Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Similar documents
Cyber Threat Landscape April 2013

Cybersecurity Auditing in an Unsecure World

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Altitude Software. Data Protection Heading 2018

Angela McKay Director, Government Security Policy and Strategy Microsoft

A company built on security

RISING CYBER SECURITY CAPABILITY WITH A UNIQUE NETWORK OF TRUSTED PARTNERS. Jan De Blauwe Chairman Cyber Security Coalition Belgium

Cybersecurity Session IIA Conference 2018

European Union Agency for Network and Information Security

CCISO Blueprint v1. EC-Council

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Address C-level Cybersecurity issues to enable and secure Digital transformation

Israel and ICS Cyber Security

Jeff Wilbur VP Marketing Iconix

Cyber Risks in the Boardroom Conference

Cyber Security in Smart Commercial Buildings 2017 to 2021

ISE Canada Executive Forum and Awards

Everyday Security: Simple Solutions to Complex Security Problems

Twilio cloud communications SECURITY

ENISA EU Threat Landscape

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Data Management and Security in the GDPR Era

Cybersecurity. Securely enabling transformation and change

What It Takes to be a CISO in 2017

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

The NIS Directive and Cybersecurity in

Turning Risk into Advantage

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Cyber Security Technologies

The UNISDR Private Sector Alliance for Disaster Resilient Societies

2017 RIMS CYBER SURVEY

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

to Enhance Your Cyber Security Needs

Securing Your Digital Transformation

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Cyber Security Incident Response Fighting Fire with Fire

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

NERC Staff Organization Chart Budget 2019

Certified Information Systems Auditor (CISA)

2016 Data Protection & Breach Readiness Webinar Will Start Shortly. please download the guide at

DIGITAL TRUST Making digital work by making digital secure

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

NERC Staff Organization Chart Budget 2019

The Impact of Cybersecurity, Data Privacy and Social Media

Cybersecurity The Evolving Landscape

Archiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention

IT risks and controls

Securing Your Most Sensitive Data

Canada Life Cyber Security Statement 2018

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

STRATEGIC PLAN

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Cybersecurity, Trade, and Economic Development

Cyber Attack: Is Your Business at Risk?

Combating Cyber Risk in the Supply Chain

EU General Data Protection Regulation (GDPR) Achieving compliance

Reducing Cybersecurity Costs & Risk through Automation Technologies

Protecting your data. EY s approach to data privacy and information security

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Risk Advisory Academy Training Brochure

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

The Role of the Data Protection Officer

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

How To Build or Buy An Integrated Security Stack

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

AUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03

Position Title: IT Security Specialist

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Proposition to participate in the International non-for-profit Industry Association: Energy Efficient Buildings

Building a Resilient Security Posture for Effective Breach Prevention

Securing a Dynamic Infrastructure. IT Virtualization new challenges

Nine Steps to Smart Security for Small Businesses

Changing the Game: An HPR Approach to Cyber CRM007

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Security and resilience in Information Society: the European approach

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Security and Privacy Governance Program Guidelines

Data Protection and GDPR

Continuous protection to reduce risk and maintain production availability

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Cyber Security. Activities of an national insurance association based on the example of VVO

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Spotlight Report. Information Security. Presented by. Group Partner

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Package of initiatives on Cybersecurity

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Preparing for a Breach October 14, 2016

Avanade s Approach to Client Data Protection

Adaptive & Unified Approach to Risk Management and Compliance via CCF

Clarity on Cyber Security. Media conference 29 May 2018

A Data-Centric Approach to Endpoint Security

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Transcription:

Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016

Dirk Lybaert Chief Group Corporate Affairs

We constantly keep people connected to the world so they can live better and work smarter.

6 billion 1,7 billion 14,000 FTE s Underlying Revenue Underlying EBIDTA 1,53 billion 1 billion Contribution to the Belgian state Investments 5

A full range of Communication & Collaboration platforms Rich and varied content available on all screens Secure sharing with our own Cloud and Security expertise A superior customer experience through all channels: website, contact centers, retail outlets, email and social media Towards the best mobile experience and seamless connectivity 6

Telco IT WAN-LAN Connectivity Network-based Communications Professional Services Datacenter Infrastructure Network-enabled Services Internet of Things Communication & Collaboration Security

Cyber Security has always been a priority for Proximus Offer safe & secure solutions Safe & secure services & Manage risks Protect customer s information & company assets Security portfolio Business continuity Legal & regulatory compliance

September 16 th, 2013

It started 2,5 months earlier when we detected a malware 29 August 2016 Sensitivity: Internal use only 12

In close collaboration with the authorities

2 months 200 people 26,000 systems scanned

One weekend Minutely precision Successful clean-up operation

You have no other choice Strong involvement of top management

You must be prepared

Fast response CSIRT

Steering by top management Cross-functional crisis management team Collaboration with key stakeholders

Communication is key Multiple stakeholders Intensive preparation Timely & transparent Based on known & verified elements Don t enter into speculations (the press will do for you ) Preserve legal investigation

Turning this experience into learnings and real accelerator

A strong response

Hacking & Cyber Hacking attacks & Cyber Compliance & data privacy Political Evolution Supply Chain Disasters Innovation 100 90 80 70 60 50 40 30 20 10 0 Company Culture Competitive Market Dynamics Business Model Evolution Product & Service performance Customer Experience Image & Brand perception Long term Ambitions Vs Short Term Return Partnership & M&A Legal/ Regulatory Macro- Economic factors Employees Skills & Environmental Liability Motivation HR cost & flexibility Equipment & Technology Reviewed by ExCo & Audit Committee

Proximus cyber security program Company transversal approach 46 million investment 2014-2017 Purpose reduce risks on information security detect faster the incidents and provide an effective response Steering by ExCo & regular reporting to Board of Directors

5 pillars 1 2 3 4 Governance IT Telco Cyber Defense 5 Culture

Organization Risk management Strategy Policies Architecture Compliance Security in development lifecycle Security testing Suppliers

Awareness campaigns Education Proximus Cyber Security Convention

Cyber Security Week

Creating awareness among our staff 29 August 2016 Sensitivity: Unrestricted 30

ExCo & Chairman of the Board @ Proximus Cyber Week

Limit entry points Access control for devices & users Patching/updates Limit propagation Segmentation Administrator access Limit risks of theft Encryption And much more

Threat intelligence International collaboration Monitoring 24/7 Incident response & containment Forensic research

Leveraging our internal expertise to help customers CSIRT as a service Response Readiness Monitoring Breach investigation Incident Response Proactive diagnosis

Proximus CEO launches the Cyber Security Coalition

Joining forces Belgium European Telco s Key stakeholders Academic Authorities Enterprises

We are subject to strict regulation European Framework Directive 2009/140/EC -> Belgian Telecom Law (2005) Privacy Act (1992) EU General Data Protection Regulation (2016)

What if your contract would be leaked? Looking from a business risk perspective

Demonstrating our company & top management commitment

If the rate of change on the outside exceeds the rate of change on the inside, the end is near Jack Welch

Security as Enabler for Business Transformation New Way of Working Big Data Internet of Things Enabling Company Sensitivity: Confidential 29 August 2016 43

Security as business objective and enabler for business transformation - 3 drivers Offer safe & secure solutions & Manage risks & Enable business transformation Safe & secure services Protect customer s information & company assets New Way of Working Business continuity Big Data Security portfolio Legal & regulatory compliance Internet of Things Certification Insurance coverage Enabling Company

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback