Addressing Cyber Risk Building robust cyber governance

Size: px
Start display at page:

Download "Addressing Cyber Risk Building robust cyber governance"

Transcription

1 Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services

2 The future of security The business environment is changing The IT environment is changing The cyber threat environment is changing Cyber security must be addressed at the most senior levels Cyber security must be business back rather than technology forward Move from protecting the perimeter to protecting data Refresh cyber security strategies to address rapidly evolving business needs and threats If the information security function does not change, the result will be losing influence, control and in this environment a real opportunity for impact with the business?

3 The future of security The scale of change to ship 1 million units 2 years 74 days 28 days 2012 Deloitte LLP. Private and confidential.

4 The future of security A changing business environment A greater reliance on: - Data (business information, competitive advantage, as the business) - Technology for employees and customers Globalisation and 24x7 operations - Offices, users and IT assets around the globe Changing customer perceptions - Baby Boomers to Generation X, and now Generation Y not forgetting Generation G Competitive advantage is difficult - the economy makes it even harder

5 The future of security Technology change dealing with complexity Cloud Security Fraud risk Data loss Privacy Social media Cyber security Online fraud System downtime Encryption Threat Intelligence Corporate Espionage Securing mobile devices The insider threat Hacking Vulnerability Management Identity Management e-crime Prevention

6 The future of security A changing threat environment - they only have to win once... Anonymous and other Hackivists From waste management to e-crime Low risks and high rewards mean that the security threat landscape is changing. Targets of choice, not chance Organised crime Increasing third party access Insider threats Statesponsored cyber threats APTs Stuxnet, Conficker

7 The future of security Your security capability? Activities are still largely reactive and compliance-driven: Largely compliance focused Developing policies Meeting industry baselines Audit Often limited visibility or interest to the business unless something goes wrong Touching some change programmes Limited future watching Low operational agility Political forces Environmental forces Social forces Organisation Technological forces Legislative forces Economic forces

8 Practical steps to a step change 8 Presentation title

9 Approach to tackling cyber Identify Risks Map Capabilities Identify assets Identify threats Capability and control maturity Identify Key asset lists and owners. Map Critical business processes and owners. Identify current and emerging threats. Perform Risk assessment. Assess Business Impact. Identify key capabilities for each risk area. Identify emerging capability requirement from threat trends. Map key controls to business risks. Identify capability and control stakeholders. Assess and Benchmark Set Risk Appetite Assess current state of control maturity. Assess current capability maturity. Derive target state of capability maturity from high level costs versus business impact mitigation. Validate target against peer and sector benchmark. Prioritise & Execute Prioritisation and Planning Identify major risk exposures and quick wins. Identify strategic capability improvements and break down in to bounded deliverables. Prioritise strategic improvement roadmap. Continue monitoring of threat landscape to identify required changes of focus.

10 Comprehensive Cyber Governance This is not a technology issue people, technology and process Cyber Security Steering Committee Executive governance by making policy and investment decisions. Members include business and IT leaders as well as the CISO Cyber Security Advisory Board The brain trust a forum for sharing and discussing tactics and best practise amongst security leaders Business Partners IT Functions - security architecture - system design - security operations - security training Corporate Body - risk strategy - security policy - security awareness GOVERNANCE Business Partners Business Units - risk management - security awareness Cyber Security Comms Forum Often an distribution list of security practitioners used to communicate management decisions and best practises CyberSecurity Programme Strategic coordination of security initiatives normally sponsored and governed by the Security Steering Committee

11 Integrating cyber into ERM Board level Oversight Tone at the top Risk Governance Executive Management Common risk architecture (people process technology) Risk Infrastructure Risk Processes Identify Asses Respond Design Implement Monitor Business Units Risk classes Risk ownership Data System Compliance Reporting 11

12 Developing the capability is a journey with costs. Proactive Threat Management Media & SMEs Consumer Business & Life Sciences Retail Banks & Energy Providers Investment Banks Military & Defence Blissful Ignorance Basic Network Protection Acceptable Usage Policy IT BC & DR Exercises Transformation Ad Hoc Infrastructure & Application Protection Ad Hoc System / Malware Forensics Ad-hoc Threat Intelligence Sharing with Peers Commercial & Open Source Threat Intelligence Feeds Network & System Centric Activity Profiling General Information Security Training & Awareness IT Cyber Attack Simulations Enterprise-Wide Infrastructure & Application Protection Operational Excellence Basic Online Brand Monitoring Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat Intelligence Collaboration Criminal / Hacker Surveillance Workforce / Customer Behaviour Profiling Targeted Intelligence-Based Cyber Security Awareness Business-Wide Cyber Attack Exercises Identity-Aware Information Protection Situational Awareness of Cyber Threats Online Brand & Social Media Policing Automated Electronic Discovery & Forensics Global Cross-Sector Threat Intelligence Sharing Baiting & Counter-Threat Intelligence Real-time Business Risk Analytics & Decision Support Business Partner Cyber Security Awareness Sector-Wide & Supply Chain Cyber Attack Exercises Adaptive & Automated Security Control Updates Brand Monitoring E-Discovery & Forensics Intelligence Collaboration External Threat Intelligence Behavioural Analytics Training & Awareness Cyber Attack Preparation Asset Protection IT Service Desk & Whistleblowing Security Log Collection & Ad Hoc Reporting 24x7 Technology Centric Security Event Reporting External & Internal Threat Intelligence Correlation Cross-Channel Malicious Activity Detection Security Event Monitoring Traditional Signature-Based Security Controls Periodic IT Asset Vulnerability Assessments Automated IT Asset Vulnerability Monitoring Targeted Cross-Platform User Activity Monitoring Tailored & Integrated Business Process Monitoring Internal Threat Intelligence Cyber Security Maturity Levels Level 1 Level 2 Level 3 Level 4 Level 5 12

13 The future of security The business environment is changing The IT environment is changing The cyber threat environment is changing Cyber security must be addressed at the most senior levels Cyber security must be business back rather than technology forward Move from protecting the perimeter to protecting data Refresh cyber security strategies to address rapidly evolving business needs and threats If the information security function does not change, the result will be losing influence, control and in this environment a real opportunity for impact with the business?

14 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited ( DTTL ), a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of DTTL and its member firms. Deloitte LLP is the United Kingdom member firm of DTTL. This publication has been written in general terms and therefore cannot be relied on to cover specific situations; application of the principles set out will depend upon the particular circumstances involved and we recommend that you obtain professional advice before acting or refraining from acting on any of the contents of this publication. Deloitte LLP would be pleased to advise readers on how to apply the principles set out in this publication to their specific circumstances. Deloitte LLP accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication Deloitte LLP. All rights reserved. Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC and its registered office at 2 New Street Square, London EC4A 3BZ, United Kingdom. Tel: +44 (0) Fax: +44 (0) Member of Deloitte Touche Tohmatsu Limited

The enemies ashore Vulnerabilities & hackers: A relationship that works

The enemies ashore Vulnerabilities & hackers: A relationship that works The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively

More information

ISO27032 Guidelines for Cyber Security

ISO27032 Guidelines for Cyber Security ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance

More information

The Internal Audit fraud challenge Prevention, protection, detection

The Internal Audit fraud challenge Prevention, protection, detection The Internal Audit fraud challenge Prevention, protection, detection Contents Introduction to survey 1 Key findings 2 What are the views of senior management? 3 Adequately resourced? 6 Current trends and

More information

Robotic Process Automation Overview and RPA Case Study. November 2015

Robotic Process Automation Overview and RPA Case Study. November 2015 Robotic Process Automation Overview and RPA Case Study November 2015 Big data?! Effective data management?! 2 What is Robotic Process Automation (RPA)? Software! Robots are Robots are not Computer coded

More information

Global Mobility for Professional Practices Managing a mobile workforce

Global Mobility for Professional Practices Managing a mobile workforce Global Mobility for Professional Practices Managing a mobile workforce Overview Global Mobility has become a prominent theme as Professional Practice Firms have expanded internationally. Their global strategies,

More information

The cyber security imperative. Protect your organization from cyber threats

The cyber security imperative. Protect your organization from cyber threats The cyber security imperative Protect your organization from cyber threats Contents Cyber threats are real and growing... 1 A full range of cyber security solutions... 2 Managed Security Services (MSS)...

More information

Cyber Security Evolved

Cyber Security Evolved Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are

More information

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit 2014 Welcome to our third annual review of the IT hot topics facing Internal Audit functions within

More information

Transforming customer management in the water sector How to become a leader in customer service

Transforming customer management in the water sector How to become a leader in customer service Transforming customer management in the water sector How to become a leader in customer service management strategies have always been important to water companies, with a focus on resolving issues first

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Agility in global mobility Technology, Media and Telecoms sector GO

Agility in global mobility Technology, Media and Telecoms sector GO Agility in global mobility Technology, Media and Telecoms sector GO Innovation, agility and expansion 93% of respondents felt that global mobility needed to be significantly more agile than in other sectors

More information

How do you deliver analytics in an effective manner from a Shared Services or GBS organisation

How do you deliver analytics in an effective manner from a Shared Services or GBS organisation How do you deliver analytics in an effective manner from a Shared Services or GBS organisation Michael Haupt Director Finance Performance Management & Insight, Deloitte UK Gareth James Partner Audit Finance

More information

Indirect tax technology and data analytics

Indirect tax technology and data analytics Indirect tax technology and data analytics The latest trends in VAT compliance and reporting James Whyman Deloitte Adam Gray - Deloitte Demian de Souza Deloitte 1 Today s presenters James Whyman Deloitte

More information

The Changing Role of Global Mobility Strategic or supporting role Supporting Role?

The Changing Role of Global Mobility Strategic or supporting role Supporting Role? The Changing Role of Strategic or supporting role Supporting Role? June 2015 June 2015 Contents Introduction 1 What is driving the change? 2 How has the role changed? 2 What does consultative look like?

More information

Developmental assignments Enablers not solutions

Developmental assignments Enablers not solutions Developmental assignments Enablers not solutions In this article we will look at the roots of this phenomenon, and outline some strategic principles followed by organisations which successfully optimise

More information

Annual Shared Services and BPO Conference 2013 Shared services from feasibility through to implementation. Tibor Nagy & Jeppe Larsen

Annual Shared Services and BPO Conference 2013 Shared services from feasibility through to implementation. Tibor Nagy & Jeppe Larsen Annual Shared Services and BPO Conference 2013 Shared services from feasibility through to implementation Tibor Nagy & Jeppe Larsen Key considerations Will the corporate vision and goals be reached by

More information

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint Under control 2015 Hot topics for IT internal audit in financial services An Internal Audit viewpoint Introduction Welcome to our fourth annual review of the IT hot topics for IT internal audit in financial

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Deloitte Shared Services, GBS & BPO Conference Shared Services Design Through to Implementation

Deloitte Shared Services, GBS & BPO Conference Shared Services Design Through to Implementation Deloitte Shared Services, GBS & BPO Conference Shared Services Design Through to Implementation Jo Hart & Charlotte Allen, Deloitte 22 23 September 2015 Berlin, Germany Agenda Shared Services Approach

More information

Risk Appetite & Assurance Do you know your limits?

Risk Appetite & Assurance Do you know your limits? Risk Appetite & Assurance Do you know your limits? Contents 1. Effective risk appetite 1 2. Considerations for Internal Audit s assurance approach 3 3. Benefits of effective risk appetite frameworks for

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

Charity Audit Committee performance evaluation Self assessment checklist. October 2014 Charity Audit Committee performance evaluation Self assessment checklist October 2014 With increasing responsibilities and complexities, being a member of the Audit Committee has never been more challenging

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Mobility cost optimisation Managing the whole mobility investment

Mobility cost optimisation Managing the whole mobility investment Mobility cost optimisation Managing the whole mobility investment Extract of article published in International HR Adviser Magazine June 2014 We don t have budget for this! is a common cry from business

More information

Conduct risk Developing and maintaining an effective framework

Conduct risk Developing and maintaining an effective framework risk Developing and maintaining an effective framework Background The of Business rules, (including COBS, ICOBS, MCOB and BCOBS sourcebooks) provide specific requirements which firms must meet; these requirements

More information

01/ 02/ 03/ 04/ 05/ Beyond borders Deloitte Discovery April 23 rd 2015 Cyprus 1 Going beyond borders to move our clients ahead Deloitte Discovery Services - Deloitte Legal 2 The Deloitte

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

RBI Guidelines for Cyber Security Framework

RBI Guidelines for Cyber Security Framework RBI Guidelines for Cyber Security Framework July 2016 RBI Social Guidelines Impact for Cyber Security Framework Difference between Cyber Security and Information Security Setting the context While Information

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Enhanced Portfolio Management in uncertain times

Enhanced Portfolio Management in uncertain times Enhanced Portfolio Management in uncertain times How businesses can generate and protect value through enhanced, risk return techniques improving portfolio and capital allocation decisions Contents Executive

More information

Spotlight on Africa HR and Global Mobility trends and approaches in Africa. December 2014

Spotlight on Africa HR and Global Mobility trends and approaches in Africa. December 2014 Spotlight on Africa HR and trends and approaches in Africa December 2014 Economic trends in Africa New investment amongst South African corporates is overwhelmingly directed towards expanding into other,

More information

UK Indirect Tax Conference 2015 Consumer Business

UK Indirect Tax Conference 2015 Consumer Business UK Indirect Tax Conference 2015 Consumer Business Jason Craig Mark Howard Oliver Jarratt Mark Junkin 11 November 2015 Working with HMRC Background to the changing environment in VAT HMRC consultation document

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

BT Security Consulting Cyber Maturity Assessment

BT Security Consulting Cyber Maturity Assessment BT Security Consulting Cyber Maturity Assessment How serious will your next security breach be? Nearly a third of CEO s list cyber security as the issue that has the biggest impact on their company today,

More information

The Internet of Things Risks and Challenges

The Internet of Things Risks and Challenges The Internet of Things Risks and Challenges Providing the insight that enables our customers to make informed business decisions. Antony Price 03rd March 2015 Contents Internet of Things - The next threat

More information

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015 Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE MORE FOCUS, LESS RISK.

SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE MORE FOCUS, LESS RISK. SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE Cyberspace the always-on, technologically hyperconnected world offers unprecedented opportunities for connectivity,

More information

Cyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks

Cyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks Cyber security: everybody s imperative A guide for the C-suite and boards on guarding against cyber risks Secure Enhance risk-prioritized controls to protect against known and emerging threats, and comply

More information

Extract of article published in International HR Adviser magazine 2013. The role of HR in global mobility

Extract of article published in International HR Adviser magazine 2013. The role of HR in global mobility Extract of article published in International HR Adviser magazine 2013 The role of HR in global mobility Increasingly the regional HR director for Asia Pacific for many large multinationals will be based

More information

Deloitte Shared Services, GBS & BPO Conference Out-Tasking vs Building a Global Team: Moving Beyond Labour Arbitrage

Deloitte Shared Services, GBS & BPO Conference Out-Tasking vs Building a Global Team: Moving Beyond Labour Arbitrage Deloitte Shared Services, GBS & BPO Conference Out-Tasking vs Building a Global Team: Moving Beyond Labour Arbitrage Peter Marsland, Danske Bank; Mark Craddock, Deloitte 22 23 September 2015 Berlin, Germany

More information

Deloitte Shared Services, GBS & BPO Conference SMAC / Enabling Technologies and Shared Services in the Public Sector

Deloitte Shared Services, GBS & BPO Conference SMAC / Enabling Technologies and Shared Services in the Public Sector Deloitte Shared Services, GBS & BPO Conference SMAC / Enabling Technologies and Shared Services in the Public Sector Carolyn Williamson, Hampshire County Council; David Harker, Deloitte 22 23 September

More information

Information Security in Business: Issues and Solutions

Information Security in Business: Issues and Solutions Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information

More information

Current issues and trends in the Aerospace supply chain

Current issues and trends in the Aerospace supply chain Current issues and trends in the Aerospace supply chain Iain Subtitle Kirwan runs here 1 line max Director Supply Chain Consulting Global A&D insights and trends Overall global A&D industry expected to

More information

CIIA South West Analytics in Internal Audit - Tackling Fraud

CIIA South West Analytics in Internal Audit - Tackling Fraud CIIA South West Analytics in Internal Audit - Tackling Fraud 10 December 2014 Agenda Intro to Analytics When to use analytics and how to get started Risk Monitoring and Control Automation Common Pitfalls

More information

Once in a Lifetime Change

Once in a Lifetime Change Once in a Lifetime Change PD Modelling under IFRS 9 Thomas Clifford, Pawel Tatarczyk and Robert Richter Introduction The Team Thomas Clifford Pawel Tatarczyk Robert Richter Tom is a Director in Deloitte

More information

Automating the VAT Reconciliation Process. 7 May 2015

Automating the VAT Reconciliation Process. 7 May 2015 Automating the VAT Reconciliation Process 7 May 2015 What we will cover today Setting the scene Step 1 Understanding the problem Step 2 - Identifying the fixes required Step 3 Implementing the change 2

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

A guide to investing. Appendix 10 Choice of business entity

A guide to investing. Appendix 10 Choice of business entity A guide to investing in Wales Appendix 10 Choice of business entity August 2013 Appendix 10 Choice of business entity 1. Principal forms of doing business Business organisations in the UK usually take

More information

Annual Shared Services and BPO Conference 2013 Continuous improvement end to end - who dares wins. Geoff Gibbons & Mathew Shreeve

Annual Shared Services and BPO Conference 2013 Continuous improvement end to end - who dares wins. Geoff Gibbons & Mathew Shreeve Annual Shared Services and BPO Conference 2013 Continuous improvement end to end - who dares wins Geoff Gibbons & Mathew Shreeve Agenda Who Dares Wins Introduction What tools should you have in your shared

More information

Business Wargames. No it is not paintball and we do not kidnap people.. Dr. Sara Ulrich, September 3 rd, Deloitte LLP.

Business Wargames. No it is not paintball and we do not kidnap people.. Dr. Sara Ulrich, September 3 rd, Deloitte LLP. Business Wargames No it is not paintball and we do not kidnap people.. Dr. Sara Ulrich, September 3 rd, 2014 2014 Deloitte LLP. Increasing interest from the business & analyst community Books Media Analysts

More information

MiFID II/MiFIR. Implications for Fund Managers. May 2014. 2014 Deloitte LLP. All rights reserved.

MiFID II/MiFIR. Implications for Fund Managers. May 2014. 2014 Deloitte LLP. All rights reserved. /MiFIR Implications for Fund Managers May 2014 Webinar participants Manmeet Rana Senior Manager Audit Deloitte UK mrana@deloitte.co.uk +44 20 7303 8624 Manmeet Rana is a Senior Manager within Deloitte

More information

D-G5-L4-304 Indirect Tax elearning Tool Deloitte LLP Service for G-Cloud V

D-G5-L4-304 Indirect Tax elearning Tool Deloitte LLP Service for G-Cloud V D-G5-L4-304 Indirect Tax elearning Tool Deloitte LLP Service for G-Cloud V April 2014 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 3 4 Our G-Cloud Services 4 5 About Deloitte

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 4 3 Commercials 8 4 Our

More information

Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda. April 2016

Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda. April 2016 Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda April 2016 Wholesale Conduct Risk as a concept Since the global financial crisis, regulators globally have been grappling

More information

Disrupt and Deliver An innovation strategy

Disrupt and Deliver An innovation strategy Disrupt and Deliver An innovation strategy Vimi Grewal-Carr Katy Bentley 24 February 2016 Team resumes Vimi Grewal-Carr Katy Bentley Vimi Grewal-Carr Innovation Lead Partner London, UK Vimi is Managing

More information

A guide to investing. Appendix 12 Checklist of items to consider when planning a project

A guide to investing. Appendix 12 Checklist of items to consider when planning a project A guide to investing in Wales Appendix 12 Checklist of items to consider when planning a project August 2013 Appendix 12 Checklist of items to consider when planning a project Early in the evolution of

More information

Internal Audit at the University of Cambridge.

Internal Audit at the University of Cambridge. Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

Annual Shared Services and BPO Conference 2013 The art of the possible for shared services how to streamline your local finance organisation

Annual Shared Services and BPO Conference 2013 The art of the possible for shared services how to streamline your local finance organisation Annual Shared Services and BPO Conference 2013 The art of the possible for shared services how to streamline your local finance organisation Denes Lang & Vazul Toth DIAGEO AND GLOBAL SHARED SERVICES The

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

Security operations centre (SOC) architecture: a holistic approach March 2016

Security operations centre (SOC) architecture: a holistic approach March 2016 www.pwc.com Security operations centre (SOC) architecture: a holistic approach March 2016 Agenda 1. How do you know what to protect? 2. How do you know when you re compromised? 3. Start lean, and improve

More information

Next Best Action Driving customer value through a rich and relevant multichannel experience in Financial Services

Next Best Action Driving customer value through a rich and relevant multichannel experience in Financial Services Next Best Action Driving customer value through a rich and relevant multichannel experience in Financial Services Using analytics to understand customer needs and drive customer value Our NBA approach

More information

Do what matters to you. School leaver opportunities

Do what matters to you. School leaver opportunities Do what matters to you School leaver opportunities Whatever it is, you ll find it here Keep learning and get some more qualifications under your belt? Or start earning and develop your experience in the

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

A guide to investing. Appendix 11 Protecting your business intellectual property rights

A guide to investing. Appendix 11 Protecting your business intellectual property rights A guide to investing in Wales Appendix 11 Protecting your business intellectual property rights August 2013 Appendix 11 Protecting your business intellectual property rights Intellectual property rights

More information

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity Faculdade de Direito, Lisboa, 02-Jul-2014 The Competitive Advantage of Cybersecurity Thales Key highlights (I) A global company with 65,000 employees and 14,2 billion in revenues, R&D 2,5 billion * We

More information

Digital Influence in UK Retail

Digital Influence in UK Retail Digital Influence Digital Influence in UK Retail The true value of digital in-store Digital technology is influencing 33% of in-store retail sales in the UK, equivalent to almost 100 billion in 2014. Digital

More information

UK Indirect Tax Conference 2015 How does the EU do VAT? Aili Nurk 11 November 2015

UK Indirect Tax Conference 2015 How does the EU do VAT? Aili Nurk 11 November 2015 UK Indirect Tax Conference 2015 How does the EU do VAT? Aili Nurk 11 November 2015 Contents EU Policy lifecycle of a tax change Influencing making it work in practice EU VAT agenda open dossiers Q&A 2

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Don MacPherson January 2012 Discussion Items 1. Threats and risks to personal information

More information

Cyber intelligence exchange in business environment : a battle for trust and data

Cyber intelligence exchange in business environment : a battle for trust and data Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building

More information

Achieving Information Security

Achieving Information Security Achieving Information Security Beyond penetration testing and frameworks ISACA Athens Conference 25 November, 2014. All good information security presentations start with a Bruce Schneier quote - Not Bruce

More information

Protecting what matters most: Cyber resilience in the mining industry

Protecting what matters most: Cyber resilience in the mining industry www.pwc.com/ca/cyber-resilience Protecting what matters most: Cyber resilience in the mining industry Richard Wilson, Partner Brian Lachine, Manager 2015 s Mining Cyber Security Leaders Richard Wilson

More information

The enhanced auditor s report bulletin 1 A review of the first reports for early adopters

The enhanced auditor s report bulletin 1 A review of the first reports for early adopters The enhanced auditor s report bulletin 1 A review of the first reports for early adopters Background The new requirements of ISA (UK & Ireland) 700 The auditor s report on financial statements apply for

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Indirect Tax Conference VAT and Pensions. Alistair Jones & Andrew Dalah Financial Services VAT 14 November 2014

Indirect Tax Conference VAT and Pensions. Alistair Jones & Andrew Dalah Financial Services VAT 14 November 2014 Indirect Tax Conference VAT and Pensions Alistair Jones & Andrew Dalah Financial Services VAT 14 November 2014 Agenda 1. Introduction 2. Liability Wheels ATP Pension Service United Biscuits 3. Employer/Scheme

More information

Low Default Portfolio (LDP) modelling

Low Default Portfolio (LDP) modelling Low Default Portfolio (LDP) modelling Probability of Default (PD) Calibration Conundrum 3 th August 213 Introductions Thomas Clifford Alexander Marianski Krisztian Sebestyen Tom is a Senior Manager in

More information

Your guide Directors remuneration in FTSE 250 companies. The Deloitte Academy: promoting excellence in the boardroom October 2015

Your guide Directors remuneration in FTSE 250 companies. The Deloitte Academy: promoting excellence in the boardroom October 2015 Your guide Directors remuneration in FTSE 250 companies The Deloitte Academy: promoting excellence in the boardroom October 2015 Overview from Mitul Shah 2015 is the second year in which UK companies have

More information

Managed security services Helping organizations prevent, detect, and respond to evolving threats

Managed security services Helping organizations prevent, detect, and respond to evolving threats Managed security services Helping organizations prevent, detect, and respond to evolving threats Brought to you by Deloitte s global network of Cyber Intelligence Centres 2 This page has been intentionally

More information

BEPS Action 13: Transfer Pricing Documentation and Country-by-Country Reporting

BEPS Action 13: Transfer Pricing Documentation and Country-by-Country Reporting United Kingdom BEPS Action 13: Transfer Pricing Documentation and Country-by-Country Reporting On 16 September 2014, ahead of the G20 Finance Ministers meeting on 20-21 September, the OECD published seven

More information

Tone at the Top and Third Party Risk Sponsored by Shared Assessments

Tone at the Top and Third Party Risk Sponsored by Shared Assessments Tone at the Top and Third Party Risk Sponsored by Shared Assessments Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Tone at the Top and Third Party Risk Ponemon Institute and

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations

More information

Deloitte Service Code: D-G6-L4-543 December 2014

Deloitte Service Code: D-G6-L4-543 December 2014 Managed Cyber Security Cyber Intelligence Centre Deloitte LLP Service Deloitte Service Code: D-G6-L4-543 December 2014 Contents 1 Service Overview 1 2 Detailed Service Definition 2 3 Pricing 6 4 Ordering

More information

Making digital default Understanding citizen attitudes

Making digital default Understanding citizen attitudes Making digital default Understanding citizen attitudes Citizens in the UK are open to engaging more with the public sector online. But government needs to build trust and offer online services so well-designed

More information

Cyber threats and the Board s role in curbing it. April 2015 For private circulation only

Cyber threats and the Board s role in curbing it. April 2015 For private circulation only Cyber threats and the Board s role in curbing it April 2015 For private circulation only Cyber threats and the Board s role in curbing it A point of view Technology is impacting businesses like never before.

More information

Cyber Security key emerging risk Q3 2015

Cyber Security key emerging risk Q3 2015 Cyber Security key emerging risk Q3 2015 The study is based on interviews with CIO:s, CISO:s and Head of Security in August and September 2015. November 2015 www.pwc.se Companies falling behind are more

More information

Finance Transformed. Changing the focus Finance Business Partnering

Finance Transformed. Changing the focus Finance Business Partnering Finance Transformed Changing the focus Finance Business Partnering Contents Out of the shadows of the back office 1 Striking the right balance in finance 2 Finance finds multiple barriers to becoming a

More information

Auditing in a digital environment Building digital trust

Auditing in a digital environment Building digital trust www.pwc.co.uk Auditing in a digital environment Doris Davis CIIA Exeter Met Office 9 th March 2016 So what is the digital security issue? 89% of large businesses identified a security breach in the last

More information

A guide to investing. Appendix 7 Raising finance

A guide to investing. Appendix 7 Raising finance A guide to investing in Wales Appendix 7 Raising finance August 2013 Appendix 7 Raising finance Wales benefits greatly from the prominence of the UK in the global economy. The UK has the best developed

More information

Finance Business Partnering A Public Sector view

Finance Business Partnering A Public Sector view Finance Business Partnering A Public Sector view Key findings Deloitte s research into Finance Business Partnering has analysed the responses of 75 senior Finance executives from UK headquartered organisations,

More information

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

London Business Interruption Association Technology new risks and opportunities for the Insurance industry London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in

More information