Cyber security and awareness for non-financial services. 24/25 May 2017

Similar documents
The GDPR Are you ready?

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

How to avoid storms in the cloud. The Australian experience and global trends

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

Cyber Security. It s not just about technology. May 2017

Clarity on Cyber Security. Media conference 29 May 2018

IT Attestation in the Cloud Era

Physical security advisory services Securing your organisation s future

Cyber Security is it a boardroom issue?

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

GDPR: A QUICK OVERVIEW

A new approach to Cyber Security

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands

Best Practices in Securing a Multicloud World

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

IT Audit Auditing IT General Controls

Ahead of the next curve

Emerging Technologies The risks they pose to your organisations

Cloud Governance. ISACA Information Security & Risk Conference Halifax NS

CYBER INSURANCE: MANAGING THE RISK

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities

Cyber Crime Seminar 8 December 2015

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

HIPAA Privacy, Security and Breach Notification

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Trough a cyber security lens

Cybersecurity Protecting your crown jewels

Building a Resilient Security Posture for Effective Breach Prevention

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Auditing IT General Controls

Cyber Risk for Maritime

Run the business. Not the risks.

Modern Database Architectures Demand Modern Data Security Measures

SOC for cybersecurity

Data Management and Security in the GDPR Era

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

Cyber Risk Having better conversations on cyber

Strengthening your fraud and cyber-crime protection controls. March 2017

EU General Data Protection Regulation (GDPR) Achieving compliance

Risk Advisory Academy Training Brochure

Managing SaaS risks for cloud customers

Turning Risk into Advantage

Building the trust to succeed in digital business

EY s data privacy service offering

Addressing the elephant in the operating room: a look at medical device security programs

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

MITIGATE CYBER ATTACK RISK

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Public vs private cloud for regulated entities

GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov.

Survey - Governance, Risk and Compliance

Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Moving from Prevention to Detection March 2017

Choosing the Right Security Assessment

Moving Workloads to the Public Cloud? Don t Forget About Security.

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.ca

Security Readiness Assessment

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

How to Prepare a Response to Cyber Attack for a Multinational Company.

An ICS Whitepaper Choosing the Right Security Assessment

Why you should adopt the NIST Cybersecurity Framework

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

GDPR: The Day After. Pierre-Luc REFALO

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

What Directors and C-Suite professionals need to know kpmg.ca/insuranceconference2017

Big data privacy in Australia

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

Fabrizio Patriarca. Come creare valore dalla GDPR

What is ISO ISMS? Business Beam

IT Security: Managing a New Reality

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cyber Threat Landscape April 2013

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Cybersecurity Considerations for GDPR

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

Address C-level Cybersecurity issues to enable and secure Digital transformation

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

GDPR compliance: some basics & practical to do list

GDPR Update and ENISA guidelines

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Compliance Audit Readiness. Bob Kral Tenable Network Security

Security by Default: Enabling Transformation Through Cyber Resilience

Securing Your Most Sensitive Data

Data Sheet The PCI DSS

What It Takes to be a CISO in 2017

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Data Loss Prevention:

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Technology and cyber risk management Protect and enable the business with a holistic risk and governance framework

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Transcription:

Cyber security and awareness for non-financial services 24/25 May 2017

Agenda Robert Kirkby (Jsy) / Linda Johnson (Gsy): Introduction Sion Lloyd-Jones: Cyber Security The need for a cunning plan Teijo Peltoniemi: Have a safe journey to cloud Arthur Mainja (Jsy) / Matej Jurkic (Gsy): KPMG Cyber CAT Robert Kirkby (Jsy) / Linda Johnson (Gsy): Q&A 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 2

Cyber Security Direction of travel and the need for a cunning plan Sion Lloyd-Jones (Manchester)

Data and Wisdom 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 4 Document Classification: KPMG Confidential

The Challenge

A time of Uncertainty This is no time for complacency The threat is increasing in scale and complexity. It is also increasing at such pace that we must run simply to stand still (Rt Hon Matthew Hancock MP Minister for the Cabinet Office and Paymaster General, 2016) All business sizes and sectors are risk! 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 6 Document Classification: KPMG Confidential

Current Trends 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 7 Document Classification: KPMG Confidential

Business Impact Financial loss Share price Reputational damage Loss of investor, organisational and customer confidence CEO exposure Regulatory scrutiny Competitive advantage Missed business opportunities Significant disruption Management focus diverted Expensive transformation programme 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 8 Document Classification: KPMG Confidential

How to respond?

The Basics UNDERSTAND YOUR ASSETS MANAGE THE RISK UNDERSTAND THE THREAT! 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 10 Document Classification: KPMG Confidential

Good Practice PEOPLE Confidentiality THREATS PROCESS Integrity Availability CYBER RISK CROWN JEWELS TECHNOLOGY 1. Acknowledge critical assets VULNERABILITIES 2. Understand the risk exposure 3. Design Controls 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 11 Document Classification: KPMG Confidential

Leadership Approach

The Benefits Compliance Reduced Risk Increased Security Organisational confidence Discovery and understanding (ID efficiencies) Differentiate to the customer Improve trust Audit posture Commercial advantage versus slow adopters Developed organisational culture (eg H&S) 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 13 Document Classification: KPMG Confidential

What is your posture? 2016 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ),a a Swiss entity. All rights reserved. 14 Document Classification: KPMG Confidential

Key Questions Ask yourself: Have we assessed the Cyber Security threats to our business? How well are our controls operating to protect assets against those threats? What are our gaps? Where are we most exposed and vulnerable? 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 15 Document Classification: KPMG Confidential

Key Questions Ask management: What is our Cyber Security Strategy? Do we understand who is responsible for protecting the business and who around this table is ultimately accountable? Do we have sufficient skills and knowledge regarding Cyber Security to help us make informed decisions? 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 16 Document Classification: KPMG Confidential

Client Issues 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 17 Document Classification: KPMG Confidential

GDPR / Privacy

Key GDPR changes Breach Notification Data Protection Officer Increased Fines Individual s Rights Explicit Consent 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 19 Document Classification: KPMG Confidential

Thank You sion.lloyd-jones@kpmg.co.uk

Have a safe journey to cloud Teijo Peltoniemi KPMG Channel Islands Limited

Agenda Cloud: background Risks in cloud Leading practices 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 22

What is cloud? There is no cloud! It s just someone else s computer 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 23

Why cloud? Innovation 2000 2017 Lights on 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 24

What is cloud? Level of control/responsibility for Company and CSP across different service models On Premise Hosted Service Public IaaS Public PaaS Public SaaS Data Data Data Data Data App App App App App VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Company has control Company shares control Service provider has control 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 25

Example Warehouses Suppliers Private/dedicated Point of sale Enterprise Resource Planning Customer Data IDM Public cloud Web commerce Bricks & mortar Customers 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 26

A business challenge All in on cloud How do I integrate cloud platform with other tools and processes? Business CIO My data center is disappearing how to secure what s not in our data center? Where do I start? How do I achieve and demonstrate regulatory compliance on cloud platform? How do I build and operate securely on cloud platform, in a way that enables innovation and lower time to market? How do I audit the security controls on cloud platform? How do I operate and deliver securely on cloud platform and what should be my minimum security baseline for my workload? CISO/ Internal audit & legal GDPR..? 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 27

Leading practices to implementing a secure cloud API-based security Incident response Identity and access management Data-centric security Secured perimeter that spans the entire stack Integrated security monitoring and operations 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 28

Three takeaways 1 Cloud is used because of cost-efficiency and flexibility 2 It is a myth it s less secure 3 But you cannot outsource the responsibility for security 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 29

KPMG Cyber CAT Self-assessment of cyber risk exposure Arthur Mainja and Matej Jurkic KPMG Channel Islands Limited

Overview Mobile app for self-assessment of cyber security posture Based on leading industry practices and standards Work in an offline mode Assessment is questionnaire based Focuses on two key dimensions: Cyber risk exposure Cyber security preparedness Quantitative view of current cyber exposure Provides recommendations to strengthen cyber security posture 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 31

Assessment - Cyber Exposure Index (CEI) 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 32

Assessment - Cyber Preparedness Index (CPI) 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 33

Reporting - Executive dashboard 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 34

Accessing the app Google Play>Search KPMG Cyber CAT >Install App Store>Search KPMG Cyber CAT >Install 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 35

Q&A

Thank you

kpmg.com The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2017 KPMG Channel Islands Limited, a Jersey company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback