Addressing Cyber Risk Building robust cyber governance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Addressing Cyber Risk Building robust cyber governance"

Transcription

1 Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services

2 The future of security The business environment is changing The IT environment is changing The cyber threat environment is changing Cyber security must be addressed at the most senior levels Cyber security must be business back rather than technology forward Move from protecting the perimeter to protecting data Refresh cyber security strategies to address rapidly evolving business needs and threats If the information security function does not change, the result will be losing influence, control and in this environment a real opportunity for impact with the business?

3 The future of security The scale of change to ship 1 million units 2 years 74 days 28 days 2012 Deloitte LLP. Private and confidential.

4 The future of security A changing business environment A greater reliance on: - Data (business information, competitive advantage, as the business) - Technology for employees and customers Globalisation and 24x7 operations - Offices, users and IT assets around the globe Changing customer perceptions - Baby Boomers to Generation X, and now Generation Y not forgetting Generation G Competitive advantage is difficult - the economy makes it even harder

5 The future of security Technology change dealing with complexity Cloud Security Fraud risk Data loss Privacy Social media Cyber security Online fraud System downtime Encryption Threat Intelligence Corporate Espionage Securing mobile devices The insider threat Hacking Vulnerability Management Identity Management e-crime Prevention

6 The future of security A changing threat environment - they only have to win once... Anonymous and other Hackivists From waste management to e-crime Low risks and high rewards mean that the security threat landscape is changing. Targets of choice, not chance Organised crime Increasing third party access Insider threats Statesponsored cyber threats APTs Stuxnet, Conficker

7 The future of security Your security capability? Activities are still largely reactive and compliance-driven: Largely compliance focused Developing policies Meeting industry baselines Audit Often limited visibility or interest to the business unless something goes wrong Touching some change programmes Limited future watching Low operational agility Political forces Environmental forces Social forces Organisation Technological forces Legislative forces Economic forces

8 Practical steps to a step change 8 Presentation title

9 Approach to tackling cyber Identify Risks Map Capabilities Identify assets Identify threats Capability and control maturity Identify Key asset lists and owners. Map Critical business processes and owners. Identify current and emerging threats. Perform Risk assessment. Assess Business Impact. Identify key capabilities for each risk area. Identify emerging capability requirement from threat trends. Map key controls to business risks. Identify capability and control stakeholders. Assess and Benchmark Set Risk Appetite Assess current state of control maturity. Assess current capability maturity. Derive target state of capability maturity from high level costs versus business impact mitigation. Validate target against peer and sector benchmark. Prioritise & Execute Prioritisation and Planning Identify major risk exposures and quick wins. Identify strategic capability improvements and break down in to bounded deliverables. Prioritise strategic improvement roadmap. Continue monitoring of threat landscape to identify required changes of focus.

10 Comprehensive Cyber Governance This is not a technology issue people, technology and process Cyber Security Steering Committee Executive governance by making policy and investment decisions. Members include business and IT leaders as well as the CISO Cyber Security Advisory Board The brain trust a forum for sharing and discussing tactics and best practise amongst security leaders Business Partners IT Functions - security architecture - system design - security operations - security training Corporate Body - risk strategy - security policy - security awareness GOVERNANCE Business Partners Business Units - risk management - security awareness Cyber Security Comms Forum Often an distribution list of security practitioners used to communicate management decisions and best practises CyberSecurity Programme Strategic coordination of security initiatives normally sponsored and governed by the Security Steering Committee

11 Integrating cyber into ERM Board level Oversight Tone at the top Risk Governance Executive Management Common risk architecture (people process technology) Risk Infrastructure Risk Processes Identify Asses Respond Design Implement Monitor Business Units Risk classes Risk ownership Data System Compliance Reporting 11

12 Developing the capability is a journey with costs. Proactive Threat Management Media & SMEs Consumer Business & Life Sciences Retail Banks & Energy Providers Investment Banks Military & Defence Blissful Ignorance Basic Network Protection Acceptable Usage Policy IT BC & DR Exercises Transformation Ad Hoc Infrastructure & Application Protection Ad Hoc System / Malware Forensics Ad-hoc Threat Intelligence Sharing with Peers Commercial & Open Source Threat Intelligence Feeds Network & System Centric Activity Profiling General Information Security Training & Awareness IT Cyber Attack Simulations Enterprise-Wide Infrastructure & Application Protection Operational Excellence Basic Online Brand Monitoring Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat Intelligence Collaboration Criminal / Hacker Surveillance Workforce / Customer Behaviour Profiling Targeted Intelligence-Based Cyber Security Awareness Business-Wide Cyber Attack Exercises Identity-Aware Information Protection Situational Awareness of Cyber Threats Online Brand & Social Media Policing Automated Electronic Discovery & Forensics Global Cross-Sector Threat Intelligence Sharing Baiting & Counter-Threat Intelligence Real-time Business Risk Analytics & Decision Support Business Partner Cyber Security Awareness Sector-Wide & Supply Chain Cyber Attack Exercises Adaptive & Automated Security Control Updates Brand Monitoring E-Discovery & Forensics Intelligence Collaboration External Threat Intelligence Behavioural Analytics Training & Awareness Cyber Attack Preparation Asset Protection IT Service Desk & Whistleblowing Security Log Collection & Ad Hoc Reporting 24x7 Technology Centric Security Event Reporting External & Internal Threat Intelligence Correlation Cross-Channel Malicious Activity Detection Security Event Monitoring Traditional Signature-Based Security Controls Periodic IT Asset Vulnerability Assessments Automated IT Asset Vulnerability Monitoring Targeted Cross-Platform User Activity Monitoring Tailored & Integrated Business Process Monitoring Internal Threat Intelligence Cyber Security Maturity Levels Level 1 Level 2 Level 3 Level 4 Level 5 12

13 The future of security The business environment is changing The IT environment is changing The cyber threat environment is changing Cyber security must be addressed at the most senior levels Cyber security must be business back rather than technology forward Move from protecting the perimeter to protecting data Refresh cyber security strategies to address rapidly evolving business needs and threats If the information security function does not change, the result will be losing influence, control and in this environment a real opportunity for impact with the business?

14 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited ( DTTL ), a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of DTTL and its member firms. Deloitte LLP is the United Kingdom member firm of DTTL. This publication has been written in general terms and therefore cannot be relied on to cover specific situations; application of the principles set out will depend upon the particular circumstances involved and we recommend that you obtain professional advice before acting or refraining from acting on any of the contents of this publication. Deloitte LLP would be pleased to advise readers on how to apply the principles set out in this publication to their specific circumstances. Deloitte LLP accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication Deloitte LLP. All rights reserved. Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC and its registered office at 2 New Street Square, London EC4A 3BZ, United Kingdom. Tel: +44 (0) Fax: +44 (0) Member of Deloitte Touche Tohmatsu Limited

The enemies ashore Vulnerabilities & hackers: A relationship that works

The enemies ashore Vulnerabilities & hackers: A relationship that works The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively

More information

ISO27032 Guidelines for Cyber Security

ISO27032 Guidelines for Cyber Security ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance

More information

The cyber security imperative. Protect your organization from cyber threats

The cyber security imperative. Protect your organization from cyber threats The cyber security imperative Protect your organization from cyber threats Contents Cyber threats are real and growing... 1 A full range of cyber security solutions... 2 Managed Security Services (MSS)...

More information

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint Under control 2015 Hot topics for IT internal audit in financial services An Internal Audit viewpoint Introduction Welcome to our fourth annual review of the IT hot topics for IT internal audit in financial

More information

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit 2014 Welcome to our third annual review of the IT hot topics facing Internal Audit functions within

More information

Robotic Process Automation Overview and RPA Case Study. November 2015

Robotic Process Automation Overview and RPA Case Study. November 2015 Robotic Process Automation Overview and RPA Case Study November 2015 Big data?! Effective data management?! 2 What is Robotic Process Automation (RPA)? Software! Robots are Robots are not Computer coded

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

The Internal Audit fraud challenge Prevention, protection, detection

The Internal Audit fraud challenge Prevention, protection, detection The Internal Audit fraud challenge Prevention, protection, detection Contents Introduction to survey 1 Key findings 2 What are the views of senior management? 3 Adequately resourced? 6 Current trends and

More information

Transforming customer management in the water sector How to become a leader in customer service

Transforming customer management in the water sector How to become a leader in customer service Transforming customer management in the water sector How to become a leader in customer service management strategies have always been important to water companies, with a focus on resolving issues first

More information

Cyber Security Evolved

Cyber Security Evolved Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are

More information

CIIA South West Analytics in Internal Audit - Tackling Fraud

CIIA South West Analytics in Internal Audit - Tackling Fraud CIIA South West Analytics in Internal Audit - Tackling Fraud 10 December 2014 Agenda Intro to Analytics When to use analytics and how to get started Risk Monitoring and Control Automation Common Pitfalls

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

Developmental assignments Enablers not solutions

Developmental assignments Enablers not solutions Developmental assignments Enablers not solutions In this article we will look at the roots of this phenomenon, and outline some strategic principles followed by organisations which successfully optimise

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 4 3 Commercials 8 4 Our

More information

Cyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks

Cyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks Cyber security: everybody s imperative A guide for the C-suite and boards on guarding against cyber risks Secure Enhance risk-prioritized controls to protect against known and emerging threats, and comply

More information

Global Mobility for Professional Practices Managing a mobile workforce

Global Mobility for Professional Practices Managing a mobile workforce Global Mobility for Professional Practices Managing a mobile workforce Overview Global Mobility has become a prominent theme as Professional Practice Firms have expanded internationally. Their global strategies,

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

01/ 02/ 03/ 04/ 05/ Beyond borders Deloitte Discovery April 23 rd 2015 Cyprus 1 Going beyond borders to move our clients ahead Deloitte Discovery Services - Deloitte Legal 2 The Deloitte

More information

Finance Transformed. Changing the focus Finance Business Partnering

Finance Transformed. Changing the focus Finance Business Partnering Finance Transformed Changing the focus Finance Business Partnering Contents Out of the shadows of the back office 1 Striking the right balance in finance 2 Finance finds multiple barriers to becoming a

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE MORE FOCUS, LESS RISK.

SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE MORE FOCUS, LESS RISK. SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE Cyberspace the always-on, technologically hyperconnected world offers unprecedented opportunities for connectivity,

More information

Mobility cost optimisation Managing the whole mobility investment

Mobility cost optimisation Managing the whole mobility investment Mobility cost optimisation Managing the whole mobility investment Extract of article published in International HR Adviser Magazine June 2014 We don t have budget for this! is a common cry from business

More information

Deloitte Shared Services, GBS & BPO Conference Shared Services Design Through to Implementation

Deloitte Shared Services, GBS & BPO Conference Shared Services Design Through to Implementation Deloitte Shared Services, GBS & BPO Conference Shared Services Design Through to Implementation Jo Hart & Charlotte Allen, Deloitte 22 23 September 2015 Berlin, Germany Agenda Shared Services Approach

More information

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015 Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud

More information

Cybersecurity. Considerations for the audit committee

Cybersecurity. Considerations for the audit committee Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Information Security in Business: Issues and Solutions

Information Security in Business: Issues and Solutions Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

The Internet of Things Risks and Challenges

The Internet of Things Risks and Challenges The Internet of Things Risks and Challenges Providing the insight that enables our customers to make informed business decisions. Antony Price 03rd March 2015 Contents Internet of Things - The next threat

More information

Annual Shared Services and BPO Conference 2013 Shared services from feasibility through to implementation. Tibor Nagy & Jeppe Larsen

Annual Shared Services and BPO Conference 2013 Shared services from feasibility through to implementation. Tibor Nagy & Jeppe Larsen Annual Shared Services and BPO Conference 2013 Shared services from feasibility through to implementation Tibor Nagy & Jeppe Larsen Key considerations Will the corporate vision and goals be reached by

More information

Finance Business Partnering Less than the sum of the parts. Organisational perception of Finance, percentage of respondents agreeing with statements

Finance Business Partnering Less than the sum of the parts. Organisational perception of Finance, percentage of respondents agreeing with statements Finance Business Partnering Less than the sum of the parts Key points Deloitte s research into Finance Business Partnering has analysed the responses of 75 senior Finance executives from UK headquartered

More information

Deloitte Service Code: D-G6-L4-543 December 2014

Deloitte Service Code: D-G6-L4-543 December 2014 Managed Cyber Security Cyber Intelligence Centre Deloitte LLP Service Deloitte Service Code: D-G6-L4-543 December 2014 Contents 1 Service Overview 1 2 Detailed Service Definition 2 3 Pricing 6 4 Ordering

More information

Managing Complex Transformations Achieving excellence

Managing Complex Transformations Achieving excellence Managing Complex Transformations Achieving excellence A summary of our transformation management and programme leadership capability in the mining industry February 2009 Contents Introduction 1 Our approach

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

Charity Audit Committee performance evaluation Self assessment checklist. October 2014 Charity Audit Committee performance evaluation Self assessment checklist October 2014 With increasing responsibilities and complexities, being a member of the Audit Committee has never been more challenging

More information

On the horizon 2016 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

On the horizon 2016 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint On the horizon 2016 Hot topics for IT internal audit in financial services An Internal Audit viewpoint Introduction Welcome to our fifth annual review of the information technology hot topics for internal

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity Faculdade de Direito, Lisboa, 02-Jul-2014 The Competitive Advantage of Cybersecurity Thales Key highlights (I) A global company with 65,000 employees and 14,2 billion in revenues, R&D 2,5 billion * We

More information

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 6 4 Our

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes

More information

Enhanced Portfolio Management in uncertain times

Enhanced Portfolio Management in uncertain times Enhanced Portfolio Management in uncertain times How businesses can generate and protect value through enhanced, risk return techniques improving portfolio and capital allocation decisions Contents Executive

More information

D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV

D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials

More information

Cyber Security key emerging risk Q3 2015

Cyber Security key emerging risk Q3 2015 Cyber Security key emerging risk Q3 2015 The study is based on interviews with CIO:s, CISO:s and Head of Security in August and September 2015. November 2015 www.pwc.se Companies falling behind are more

More information

UK Indirect Tax Conference 2015 Automating Indirect Tax Compliance. Jilly McCullagh 11 November 2015

UK Indirect Tax Conference 2015 Automating Indirect Tax Compliance. Jilly McCullagh 11 November 2015 UK Indirect Tax Conference 2015 Automating Indirect Tax Compliance Jilly McCullagh 11 November 2015 What we will cover today Setting the scene Step 1 Understanding the problem Step 2 - Outline current

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Current issues and trends in the Aerospace supply chain

Current issues and trends in the Aerospace supply chain Current issues and trends in the Aerospace supply chain Iain Subtitle Kirwan runs here 1 line max Director Supply Chain Consulting Global A&D insights and trends Overall global A&D industry expected to

More information

REPORT. Next steps in cyber security

REPORT. Next steps in cyber security REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

Cyber intelligence exchange in business environment : a battle for trust and data

Cyber intelligence exchange in business environment : a battle for trust and data Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building

More information

A guide to investing. Appendix 10 Choice of business entity

A guide to investing. Appendix 10 Choice of business entity A guide to investing in Wales Appendix 10 Choice of business entity August 2013 Appendix 10 Choice of business entity 1. Principal forms of doing business Business organisations in the UK usually take

More information

This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV

This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

January 2015. Senior Insurance Managers Regime Strengthening accountability in insurance

January 2015. Senior Insurance Managers Regime Strengthening accountability in insurance January 2015 Senior Insurance Managers Regime Strengthening accountability in insurance Contents Introduction 1 Key points 2 Implementing Solvency II 3 Implications for Non Executive Directors 4 Practical

More information

Government Procurement Service

Government Procurement Service www.pwc.co.uk Government Procurement Service PwC and the G-Cloud: knowledge, experience, value V1.0 PwC Service Definition 9: G-Cloud Cyber Security Design and Assurance 06 October 2015 www.pwc.co.uk Table

More information

Threat Intelligence. Benefits for the enterprise

Threat Intelligence. Benefits for the enterprise Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value

More information

Rich Baich Principal March 22, 2012

Rich Baich Principal March 22, 2012 Cyber espionage The harsh reality of advanced security threats Rich Baich Principal March 22, 2012 Agenda Introductions Threat landscape update How organizations are responding Other discussion topics

More information

Internal Audit at the University of Cambridge.

Internal Audit at the University of Cambridge. Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Don MacPherson January 2012 Discussion Items 1. Threats and risks to personal information

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

Ahead of the threat with Security Intelligence

Ahead of the threat with Security Intelligence Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,

More information

Cyber security in healthcare

Cyber security in healthcare Cyber security in healthcare Julian Meyrick, Vice President IBM Security Services Europe julian_meyrick@uk.ibm.com Healthcare is one of the top 5 industries that continue to offer attackers the most significant

More information

G Cloud III Framework Lot 4 (SCS) Project Management

G Cloud III Framework Lot 4 (SCS) Project Management G Cloud III Framework Lot 4 (SCS) Project Management Contents Executive Summary 3 Project Management 4 Why Deloitte? 6 SFIA Rate Card 7 Contact 8 Service Definition (a) to (p) 9 Executive Summary PROJECT

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Can We Become Resilient to Cyber Attacks?

Can We Become Resilient to Cyber Attacks? Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,

More information

A guide to investing. Appendix 12 Checklist of items to consider when planning a project

A guide to investing. Appendix 12 Checklist of items to consider when planning a project A guide to investing in Wales Appendix 12 Checklist of items to consider when planning a project August 2013 Appendix 12 Checklist of items to consider when planning a project Early in the evolution of

More information

Annual Shared Services and BPO Conference 2013 The art of the possible for shared services how to streamline your local finance organisation

Annual Shared Services and BPO Conference 2013 The art of the possible for shared services how to streamline your local finance organisation Annual Shared Services and BPO Conference 2013 The art of the possible for shared services how to streamline your local finance organisation Denes Lang & Vazul Toth DIAGEO AND GLOBAL SHARED SERVICES The

More information

Key Cyber Risks at the ERP Level

Key Cyber Risks at the ERP Level Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche

More information

1. Understanding Big Data

1. Understanding Big Data Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Achieving Information Security

Achieving Information Security Achieving Information Security Beyond penetration testing and frameworks ISACA Athens Conference 25 November, 2014. All good information security presentations start with a Bruce Schneier quote - Not Bruce

More information

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Mike O Neill Managing Director Graeme McGowan Associate Director of Cyber Security

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together.

CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together. CYBERSECURITY Global cybersecurity capabilities for a digital transformation with confidence Delivering Transformation. Together. Sopra Steria, a European leader in digital transformation, has one of the

More information

Advertising effectiveness

Advertising effectiveness Advertising effectiveness Budget Battles Proving our Worth Thursday, 25 June 2015 Agenda Advertising effectiveness over the business cycle Measuring digital and traditional media effectiveness 2 2014 Deloitte

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Banking and Financial Services Internal Audit Group

Banking and Financial Services Internal Audit Group Banking and Financial Services Internal Audit Group Hot topics for 2014 Audit Planning Lunch Time Seminar Alana Thorne, Director althorne@deloitte.co.uk +44 20 7007 8479 Chit Ghee Yeoh, Associate Director

More information

G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services

G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services Contents Executive Summary 3 CHECK Accredited Penetration Testing Services 4 Why Deloitte? 5 Package Cost 7 Contact 9 Service

More information

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015 Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are

More information

CYBER SECURITY PROTECTING YOUR BUSINESS James Hatch Director, Cyber Services BAE Systems Applied Intelligence 1 CYBER SECURITY AT BAE SYSTEMS Professional Services Technical Services Prepare Protect Cyber

More information

Defending against modern cyber threats

Defending against modern cyber threats Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation

More information

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Future Threat Landscape - How will technology evolve and what does it mean for cyber security? James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Future Threat Landscape - How will technology evolve and what does it mean for cyber security? Think > What does the future of technology

More information

D-G4-L4-235 Supply Chain Analytics Deloitte LLP Service for G- Cloud IV

D-G4-L4-235 Supply Chain Analytics Deloitte LLP Service for G- Cloud IV D-G4-L4-235 Supply Chain Analytics Deloitte LLP Service for G- Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 3 3 Commercials 7 4 Our G-Cloud Services 8 5 About Deloitte

More information

Central Asian Information Security Survey Results (2014) Insight into the information security maturity of organisations, with a

Central Asian Information Security Survey Results (2014) Insight into the information security maturity of organisations, with a Central Asian Information Security Survey Results (2014) Insight into the information security maturity of organisations, with a focus on cyber security Introduction and Executive summary From September

More information

D-G5-L4-318 Data Integration Hub Deloitte LLP Service for G-Cloud V

D-G5-L4-318 Data Integration Hub Deloitte LLP Service for G-Cloud V D-G5-L4-318 Data Integration Hub Deloitte LLP Service for G-Cloud V April 2014 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 6 4 Our G-Cloud Services 7 5 About Deloitte 8

More information

Don t Get Left in the Dust: How to Evolve from CISO to CIRO

Don t Get Left in the Dust: How to Evolve from CISO to CIRO SESSION ID: CXO-W04 Don t Get Left in the Dust: How to Evolve from CISO to CIRO JC-JC James Christiansen VP Information Risk Management Accuvant jchristiansen@accuvant.com Bradley J. Schaufenbuel, CISSP

More information

Information Security Managing The Risk

Information Security Managing The Risk Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

Security Risk Management Strategy in a Mobile and Consumerised World

Security Risk Management Strategy in a Mobile and Consumerised World Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key

More information