Tools Will Help Accelerate Culture Shift CYBER SECURITY: PROTECT AND PREVENT & MANAGE AND LEAD Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 18

Cyber Security Expertise We start with a focus on the human component of cyber risk & most pressing risk areas We create engaging content in close collaboration with leading industry experts We make the content relevant and engaging with professional actors and scriptwriters We produce unique and compelling video scenarios and interactivities Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 19

Cyber Security Expertise We ve created a solution that: Engages your learners Raises awareness Drives behavior changes Helps build a culture of security and resilience Help prevent future mistakes Creates a more cyber-secure environment Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 20

Measuring and Improving Your Cyber Security Approach Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 21

Resource: for Cyber Security Aligns with the NIST Cyber Security Framework An efficient way to assess cybersecurity at headquarters, business units, by location or function or with key third parties Robust reporting capabilities enabling Online Q&A: Measures maturity of systems against the NIST Framework s 98 sub-categories of controls CREATe expert evaluation: Questions to evaluate the program Reviews documents Based on rating: Improvement steps to move to next level Benchmarking report teams to present the state of cybersecurity Rates maturity on a scale from 1 to 5 Generates verified score to stakeholders Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 22

Bringing Consistency to Cyber Security Efforts OVERVIEW OF NIST CYBER SECURITY FRAMEWORK Five Functions; 22 Categories and 98 Subcategories/Outcomes One sentence control Overlap on outcomes Covers People, Process and Technology but not in the manner that reporting is done by leaders in risk management and compliance Does not sufficiently address third party risk management 1 to 4 level of tiers not aligned to specific maturity levels Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 23

CREATe s Approach to Operationalizing the NIST Cybersecurity Framework People & Process Cyber Security Management Systems: Policies, Procedures & Records Cyber Protection Team Risk Third Party Management Training Monitoring Corrective Actions Communication Technology Cyber Security Capability Performance: Vulnerability Management Cyber Resiliency Threat Management Identity & Access Management Event Management Incident Management Configuration Management Perimeter/Network Defense Data Security Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 24

How CREATe Gauges Maturity 1. Comprehensive assessment with answers that map to a 1-5 scale of maturity 2. Independent verification of answers and further examination of evidence of controls and business processes Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 25

Resource: for Cyber Security Aligns with the NIST Cyber Security Framework An efficient way to assess cyber security at headquarters, business units, by location or function or with key third parties Robust reporting capabilities enabling Online Q&A: Measures maturity of systems against the NIST Framework s 98 sub-categories of controls CREATe expert evaluation: Questions to evaluate the program Reviews documents Based on rating: Improvement steps to move to next level Benchmarking report teams to present the state of cyber security Rates maturity on a scale from 1 to 5 Generates verified score to stakeholders Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 26

Resources From NAVEX Global and CREATe.org Report: 2016 Ethics & Compliance Training Benchmark Report Toolkit: Cyber Security Awareness Kit Article: Compliance Role in Mitigating Cyber Mayhem CREATe Resources Free Downloads Available at www.create.org like: Cyber Risk: Navigating the Rising Tide of Cyber Security Regulation CREATe-PwC Report: Economic Impact of Trade Secret Theft: A Framework for Companies to Safeguard Trade Secrets and Mitigate Potential Threats Protecting Intellectual Property through Enterprise Risk Management Addressing Corruption Risk through Enterprise Risk Management (ERM) Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 27

[Optional] I d Like to Speak to NAVEX Global Expert About [Select All That Apply] o Schedule a guided tour of our Cyber Security training course o Discuss our full online training library o Speak to a CREATe Compliance expert about assessing and aligning your cyber security approach to the NIST framework, leading practices for cyber security or leading practices for protecting trade secrets and other confidential information o No thanks Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 28

Questions? Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 29

Thank You Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback